SCWCD question

Hi all...
I've a question from SCWCD exam on servlets...

Given:
3. class MyServlet extends HttpServlet {
4. public void doPut(HttpServletRequest req, HttpServletResponse resp) throws ServletException,
IOException {
5. // servlet code here ...
26. }
27. }
If the DD contains a single security constraint associated with MyServlet and its only <http-method> tags
and <auth-constraint> tags are:
<http-method>GET</http-method>
<http-method>PUT</http-method>
<auth-constraint>Admin</auth-constraint>
Which four requests would be allowed by the container? (Choose four.)
A. A user whose role is Admin can perform a PUT.
B. A user whose role is Admin can perform a GET.
C. A user whose role is Admin can perform a POST.
D. A user whose role is Member can perform a PUT.
E. A user whose role is Member can perform a POST.
F. A user whose role is Member can perform a GET.


and the answer for this is A,B,C,E....

can any one please explain how come the given answers are correct cos according to my knowledge only A,B are correct...

GET and POST can be done only by user with role ADMIN.

All other roles can perform anything other than GET and PUT on this resource

Ashwin is right!
Only GET and POST are constrained, so these two http methods can be used only by users possessing Admin role.
All other methods are not constrained - so any user can make requests with these methods: Admin, Member etc.

Answers C. and E. - POST is not a constrained method - everybody is allowed to make POST requests
Regards

I have just found the page in Head First S & JSP where this topic is explained in details: page 666

Hi Shilpa,

The Answers A,B,C,E are the correct ones,

Because the constraint rule says, only the Admin Can do Get and Put on the resource, But it is not restricting the Admin by doing Post,
Also the constraint is not at all restricting a Member from Doing Post on the Resource,