Win a copy of Java Mock Exams (software) this week in the Programmer Certification (OCPJP) forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Security Constraint AND RequestDispatcher - Not related?

 
Manikandan Jayaraman
Ranch Hand
Posts: 230
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

Another mock question ...

Which statements are correct about security?

1) The security model doesn't apply when a servlet uses a RequestDispathcer to include or forward a resource
2) The security model doesn't apply when a servlet uses a RequestDispathcer to include a resource but it applies when it uses forward
3) The security model applies when a servlet uses a RequestDispathcer to include or forward a resource
4) The security model doesn't apply when a servlet uses a RequestDispathcer to include or include a static resource

Answer said is 1.

Is it because when you enter into a servlet you are already authorized to access this content and thus also have access to all resources where the request gets dispatched to?
 
Manikandan Jayaraman
Ranch Hand
Posts: 230
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Can someone answer this for me please?
 
Sayak Banerjee
Ranch Hand
Posts: 292
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sorry.... never looked at this question.....here's somthin' from the Servlet Spec. 2.4 page 90
The security model applies to the static content part of the web application and to servlets and filters within the application that are requested by the client.
The security model does not apply when a servlet uses the RequestDispatcher to invoke a static resource or servlet using a forward or an include.

So, not only 1, but 4 should also be correct.
[ December 15, 2006: Message edited by: Sayak Banerjee ]
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!