tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Caldarale, Charles R" <Chuck.Caldar...@unisys.com>
Subject RE: Security Constraint conflict
Date Mon, 21 Sep 2009 12:35:33 GMT
> From: Pid [mailto:pid@pidster.com]
> Subject: Re: Security Constraint conflict
> 
> The logical union of 'no methods' and 'some methods' is 'some methods',
> isn't it?  But...

Yes, except the spec says the operation is *not* a union when a constraint has no roles. 
Rather than an "or" effect, a no-roles constraint does an "and".  My interpretation for this
instance is that the result should be that operations other than PUT, DELETE, TRACE, and OPTIONS
are allowed for all requests other than those ending in *.xhtml.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus
for use only by the intended recipient. If you received this in error, please contact the
sender and delete the e-mail and its attachments from all computers.

Mime
View raw message