Hello JohnWilliam,
your are right. Check this link
http://oreilly.com/catalog/9780596516680/errata/. Under "Changes made in the 07/08 printing" you 'll find there the following sentence:
[833] Question 11;
Answers given are A,B,D,E,F
But, options B and F should not be correct.
- Only one instance of <auth-constraint> will exist within one <security-constraint> tag. The deployment descriptor DTD has the following definition for <security-constraint> as per servlet spec is <!ELEMENT security-constraint (web-resource-collection+, auth-constraint?, user-data-constraint?)> - This tag implies that authorization, data integrity and confidentiality security features are all declared for the wen application. And not authentication. Authentication is declared using the <login-config> tag. As per the servlet spec - The login-config element is used to configure the authentication method that should be used, the realm name that should be used for this application, and the attributes that are needed by the form login mechanism. <!ELEMENT login-config (auth-method?, realm-name?, form-loginconfig?)>
Removed the checkmark from options B and F
[ December 09, 2008: Message edited by: Christian Nicoll ]