Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

HFSJ Edition 2 Final mock exam QNo:48

 
Niteen Patil
Ranch Hand
Posts: 45
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Q48:
Your web application has a valid dd with a single <security-constraint> tag. Within this tag exists:
- a single url pattern that declares directory1
- a single http method that declares POST
- a single role name that declares GUEST
If all of the resources for your application exist within directory1 and directory2, and MEMBER is also a valid role, which are true? (Choose all
that apply.)
A. GUESTs cannot do GET requests in directory1.
B. GUESTs can do GET requests in both directories.
C. GUESTs can do POST requests only in directory2.
D. MEMBERs can do GET requests in both directories.
E. GUESTs can do POST requests in both directories.
F. MEMBERs can do only POST requests in directory1.

Answer is : BDE.

The constraint in this scenario is that only GUESTs can do POSTs in directory1.
So according to this:
A. GUESTs cannot do GET requests in directory1. is correct
B. GUESTs can do GET requests in both directories. is wrong as GUESTs can do only POSTs in directory1.
so answer should be ADE.
Correct me if I am missing something.


 
Kapil Mishra
Greenhorn
Posts: 25
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Dear Nitinyanand,

You have missed a point...
According to given scenario, only POST request to resource is restricted to GUEST Role..
and if you restrict particular HTTP method then all other methods are unrestricted automatically.

So,all HTTP request excluding POST is unrestricted for all users..
Means any one can make GET request to resource, this anyone includes GUEST also...
But POST request can only made by GUEST.

Hope you understand-
KAPIL
 
Niteen Patil
Ranch Hand
Posts: 45
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Kapil,
It means the <http-method> and <url-pattern> combination is used to restrict the resources for only the specified roles and rest of the resources are not restricted.Am I right?
Thanks.
 
Kapil Mishra
Greenhorn
Posts: 25
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
yup........absolutely right !!!
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic