[SERVLET_SPEC-30] Configure default behavior of url pattern not covered by security constraint Created: 17/Jan/12 Updated: 05/Mar/13 Resolved: 05/Mar/13
|Reporter:||Shing Wai Chan||Assignee:||Shing Wai Chan|
|Remaining Estimate:||Not Specified|
|Time Spent:||Not Specified|
|Original Estimate:||Not Specified|
If an url pattern is not covered by security-constraint, then the default behavior is "permit all".
|Comment by gregwilkins [ 31/Jan/12 ]|
Note that this used to be very difficult to do because it was impossible to add a constraint that forbid /* and then to add other constraints that relaxed the criteria on other URIs - because it was impossible to explicitly match "/".
Now with the "" pattern matching root, it is possible to use normal constraints to implement a deny by default and permit by specific pattern approach. So maybe we don't need a change in the spec for this.
|Comment by Shing Wai Chan [ 05/Mar/13 ]|
Add Section 13.8.4, Uncovered HTTP Protocol Methods.