File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes HF Page 664 Q6 Answers Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "HF Page 664 Q6 Answers" Watch "HF Page 664 Q6 Answers" New topic

HF Page 664 Q6 Answers

Sandeep Krish
Ranch Hand

Joined: Jan 02, 2007
Posts: 59
The question is "which security mechanism can be implemented by using a method in the HttpServletRequest interface"
A Authorization
B Data integrity
B Authentication
D Confidentiality
ANSWERS: A and C - Reason given - HttpServletRequest.getRemoteUser() can be used for authentication and isUserInRole() can be used to authorize.

I would say the answers B and D is also correct as there is a method isSecure() inherited from ServletRequest which can be used to ensure the data integrity and confidentiality (provided that they are managed by SSL).

Any inputs?
Marc Peabody
pie sneak

Joined: Feb 05, 2003
Posts: 4727

Very interesting point.

You might be able to verify that data integrity and confidentiality are implemented using isSecure(), but isSecure() can not be used to implement either. The typical way to implement these is through declaration in the web.xml which will require that HTTPS (HTTP over SSL) be used to secure the connection.

A good workman is known by his tools.
Sandeep Krish
Ranch Hand

Joined: Jan 02, 2007
Posts: 59
I agree with that point. Thank you Marc.
I agree. Here's the link:
subject: HF Page 664 Q6 Answers
It's not a secret anymore!