aspose file tools*
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Security" Watch "Security" New topic
Author

Security

Renu Radhika
Ranch Hand

Joined: Oct 21, 2005
Posts: 243
Which statements are correct about security?

1) The security model doesn't apply when a servlet uses a RequestDispathcer to include or forward a resource
2) The security model doesn't apply when a servlet uses a RequestDispathcer to include a resource but it applies when it uses forward
3) The security model applies when a servlet uses a RequestDispathcer to include or forward a resource
4) The security model doesn't apply when a servlet uses a RequestDispathcer to include or include a static resource


The correct answwer given is

1) The security model doesn't apply when a servlet uses a RequestDispathcer to include or forward a resource

What about 4.I feel that is also correct
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41843
    
  63
Please QuoteYourSources.


Ping & DNS - my free Android networking tools app
Renu Radhika
Ranch Hand

Joined: Oct 21, 2005
Posts: 243
The source is

http://www.javaranch.com/carl/SCWCD.htm
Renu Radhika
Ranch Hand

Joined: Oct 21, 2005
Posts: 243
Do anyone has any hint?
Joe Harry
Ranch Hand

Joined: Sep 26, 2006
Posts: 9383
    
    2

Any reasons as to why the security model does not apply when we use RequestDispatcher to forward or include a resource?


SCJP 1.4, SCWCD 1.4 - Hints for you, Certified Scrum Master
Did a rm -R / to find out that I lost my entire Linux installation!
Christophe Verré
Sheriff

Joined: Nov 24, 2005
Posts: 14687
    
  16

The security model applies to the static content part of the web application and to servlets and filters within the application that are requested by the client. The security model does not apply when a servlet uses the RequestDispatcher to invoke a static resource or servlet using a forward or an include.


[My Blog]
All roads lead to JavaRanch
Joe Harry
Ranch Hand

Joined: Sep 26, 2006
Posts: 9383
    
    2

Satou, is this a fact that we need to accept or is there any logical reason behind it?
Renu Radhika
Ranch Hand

Joined: Oct 21, 2005
Posts: 243
Santou,
So it means 1 and 4 are correct right?

Jothi,
The security constraints are defined in web.xml and its meant for client requests and not for internal request from request dispatcher.Just as files within web-inf are not directly accessible to clients but we can access it from within other classes in the web app.
Christophe Verré
Sheriff

Joined: Nov 24, 2005
Posts: 14687
    
  16

I'd say 1 and 4.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Security