• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

mock exam doubts on: security-constraint

 
Heilien Tsui
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi, I found this question from a web page:

Anyone can explain to me why C and E is a correct answer?


3: class MyServlet extends HttpServlet {
4: public void doPut(HttpServletRequest req,
HttpServletResponse resp)
throws ServletException, IOException {
5: // servlet code here
...
26: }
27: }
If the DD contains a single security constraint associated with MyServlet and its only <http-method> tags and <auth-constraint> tags are:
<http-method>GET</http-method>
<http-method>PUT</http-method>
<auth-constraint>Admin</auth-constraint>
Which four requests would be allowed by the container? (Choose four.)
A. A user whose role is Admin can perform a PUT.
B. A user whose role is Admin can perform a GET.
C. A user whose role is Admin can perform a POST.

D. A user whose role is Member can perform a PUT.
E. A user whose role is Member can perform a POST.
F. A user whose role is Member can perform a GET.
Answer: ABCE
 
Milton Ochoa
Ranch Hand
Posts: 336
Firefox Browser Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think C and E are correct, because, on the DD only are restringed GET and PUT for Admin, but the anothers methods (POST, etc), have free access to whatever roles on the application, that say the specification.
 
Heilien Tsui
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Milton Ochoa wrote:I think C and E are correct, because, on the DD only are restringed GET and PUT for Admin, but the anothers methods (POST, etc), have free access to whatever roles on the application, that say the specification.



you are right
thanks for the answer
 
Sudhaharan Siva
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
A & B also correct. Considering the DD configuration in mock question, only users with role as an Admin can perform GET and PUT on MyServlet. And users with any role including Admin, Member etc. can perform other http methods POST, TRACE, OPTIONS and HEAD.

With above understanding if you read the answers you would find A,B,C and E are correct.

thanks
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic