• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

need help,2 questions

 
Greenhorn
Posts: 15
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
-----question :
which of the following can implement security in servlets(select the best answer)?
a. declarative security.
b. programmatic security.
c. both a & b
d. servlet does not provide inbuilt security.java Authentication and Authorization service(JAAS) has to be
used in conjuction with servlets for security.

-----question .
by which of the following means do communicating entities prove to one another that are acting on behalf of
specific identies that are authorized for access ?select one choice.
a. authorization
b. authentication
c. data integrity
d. confidentiality
e. all of above
 
Ranch Hand
Posts: 136
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hi ,

According to me these should be the answers :
1)a
2)b

regards
-santosh
 
shi lei
Greenhorn
Posts: 15
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
could you explain for me?
 
Ranch Hand
Posts: 35
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi
For first one, i think Programmatic is right choice.

Because declarative security will not work for jsp actions.

---------
SCJP
 
singh santosh
Ranch Hand
Posts: 136
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hi shi,



Ans1) Decrative security means securing throgh the configuration in web.xml and Programatic security menas through the code (servlet ) u write.

Case1: dec security : here we can secure our web app through various decration like for Authentication we have :

<login-congig>
<auth-method>...</auth-method>
<form-login-config> ..</form-login-config>
</login-config>

for Authorization we have :
<security-constraint>
<web-resource-collection>
<web-resource-name>..</web-resource-name>
<url-pattern></url-pattern>
<http-method></http-method>
</web-resource-collection>
<auth-constraint>
<role-name>..</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarentee></transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-role>
<role-name>..</role-name>
</security-role>
<security-role-ref>
<role-name>..</role-name>
<role-link>..</role-link>
</security-role-ref>

case2:
For programatic security we have got only three method defined:
boolean isUserInRole(String rolename)
String getUserPrinciple()
String getRemoteUser();

So now u can see ,if we have to secure our web-app resources we must have to declare through web.xml that which resources have restircted access and who all in which role can access it.
Whereas in code (Programaticaly ) we can only determine if the resource is restricted or not .and if the user is authentic one.

regards
-santosh
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic