About Question enthuware.ocejws.v6.2.219 :

Moderators: Site Manager, fjwalraven

Post Reply
himaiMinh
Posts: 358
Joined: Fri Nov 29, 2013 8:26 pm
Contact:

About Question enthuware.ocejws.v6.2.219 :

Post by himaiMinh » Fri May 02, 2014 11:43 am

Hi, in option 1, the explanation is "GET requests are still allowed"
The web.xml looks like this:

Code: Select all

  <url-pattern>/jax/rs/add/*</url-pattern>
   <http-method>POST</http-method>
   <http-method>PUT</http-method>
   <http-method>DELETE</http-method>
  <auth-constraint>
            <role-name>student</role-name>
   </auth-constraint>
I think GET is not allowed to be accessed by students. Instead, this web.xml says "it allows student to access POST,PUT and DELETE." The GET requests are still allowed by other roles, like "teacher", "admin" and etc.

fjwalraven
Posts: 429
Joined: Tue Jul 24, 2012 2:43 am
Contact:

Re: About Question enthuware.ocejws.v6.2.219 :

Post by fjwalraven » Fri May 02, 2014 3:48 pm

No, if you access the URL by a POST, PUT or DELETE you have to have a students role.

There is no restriction for a GET request. In other words, everybody (including non - authenticated users) can access the URL.

Regards,
Frits

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests