• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

#30 Head First Final Mock Exam

 
Vagner Planello
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In this question are defined the following tags in DD
<auth-constraint>
<role-name>student</student>
</auth-constraint>
<auth-constraint/>


There are only two roles: student and sensei

The answer shown as correct is:
If the second <auth-constraint> tag is removed, the constrained resource can be accessed by both roles

Is it correct? Doesn't the first tag blocks the access from users with role sensei?

Thanks
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If that's all the question is showing, then you're right, sensei should not be allowed to access the restricted resource. But there should be only one auth-constaint per security-constraint. Can you post the full question ?
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic