Consider the following web.xml snippet:
<security-constraint>
<web-resource-collection>
<web-resource-name>wholesale</web-resource-name>
<url-pattern>/acme/wholesale/*</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>SALES</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>wholesale</web-resource-name>
<url-pattern>/acme/wholesale/*</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>
<<<< INSERT AUTH CONSTRAINT HERE >>>>
</security-constraint>
Insert an auth-constraint in the above code so that a user in role of SALES or MKTING can access the specified web resource collection.
select 2 option's
1) <auth-constraint>
<role-name>MKTING</role-name>
</auth-constraint>
2) <auth-constraint>
<role-name>ANY</role-name>
</auth-constraint>
3) <auth-constraint>
<role-name>*</role-name>
</auth-constraint>
4) <auth-constraint>
<role-name>SALES, MKTING</role-name>
</auth-constraint>
5) <auth-constraint>
<role-name>ALL</role-name>
</auth-constraint>
6) <auth-constraint></auth-constraint>
This is from Enthuware.
The correct answer given is 1 and 3.
But according to me the correct answer should be 1 and 4.
How come answer 3 is correct as this will allow every role to access the specified web resource collection. But question hat a user in role of SALES or MKTING can access the specified web resource collection.
Please advice.
