• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Dobt in Security Question

 
Ranch Hand
Posts: 125
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

Which two pieces of information are needed when declaring the web resource collection in the
deployment descriptor? (Choose two.)
A. the URL pattern that requires authorization
B. the HTTP methods that require authorization
C. the users allowed access to the web resource
D. the J2EE roles allowed access to the web resource
E. the authentication mechanism required by the web resource.

I thought the answer is A .but 2 options are given as correct.please help me.
 
Bartender
Posts: 4116
72
Mac TypeScript Chrome Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Please QuoteYourSources
 
sravanthi pulukuri
Ranch Hand
Posts: 125
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hi,
It is in WhizLabs questions.
 
Ranch Hand
Posts: 170
Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
the web-resource-collection:
<!ELEMENT web-resource-collection (web-resource-name, description?, url-pattern*, http-method*)>
so you can see that only url-pattern and http-method (GET, POST etc..) are needed in this element.

the other answers are specified in sub elements of <security-constraint>, not <web-resource-collection>...
 
Ranch Hand
Posts: 73
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
The answers will be A and B.
Go through the below link for more details:

http://edocs.bea.com/wls/docs61/webapp/web_xml.html#1017885

Please correct me if i am wrong.
 
Ranch Hand
Posts: 44
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I think option E may also be correct ...becoz....authentication is required before authorisation....let me know if i am wrong





goutam
scjp 1.4 86%
 
Sheriff
Posts: 22781
131
Eclipse IDE Spring VI Editor Chrome Java Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
But as Jonathan said, that's not part of the web-resource-collection element.
 
sravanthi pulukuri
Ranch Hand
Posts: 125
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hi,

I dont think Http-method is mandatory .. because they say if we dont specify any method there is no restriction at all.
correct me if iam wrong.
 
sravanthi pulukuri
Ranch Hand
Posts: 125
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Sorry for th earlier post ,it says all methods are constrained if no method is specified.
 
Goutam Chowdhury
Ranch Hand
Posts: 44
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
in security-constraint element has only one required element <web-resource-collection> and <web-resource-collection> has only one mandatory element <web-resource-name> and <url-pattern> element must be atleastone ,but can have many


goutam SCJP1,4 86%
 
Ranch Hand
Posts: 231
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I think the question is ambiguous. I agree with Goutam's observation that only <url-pattern> is mandatory.
<http-method> element may be used but is NOT a must to constrain resources for http methods. Since a missing <http-method> element would constrain mentioned resources for all http methods.
But the question says Choose two options then the best answer is A and B.
 
Ranch Hand
Posts: 62
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Options A and E are correct b'coz A ul patterns are complusory . And if you are planning to use authorization , you must make the user authenticated , for that you need <login-config>.
 
Harvinder Thakur
Ranch Hand
Posts: 231
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hmm. E seems to be the valid option. Infact, without authentication you cannot be authorized. Well said Ani. I agree with you. I missed that.
 
Rob Spoor
Sheriff
Posts: 22781
131
Eclipse IDE Spring VI Editor Chrome Java Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Rob Prime wrote:But as Jonathan said, that's not part of the web-resource-collection element.


I'm quoting myself just because I'm right
 
Harvinder Thakur
Ranch Hand
Posts: 231
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Rob, IMHO, the very first time i just took Jonathan's word and agreed with options A & B.
But Ani threw a different and deeper perspective and a very valid one too.
Can you please tell why not E? I mean the option B to me seems to be more derived from the literal interpretation of the wording of the question. But conceptually and practically is'nt <login-config> needed to make the <web-resource-collection> work in the first place. Because if i am constraining a resource for authorization (where <http-method> is NOT a must) I MUST define the authentication info in the DD. Thereby making E a valid choice.
 
Rob Spoor
Sheriff
Posts: 22781
131
Eclipse IDE Spring VI Editor Chrome Java Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You know, after re-reading the question I am inclined to go with you as well. The question does not mention what has to be inside the web resource collection element, only what is needed to get it to work. And then the login-config is needed as well.
 
sravanthi pulukuri
Ranch Hand
Posts: 125
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hi
Thak you so much guys for sharing you thoughts.so we can go with A and E i guess.
 
Every plan is a little cooler if you have a blimp. And a tiny ad.
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic