Granny's Programming Pearls
"inside of every large program is a small program struggling to get out"
JavaRanch.com/granny.jsp
Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

HFSJ Final Mock Question 43

 
Grace Yang
Ranch Hand
Posts: 58
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Given following in DD
<security-role>
<role-name>Member</role-name>
</security-role>
Which are valid <auth-constraint> elements that will allow user to access resources constrained by security role declared?

A.
B. <auth-constraint>Member</auth-constraint>
C. <auth-constraint>*</auth-constraint>
D.
E.

Here's Errata's correction:

[785] Question 43;
options B-E should include the inner <role-name> tags as the read demonstrates here.
Example:
<auth-constraint>
<role-name>Member</role-name>
</auth-constraint>

The anwser is B and C.
============================
I think only C is correct.

Because option C means everybody has to access to resources, then what's the meaning of declare security role to Member?

Please help me.

Thanks.
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Because option C means everybody has to access to resources, then what's the meaning of declare security role to Member?

The security-role tag only declares some roles used in the web application.
In this example, there's a role called Member.

Using this role, you can grant access to some of your protected resources via either :
<auth-constraint>
<role-name>Member</role-name>
</auth-constraint>
OR
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>

The second means ANY role, Member being implicitly included.
 
nitin pai
Ranch Hand
Posts: 185
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
the <security-role>
tag in the DD is a way to declare the container upfront about the security roles which would be used in the application.

If you make a call in a servlet as follows:
isUserInRole("admin")

then the container checks the <security-role> to see if "admin" is defined or not. If not then it checks the <security-role-ref> in the servlet tag to see if a custom role has been defined.
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
then the container checks the <security-role> to see if "admin" is defined or not. If not then it checks the <security-role-ref> in the servlet tag to see if a custom role has been defined.

Actually, it's the opposite.
 
nitin pai
Ranch Hand
Posts: 185
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
oops.. ya its first <security-role-ref> and then <security-role>
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic