Caldarale, Charles R wrote:
From: Pid [mailto:p...@pidster.com]
Subject: Re: Security Constraint conflict
The logical union of 'no methods' and 'some methods' is 'some methods',
isn't it? But...
Yes, except the spec says the operation is *not* a union when a constraint has no roles. Rather
than an "or" effect, a no-roles constraint does an "and". My interpretation
for this instance is that the result should be that operations other than PUT, DELETE, TRACE, and
OPTIONS are allowed for all requests other than those ending in *.xhtml.
I suggest that the Servlet Spec be revised by a German engineer, to the
effect that everything not specifically allowed is forbidden.
That would make this all a lot less ambiguous.
;-)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
