开发者

auth-constraint element in web.xml

开发者 https://www.devze.com 2023-01-04 00:34 出处：网络

Let\'s say I have 3 sercurity-constrant elements defined in web.xml, everyone pointing to same url-pattern. And I have these 3 auth-constraint element separately defined in each of them:

相关专题：security

Let's say I have 3 sercurity-constrant elements defined in web.xml, everyone pointing to same url-pattern. And I have these 3 auth-constraint element separately defined in each of them:

<security-constraint>
...
    <auth-constraint>Role1</auth-constraint>
</security-constraint>
<security-constraint>
...
    <auth-constraint>Role2</auth-constraint>
</security-constraint>
<security-constraint>
...
    <auth-constraint/>
</security-constraint>

Who can access resource specified in url-pattern? No开发者_JS百科body or Role1 and Role2?

Similar issue here as well if you wanna check : http://www.coderanch.com/t/498339/java-Web-Component-SCWCD/certification/Head-First-Servlets-JSP-auth

Nobody can access. Although <auth-constrant> elements are additive, the presence of one <auth-constraint/> or <auth-constraint></auth-constraint> (with no body) overrrides all others and blocks access.