Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Dobt in Security Question

 
sravanthi pulukuri
Ranch Hand
Posts: 125
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Which two pieces of information are needed when declaring the web resource collection in the
deployment descriptor? (Choose two.)
A. the URL pattern that requires authorization
B. the HTTP methods that require authorization
C. the users allowed access to the web resource
D. the J2EE roles allowed access to the web resource
E. the authentication mechanism required by the web resource.

I thought the answer is A .but 2 options are given as correct.please help me.
 
Vijitha Kumara
Bartender
Pie
Posts: 3930
21
Chrome Fedora Hibernate
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Please QuoteYourSources
 
sravanthi pulukuri
Ranch Hand
Posts: 125
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi,
It is in WhizLabs questions.
 
Jonathan Elkharrat
Ranch Hand
Posts: 170
Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
the web-resource-collection:
<!ELEMENT web-resource-collection (web-resource-name, description?, url-pattern*, http-method*)>
so you can see that only url-pattern and http-method (GET, POST etc..) are needed in this element.

the other answers are specified in sub elements of <security-constraint>, not <web-resource-collection>...
 
Shruthi Sam
Ranch Hand
Posts: 73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
The answers will be A and B.
Go through the below link for more details:

http://edocs.bea.com/wls/docs61/webapp/web_xml.html#1017885

Please correct me if i am wrong.
 
Goutam Chowdhury
Ranch Hand
Posts: 44
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think option E may also be correct ...becoz....authentication is required before authorisation....let me know if i am wrong





goutam
scjp 1.4 86%
 
Rob Spoor
Sheriff
Pie
Posts: 20753
68
Chrome Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
But as Jonathan said, that's not part of the web-resource-collection element.
 
sravanthi pulukuri
Ranch Hand
Posts: 125
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi,

I dont think Http-method is mandatory .. because they say if we dont specify any method there is no restriction at all.
correct me if iam wrong.
 
sravanthi pulukuri
Ranch Hand
Posts: 125
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sorry for th earlier post ,it says all methods are constrained if no method is specified.
 
Goutam Chowdhury
Ranch Hand
Posts: 44
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
in security-constraint element has only one required element <web-resource-collection> and <web-resource-collection> has only one mandatory element <web-resource-name> and <url-pattern> element must be atleastone ,but can have many


goutam SCJP1,4 86%
 
Harvinder Thakur
Ranch Hand
Posts: 231
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think the question is ambiguous. I agree with Goutam's observation that only <url-pattern> is mandatory.
<http-method> element may be used but is NOT a must to constrain resources for http methods. Since a missing <http-method> element would constrain mentioned resources for all http methods.
But the question says Choose two options then the best answer is A and B.
 
ani jadhao
Ranch Hand
Posts: 62
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Options A and E are correct b'coz A ul patterns are complusory . And if you are planning to use authorization , you must make the user authenticated , for that you need <login-config>.
 
Harvinder Thakur
Ranch Hand
Posts: 231
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hmm. E seems to be the valid option. Infact, without authentication you cannot be authorized. Well said Ani. I agree with you. I missed that.
 
Rob Spoor
Sheriff
Pie
Posts: 20753
68
Chrome Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Rob Prime wrote:But as Jonathan said, that's not part of the web-resource-collection element.

I'm quoting myself just because I'm right
 
Harvinder Thakur
Ranch Hand
Posts: 231
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Rob, IMHO, the very first time i just took Jonathan's word and agreed with options A & B.
But Ani threw a different and deeper perspective and a very valid one too.
Can you please tell why not E? I mean the option B to me seems to be more derived from the literal interpretation of the wording of the question. But conceptually and practically is'nt <login-config> needed to make the <web-resource-collection> work in the first place. Because if i am constraining a resource for authorization (where <http-method> is NOT a must) I MUST define the authentication info in the DD. Thereby making E a valid choice.
 
Rob Spoor
Sheriff
Pie
Posts: 20753
68
Chrome Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You know, after re-reading the question I am inclined to go with you as well. The question does not mention what has to be inside the web resource collection element, only what is needed to get it to work. And then the login-config is needed as well.
 
sravanthi pulukuri
Ranch Hand
Posts: 125
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi
Thak you so much guys for sharing you thoughts.so we can go with A and E i guess.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic