O'Reilly logo

Head First Servlets and JSP, 2nd Edition by Bert Bates, Bryan Basham, Kathy Sierra

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

The way <auth-constraint> works

image with no caption

Note

NO <auth-constraint> is the opposite of an EMPTY <auth-constraint/>!

Remember this: if you don’t say which roles are constrained, then NO roles are constrained. But once you DO put in an <auth-constraint>, then ONLY the roles explicitly stated are allowed access (unless you use the wildcard “*” for the <role-name>). If you don’t want ANY role to have access, you MUST put in the <auth-constraint/>, but just leave it empty. This tells the Container, “I am explicitly stating the roles allowed and, by the way, there aren’t any!”

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required