File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Marcus Green Quiz 1 - Mock Exam Question Doubt Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Marcus Green Quiz 1 - Mock Exam Question Doubt" Watch "Marcus Green Quiz 1 - Mock Exam Question Doubt" New topic
Author

Marcus Green Quiz 1 - Mock Exam Question Doubt

Sai Surya
Ranch Hand

Joined: Feb 08, 2006
Posts: 457

Hi all,

Thanks to Marcus Green for very nice mock exam. In one question I have the following doubt.

Q: Which statemetns are true of the following snippet of a deployment descriptor.



A. It is faulty becasue it has multiple security-constraint elements
B. It is faulty because it does not supply the http-method tag
C. Only members of the manager role will be able to access the resource
D. Any user will be able to access the resource
E. No users will be able to access the resource

I choose option E as correct answer since empty auth constraint is the final as per HFSJ. However the correct answer is D.

The explanation is "Although the first auth-constraint is empty, implying no one will have access to the resource, this is cancelled out by the second auth-constraint that will allow anyone to access the resource. "

Is my understanding wrong? Please correct me.

Sai Surya, SCJP 5.0, SCWCD 5.0, IBM 833 834
http://sai-surya-talk.blogspot.com, I believe in Murphy's law.
Christophe Verré
Sheriff

Joined: Nov 24, 2005
Posts: 14687
    
  16

This thread should help.


[My Blog]
All roads lead to JavaRanch
Sai Surya
Ranch Hand

Joined: Feb 08, 2006
Posts: 457

Does this means that, the combination of empty auth constraint and auth constraint with * gives access to all?
I am thinking that empty constraint prevents access to all as per HFSJ
Christophe Verré
Sheriff

Joined: Nov 24, 2005
Posts: 14687
    
  16

"The special case of an authorization constraint that names no roles shall combine with any other constraints to override their affects and cause access to be precluded." This means that nobody will have access.
Sai Surya
Ranch Hand

Joined: Feb 08, 2006
Posts: 457

Ok So can I say Marcus Green mock exam question has pointed answer wrongly!
Ankit Garg
Sheriff

Joined: Aug 03, 2008
Posts: 9291
    
  17

There's an error in the code and not the answer. The code as given is

But it should be


SCJP 6 | SCWCD 5 | Javaranch SCJP FAQ | SCWCD Links
Lucas Smith
Ranch Hand

Joined: Apr 20, 2009
Posts: 804
    
    1

OK, but despite that error the answer should be that nobody has the access.


SCJP6, SCWCD5, OCE:EJBD6.
BLOG: http://leakfromjavaheap.blogspot.com
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Marcus Green Quiz 1 - Mock Exam Question Doubt
 
Similar Threads
Mock question about <auth-constraint>
security-constraint issue?
related to auth constraint
Marcus Green exam: Dueling auth-constraint elements
<security-constraint> doubt