• Post Reply Bookmark Topic Watch Topic
  • New Topic

security question  RSS feed

 
Bhupendra Khabrani
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
while doing a Jpilot's mock test I had a question with folwing options but wasn't able to understand ..option 1 was correct

which is true?

1.the security model doesn't apply when a servlet uses a requestDispatcher to include or forward a
resource
2.the security model doesn't apply when a servlet uses a requestDispatcher to include a resource but it applies when it uses forward
3.the security model applies when a servlet uses a requestDispatcher to include or forward a resource
4.the security model doesn't apply when a servlet uses a requestDispatcher to include or include a static resource

please help!!
 
Garlapati Ravi
Ranch Hand
Posts: 171
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I came across the same question in one of the mocks, on my understand, in <security-role-constaint> if we specify any URL in <url-pattern> under specific <role-name>manager<role-name>, in this case only manager can access that URL, no one else can access it directly.

If any one trying to access it directly then constraint may restrict of doing so, else try to access indirectly (forward or include), this constaint will not comes into picture.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!