HFSJ Edition 2 Final mock exam QNo:48

Q48:
Your web application has a valid dd with a single <security-constraint> tag. Within this tag exists:
- a single url pattern that declares directory1
- a single http method that declares POST
- a single role name that declares GUEST
If all of the resources for your application exist within directory1 and directory2, and MEMBER is also a valid role, which are true? (Choose all
that apply.)
A. GUESTs cannot do GET requests in directory1.
B. GUESTs can do GET requests in both directories.
C. GUESTs can do POST requests only in directory2.
D. MEMBERs can do GET requests in both directories.
E. GUESTs can do POST requests in both directories.
F. MEMBERs can do only POST requests in directory1.

Answer is : BDE.

The constraint in this scenario is that only GUESTs can do POSTs in directory1.
So according to this:
A. GUESTs cannot do GET requests in directory1. is correct
B. GUESTs can do GET requests in both directories. is wrong as GUESTs can do only POSTs in directory1.
so answer should be ADE.
Correct me if I am missing something.

Dear Nitinyanand,

You have missed a point...
According to given scenario, only POST request to resource is restricted to GUEST Role..
and if you restrict particular HTTP method then all other methods are unrestricted automatically.

So,all HTTP request excluding POST is unrestricted for all users..
Means any one can make GET request to resource, this anyone includes GUEST also...
But POST request can only made by GUEST.

Hope you understand-
KAPIL

Hi Kapil,
It means the <http-method> and <url-pattern> combination is used to restrict the resources for only the specified roles and rest of the resources are not restricted.Am I right?
Thanks.

yup........absolutely right !!!