Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Security

 
Renu Radhika
Ranch Hand
Posts: 243
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Which statements are correct about security?

1) The security model doesn't apply when a servlet uses a RequestDispathcer to include or forward a resource
2) The security model doesn't apply when a servlet uses a RequestDispathcer to include a resource but it applies when it uses forward
3) The security model applies when a servlet uses a RequestDispathcer to include or forward a resource
4) The security model doesn't apply when a servlet uses a RequestDispathcer to include or include a static resource


The correct answwer given is

1) The security model doesn't apply when a servlet uses a RequestDispathcer to include or forward a resource

What about 4.I feel that is also correct
 
Ulf Dittmer
Rancher
Pie
Posts: 42966
73
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Please QuoteYourSources.
 
Renu Radhika
Ranch Hand
Posts: 243
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The source is

http://www.javaranch.com/carl/SCWCD.htm
 
Renu Radhika
Ranch Hand
Posts: 243
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Do anyone has any hint?
 
Joe Harry
Ranch Hand
Posts: 10045
3
Eclipse IDE Mac PPC Ubuntu
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Any reasons as to why the security model does not apply when we use RequestDispatcher to forward or include a resource?
 
Christophe Verré
Sheriff
Pie
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The security model applies to the static content part of the web application and to servlets and filters within the application that are requested by the client. The security model does not apply when a servlet uses the RequestDispatcher to invoke a static resource or servlet using a forward or an include.
 
Joe Harry
Ranch Hand
Posts: 10045
3
Eclipse IDE Mac PPC Ubuntu
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Satou, is this a fact that we need to accept or is there any logical reason behind it?
 
Renu Radhika
Ranch Hand
Posts: 243
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Santou,
So it means 1 and 4 are correct right?

Jothi,
The security constraints are defined in web.xml and its meant for client requests and not for internal request from request dispatcher.Just as files within web-inf are not directly accessible to clients but we can access it from within other classes in the web app.
 
Christophe Verré
Sheriff
Pie
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'd say 1 and 4.
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic