Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Doubt in Security Question !

 
Jagjit Dhaliwal
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Please help me in following question as they gave answer as E.

Consider the web.xml snippet shown in the exhibit.
Now consider the code for a jsp file named unprotected.jsp:

<html>

<body>

<jsp:include page="/jsp/protected.jsp" />

</body>

</html>
Which of the following statements hold true when unprotected.jsp is requested by an unauthorized user?

<web-app>

...

<security-constraint>

<web-resource-collection>

<web-resource-name>test</web-resource-name>

<url-pattern>/jsp/protected.jsp</url-pattern>

</web-resource-collection>

<auth-constraint>

<role-name>manager</role-name>

</auth-constraint>

</security-constraint>

...

</web-app>
Select 1 correct option.
A.The user will be prompted to enter user name and password
B.An exception will be thrown
C.protected.jsp will be executed but it's output will not be included in the response
D.The call to include will be ignored
E.None of these
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I didn't say that in your other thread, but please quote your sources.
 
Jagjit Dhaliwal
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Christophe,

I appologize. I got these questions from Javabeat.com mock exams.

Thanks for your reply,

Jagjit
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you. I also think that the answer is E.
 
Jagjit Dhaliwal
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Thanks for reply. Could you please explain this answer.
 
Amar Nath Verma
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
DD doesn't specify any <http-method>, that means all methods are constrained, only manager can access this jsp (using all methods i.e. get,post,post,head etc)

So this page shall be restricted for users other then manager. And unauthorized users shall be prompted for login. (option 1)
 
Jagjit Dhaliwal
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
even this is what i thought of .. but answer is E , so here am I ..

Christophe, could you please explain it.

Regards,

Jagjit
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
SRV.12.2 Declarative Security
The security model applies to the static content part of the web application and to servlets and filters within the application that are requested by the client. The security model does not apply when a servlet uses the RequestDispatcher to invoke a static resource or servlet using a forward or an include.
 
Amar Nath Verma
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Christophe, got it
 
Fu Dong Jia
Ranch Hand
Posts: 131
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi,Christophe

The security model does not apply when a servlet uses the RequestDispatcher to invoke a static resource or servlet using a forward or an include.

additional, what about the servlet uses a sendRedirect?
I think it should be apply to security constraint.
Am i correct?
 
Aditya Singh
Ranch Hand
Posts: 62
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think whatever triggered from server side like from RD include/ forward does not require authentication, since sendRedirect triggered from browser it must be authenticated. Pls correct me if I m wrong.
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
additional, what about the servlet uses a sendRedirect? I think it should be apply to security constraint.

Yes, that's right.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic