• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
Bartenders:
  • Piet Souris
  • Frits Walraven
  • Carey Brown

Authentication - Authorization

 
Ranch Hand
Posts: 18944
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi!
I found this question in Sun's free example exam:
Given these deployment descriptor elements:
security-constraint
login-config
security-role
What requires these elements during configuration?
And the answer is:
A. authorization of Web Services
Option A is correct because configuring the authorization of Web Services requires the deployment descriptor elements: security-constraint, login-config, and security-role.
And I fonud also this question from JWepPlus:
What are the following deployment descriptor elements used for?
<login-config>
<security-constraint>
<security-role>
And de answer is:
Authentication and Authorization
<login-config> does the authentication. By validating the username/password, it makes sure that the user is what he/she claims to be.
<security-constraint> and <security-role> both are needed to perform authorization.
I am confused again. Can some body explain me, please.
Thank you in advance.
 
Ranch Hand
Posts: 5040
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Authentication is a login issue. Is this user allowed to use the application. Once you are in the application, it is possible that you have some restricted areas. Like you only want "admin" to see/change other people's passwd.
Here comes autherization. With this feature, you associate rules and roles to the username. Hence, based on the username (the user), you decide if its an "admin" privilaged account or not. If it is, then you allow access to the "Admin" portion of your software.
Hope this help.
- madhav
 
I wish to win the lottery. I wish for a lovely piece of pie. And I wish for a tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
    Bookmark Topic Watch Topic
  • New Topic