Win a copy of Spark in Action this week in the Open Source Projects forum!
    Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
Bartenders:
  • Piet Souris
  • Frits Walraven
  • Carey Brown

question no. 11 final mock exam hfsj 2nd edition doubt ?

 
Ranch Hand
Posts: 924
1
Netbeans IDE Fedora Java
  • Mark post as helpful
  • send pies
  • Report post to moderator
please consider the following question as copied from the hfsj book :


Given these fragments from within a single tag in a Java EE DD:
343. <web-resource-collection>
344. <web-resource-name>Recipes</web-resource-name>
345. <url-pattern>/Beer/Update/*</url-pattern>
346. <http-method>POST</http-method>
347. </web-resource-collection>
...
367. <auth-constraint>
368. <role-name>Member</role-name>
369. </auth-constraint>
...
385. <user-data-constraint>
386. <transport-guarantee>CONFIDENTIAL</transport-guarantee>
387. </user-data-constraint>
Which are true? (Choose all that apply.)
A. A Java EE DD can contain a single tag in which all of these tags can legally co-exist.
B. It is valid for more instances of <auth-constraint> to exist within the single tag described above.
C. It is valid for more instances of <user-data-constraint>
to exist within the single tag described above.
D. It is valid for more instances of <url-pattern> to exist within the <web-resource-collection> tag described above.
E. It is valid for other tags of the same type as the single encasing tag described above to have the same <url-pattern> as the tag above.
F. This tag implies that authorization, authentication, and data integrity security features are all declared for the web application.



the book says option A, B, D, E, F as the correct answers.

while i understood optin A D and E i had doubt about B and F. lets come to option F first. i made a sample program without <login-config> element but WITH <security-constraint> element. when i tried to access constrained resource it gave me 403 access denied error. option f says that the above xml snippet(in the question) declared authenticatin, authorisation and data integrity. while authorisation and data integrity are undersood , it is not true for authentication. we cant predict whether it has declared authentication . it is true that for before authorisation , authentication has to happen and by 403 error we know that the user needs to be authenticated but the exact elements are not declared in the xml file.

option B is wrong unless i misinterpreted the question. i put more than 1 auth-constraint tags inside <Security-constraint> and the web.xml gave error. so in my opinion option B and option f should be rules out unless somebody interprets quesiton in a way that they are true. please respond if somebody else had doubt in the same question ?

Regards
 
Sheriff
Posts: 11604
178
Hibernate jQuery Eclipse IDE Spring MySQL Database AngularJS Tomcat Server Chrome Java
  • Mark post as helpful
  • send pies
  • Report post to moderator
Locked

Discussion continues here.
 
Don't get me started about those stupid light bulbs.
    Bookmark Topic Watch Topic
  • New Topic