Final Mock Test Question 10 Head First and Servlets
You have determined that certain capabilities in your web application will require that
users be registered members. In addition, your web application sometimes deals with user
data that your users want you to keep confidential.
Which are true? (Choose all that apply.)
A. You can make transmitted data confidential only after your application has
verified the user’s password.
B. Of the various types of authentication guaranteed by a
Java EE container, only
BASIC, Digest, and Form Based are implemented by matching a user name to a
password.
C. No matter what type of Java EE authentication mechanism you use, it will only
be activated when an otherwise constrained resource is requested.
D. All of the Java EE guaranteed types of authentication provide strong data
security without the need to implement supporting security features
Correct answer:C
For authentication we use the login-config DD element and it can be used even if we dont specify a security-constraint element in DD i.e. we are using authentication with not authorization ,data integrity .
authentication is activated before authorization.So ,C is Wrong.
what wrong with option B ?
Of the various types of authentication guaranteed by a Java EE container, only
BASIC, Digest, and Form Based are implemented by matching a user name to a
password.
We are matching username and password as specified in Tomcat-users.xml