Given the following deployment descriptor, which of the following statements are true?
A. requesting /index.jsp in the browser bar will cause the user to be prompted for a username and password
B. requesting /index.jsp in the browser bar will NOT cause the user to be prompted for a username and password
C. Only members of the tomcat role will be prompted for a username and password for the index.jsp resource
D. Only POST requests will be authenticated, all other requests will be refused
But i think shall be A. Right? If the client requests the index.jsp by POST then browser will ask for authentication right?
| Pursuing Bachelor of Engineering | OSUM Club Leader | SCJP 6 | SCWCD 5 |...
A is not right. When you enter a URL in the browser's address bar, a GET request will be issued.
Yes you are right of course, I was sleeping here
The <security-role> element lists all the security roles that can be used in the DD. So using a role-name in a <security-constraint> is only possible if you have listed it before in the <security-role> element