Select 1 correct option. A.The user will be prompted to enter user name and password B.An exception will be thrown C.protected.jsp will be executed but it's output will not be included in the response D.The call to include will be ignored E.None of these
Hi, The answer given as E is correct, because the resource 'unprotected.jsp' can be accessed by anyone. The question is asking, what will happen when unprotected.jsp is requested by an unauthorized user. If you see the security constaint it is laid for the resource '/jsp/protected.jsp', it is not laid for 'unprotected.jsp' therefore no question of authorization in this case. Hence E holds true.
Eventhough protected.jsp is a constrained resource, the web application can access it. Only the clients who are not manager's can't access it. Since there is no constraints for the unprotected.jsp, it will work properly.
SCJP 1.5<br />SCWCD 1.4
Joined: May 19, 2007
Thank you very much for the answer. So the included page is protected and only manager can access it. The included page needs authentication and authorization process before the content can be shown or not, right? So wouldn't the user be prompt to input user name and password in order for the container to decide whether it will show the included page or not? So the answer can be A?