About Question enthuware.ocejws.v6.2.219 :
Posted: Fri May 02, 2014 11:43 am
Hi, in option 1, the explanation is "GET requests are still allowed"
The web.xml looks like this:
I think GET is not allowed to be accessed by students. Instead, this web.xml says "it allows student to access POST,PUT and DELETE." The GET requests are still allowed by other roles, like "teacher", "admin" and etc.
The web.xml looks like this:
Code: Select all
<url-pattern>/jax/rs/add/*</url-pattern>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
<auth-constraint>
<role-name>student</role-name>
</auth-constraint>