• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Authentication - Authorization

 
Anonymous
Ranch Hand
Posts: 18944
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi!
I found this question in Sun's free example exam:
Given these deployment descriptor elements:
security-constraint
login-config
security-role
What requires these elements during configuration?
And the answer is:
A. authorization of Web Services
Option A is correct because configuring the authorization of Web Services requires the deployment descriptor elements: security-constraint, login-config, and security-role.
And I fonud also this question from JWepPlus:
What are the following deployment descriptor elements used for?
<login-config>
<security-constraint>
<security-role>
And de answer is:
Authentication and Authorization
<login-config> does the authentication. By validating the username/password, it makes sure that the user is what he/she claims to be.
<security-constraint> and <security-role> both are needed to perform authorization.
I am confused again. Can some body explain me, please.
Thank you in advance.
 
Madhav Lakkapragada
Ranch Hand
Posts: 5040
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Authentication is a login issue. Is this user allowed to use the application. Once you are in the application, it is possible that you have some restricted areas. Like you only want "admin" to see/change other people's passwd.
Here comes autherization. With this feature, you associate rules and roles to the username. Hence, based on the username (the user), you decide if its an "admin" privilaged account or not. If it is, then you allow access to the "Admin" portion of your software.
Hope this help.
- madhav
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic