Win a copy of Rust Web Development this week in the Other Languages forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Ron McLeod
  • Liutauras Vilda
  • Jeanne Boyarsky
Sheriffs:
  • Junilu Lacar
  • Rob Spoor
  • Paul Clapham
Saloon Keepers:
  • Tim Holloway
  • Tim Moores
  • Jesse Silverman
  • Stephan van Hulst
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Piet Souris
  • Frits Walraven

Marcus Green Quiz 1 - Mock Exam Question Doubt

 
Ranch Hand
Posts: 463
Eclipse IDE Tomcat Server Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi all,

Thanks to Marcus Green for very nice mock exam. In one question I have the following doubt.

Q: Which statemetns are true of the following snippet of a deployment descriptor.



A. It is faulty becasue it has multiple security-constraint elements
B. It is faulty because it does not supply the http-method tag
C. Only members of the manager role will be able to access the resource
D. Any user will be able to access the resource
E. No users will be able to access the resource

I choose option E as correct answer since empty auth constraint is the final as per HFSJ. However the correct answer is D.

The explanation is "Although the first auth-constraint is empty, implying no one will have access to the resource, this is cancelled out by the second auth-constraint that will allow anyone to access the resource. "

Is my understanding wrong? Please correct me.
 
Sheriff
Posts: 14691
16
Eclipse IDE VI Editor Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
This thread should help.
 
Sai Surya
Ranch Hand
Posts: 463
Eclipse IDE Tomcat Server Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Does this means that, the combination of empty auth constraint and auth constraint with * gives access to all?
I am thinking that empty constraint prevents access to all as per HFSJ
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE VI Editor Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
"The special case of an authorization constraint that names no roles shall combine with any other constraints to override their affects and cause access to be precluded." This means that nobody will have access.
 
Sai Surya
Ranch Hand
Posts: 463
Eclipse IDE Tomcat Server Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Ok So can I say Marcus Green mock exam question has pointed answer wrongly!
 
Sheriff
Posts: 9691
42
Android Google Web Toolkit Hibernate IntelliJ IDE Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There's an error in the code and not the answer. The code as given is

But it should be
 
Ranch Hand
Posts: 808
1
Android Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
OK, but despite that error the answer should be that nobody has the access.
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic