开发者

auth-constraint element in web.xml

Let's say I have 3 sercurity-constrant elements defined in web.xml, everyone pointing to same url-pattern. And I have these 3 auth-constraint element separately defined in each of them:

<security-constraint>
...
    <auth-constraint>Role1</auth-constraint>
</security-constraint>
<security-constraint>
...
    <auth-constraint>Role2</auth-constraint>
</security-constraint>
<security-constraint>
...
    <auth-constraint/>
</security-constraint>

Who can access resource specified in url-pattern? No开发者_JS百科body or Role1 and Role2?


Similar issue here as well if you wanna check : http://www.coderanch.com/t/498339/java-Web-Component-SCWCD/certification/Head-First-Servlets-JSP-auth


Nobody can access. Although <auth-constrant> elements are additive, the presence of one <auth-constraint/> or <auth-constraint></auth-constraint> (with no body) overrrides all others and blocks access.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜