• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Head First Mock Exam 37

 
Himai Minh
Ranch Hand
Posts: 1360
7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Question 37 of the mock exam:

You are tasked with adding several security features to your company's Java EE web application.Specifically, you need to create several classes of users and based on a user's class, you need to restrict them to use only some of the application's pages. In order to restrict access, you must determine that users are who they say they are.
Which are true?
A. If you need to verify that users are who they say they are, you must use the application's deployment descriptor to implement that requirement.
...

The given answer says option A is incorrect because
you can also perform authentication programmatically.


I think option A is correct.
Reason:
1. I don't think authentication is performed programmatically. The isUserInRole checks the authenticated user if he/she is in a role. Or the getCallerPrincipal gets the username of the authenticated user.
2. In Tomcat, we use the vendor specific deployment descriptor , tomcat-users.xml to specify the username/password in order to authenticate the user.
 
Frits Walraven
Creator of Enthuware JWS+ V6
Saloon Keeper
Pie
Posts: 2533
113
Android Chrome Eclipse IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I don't think authentication is performed programmatically.

You can always develop an authentication implementation yourself without the use of the web.xml. (the deployment descriptor for declarative authentication and authorization).

It just involves checking out whether someone is, in fact, who he is declared to be. You can add specific HTTP headers to the request and verify the user credentials (username, password, role) on the server side from a coupled database.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic