Forums Register Login

login-config question

+Pie Number of slices to send: Send
Question from JWeb:
Jweb says the coreect answers are 1, 2 + 3.
I answered 2, 3 + 4.
Didn't think 2 was right--form-login without form security sepcified. thought 4 was right because container would use default form-login page. Can someone please explain this to me?
thanks,
max

Which of the following XML frgaments correctly define the login-config element of web.xml?
1.
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>test</realm-name>
</login-config>
2.
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>test</realm-name>
<form-login-config>
<form-login-page>/jsp/login.jsp</form-login-page>
<form-error-page>/jsp/error.jsp</form-error-page>
</form-login-config>
</login-config>

3.
<login-config>
<auth-method>FORM</auth-method>
<realm-name>test</realm-name>
<form-login-config>
<form-login-page>/jsp/login.jsp</form-login-page>
<form-error-page>/jsp/error.jsp</form-error-page>
</form-login-config>
</login-config>
4.
<login-config>
<auth-method>FORM</auth-method>
<realm-name>test</realm-name>
</login-config>
5.
<login-config>
<auth-method>SECURE</auth-method>
<realm-name>test</realm-name>
</login-config>
+Pie Number of slices to send: Send
I tried case 4. I did not seen any default form came out. How do you know there is default one for the form method.
+Pie Number of slices to send: Send
For number 4 to be correct, you'd have to specify the login and login-error pages, right?
As in (from Tomcat 4):
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Example Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/jsp/security/login/login.jsp</form-login-page>
<form-error-page>/jsp/security/login/error.jsp</form-error-page>
</form-login-config>
</login-config>
+Pie Number of slices to send: Send
Hello Max,
I quoted element definition from Servlet Specification 2.3.We can
see the subelement "form-login-config" is optional.So I think the answer is:1,2,3,4;
But,in Servlet Specification 2.3,I can not find the statement that the container will use default login page and error page if
we do not provide the definition of form-login-config.
In fact,Tomcat 4.0 has an example in /jsp/security/protected/*.If
I deleted the subelement "form-login-config" from examples/WEB-INF/web.xml,I found that I can not run http://localhost:8080/examples/jsp/security/protected/index.jsp.
So I think the answer maybe only 2,3.
What is the correct answer?Please help.
<!ELEMENT login-config (auth-method?, realm-name?, form-login-config?)>
<!ELEMENT form-login-config (form-login-page, form-error-page)>
ruijin yang
+Pie Number of slices to send: Send
Hi Max,
I think 1 is a right option as the <form-login-config> element is a must only if the type of authentication mechanism is FORM,
in case it is CLIENT_CERT it becomes an optional element!!! therefore 1,2 and 3 r the right choice
Why should I lose weight? They make bigger overalls. And they sure don't make overalls for tiny ads:
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com


reply
reply
This thread has been viewed 1175 times.
Similar Threads
login-config
DD entries for authentication
Question about login-config
SCWCD mock questions II
mock test question
More...

All times above are in ranch (not your local) time.
The current ranch time is
Mar 28, 2024 06:28:11.