• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Paul Clapham
  • Ron McLeod
Sheriffs:
  • Jeanne Boyarsky
  • Liutauras Vilda
Saloon Keepers:
  • Tim Holloway
  • Carey Brown
  • Roland Mueller
  • Piet Souris
Bartenders:

Question 30 - Final mock exam HFSJ

 
Ranch Hand
Posts: 60
1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The question is


Your web application has a valid DD in which student and sensei are the only security roles that have been defined. The DD contains two security constraints that declare the same resource to be constrained. The first security constraint contains:





And the second security constraint contains





Which are true? (Choose all that apply.)

A. As the DD stands now, the constrained resource can be accessed by both roles.
B. As the DD stands now, the constrained resource can be accessed only be sensei users.
C. As the DD stands now, the constrained resource can be accessed only by student users.
D. If the second <auth-constraint> tag is removed, the constrained resource can be accessed by both roles.
E. If the second <auth-constraint> tag is removed, the constrained resource can be accessed only by sensei users.
F. If the second <auth-constraint> tag is removed, the constrained resource can be accessed only by student users.



The answer given is D.

I think the answer should be E, as removing the second auth-constraint means all users are no longer restricted, but students are still restricted to the resource, therefore only sensei users can access it. Please tell me if I'm correct?
 
Ranch Hand
Posts: 207
jQuery Eclipse IDE Firefox Browser
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Again here also you are confusing the meaning of <auth-constraint> tag. See This.
<auth-constraint>
<role-name>student</role-name>
</auth-constraint>
does NOT mean that the given request on the given resource is restricted for student role. It means that the given request on the given resource is restricted for roles OTHER THAN student.
 
Paul Statham
Ranch Hand
Posts: 60
1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thank you Piyush, I had it mixed up obviously.
 
Ranch Hand
Posts: 55
jQuery Tomcat Server Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
As per me the answer should be F.
Correct me if I am wrong..
 
Piyush Joshi
Ranch Hand
Posts: 207
jQuery Eclipse IDE Firefox Browser
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
No its wrong..
Remember that if there is no auth-constraint tag then every role is allowed.

First auth-constraint says students are allowed
If second auth-constraint tag is removed then it will mean that every role is allowed.
Therefore the combined effect of these two will be that every role will be allowed.

Things to remember:
Role1 + Role2 = Role1 and Role2
Role1 + everybody = everybody
Role1 + nobody = nobody
 
Ranch Hand
Posts: 113
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Then it is good to correct the errata because someone reported the same mistake(wrong correction).

And this proposition even got approved
Errata - Page 843 Question 30
 
Piyush Joshi
Ranch Hand
Posts: 207
jQuery Eclipse IDE Firefox Browser
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yes the errata should be corrected.

Servlet 3.0 specification section 13.8 says:

If no authorization constraint applies to a request, the container must accept the
request without requiring user authentication.



also in the HFSJ book at page 668 it's mentioned as:

If an <auth-constraint> does NOT exist, the Container MUST allow unauthenticated access for these URLs.



Then for combining constraints:

Servlet 3.0 Specification section 13.8.1 says:

A security constraint that does not contain an authorization constraint shall combine with authorization constraints that name or imply roles to allow unauthenticated access.



From this, its clear that the option D is correct.

But how to correct the errata? Should another errata be raised to correct it?
 
Stoian Azarov
Ranch Hand
Posts: 113
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have seen many duplicate reports, so I suppose that there is not established process of editing the existing posts.
Even though we might ask o'reilly for any case.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic