This week's giveaway is in the EJB and other Java EE Technologies forum.
We're giving away four copies of EJB 3 in Action and have Debu Panda, Reza Rahman, Ryan Cuprak, and Michael Remijan on-line!
See this thread for details.
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes authorization doubt Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "authorization doubt" Watch "authorization doubt" New topic
Author

authorization doubt

Parth Twari
Ranch Hand

Joined: Jan 20, 2010
Posts: 163
Source: Marcus
Given the following deployment descriptor, which of the following statements are true?



A. requesting /index.jsp in the browser bar will cause the user to be prompted for a username and password
B. requesting /index.jsp in the browser bar will NOT cause the user to be prompted for a username and password
C. Only members of the tomcat role will be prompted for a username and password for the index.jsp resource
D. Only POST requests will be authenticated, all other requests will be refused

Answer: B

But i think shall be A. Right? If the client requests the index.jsp by POST then browser will ask for authentication right?


Parth Tiwari
| Pursuing Bachelor of Engineering | OSUM Club Leader | SCJP 6 | SCWCD 5 |...
Frits Walraven
Creator of Enthuware JWS+ V6
Bartender

Joined: Apr 07, 2010
Posts: 1520
    
  22

Please use the code tags: that makes it easier to read.

I think that A is correct, although I am missing the <security-role> element which lists all the security roles in the application.

Regards,
Frits
Parth Twari
Ranch Hand

Joined: Jan 20, 2010
Posts: 163
if anyone sends GET request for index.jsp then it must not be required to be authenticated or authorised and if a POST goes then it must be authenticated and after that authorised to be tomcat.

right?

What will be use of security-role element?
Ankit Garg
Sheriff

Joined: Aug 03, 2008
Posts: 9280
    
  17

A is not right. When you enter a URL in the browser's address bar, a GET request will be issued. GET request will not be authenticated so the user won't be prompted for username/password...


SCJP 6 | SCWCD 5 | Javaranch SCJP FAQ | SCWCD Links
Frits Walraven
Creator of Enthuware JWS+ V6
Bartender

Joined: Apr 07, 2010
Posts: 1520
    
  22

A is not right. When you enter a URL in the browser's address bar, a GET request will be issued.

Yes you are right of course, I was sleeping here

The <security-role> element lists all the security roles that can be used in the DD. So using a role-name in a <security-constraint> is only possible if you have listed it before in the <security-role> element

Regards,
Frits
Abimaran Kugathasan
Ranch Hand

Joined: Nov 04, 2009
Posts: 2066

What about C? Cold you please explain?


|BSc in Electronic Eng| |SCJP 6.0 91%| |SCWCD 5 92%|
Parth Twari
Ranch Hand

Joined: Jan 20, 2010
Posts: 163
ok ..
So that means
requesting /index.jsp in the browser bar
was the key line here saying that only a GET request is going which ofcourse means it is not required to be authenticated.

What about C? Cold you please explain?


See GET request is not even authenticated so no matter what role a person is in or even if he is not logged in/registered.
He will not be asked for a username or password.

thanks
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: authorization doubt
 
Similar Threads
How do I setup form-based authentication?
Authentication doubt
web security not working as expected,
Tomcat 5.0 and DIGEST authentication
getAuthType.......always returning null...