I'm wondering if I've found a mistake in a practice exam question:
A user has configured security setting in the deployment descriptor, web.xml, in the following way:
<security-constraint>
<web-resource-collection>
<web-resource-name>ResourceName</web-resource-name>
<url-pattern>/test.jsp</url-pattern>
</web-resource-collection>
</security-constraint>
Which HTTP methods can the user call against
test.jsp
?
The correct answer is listed as none, but I'm thinking that all methods should be valid, as the <http-method>
element is absent. Which is correct?
web.xml Deployment Descriptor Elements