Jan Skowronski

No Isha, the book is right:

lack of <auth-constraint> means ALLOW ANYBODY to access given resource (+http method of course).
<auth-constraint> with one (or more) roles means ONLY those specified can access given resource.

So if any of the constraints EXPLICITLY grant you access (first tag) you have that access, UNLESS there's an EMPTY <auth-constraint> that is always winning forbidding access, no matter how many other constraints would give you access

Remember: empty <auth-constraint> is the opposite of LACK of it!

Hope it's clear

Oh! Thanks! If I only knew that weeks ago, so many sleepless nights;)

Ok, regarding last post:

1. list[long] would not fail as such,but "listIdx" String cannot be coerced to Long, there would be an exception at parsing time.
2. listIdx is a String = "2" and that value of String is parsed niceley, becoming Long=2 so it can be used.

Hope that helps, I'm having a go at OCPJWCD on Wednesday (5th of Jan), and I failed the mock exam from Head First book;)

I passed scjp on Monday and I confirm: any question you answer and then come back you see as you left it except for 'task' (drag'n'drop) questions. No matter whether you answered it or not the moment you press the task button it prompts you something like "This task has been completed. If you choose to solve it again your previous answer is eaten by an evil goblin". So you can't see what you put it before. It does not affect questions with 'exhibit' (longer code) button. Anyway I found these dnd questions the easiest, so don't worry and good luck.