This week's book giveaway is in the Agile and Other Processes forum.
We're giving away four copies of The Little Book of Impediments (e-book only) and have Tom Perry on-line!
See this thread for details.
Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Security Constraint AND RequestDispatcher - Not related?

 
Manikandan Jayaraman
Ranch Hand
Posts: 230
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

Another mock question ...

Which statements are correct about security?

1) The security model doesn't apply when a servlet uses a RequestDispathcer to include or forward a resource
2) The security model doesn't apply when a servlet uses a RequestDispathcer to include a resource but it applies when it uses forward
3) The security model applies when a servlet uses a RequestDispathcer to include or forward a resource
4) The security model doesn't apply when a servlet uses a RequestDispathcer to include or include a static resource

Answer said is 1.

Is it because when you enter into a servlet you are already authorized to access this content and thus also have access to all resources where the request gets dispatched to?
 
Manikandan Jayaraman
Ranch Hand
Posts: 230
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Can someone answer this for me please?
 
Sayak Banerjee
Ranch Hand
Posts: 292
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sorry.... never looked at this question.....here's somthin' from the Servlet Spec. 2.4 page 90
The security model applies to the static content part of the web application and to servlets and filters within the application that are requested by the client.
The security model does not apply when a servlet uses the RequestDispatcher to invoke a static resource or servlet using a forward or an include.

So, not only 1, but 4 should also be correct.
[ December 15, 2006: Message edited by: Sayak Banerjee ]
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic