Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

security constraint

 
shivam singhal
Ranch Hand
Posts: 231
Java Notepad Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
can anybody help me in understanding of security constraint tag in DD??
 
taras khoma
Greenhorn
Posts: 9
Eclipse IDE Firefox Browser Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In "Head First Servlets and JSP (2nd Edition)" it's described in very clear manner.
 
shivam singhal
Ranch Hand
Posts: 231
Java Notepad Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
yeah, i have studied that one still i am confused..

unable to understand which roles can access the resource..

if..

<security-constaint>
<web-resource-collection>
<web-resource-name>something</web-resource-name>
<url-pattern>WEB-INF/shivam</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>

<auth-constraint>
<role-name>MEMBER</role-name>
<role-name>ADMIN</role-name>
</auth-constraint>
</security constraint>


In this case if we have member , admin and guest role name.. then only member and admin are allowed to POST anything on the resource.. and guest can't post but guest can get ,trace ,put anything on the resource RIGHT??
or anything MISSING??
 
gurpeet singh
Ranch Hand
Posts: 924
1
Fedora Java Netbeans IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
first of all your url-pattern is not right. it should follow the proper rules . now the security contraint you defined says this :

the POST method is constrained. it means not everybody can post on the given url-pattern. only users whose role is either MEMBER OR ADMIN can POST on the url-pattern. rest anybody including MEMBER, ADMIN OR GUEST can GET, TRACE, HEAD etc(all the methods except POST) on the url-pattern. also keep in mind anybody can GET on the pattern but if you havent overriden doGet then it will throw 405 method not supported status code(this is but obvious). i hope i clear your doubt
 
shivam singhal
Ranch Hand
Posts: 231
Java Notepad Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
yeah!!..
thanks gurpeet..
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic