About Question enthuware.jwpv6.2.657 :

[johnlong]

Hi

The second Httpconstraint is not correctly specified (valid values for value are PERMIT and DENY).

Could you please show valid syntax with value="DENY" or value="PERMIT" ?

[admin]

Hi

The second Httpconstraint is not correctly specified (valid values for value are PERMIT and DENY).

Could you please show valid syntax with value="DENY" or value="PERMIT" ?

@HttpConstraint(value="PERMIT")

The "value" attribute applies (only) when rolesAllowed returns an-empty array. (Servlet 3.0 Specifcation Section 13.4.1.

HTH,
Paul.

[johnlong]

Is it correct full syntax?
@ServletSecurity(@HttpConstraint(value="PERMIT"));

[admin]

Actually, it should be @ServletSecurity(@HttpConstraint(EmptyRoleSemantic.PERMIT));
See section 13.4.1.1 of Servlet 3.0 specification for more examples.

[johnlong]

Thank you

[kakawi]

The fifth example have one spelling mistake (2 parentheses after @ServletSecurity), when need only 1 parentheses

Correct variant:

Code: Select all

@ServletSecurity(
        httpMethodConstraints = {
                @HttpMethodConstraint(
                        value = "GET",
                        rolesAllowed = "R1"
                ),
                @HttpMethodConstraint(
                        value = "POST",
                        rolesAllowed = "R1",
                        transportGuarantee = ServletSecurity.TransportGuarantee.CONFIDENTIAL
                )
        })

[kakawi]

The seventh example another spelling mistake, lost literal "f" in word "for" (the first word):

" ...or all HTTP methods except TRACE, auth-constraint requiring membership in Role R1; for TRACE, all access denied"

[admin]

Fixed.
thank you for your feedback!