This week's book giveaway is in the Features new in Java 9 forum.
We're giving away four copies of Java 9 Revealed and have Kishori Sharan on-line!
See this thread for details.
Win a copy of Java 9 Revealed this week in the Features new in Java 9 forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

<security-constraint> doubt  RSS feed

 
Parth Twari
Ranch Hand
Posts: 163
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Source : Marcus

Which statements are true of the following snippet of a deployment descriptor.



A. It is faulty becasue it has multiple security-constraint elements Incorrect
B. It is faulty because it does not supply the http-method tag Incorrect
C. Only members of the manager role will be able to access the resource Incorrect
D. Any user will be able to access the resource Correct
E. No users will be able to access the resource

Answer: D

I think it shall be E , I tested it and it was coming as E only. Can anyone explain?
 
Frits Walraven
Creator of Enthuware JWS+ V6
Saloon Keeper
Posts: 2919
205
Android Chrome Eclipse IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Parth,

You are correct: when more than one constraint is set for the same resource: the no-value authority is overriding.

Regards,
Frits
 
Parth Twari
Ranch Hand
Posts: 163
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
ok..

Don't you think there shall be an error as well because of wrong placement of
<role-name>manager</role-name>

<auth-constraint>
</auth-constraint>
<role-name>manager</role-name>
</security-constraint>


and because

<web-resource-name>Sensitive</web-resource-name>


is same in both the constraints?
 
Frits Walraven
Creator of Enthuware JWS+ V6
Saloon Keeper
Posts: 2919
205
Android Chrome Eclipse IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Don't you think there shall be an error as well because of wrong placement of
<role-name>manager</role-name>

Yes, that won't work.....
<web-resource-name> is same in both the constraints?

This might work.... but it should not have the same name, you are right

Regards,
Frits
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!