• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Paul Clapham
  • Ron McLeod
Sheriffs:
  • Jeanne Boyarsky
  • Liutauras Vilda
Saloon Keepers:
  • Tim Holloway
  • Carey Brown
  • Roland Mueller
  • Piet Souris
Bartenders:

Authentication - Authorization

 
Ranch Hand
Posts: 18944
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi!
I found this question in Sun's free example exam:
Given these deployment descriptor elements:
security-constraint
login-config
security-role
What requires these elements during configuration?
And the answer is:
A. authorization of Web Services
Option A is correct because configuring the authorization of Web Services requires the deployment descriptor elements: security-constraint, login-config, and security-role.
And I fonud also this question from JWepPlus:
What are the following deployment descriptor elements used for?
<login-config>
<security-constraint>
<security-role>
And de answer is:
Authentication and Authorization
<login-config> does the authentication. By validating the username/password, it makes sure that the user is what he/she claims to be.
<security-constraint> and <security-role> both are needed to perform authorization.
I am confused again. Can some body explain me, please.
Thank you in advance.
 
Ranch Hand
Posts: 5040
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Authentication is a login issue. Is this user allowed to use the application. Once you are in the application, it is possible that you have some restricted areas. Like you only want "admin" to see/change other people's passwd.
Here comes autherization. With this feature, you associate rules and roles to the username. Hence, based on the username (the user), you decide if its an "admin" privilaged account or not. If it is, then you allow access to the "Admin" portion of your software.
Hope this help.
- madhav
 
reply
    Bookmark Topic Watch Topic
  • New Topic