Enthuware

Java Certification Resources and Java Discussion Forum
http://enthuware.com/forum/

About Question enthuware.ocejws.v6.2.219 :

http://enthuware.com/forum/viewtopic.php?f=40&t=2570

Page 1 of 1

About Question enthuware.ocejws.v6.2.219 :

Posted: Fri May 02, 2014 11:43 am
by himaiMinh
Hi, in option 1, the explanation is "GET requests are still allowed"
The web.xml looks like this:

Code: Select all

  <url-pattern>/jax/rs/add/*</url-pattern>
   <http-method>POST</http-method>
   <http-method>PUT</http-method>
   <http-method>DELETE</http-method>
  <auth-constraint>
            <role-name>student</role-name>
   </auth-constraint>
I think GET is not allowed to be accessed by students. Instead, this web.xml says "it allows student to access POST,PUT and DELETE." The GET requests are still allowed by other roles, like "teacher", "admin" and etc.

Re: About Question enthuware.ocejws.v6.2.219 :

Posted: Fri May 02, 2014 3:48 pm
by fjwalraven
No, if you access the URL by a POST, PUT or DELETE you have to have a students role.

There is no restriction for a GET request. In other words, everybody (including non - authenticated users) can access the URL.

Regards,
Frits
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited