This week's book giveaway is in the Agile and Other Processes forum.
We're giving away four copies of The Little Book of Impediments (e-book only) and have Tom Perry on-line!
See this thread for details.
Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Problem with <auth-constraint>

 
Maciek Mike
Greenhorn
Posts: 22
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

In HFSJ book errata I found this question fix:


First security constraint contains:.
234. <auth-constraint>
235. <role-name>student</role-name>
236. </auth-constraint>


And the second security constraint contains:
251. <auth-constraint/>

Answer D
D: If the second <auth-constraint> tag is removed, the constrained resource can be accessed by both roles.
Is wrong and answer F:
F: If the second <auth-constraint> tag is removed, the constrained resource can be accessed only by student users.
Is the correct answer.


Why D is wrong?
 
Ankit Garg
Sheriff
Posts: 9580
33
Android Google Web Toolkit Hibernate IntelliJ IDE Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This has been asked in the forum before. I agree that the answer should be D and not F. I submitted an errata of this errata here but it seems no one saw it...
 
Bob Wheeler
Ranch Hand
Posts: 317
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Maciek Mike wrote:Hi,
D: If the second <auth-constraint> tag is removed, the constrained resource can be accessed by both roles.
Is wrong and answer F:

You have only one role (student). With the second auth-constraint tag nobody (to be precise, no role) has access to the constrained HTTP method. But if you remove the empty auth-constraint tag the role student has access again.

EDIT: I just read the post from Ankit. It's right, if you remove the auth-constraints altogether everybody has access. Still D is wrong, because I don't see a second role in the code (Or so ). Must be a trap for the poor coders


cheers
Bob
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic