In the final mock exam question no 30. is
In DD we have 2 security roles defined : student and sebsei.
There are 2 security constraint elements that declare same resource to be constrained.
First security constraint is:
<role-name> student <role-name>
Second security constraint has:
The answer given in book is option D that says:
If second <aurth-constraint> element is removed, the constrained resource can be accessed by both the roles.
But I think the answer should be option F that says:
If second <aurth-constraint> element is removed, the constrained resource can be accessed by only student role.
Please let me know.
I don't understand this yet. If we have the following part of the DD
And we remove the second <auth-constraint/>, the above DD part is equal to the following
(see page 669 2nd Edition) which means, everbody can make a request for the constraint resource. Or am I wrong?