aspose file tools*
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes HFSJ Final Mock  Question 43 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Soft Skills this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "HFSJ Final Mock  Question 43 " Watch "HFSJ Final Mock  Question 43 " New topic
Author

HFSJ Final Mock Question 43

Grace Yang
Ranch Hand

Joined: Apr 01, 2007
Posts: 58
Given following in DD
<security-role>
<role-name>Member</role-name>
</security-role>
Which are valid <auth-constraint> elements that will allow user to access resources constrained by security role declared?

A.
B. <auth-constraint>Member</auth-constraint>
C. <auth-constraint>*</auth-constraint>
D.
E.

Here's Errata's correction:

[785] Question 43;
options B-E should include the inner <role-name> tags as the read demonstrates here.
Example:
<auth-constraint>
<role-name>Member</role-name>
</auth-constraint>

The anwser is B and C.
============================
I think only C is correct.

Because option C means everybody has to access to resources, then what's the meaning of declare security role to Member?

Please help me.

Thanks.
Christophe Verré
Sheriff

Joined: Nov 24, 2005
Posts: 14688
    
  16

Because option C means everybody has to access to resources, then what's the meaning of declare security role to Member?

The security-role tag only declares some roles used in the web application.
In this example, there's a role called Member.

Using this role, you can grant access to some of your protected resources via either :
<auth-constraint>
<role-name>Member</role-name>
</auth-constraint>
OR
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>

The second means ANY role, Member being implicitly included.


[My Blog]
All roads lead to JavaRanch
nitin pai
Ranch Hand

Joined: May 30, 2006
Posts: 185
the <security-role>
tag in the DD is a way to declare the container upfront about the security roles which would be used in the application.

If you make a call in a servlet as follows:
isUserInRole("admin")

then the container checks the <security-role> to see if "admin" is defined or not. If not then it checks the <security-role-ref> in the servlet tag to see if a custom role has been defined.



Christophe Verré
Sheriff

Joined: Nov 24, 2005
Posts: 14688
    
  16

then the container checks the <security-role> to see if "admin" is defined or not. If not then it checks the <security-role-ref> in the servlet tag to see if a custom role has been defined.

Actually, it's the opposite.
nitin pai
Ranch Hand

Joined: May 30, 2006
Posts: 185
oops.. ya its first <security-role-ref> and then <security-role>
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: HFSJ Final Mock Question 43