confusion in <auth-constrain>

anu sav

Ranch Hand

Posts: 47

posted 7 years ago

I have doubt in :

Q.30 from HFSJ final mock test

Ques is:

Your web application has a valid deployment descriptor in which student and sensei are the only security roles that have been defined.
The deployment descriptor contains two security constrains that declare the same resource to be constrained . These constrains are :

which are true ?

A. As the D.D. stands now, the constrained resource can be accessed by both the roles.
B.As the D.D. stands now, the constrained resource can be accessed by only sensei users.
c.As the D.D. stands now, the constrained resource can be accessed by only student users.
D. If the second <auth-constrain> tag is removed , the constrained resource can be accessed by both roles.
E.If the second <auth-constrain> tag is removed , the constrained resource can be accessed only by sensei users.
F.If the second <auth-constrain> tag is removed , the constrained resource can be accessed only by student users.

The answer given is : D

but i think F.

am I correct ? please make me correct if I am wrong.

Frits Walraven

Creator of Enthuware JWS+ V6
Saloon Keeper

Posts: 2939

208

I like...

posted 7 years ago

Hi Ana,

I think you are correct, that must be a mistake in the mock-exam. The second <auth-constraint> disallows everybody, so when it is removed the other constraint applies and this will allow students. (note: it is constraint i.s.o constrain)

Regards,
Frits

Michael Angstadt

Ranch Hand

Posts: 278

I like...