This week's book giveaway is in the OCPJP forum.
We're giving away four copies of OCA/OCP Java SE 7 Programmer I & II Study Guide and have Kathy Sierra & Bert Bates on-line!
See this thread for details.
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Help! jsp:include to include a constrainted source Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Help! jsp:include to include a constrainted source" Watch "Help! jsp:include to include a constrainted source" New topic
Author

Help! jsp:include to include a constrainted source

Lulu Huang
Greenhorn

Joined: May 19, 2007
Posts: 2
This is a mock exam question: Can someone tell me why the answer is E?

Consider the web.xml snippet shown in the exhibit.
Now consider the code for a jsp file named unprotected.jsp:

<html>

<body>

<jsp:include page="/jsp/protected.jsp" />

</body>

</html>

Which of the following statements hold true when unprotected.jsp is requested by an unauthorized user?

<web-app>

...

<security-constraint>

<web-resource-collection>

<web-resource-name>test</web-resource-name>

<url-pattern>/jsp/protected.jsp</url-pattern>

</web-resource-collection>

<auth-constraint>

<role-name>manager</role-name>

</auth-constraint>

</security-constraint>

...

</web-app>

Select 1 correct option.
A.The user will be prompted to enter user name and password
B.An exception will be thrown
C.protected.jsp will be executed but it's output will not be included in the response
D.The call to include will be ignored
E.None of these

ANS : E
Rancy Chadha
Ranch Hand

Joined: Jul 12, 2006
Posts: 135
Hi,
The answer given as E is correct, because the resource 'unprotected.jsp' can be accessed by anyone. The question is asking, what will happen when unprotected.jsp is requested by an unauthorized user. If you see the security constaint it is laid for the resource '/jsp/protected.jsp', it is not laid for 'unprotected.jsp' therefore no question of authorization in this case. Hence E holds true.


Thanks,<br />-Rancy
Christophe Verré
Sheriff

Joined: Nov 24, 2005
Posts: 14688
    
  16

Rancy, maybe you did not see that in unprotected.jsp :



[My Blog]
All roads lead to JavaRanch
Priya Viswam
Ranch Hand

Joined: Dec 28, 2006
Posts: 81
Eventhough protected.jsp is a constrained resource, the web application can
access it. Only the clients who are not manager's can't access it. Since there
is no constraints for the unprotected.jsp, it will work properly.


SCJP 1.5<br />SCWCD 1.4
Lulu Huang
Greenhorn

Joined: May 19, 2007
Posts: 2
Thank you very much for the answer. So the included page is protected and only manager can access it. The included page needs authentication and authorization process before the content can be shown or not, right? So wouldn't the user be prompt to input user name and password in order for the container to decide whether it will show the included page or not? So the answer can be A?
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Help! jsp:include to include a constrainted source