aspose file tools
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes need help,2 questions Big Moose Saloon
  Search | Java FAQ | Recent Topics
Register / Login


Win a copy of The Mikado Method this week in the Agile and other Processes forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Reply Bookmark "need help,2 questions" Watch "need help,2 questions" New topic
Author

need help,2 questions

shi lei
Greenhorn

Joined: Jan 17, 2006
Posts: 15
posted private message
0
Quote
-----question :
which of the following can implement security in servlets(select the best answer)?
a. declarative security.
b. programmatic security.
c. both a & b
d. servlet does not provide inbuilt security.java Authentication and Authorization service(JAAS) has to be
used in conjuction with servlets for security.

-----question .
by which of the following means do communicating entities prove to one another that are acting on behalf of
specific identies that are authorized for access ?select one choice.
a. authorization
b. authentication
c. data integrity
d. confidentiality
e. all of above
singh santosh
Ranch Hand

Joined: Jan 13, 2006
Posts: 136
posted private message
0
Quote
hi ,

According to me these should be the answers :
1)a
2)b

regards
-santosh
shi lei
Greenhorn

Joined: Jan 17, 2006
Posts: 15
posted private message
0
Quote
could you explain for me?
Karne Reddy
Ranch Hand

Joined: May 28, 2006
Posts: 35
posted private message
0
Quote
Hi
For first one, i think Programmatic is right choice.

Because declarative security will not work for jsp actions.

---------
SCJP

asdfa
singh santosh
Ranch Hand

Joined: Jan 13, 2006
Posts: 136
posted private message
0
Quote
hi shi,



Ans1) Decrative security means securing throgh the configuration in web.xml and Programatic security menas through the code (servlet ) u write.

Case1: dec security : here we can secure our web app through various decration like for Authentication we have :

<login-congig>
<auth-method>...</auth-method>
<form-login-config> ..</form-login-config>
</login-config>

for Authorization we have :
<security-constraint>
<web-resource-collection>
<web-resource-name>..</web-resource-name>
<url-pattern></url-pattern>
<http-method></http-method>
</web-resource-collection>
<auth-constraint>
<role-name>..</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarentee></transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-role>
<role-name>..</role-name>
</security-role>
<security-role-ref>
<role-name>..</role-name>
<role-link>..</role-link>
</security-role-ref>

case2:
For programatic security we have got only three method defined:
boolean isUserInRole(String rolename)
String getUserPrinciple()
String getRemoteUser();

So now u can see ,if we have to secure our web-app resources we must have to declare through web.xml that which resources have restircted access and who all in which role can access it.
Whereas in code (Programaticaly ) we can only determine if the resource is restricted or not .and if the user is authentic one.

regards
-santosh
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: need help,2 questions
 
Similar Threads
Mock exam question
HF Page 664 Q6 Answers
Doubt in security: authorization and confidentiality
Security Mock question
mock exam question on security