File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Help! jsp:include to include a constrainted source

 
Lulu Huang
Greenhorn
Posts: 2
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This is a mock exam question: Can someone tell me why the answer is E?

Consider the web.xml snippet shown in the exhibit.
Now consider the code for a jsp file named unprotected.jsp:

<html>

<body>

<jsp:include page="/jsp/protected.jsp" />

</body>

</html>

Which of the following statements hold true when unprotected.jsp is requested by an unauthorized user?

<web-app>

...

<security-constraint>

<web-resource-collection>

<web-resource-name>test</web-resource-name>

<url-pattern>/jsp/protected.jsp</url-pattern>

</web-resource-collection>

<auth-constraint>

<role-name>manager</role-name>

</auth-constraint>

</security-constraint>

...

</web-app>

Select 1 correct option.
A.The user will be prompted to enter user name and password
B.An exception will be thrown
C.protected.jsp will be executed but it's output will not be included in the response
D.The call to include will be ignored
E.None of these

ANS : E
 
Rancy Chadha
Ranch Hand
Posts: 135
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
The answer given as E is correct, because the resource 'unprotected.jsp' can be accessed by anyone. The question is asking, what will happen when unprotected.jsp is requested by an unauthorized user. If you see the security constaint it is laid for the resource '/jsp/protected.jsp', it is not laid for 'unprotected.jsp' therefore no question of authorization in this case. Hence E holds true.
 
Christophe Verré
Sheriff
Pie
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Rancy, maybe you did not see that in unprotected.jsp :

 
Priya Viswam
Ranch Hand
Posts: 81
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Eventhough protected.jsp is a constrained resource, the web application can
access it. Only the clients who are not manager's can't access it. Since there
is no constraints for the unprotected.jsp, it will work properly.
 
Lulu Huang
Greenhorn
Posts: 2
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you very much for the answer. So the included page is protected and only manager can access it. The included page needs authentication and authorization process before the content can be shown or not, right? So wouldn't the user be prompt to input user name and password in order for the container to decide whether it will show the included page or not? So the answer can be A?
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic