Re: hasAccessToWebResource method


Arjan Tijms
 

p.s.

To address some of the concerns that were raised by Will, I could make the following changes:


* Rename the method to hasCallerAccessToWebResource

* Rename the method's argument from "resource" to "urlPattern"

* Remove the overloaded method that defaults to GET, specify that if no parameters are provided for "methods" that GET is assumed. (addressing the "many methods concern somewhat)

* Clarify that all containers in Java EE are allowed to call the method

* Clarify that is the caller is not authenticated at all, and the resource is non-public a false is returned

* Clarify that Section 11.2 of the Servlet spec is meant, instead of just "the servlet spec"


Kind regards,

Arjan Tijms



Join javaee-security-spec@javaee.groups.io to automatically receive all group messages.