File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes confusion in <auth-constrain> Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "confusion in <auth-constrain>" Watch "confusion in <auth-constrain>" New topic
Author

confusion in <auth-constrain>

anu sav
Ranch Hand

Joined: Jan 30, 2009
Posts: 47
I have doubt in :
Q.30 from HFSJ final mock test
Ques is:

Your web application has a valid deployment descriptor in which student and sensei are the only security roles that have been defined.
The deployment descriptor contains two security constrains that declare the same resource to be constrained . These constrains are :



which are true ?

A. As the D.D. stands now, the constrained resource can be accessed by both the roles.
B.As the D.D. stands now, the constrained resource can be accessed by only sensei users.
c.As the D.D. stands now, the constrained resource can be accessed by only student users.
D. If the second <auth-constrain> tag is removed , the constrained resource can be accessed by both roles.
E.If the second <auth-constrain> tag is removed , the constrained resource can be accessed only by sensei users.
F.If the second <auth-constrain> tag is removed , the constrained resource can be accessed only by student users.


The answer given is : D

but i think F.

am I correct ? please make me correct if I am wrong.
Frits Walraven
Creator of Enthuware JWS+ V6
Bartender

Joined: Apr 07, 2010
Posts: 1665
    
  25

Hi Ana,

I think you are correct, that must be a mistake in the mock-exam. The second <auth-constraint> disallows everybody, so when it is removed the other constraint applies and this will allow students. (note: it is constraint i.s.o constrain)

Regards,
Frits
Michael Angstadt
Ranch Hand

Joined: Jun 17, 2009
Posts: 273

ana,

This is indeed a mistake, as stated in the Errata. The correct answer is F.


SCJP 6 || SCWCD 5
anu sav
Ranch Hand

Joined: Jan 30, 2009
Posts: 47
thanks guys.
Ankur Gargg
Ranch Hand

Joined: Sep 11, 2011
Posts: 55

Hi

Lack of <auth-constraint> means unauthenticated access.

So both roles will be allowed to access the resources.




Piyush Joshi
Ranch Hand

Joined: Jun 10, 2011
Posts: 207

The errata mentioned above is wrong! Though the errata got approved by authors but it is wrong.

See this post

Piyush
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: confusion in <auth-constrain>