Win a copy of AWS Security this week in the Cloud/Virtualization forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Jeanne Boyarsky
  • Junilu Lacar
  • Henry Wong
Sheriffs:
  • Ron McLeod
  • Devaka Cooray
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Frits Walraven
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Piet Souris
  • salvin francis
  • fred rosenberger

security constraint

 
Ranch Hand
Posts: 231
Tomcat Server Notepad Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
can anybody help me in understanding of security constraint tag in DD??
 
Greenhorn
Posts: 9
Eclipse IDE Firefox Browser Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In "Head First Servlets and JSP (2nd Edition)" it's described in very clear manner.
 
shivam singhal
Ranch Hand
Posts: 231
Tomcat Server Notepad Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
yeah, i have studied that one still i am confused..

unable to understand which roles can access the resource..

if..

<security-constaint>
<web-resource-collection>
<web-resource-name>something</web-resource-name>
<url-pattern>WEB-INF/shivam</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>

<auth-constraint>
<role-name>MEMBER</role-name>
<role-name>ADMIN</role-name>
</auth-constraint>
</security constraint>


In this case if we have member , admin and guest role name.. then only member and admin are allowed to POST anything on the resource.. and guest can't post but guest can get ,trace ,put anything on the resource RIGHT??
or anything MISSING??
 
Ranch Hand
Posts: 924
1
Netbeans IDE Fedora Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
first of all your url-pattern is not right. it should follow the proper rules . now the security contraint you defined says this :

the POST method is constrained. it means not everybody can post on the given url-pattern. only users whose role is either MEMBER OR ADMIN can POST on the url-pattern. rest anybody including MEMBER, ADMIN OR GUEST can GET, TRACE, HEAD etc(all the methods except POST) on the url-pattern. also keep in mind anybody can GET on the pattern but if you havent overriden doGet then it will throw 405 method not supported status code(this is but obvious). i hope i clear your doubt
 
shivam singhal
Ranch Hand
Posts: 231
Tomcat Server Notepad Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
yeah!!..
thanks gurpeet..
 
There are 29 Knuts in one Sickle, and 17 Sickles make up a Galleon. 42 tiny ads in a knut:
Devious Experiments for a Truly Passive Greenhouse!
https://www.kickstarter.com/projects/paulwheaton/greenhouse-1
    Bookmark Topic Watch Topic
  • New Topic