Hi, in option 1, the explanation is "GET requests are still allowed"
The web.xml looks like this:
Code: Select all
I think GET is not allowed to be accessed by students. Instead, this web.xml says "it allows student to access POST,PUT and DELETE." The GET requests are still allowed by other roles, like "teacher", "admin" and etc.