Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

EPractice Lab quiz 1 only 1 role-name in security-role tag

 
Himai Minh
Ranch Hand
Posts: 1361
7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator




Given this fragment in a servlet:

23. if(req.isUserInRole("Admin")) {
24. // do stuff
25. }


And the following fragment from the related Java EE deployment descriptor:
100. <security-role-ref>
101. <role-name>Admin</role-name>
102. <role-link>Administrator</role-link>
103. </security-role-ref>
104. <security-role>
105. <role-name>Admin</role-name>
106. <role-name>Administrator</role-name>
107. </security-role>

Which of the following statements are true?

a. Line 24 can never be reached.
b. The deployment descriptor is NOT valid.
c. If line 24 executes, the user's role will be Admin.
d. If line 24 executes, the user's role will be Administrator.
e. If line 24 executes the user's role will NOT be predictable.


Choice D is correct

The isUserInRole method of HttpServletRequest returns a boolean indicating whether the authenticated user is included in the specified logical "role". Roles and role membership can be defined using deployment descriptors. If the user has not been authenticated, the method returns false. Hence if line 24 executes, the user's role will be Administrator.

As I checked the servlet 3.0 specification, there is only one <role-name> in <security-role>. There should be not two role-name tags.
 
Frits Walraven
Creator of Enthuware JWS+ V6
Saloon Keeper
Pie
Posts: 2534
113
Android Chrome Eclipse IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You are right option B is correct here.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic