Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Head first book mock exam doubt

 
Amru Jahagirdar
Ranch Hand
Posts: 39
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have head first servlet & jsp 2nd edition book.

In the final mock exam question no 30. is

In DD we have 2 security roles defined : student and sebsei.
There are 2 security constraint elements that declare same resource to be constrained.

First security constraint is:

<aurth-constraint>
<role-name> student <role-name>
</aurth-constraint>

Second security constraint has:
<aurth-constraint/>

The answer given in book is option D that says:

If second <aurth-constraint> element is removed, the constrained resource can be accessed by both the roles.

But I think the answer should be option F that says:

If second <aurth-constraint> element is removed, the constrained resource can be accessed by only student role.

Please let me know.
 
Bindu Lakhanpal
Ranch Hand
Posts: 171
Flex Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Errata
 
Amru Jahagirdar
Ranch Hand
Posts: 39
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Bindu...
 
Tommi Vd
Ranch Hand
Posts: 49
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
is it me or are the exams from the head first book more difficult than others and those on the exam?
 
Ankit Garg
Sheriff
Posts: 9528
32
Android Google Web Toolkit Hibernate IntelliJ IDE Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thomas Van Driessche wrote:is it me or are the exams from the head first book more difficult than others and those on the exam?


No its not you, the questions on the Head First book are tougher than the real exam...
 
Pete Pommelich
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I don't understand this yet. If we have the following part of the DD


And we remove the second <auth-constraint/>, the above DD part is equal to the following

(see page 669 2nd Edition) which means, everbody can make a request for the constraint resource. Or am I wrong?

Kind Regards,
Pete
 
Ankit Garg
Sheriff
Posts: 9528
32
Android Google Web Toolkit Hibernate IntelliJ IDE Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes you are right. If there's no auth-constraint element for a security constraint element, then every user can access that resource...
 
Pete Pommelich
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
So, answer D
If second <aurth-constraint> element is removed, the constrained resource can be accessed by both the roles.
is still correct, isn't it?
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic