Win a copy of Five Lines of Code this week in the OO, Patterns, UML and Refactoring forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
Bartenders:
  • Piet Souris
  • Frits Walraven
  • Carey Brown

HFSJ Final Mock Question 43

 
Ranch Hand
Posts: 58
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Given following in DD
<security-role>
<role-name>Member</role-name>
</security-role>
Which are valid <auth-constraint> elements that will allow user to access resources constrained by security role declared?

A.
B. <auth-constraint>Member</auth-constraint>
C. <auth-constraint>*</auth-constraint>
D.
E.

Here's Errata's correction:

[785] Question 43;
options B-E should include the inner <role-name> tags as the read demonstrates here.
Example:
<auth-constraint>
<role-name>Member</role-name>
</auth-constraint>

The anwser is B and C.
============================
I think only C is correct.

Because option C means everybody has to access to resources, then what's the meaning of declare security role to Member?

Please help me.

Thanks.
 
Sheriff
Posts: 14691
16
Eclipse IDE VI Editor Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Because option C means everybody has to access to resources, then what's the meaning of declare security role to Member?

The security-role tag only declares some roles used in the web application.
In this example, there's a role called Member.

Using this role, you can grant access to some of your protected resources via either :
<auth-constraint>
<role-name>Member</role-name>
</auth-constraint>
OR
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>

The second means ANY role, Member being implicitly included.
 
Ranch Hand
Posts: 185
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
the <security-role>
tag in the DD is a way to declare the container upfront about the security roles which would be used in the application.

If you make a call in a servlet as follows:
isUserInRole("admin")

then the container checks the <security-role> to see if "admin" is defined or not. If not then it checks the <security-role-ref> in the servlet tag to see if a custom role has been defined.
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE VI Editor Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

then the container checks the <security-role> to see if "admin" is defined or not. If not then it checks the <security-role-ref> in the servlet tag to see if a custom role has been defined.


Actually, it's the opposite.
 
nitin pai
Ranch Hand
Posts: 185
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
oops.. ya its first <security-role-ref> and then <security-role>
 
She's out of the country right now, toppling an unauthorized dictatorship. Please leave a message with this tiny ad:
Thread Boost feature
https://coderanch.com/t/674455/Thread-Boost-feature
    Bookmark Topic Watch Topic
  • New Topic