• Post Reply Bookmark Topic Watch Topic
  • New Topic

EPractice Lab mock exam 4 question 57  RSS feed

 
Himai Minh
Ranch Hand
Posts: 1517
9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Which web.xml element can be used to define authorization?
a. user-data-constraint
b. auth-constraint
c. transport-guarantee
d. login-config
e. web-resource-collection

Given answer is B.
Explanation: the auth-constraint indicates the user roles that should be permitted access to a resource collection.
It is defined as follows.
Example authorization : only ADMIN role can access applications with the url "/admin/*".
<security-constraint>
<web-resource-collection>
<web-resource-name>admin</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>ADMIN</role-name>
</auth-constraint>
</web-resource-collection>
</security-constraint>



I believe the correct answer should be e because in <web-resource-collection>, we can specify the url-pattern and http-method as well as <auth-constraint> to indicate who can have access to which url and which method.
The auth-constraint does not give enough information about which resource and method the role is allowed to accessed.
 
Frits Walraven
Creator of Enthuware JWS+ V6
Saloon Keeper
Posts: 2924
205
Android Chrome Eclipse IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I agree with your explanation.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!