• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

question on authorization

 
kumar kiran
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i saw one question like this...the following code is described in DD

<security-constraint>
<web-resource-collection>
<web-resource-name>Foo</web-resource-name>
<url-pattern>/Bar/Baz/*</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>DEVELOPER</role-name>
</auth-constraint>
</security-constraint>

And given that "MANAGER" is a valid role-name, which four are true for this security constraint?
(Choose four.)
A. MANAGER can do a GET on resources in the /Bar/Baz directory.
B. MANAGER can do a POST on any resource in the /Bar/Baz directory.
C. MANAGER can do a TRACE on any resource in the /Bar/Baz directory.
D. DEVELOPER can do a GET on resources in the /Bar/Baz directory.
E. DEVELOPER can do only a POST on resources in the /Bar/Baz directory.
F. DEVELOPER can do a TRACE on any resource in the /Bar/Baz directory.

my answer is A,B,E but they gave answer as A,C,D,F. which answer is correct
 
Tuna Töre
Ranch Hand
Posts: 220
Eclipse IDE Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator



This contraint says that only DEVELOPER can do POST request to the source defined in url-pattern.
However this does not mean that DEVELOPER can not do GET ,TRACE,PUT... If you do not specify this method on http-method tag all roles can do methods except defined http-method. Therefore all roles can do GET,TRACE, DELETE,PUT on this source...
But only DEVELOPER can do POST request others can not do POST!!!


According to question;

A. MANAGER can do a GET on resources in the /Bar/Baz directory. YES can do (But can not do POST)
B. MANAGER can do a POST on any resource in the /Bar/Baz directory. NO only developers can do that
C. MANAGER can do a TRACE on any resource in the /Bar/Baz directory. YES can do (But can not do POST)
D. DEVELOPER can do a GET on resources in the /Bar/Baz directory. YES can do (All roles can do GET,TRACE,DELETE..) + POST can be done
E. DEVELOPER can do only a POST on resources in the /Bar/Baz directory. NO (All roles can do GET,TRACE,DELETE..)
F. DEVELOPER can do a TRACE on any resource in the /Bar/Baz directory. YES can do (All roles can do GET,TRACE,DELETE..) + POST can be done

 
kumar kiran
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
thanks for the reply...earlier i was little bit confused ..thaks to clear my doubt
 
Tuna Töre
Ranch Hand
Posts: 220
Eclipse IDE Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You are welcome
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic