• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Ron McLeod
  • Jeanne Boyarsky
Sheriffs:
  • Paul Clapham
Saloon Keepers:
  • Tim Holloway
  • Roland Mueller
Bartenders:

confusion in <auth-constrain>

 
Ranch Hand
Posts: 47
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have doubt in :

Q.30 from HFSJ final mock test

Ques is:


Your web application has a valid deployment descriptor in which student and sensei are the only security roles that have been defined.
The deployment descriptor contains two security constrains that declare the same resource to be constrained . These constrains are :




which are true ?

A. As the D.D. stands now, the constrained resource can be accessed by both the roles.
B.As the D.D. stands now, the constrained resource can be accessed by only sensei users.
c.As the D.D. stands now, the constrained resource can be accessed by only student users.
D. If the second <auth-constrain> tag is removed , the constrained resource can be accessed by both roles.
E.If the second <auth-constrain> tag is removed , the constrained resource can be accessed only by sensei users.
F.If the second <auth-constrain> tag is removed , the constrained resource can be accessed only by student users.



The answer given is : D

but i think F.

am I correct ? please make me correct if I am wrong.
 
Creator of Enthuware JWS+ V6
Posts: 3412
320
Android Eclipse IDE Chrome
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Ana,

I think you are correct, that must be a mistake in the mock-exam. The second <auth-constraint> disallows everybody, so when it is removed the other constraint applies and this will allow students. (note: it is constraint i.s.o constrain)

Regards,
Frits
 
Ranch Hand
Posts: 282
Eclipse IDE PHP Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
ana,

This is indeed a mistake, as stated in the Errata. The correct answer is F.
 
anu sav
Ranch Hand
Posts: 47
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
thanks guys.
 
Ranch Hand
Posts: 55
jQuery Tomcat Server Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi

Lack of <auth-constraint> means unauthenticated access.

So both roles will be allowed to access the resources.

 
Ranch Hand
Posts: 207
jQuery Eclipse IDE Firefox Browser
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The errata mentioned above is wrong! Though the errata got approved by authors but it is wrong.

See this post
 
Yeah, but is it art? What do you think tiny ad?
Clean our rivers and oceans from home
https://www.kickstarter.com/projects/paulwheaton/willow-feeders
reply
    Bookmark Topic Watch Topic
  • New Topic