• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

confusion in <auth-constrain>

 
anu sav
Ranch Hand
Posts: 47
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have doubt in :
Q.30 from HFSJ final mock test
Ques is:

Your web application has a valid deployment descriptor in which student and sensei are the only security roles that have been defined.
The deployment descriptor contains two security constrains that declare the same resource to be constrained . These constrains are :



which are true ?

A. As the D.D. stands now, the constrained resource can be accessed by both the roles.
B.As the D.D. stands now, the constrained resource can be accessed by only sensei users.
c.As the D.D. stands now, the constrained resource can be accessed by only student users.
D. If the second <auth-constrain> tag is removed , the constrained resource can be accessed by both roles.
E.If the second <auth-constrain> tag is removed , the constrained resource can be accessed only by sensei users.
F.If the second <auth-constrain> tag is removed , the constrained resource can be accessed only by student users.


The answer given is : D

but i think F.

am I correct ? please make me correct if I am wrong.
 
Frits Walraven
Creator of Enthuware JWS+ V6
Saloon Keeper
Pie
Posts: 2438
95
Android Chrome Eclipse IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Ana,

I think you are correct, that must be a mistake in the mock-exam. The second <auth-constraint> disallows everybody, so when it is removed the other constraint applies and this will allow students. (note: it is constraint i.s.o constrain)

Regards,
Frits
 
Michael Angstadt
Ranch Hand
Posts: 277
Eclipse IDE Java PHP
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
ana,

This is indeed a mistake, as stated in the Errata. The correct answer is F.
 
anu sav
Ranch Hand
Posts: 47
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
thanks guys.
 
Ankur Gargg
Ranch Hand
Posts: 55
Java jQuery Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi

Lack of <auth-constraint> means unauthenticated access.

So both roles will be allowed to access the resources.

 
Piyush Joshi
Ranch Hand
Posts: 207
Eclipse IDE Firefox Browser jQuery
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The errata mentioned above is wrong! Though the errata got approved by authors but it is wrong.

See this post
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic