Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Authentication doubt

 
naresh govindaswmay
Ranch Hand
Posts: 90
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi,
I have found this question in MarcusGreen site.I have a doubt in this question,I have attached the question also..

<?xml version="1.0" encoding="UTF-8"?><web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Basic Authentication Example</realm-name>
</login-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>Welcome</web-resource-name>
<url-pattern>/index.jsp</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>tomcat</role-name>
</auth-constraint>
</security-constraint>
</web-app>
Choose one answer.
a. requesting /index.jsp in the browser bar will cause the user to be prompted for a username and password
b. requesting /index.jsp in the browser bar will NOT cause the user to be prompted for a username and password
c. Only members of the tomcat role will be prompted for a username and password for the index.jsp resource
d. Only POST requests will be authenticated, all other requests will be refused


My answer is A, because while giving the request it will promot the Username and Password..Some where i red like whiole we mention these method in t config (BASIC ,CLIENT-CRT,DIGEST) it will pop up the Username and password window.

They said answer is B.Please any body clear this one..
 
Remko Strating
Ranch Hand
Posts: 893
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Requesting for /index.jsp is a GET-Method and the Authentication is only done for a POST-Method.
 
naresh govindaswmay
Ranch Hand
Posts: 90
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Remko Strating:
Requesting for /index.jsp is a GET-Method and the Authentication is only done for a POST-Method.


hi,
Thanks alot Remko Strating.
 
Sandeep Krish
Ranch Hand
Posts: 59
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can use POST also to get the index.jsp. Assume that the request was a GET not POST
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic