Win a copy of Learning Java by Building Android Games this week in the Android forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Bear Bibeault
  • Jeanne Boyarsky
  • Tim Cooke
Sheriffs:
  • Knute Snortum
  • Junilu Lacar
  • Devaka Cooray
Saloon Keepers:
  • Ganesh Patekar
  • Tim Moores
  • Carey Brown
  • Stephan van Hulst
  • salvin francis
Bartenders:
  • Ron McLeod
  • Frits Walraven
  • Pete Letkeman

Final Mock Test Question 10 Head First and Servlets  RSS feed

 
Ranch Hand
Posts: 634
Chrome Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Final Mock Test Question 10 Head First and Servlets


You have determined that certain capabilities in your web application will require that
users be registered members. In addition, your web application sometimes deals with user
data that your users want you to keep confidential.
Which are true? (Choose all that apply.)

A. You can make transmitted data confidential only after your application has
verified the user’s password.
B. Of the various types of authentication guaranteed by a Java EE container, only
BASIC, Digest, and Form Based are implemented by matching a user name to a
password.
C. No matter what type of Java EE authentication mechanism you use, it will only
be activated when an otherwise constrained resource is requested.
D. All of the Java EE guaranteed types of authentication provide strong data
security without the need to implement supporting security features

Correct answer:C
For authentication we use the login-config DD element and it can be used even if we dont specify a security-constraint element in DD i.e. we are using authentication with not authorization ,data integrity .
authentication is activated before authorization.
So ,C is Wrong.

what wrong with option B ?
Of the various types of authentication guaranteed by a Java EE container, only
BASIC, Digest, and Form Based are implemented by matching a user name to a
password.
We are matching username and password as specified in Tomcat-users.xml
 
Mohit G Gupta
Ranch Hand
Posts: 634
Chrome Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Please Help me fellow ranchers.
 
Creator of Enthuware JWS+ V6
Bartender
Posts: 3138
269
Android Chrome Eclipse IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

B. Of the various types of authentication guaranteed by a Java EE container, only
BASIC, Digest, and Form Based are implemented by matching a user name to a
password.
what wrong with option B ?


This is a trick question (testing whether you know that DIGEST based authentication is required by the web-container or not)

Only BASIC annd FORM based authentication are mandated (i.e. guaranteed) by the specs,
this is what they write about DIGEST

jsp 2.0 SRV.12.5.2 HTTP Digest Authentication
As Digest Authentication is not currently in widespread use, servlet
containers are encouraged but not required to support it.



Regards,
Frits
 
Don't get me started about those stupid light bulbs.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!