web.xml - <http-method> absent

2.4k views Asked by At

I'm wondering if I've found a mistake in a practice exam question:

A user has configured security setting in the deployment descriptor, web.xml, in the following way:

<security-constraint>
    <web-resource-collection>
        <web-resource-name>ResourceName</web-resource-name>
        <url-pattern>/test.jsp</url-pattern>
    </web-resource-collection>
</security-constraint>

Which HTTP methods can the user call against test.jsp?

The correct answer is listed as none, but I'm thinking that all methods should be valid, as the <http-method> element is absent. Which is correct?

1

There are 1 answers

8
vzamanillo On

The http-method Element

The element declares which HTTP methods (usually, GET or POST) are subject to the security constraint. If element is omitted, the the security constraint is applied to all HTTP methods by default.

web.xml Deployment Descriptor Elements