wood burning stoves 2.0*
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes A mock question about security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "A mock question about security" Watch "A mock question about security" New topic
Author

A mock question about security

avseq anthoy
Ranch Hand

Joined: Apr 27, 2004
Posts: 104
Consider the web.xml snippet shown in the exhibit.
exhibit:
<web-app>
...
<security-constraint>
<web-resource-collection>
<web-resource-name>test</web-resource-name>
<url-pattern>/jsp/protected.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
...
</web-app>

Now consider the code for a jsp file named unprotected.jsp:

<html>
<body>
<jsp:include page="/jsp/protected.jsp" />
</body>
</html>
Which of the following statements hold true when unprotected.jsp is requested by an unauthorized user?


Select 1 correct option.
a The user will be prompted to enter user name and password.

b An exception will be thrown.

c protected.jsp will be executed but it's output will not be included in the response.

d The call to include will be ignored.

e None of these.

answer:e

I think answer is a,correct me if I am wrong.
Thx!!


My Way,My Pace
Alec Lee
Ranch Hand

Joined: Jan 28, 2004
Posts: 569
Whether /jsp/protected.jsp is a constrained resource is not important here. Just like a private method been called by another method. It all depends on the page including the /jsp/protected.jsp. So e is correct.
avseq anthoy
Ranch Hand

Joined: Apr 27, 2004
Posts: 104
Thx for your reply.
I want ask another question.
<web-app>
...
<security-constraint>
<web-resource-collection>
<web-resource-name>test</web-resource-name>
<url-pattern>/jsp/protected.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
...
</web-app>
If I don't define <http-method> in web-recource-collection.
Does it mean that manager can't request protected.jsp by any method?
or
manager can request protected.jsp by any method?
Which combination is correct?
Thx!!
Alec Lee
Ranch Hand

Joined: Jan 28, 2004
Posts: 569
If you are using HFSJ, its errata is the errata! The book's original description is correct.

Anyway, without <http-method>, ALL http methods are constrained according to the <security-constraint> defined.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: A mock question about security
 
Similar Threads
Help! jsp:include to include a constrainted source
mock question on security
auth constraint
Mock exam questions...
Doubt in Security Question !