Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

SCWCD question

 
shilpa siva
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all...
I've a question from SCWCD exam on servlets...

Given:
3. class MyServlet extends HttpServlet {
4. public void doPut(HttpServletRequest req, HttpServletResponse resp) throws ServletException,
IOException {
5. // servlet code here ...
26. }
27. }
If the DD contains a single security constraint associated with MyServlet and its only <http-method> tags
and <auth-constraint> tags are:
<http-method>GET</http-method>
<http-method>PUT</http-method>
<auth-constraint>Admin</auth-constraint>
Which four requests would be allowed by the container? (Choose four.)
A. A user whose role is Admin can perform a PUT.
B. A user whose role is Admin can perform a GET.
C. A user whose role is Admin can perform a POST.
D. A user whose role is Member can perform a PUT.
E. A user whose role is Member can perform a POST.
F. A user whose role is Member can perform a GET.


and the answer for this is A,B,C,E....

can any one please explain how come the given answers are correct cos according to my knowledge only A,B are correct...
 
Ashwin Sridhar
Ranch Hand
Posts: 277
Flex Oracle Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
GET and POST can be done only by user with role ADMIN.

All other roles can perform anything other than GET and PUT on this resource
 
Stoian Azarov
Ranch Hand
Posts: 113
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ashwin is right!
Only GET and POST are constrained, so these two http methods can be used only by users possessing Admin role.
All other methods are not constrained - so any user can make requests with these methods: Admin, Member etc.

Answers C. and E. - POST is not a constrained method - everybody is allowed to make POST requests
Regards
 
Stoian Azarov
Ranch Hand
Posts: 113
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have just found the page in Head First S & JSP where this topic is explained in details: page 666
 
Avinash Ga
Ranch Hand
Posts: 78
Eclipse IDE Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Shilpa,

The Answers A,B,C,E are the correct ones,

Because the constraint rule says, only the Admin Can do Get and Put on the resource, But it is not restricting the Admin by doing Post,
Also the constraint is not at all restricting a Member from Doing Post on the Resource,
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic