About Question enthuware.jwpv6.2.657 :

Moderator: admin

Post Reply
johnlong
Posts: 185
Joined: Mon Jun 20, 2016 5:06 pm
Contact:

About Question enthuware.jwpv6.2.657 :

Post by johnlong » Tue Aug 16, 2016 12:13 pm

Hi
The second Httpconstraint is not correctly specified (valid values for value are PERMIT and DENY).
Could you please show valid syntax with value="DENY" or value="PERMIT" ?

admin
Site Admin
Posts: 7142
Joined: Fri Sep 10, 2010 9:26 pm
Contact:

Re: About Question enthuware.jwpv6.2.657 :

Post by admin » Tue Aug 16, 2016 9:21 pm

johnlong wrote:Hi
The second Httpconstraint is not correctly specified (valid values for value are PERMIT and DENY).
Could you please show valid syntax with value="DENY" or value="PERMIT" ?
@HttpConstraint(value="PERMIT")

The "value" attribute applies (only) when rolesAllowed returns an-empty array. (Servlet 3.0 Specifcation Section 13.4.1.

HTH,
Paul.

johnlong
Posts: 185
Joined: Mon Jun 20, 2016 5:06 pm
Contact:

Re: About Question enthuware.jwpv6.2.657 :

Post by johnlong » Wed Aug 17, 2016 1:51 pm

Is it correct full syntax?
@ServletSecurity(@HttpConstraint(value="PERMIT"));

admin
Site Admin
Posts: 7142
Joined: Fri Sep 10, 2010 9:26 pm
Contact:

Re: About Question enthuware.jwpv6.2.657 :

Post by admin » Wed Aug 17, 2016 8:50 pm

Actually, it should be @ServletSecurity(@HttpConstraint(EmptyRoleSemantic.PERMIT));
See section 13.4.1.1 of Servlet 3.0 specification for more examples.

johnlong
Posts: 185
Joined: Mon Jun 20, 2016 5:06 pm
Contact:

Re: About Question enthuware.jwpv6.2.657 :

Post by johnlong » Thu Aug 18, 2016 12:24 am

Thank you

kakawi
Posts: 8
Joined: Sat Aug 12, 2017 1:43 pm
Contact:

Re: About Question enthuware.jwpv6.2.657 :

Post by kakawi » Wed Feb 07, 2018 4:07 pm

The fifth example have one spelling mistake (2 parentheses after @ServletSecurity), when need only 1 parentheses

Correct variant:

Code: Select all

@ServletSecurity(
        httpMethodConstraints = {
                @HttpMethodConstraint(
                        value = "GET",
                        rolesAllowed = "R1"
                ),
                @HttpMethodConstraint(
                        value = "POST",
                        rolesAllowed = "R1",
                        transportGuarantee = ServletSecurity.TransportGuarantee.CONFIDENTIAL
                )
        })

kakawi
Posts: 8
Joined: Sat Aug 12, 2017 1:43 pm
Contact:

Re: About Question enthuware.jwpv6.2.657 :

Post by kakawi » Wed Feb 07, 2018 4:10 pm

The seventh example another spelling mistake, lost literal "f" in word "for" (the first word):

" ...or all HTTP methods except TRACE, auth-constraint requiring membership in Role R1; for TRACE, all access denied"

admin
Site Admin
Posts: 7142
Joined: Fri Sep 10, 2010 9:26 pm
Contact:

Re: About Question enthuware.jwpv6.2.657 :

Post by admin » Thu Feb 08, 2018 1:12 pm

Fixed.
thank you for your feedback!

Post Reply

Who is online

Users browsing this forum: No registered users and 3 guests