• Post Reply Bookmark Topic Watch Topic
  • New Topic

EPractice Lab quiz 1 only 1 role-name in security-role tag  RSS feed

 
Himai Minh
Ranch Hand
Posts: 1517
9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator




Given this fragment in a servlet:

23. if(req.isUserInRole("Admin")) {
24. // do stuff
25. }


And the following fragment from the related Java EE deployment descriptor:
100. <security-role-ref>
101. <role-name>Admin</role-name>
102. <role-link>Administrator</role-link>
103. </security-role-ref>
104. <security-role>
105. <role-name>Admin</role-name>
106. <role-name>Administrator</role-name>
107. </security-role>

Which of the following statements are true?

a. Line 24 can never be reached.
b. The deployment descriptor is NOT valid.
c. If line 24 executes, the user's role will be Admin.
d. If line 24 executes, the user's role will be Administrator.
e. If line 24 executes the user's role will NOT be predictable.


Choice D is correct

The isUserInRole method of HttpServletRequest returns a boolean indicating whether the authenticated user is included in the specified logical "role". Roles and role membership can be defined using deployment descriptors. If the user has not been authenticated, the method returns false. Hence if line 24 executes, the user's role will be Administrator.

As I checked the servlet 3.0 specification, there is only one <role-name> in <security-role>. There should be not two role-name tags.
 
Frits Walraven
Creator of Enthuware JWS+ V6
Saloon Keeper
Posts: 2925
206
Android Chrome Eclipse IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You are right option B is correct here.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!