• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Doubt with the tag <auth-constraint>

 
Ashish Gupta
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I came accross the follwoing question:

Given:
class MyServlet extends HttpServlet {
public void doPut(HttpServletRequest req, HttpServletResponse resp) throws ServletException,
IOException {
// servlet code here ...
}
}
If the DD contains a single security constraint associated with MyServlet and its only <http-method> tags
and <auth-constraint> tags are:
<http-method>GET</http-method>
<http-method>PUT</http-method>
<auth-constraint>Admin</auth-constraint>

Which four requests would be allowed by the container? (Choose four.)
A. A user whose role is Admin can perform a PUT.
B. A user whose role is Admin can perform a GET.
C. A user whose role is Admin can perform a POST.
D. A user whose role is Member can perform a PUT.
E. A user whose role is Member can perform a POST.
F. A user whose role is Member can perform a GET.

Answer for this question is given as: A, B, C and E

But I feel the answer should be A, B and D, because the user "Admin" has been given privilege to do GET and PUT, while TRACE, HEAD and PUT are default allowed to every user, hence the other user "Member" can do PUT.

Please let me know, if my understanding of the concept is wrong. A quick answer would be highly appretiaed as I am going to write the exam on 20th july.

Thanks & Regards,
Ashish
 
Ashish Gupta
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Everyone,

Following forum post has clarified my doubt:
http://www.coderanch.com/t/432792/Web-Component-Certification-SCWCD/certification/about-constraints

Thanks & Regards,
Ashish
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic