Himai Minh
,
Bartender
staff
index.jsp
tomcat-users.xml:
The result is that mary , as a manager role is forbidden access the PUT.
But when I remove value= @HttpConstraint... , it works.
Himai Minh
,
Bartender
staff
Hi, Tim,
This security rule says
1. manager is allowed to use doPut
2. employee are allowed to use the rest of the methods except doPut.
Suppose jane is employee and mary is manager as defined in tomcat-user.xml.
I was surprised to see that mary is not allowed to use doPut.
But when I changed the security rule :
Mary is allowed to use doPut.
Himai Minh
,
Bartender
staff
It has something to do with using Put in the form.
I changed the code into :
Now, jane cannot access POST method and mary can access it.
The reason is the form in index.jsp cannot use method="PUT".