auth-constraint element in web.xml
Let's say I have 3 sercurity-constrant elements defined in web.xml, everyone pointing to same url-pattern. And I have these 3 auth-constraint element separately defined in each of them:
<security-constraint>
...
<auth-constraint>Role1</auth-constraint>
</security-constraint>
<security-constraint>
...
<auth-constraint>Role2</auth-constraint>
</security-constraint>
<security-constraint>
...
<auth-constraint/>
</security-constraint>
Who can access resource specified in url-pattern? No开发者_JS百科body or Role1 and Role2?
Similar issue here as well if you wanna check : http://www.coderanch.com/t/498339/java-Web-Component-SCWCD/certification/Head-First-Servlets-JSP-auth
Nobody can access. Although <auth-constrant>
elements are additive, the presence of one <auth-constraint/>
or <auth-constraint></auth-constraint>
(with no body) overrrides all others and blocks access.
精彩评论