• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Tomcat 8 cannot read httpMethodConstraints

 
Bartender
Posts: 2418
13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator


index.jsp


tomcat-users.xml:


The result is that mary , as a manager role is forbidden access the PUT.

But when I remove value= @HttpConstraint... , it works.
 
Saloon Keeper
Posts: 27763
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
That actually wasn't a very clear question.

But what I think you meant was that depending on the user's role, you could do one thing or the other, but not both.

J2EE security roles are not simple labels. It's perfectly legal for Mary to be both a Manager and an Employee:

Likewise, code security can allow users in more than one role:
 
Himai Minh
Bartender
Posts: 2418
13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi, Tim,

This security rule says
1. manager is allowed to use doPut
2. employee are allowed to use the rest of the methods except doPut.

Suppose jane is employee and mary is manager as defined in tomcat-user.xml.
I was surprised to see that mary is not allowed to use doPut.


But when I changed the security rule :

Mary is allowed to use doPut.

 
Himai Minh
Bartender
Posts: 2418
13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It has something to do with using Put in the form.
I changed the code into :



Now, jane cannot access POST method and mary can access it.
The reason is the form in index.jsp cannot use method="PUT".
 
Himai Minh
Bartender
Posts: 2418
13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I used curl.exe that I downloaded from https://curl.haxx.se/dlwiz/?type=bin. I used free 7Zip to unzip it.
I ran this command :


curl -u mary -X PUT http://localhost:8080/securityAnnot/MySecurity


It promotes me for password.
Then, the doPut method runs.

I think it was because my browser does not support PUT in form.
 
no wonder he is so sad, he hasn't seen this tiny ad:
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic