This week's book giveaway is in the Features new in Java 9 forum.
We're giving away four copies of Java 9 Revealed and have Kishori Sharan on-line!
See this thread for details.
Win a copy of Java 9 Revealed this week in the Features new in Java 9 forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

#30 Head First Final Mock Exam  RSS feed

 
Vagner Planello
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In this question are defined the following tags in DD
<auth-constraint>
<role-name>student</student>
</auth-constraint>
<auth-constraint/>


There are only two roles: student and sensei

The answer shown as correct is:
If the second <auth-constraint> tag is removed, the constrained resource can be accessed by both roles

Is it correct? Doesn't the first tag blocks the access from users with role sensei?

Thanks
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If that's all the question is showing, then you're right, sensei should not be allowed to access the restricted resource. But there should be only one auth-constaint per security-constraint. Can you post the full question ?
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!