Bookmark Topic Watch Topic
  • New Topic

question no. 11 final mock exam hfsj 2nd edition doubt ?

 
gurpeet singh
Ranch Hand
Posts: 924
1
Fedora Java Netbeans IDE
  • Mark post as helpful
  • send pies
  • Report post to moderator
please consider the following question as copied from the hfsj book :


Given these fragments from within a single tag in a Java EE DD:
343. <web-resource-collection>
344. <web-resource-name>Recipes</web-resource-name>
345. <url-pattern>/Beer/Update/*</url-pattern>
346. <http-method>POST</http-method>
347. </web-resource-collection>
...
367. <auth-constraint>
368. <role-name>Member</role-name>
369. </auth-constraint>
...
385. <user-data-constraint>
386. <transport-guarantee>CONFIDENTIAL</transport-guarantee>
387. </user-data-constraint>
Which are true? (Choose all that apply.)
A. A Java EE DD can contain a single tag in which all of these tags can legally co-exist.
B. It is valid for more instances of <auth-constraint> to exist within the single tag described above.
C. It is valid for more instances of <user-data-constraint>
to exist within the single tag described above.
D. It is valid for more instances of <url-pattern> to exist within the <web-resource-collection> tag described above.
E. It is valid for other tags of the same type as the single encasing tag described above to have the same <url-pattern> as the tag above.
F. This tag implies that authorization, authentication, and data integrity security features are all declared for the web application.


the book says option A, B, D, E, F as the correct answers.

while i understood optin A D and E i had doubt about B and F. lets come to option F first. i made a sample program without <login-config> element but WITH <security-constraint> element. when i tried to access constrained resource it gave me 403 access denied error. option f says that the above xml snippet(in the question) declared authenticatin, authorisation and data integrity. while authorisation and data integrity are undersood , it is not true for authentication. we cant predict whether it has declared authentication . it is true that for before authorisation , authentication has to happen and by 403 error we know that the user needs to be authenticated but the exact elements are not declared in the xml file.

option B is wrong unless i misinterpreted the question. i put more than 1 auth-constraint tags inside <Security-constraint> and the web.xml gave error. so in my opinion option B and option f should be rules out unless somebody interprets quesiton in a way that they are true. please respond if somebody else had doubt in the same question ?

Regards
 
Roel De Nijs
Sheriff
Posts: 10666
144
AngularJS Chrome Eclipse IDE Hibernate Java jQuery MySQL Database Spring Tomcat Server
  • Mark post as helpful
  • send pies
  • Report post to moderator
Locked

Discussion continues here.
 
    Bookmark Topic Watch Topic
  • New Topic