Win a copy of Testing JavaScript Applications this week in the HTML Pages with CSS and JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
Bartenders:
  • Piet Souris
  • Frits Walraven
  • Carey Brown

Head First Mock Exam 37

 
Bartender
Posts: 1924
13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Question 37 of the mock exam:


You are tasked with adding several security features to your company's Java EE web application.Specifically, you need to create several classes of users and based on a user's class, you need to restrict them to use only some of the application's pages. In order to restrict access, you must determine that users are who they say they are.
Which are true?
A. If you need to verify that users are who they say they are, you must use the application's deployment descriptor to implement that requirement.
...


The given answer says option A is incorrect because

you can also perform authentication programmatically.



I think option A is correct.
Reason:
1. I don't think authentication is performed programmatically. The isUserInRole checks the authenticated user if he/she is in a role. Or the getCallerPrincipal gets the username of the authenticated user.
2. In Tomcat, we use the vendor specific deployment descriptor , tomcat-users.xml to specify the username/password in order to authenticate the user.
 
Creator of Enthuware JWS+ V6
Posts: 3348
303
Android Eclipse IDE Chrome
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

I don't think authentication is performed programmatically.


You can always develop an authentication implementation yourself without the use of the web.xml. (the deployment descriptor for declarative authentication and authorization).

It just involves checking out whether someone is, in fact, who he is declared to be. You can add specific HTTP headers to the request and verify the user credentials (username, password, role) on the server side from a coupled database.
    Bookmark Topic Watch Topic
  • New Topic