• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Bear Bibeault
  • Junilu Lacar
Sheriffs:
  • Jeanne Boyarsky
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • salvin francis
  • Frits Walraven
Bartenders:
  • Scott Selikoff
  • Piet Souris
  • Carey Brown

doubt in security role ref

 
Ranch Hand
Posts: 113
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Problem

Consider the following web.xml code snippet:


<servlet>
<servlet-name>BankServlet</servlet-name>
<servlet-class>com.abc.bankapp.BankServlet</servlet-class>
<security-role-ref>
<role-name>manager</role-name>
<role-link>supervisor</role-link>
</security-role-ref>
</servlet>


Which of the following statements are correct?


Options

Select 1 correct option.

1 The servlet code should use "manager" as a parameter in request.isUserInRole() method.


2 The servlet code can use "manager" or "supervisor" as a parameter in request.isUserInRole() method.


3 The servlet code should use"supervisor" as a parameter in request.isUserInRole() method.


4 The role of "manager" must be defined in the servlet container.
"supervisor" must be defined in the container. For example, in conf/tomcat-users.xml for Tomcat.

5 None of these.



which one is correct
1 or 2
Answer given is 1
jdiscuss

why option 2 is wrong

thanks in advance
 
Ranch Hand
Posts: 129
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Option two is not correct.




Must have a corresponding mapping in <security-constraint> as follows.



For declarative programming in Servlet you have to use <role-name> value in <Servlet> tag.
 
V Gala
Ranch Hand
Posts: 113
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
if i have this code in web.xml
then option 2 is correct?
<auth-constraint>
<role-name>supervisor</role-name>
</auth-constraint>
 
Ashok Kumar Babu
Ranch Hand
Posts: 129
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

if i have this code in web.xml
then option 2 is correct?



No.

For declarative programming security in Servlet you have to use <role-name> in <Servlet> tag.
 
pie sneak
Posts: 4727
Mac VI Editor Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Please Quote Your Sources.
 
    Bookmark Topic Watch Topic
  • New Topic