Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

EPractice Lab mock exam 4 question 57

 
Himai Minh
Ranch Hand
Posts: 1361
7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Which web.xml element can be used to define authorization?
a. user-data-constraint
b. auth-constraint
c. transport-guarantee
d. login-config
e. web-resource-collection

Given answer is B.
Explanation: the auth-constraint indicates the user roles that should be permitted access to a resource collection.
It is defined as follows.
Example authorization : only ADMIN role can access applications with the url "/admin/*".
<security-constraint>
<web-resource-collection>
<web-resource-name>admin</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>ADMIN</role-name>
</auth-constraint>
</web-resource-collection>
</security-constraint>



I believe the correct answer should be e because in <web-resource-collection>, we can specify the url-pattern and http-method as well as <auth-constraint> to indicate who can have access to which url and which method.
The auth-constraint does not give enough information about which resource and method the role is allowed to accessed.
 
Frits Walraven
Creator of Enthuware JWS+ V6
Saloon Keeper
Pie
Posts: 2534
113
Android Chrome Eclipse IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I agree with your explanation.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic