Win a copy of Mastering Non-Functional Requirements this week in the Design forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Java JSRs Mobile Certification Databases Caching Books Engineering Languages Frameworks Products This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
Sheriffs:
Saloon Keepers:
Bartenders:

how many auth-constraint's per security-constraint  RSS feed

 
JohnWilliam Fitz
Ranch Hand
Posts: 80
posted 8 years ago
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi.

Question 11 on p797 of HFJS has an error I believe.

I can't type the whole question here, so I will summarize. In choice B of the question it states: "It is valid for more instances of auth-constraint to exist within the single tag described above." By "single tag described above" they are referring to the security-constraint tag.

Then in their answer section they mark this answer as true. But I believe it is false.

My question: Am I correct that only one auth-constraint can exist per security-constraint?

Thanks!
John
 
Christian Nicoll
Ranch Hand
Posts: 132
posted 8 years ago
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello JohnWilliam,

your are right. Check this link http://oreilly.com/catalog/9780596516680/errata/. Under "Changes made in the 07/08 printing" you 'll find there the following sentence:


[833] Question 11;
Answers given are A,B,D,E,F
But, options B and F should not be correct.
- Only one instance of <auth-constraint> will exist within one <security-constraint> tag. The deployment descriptor DTD has the following definition for <security-constraint> as per servlet spec is <!ELEMENT security-constraint (web-resource-collection+, auth-constraint?, user-data-constraint?)> - This tag implies that authorization, data integrity and confidentiality security features are all declared for the wen application. And not authentication. Authentication is declared using the <login-config> tag. As per the servlet spec - The login-config element is used to configure the authentication method that should be used, the realm name that should be used for this application, and the attributes that are needed by the form login mechanism. <!ELEMENT login-config (auth-method?, realm-name?, form-loginconfig?)>

Removed the checkmark from options B and F


[ December 09, 2008: Message edited by: Christian Nicoll ]

SCJP 5, SCJD 5, SCWCD 5, SCBCD 5, SCJDWS 5
My SCBCD-Notes - OCMJEA 6 notes

 
JohnWilliam Fitz
Ranch Hand
Posts: 80
posted 8 years ago
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks so much! Looks like I should download and read the errata!
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!

Similar Threads