Page 1 of 1

About Question enthuware.jwpv6.2.657 :

Posted: Tue Aug 16, 2016 12:13 pm
by johnlong
Hi
The second Httpconstraint is not correctly specified (valid values for value are PERMIT and DENY).
Could you please show valid syntax with value="DENY" or value="PERMIT" ?

Re: About Question enthuware.jwpv6.2.657 :

Posted: Tue Aug 16, 2016 9:21 pm
by admin
johnlong wrote:Hi
The second Httpconstraint is not correctly specified (valid values for value are PERMIT and DENY).
Could you please show valid syntax with value="DENY" or value="PERMIT" ?
@HttpConstraint(value="PERMIT")

The "value" attribute applies (only) when rolesAllowed returns an-empty array. (Servlet 3.0 Specifcation Section 13.4.1.

HTH,
Paul.

Re: About Question enthuware.jwpv6.2.657 :

Posted: Wed Aug 17, 2016 1:51 pm
by johnlong
Is it correct full syntax?
@ServletSecurity(@HttpConstraint(value="PERMIT"));

Re: About Question enthuware.jwpv6.2.657 :

Posted: Wed Aug 17, 2016 8:50 pm
by admin
Actually, it should be @ServletSecurity(@HttpConstraint(EmptyRoleSemantic.PERMIT));
See section 13.4.1.1 of Servlet 3.0 specification for more examples.

Re: About Question enthuware.jwpv6.2.657 :

Posted: Thu Aug 18, 2016 12:24 am
by johnlong
Thank you

Re: About Question enthuware.jwpv6.2.657 :

Posted: Wed Feb 07, 2018 4:07 pm
by kakawi
The fifth example have one spelling mistake (2 parentheses after @ServletSecurity), when need only 1 parentheses

Correct variant:

Code: Select all

@ServletSecurity(
        httpMethodConstraints = {
                @HttpMethodConstraint(
                        value = "GET",
                        rolesAllowed = "R1"
                ),
                @HttpMethodConstraint(
                        value = "POST",
                        rolesAllowed = "R1",
                        transportGuarantee = ServletSecurity.TransportGuarantee.CONFIDENTIAL
                )
        })

Re: About Question enthuware.jwpv6.2.657 :

Posted: Wed Feb 07, 2018 4:10 pm
by kakawi
The seventh example another spelling mistake, lost literal "f" in word "for" (the first word):

" ...or all HTTP methods except TRACE, auth-constraint requiring membership in Role R1; for TRACE, all access denied"

Re: About Question enthuware.jwpv6.2.657 :

Posted: Thu Feb 08, 2018 1:12 pm
by admin
Fixed.
thank you for your feedback!