About Question enthuware.jwpv6.2.657 :

Moderator: admin

Post Reply
johnlong
Posts: 197
Joined: Mon Jun 20, 2016 5:06 pm
Contact:

About Question enthuware.jwpv6.2.657 :

Post by johnlong »

Hi
The second Httpconstraint is not correctly specified (valid values for value are PERMIT and DENY).
Could you please show valid syntax with value="DENY" or value="PERMIT" ?

Online
admin
Site Admin
Posts: 10034
Joined: Fri Sep 10, 2010 9:26 pm
Contact:

Re: About Question enthuware.jwpv6.2.657 :

Post by admin »

johnlong wrote:Hi
The second Httpconstraint is not correctly specified (valid values for value are PERMIT and DENY).
Could you please show valid syntax with value="DENY" or value="PERMIT" ?
@HttpConstraint(value="PERMIT")

The "value" attribute applies (only) when rolesAllowed returns an-empty array. (Servlet 3.0 Specifcation Section 13.4.1.

HTH,
Paul.
If you like our products and services, please help us by posting your review here.

johnlong
Posts: 197
Joined: Mon Jun 20, 2016 5:06 pm
Contact:

Re: About Question enthuware.jwpv6.2.657 :

Post by johnlong »

Is it correct full syntax?
@ServletSecurity(@HttpConstraint(value="PERMIT"));

Online
admin
Site Admin
Posts: 10034
Joined: Fri Sep 10, 2010 9:26 pm
Contact:

Re: About Question enthuware.jwpv6.2.657 :

Post by admin »

Actually, it should be @ServletSecurity(@HttpConstraint(EmptyRoleSemantic.PERMIT));
See section 13.4.1.1 of Servlet 3.0 specification for more examples.
If you like our products and services, please help us by posting your review here.

johnlong
Posts: 197
Joined: Mon Jun 20, 2016 5:06 pm
Contact:

Re: About Question enthuware.jwpv6.2.657 :

Post by johnlong »

Thank you

kakawi
Posts: 5
Joined: Sat Aug 12, 2017 1:43 pm
Contact:

Re: About Question enthuware.jwpv6.2.657 :

Post by kakawi »

The fifth example have one spelling mistake (2 parentheses after @ServletSecurity), when need only 1 parentheses

Correct variant:

Code: Select all

@ServletSecurity(
        httpMethodConstraints = {
                @HttpMethodConstraint(
                        value = "GET",
                        rolesAllowed = "R1"
                ),
                @HttpMethodConstraint(
                        value = "POST",
                        rolesAllowed = "R1",
                        transportGuarantee = ServletSecurity.TransportGuarantee.CONFIDENTIAL
                )
        })

kakawi
Posts: 5
Joined: Sat Aug 12, 2017 1:43 pm
Contact:

Re: About Question enthuware.jwpv6.2.657 :

Post by kakawi »

The seventh example another spelling mistake, lost literal "f" in word "for" (the first word):

" ...or all HTTP methods except TRACE, auth-constraint requiring membership in Role R1; for TRACE, all access denied"

Online
admin
Site Admin
Posts: 10034
Joined: Fri Sep 10, 2010 9:26 pm
Contact:

Re: About Question enthuware.jwpv6.2.657 :

Post by admin »

Fixed.
thank you for your feedback!
If you like our products and services, please help us by posting your review here.

Post Reply

Who is online

Users browsing this forum: No registered users and 3 guests