• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

authorization doubt

 
Ranch Hand
Posts: 163
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Source: Marcus
Given the following deployment descriptor, which of the following statements are true?



A. requesting /index.jsp in the browser bar will cause the user to be prompted for a username and password
B. requesting /index.jsp in the browser bar will NOT cause the user to be prompted for a username and password
C. Only members of the tomcat role will be prompted for a username and password for the index.jsp resource
D. Only POST requests will be authenticated, all other requests will be refused

Answer: B

But i think shall be A. Right? If the client requests the index.jsp by POST then browser will ask for authentication right?
 
Creator of Enthuware JWS+ V6
Posts: 3411
320
Android Eclipse IDE Chrome
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Please use the code tags: that makes it easier to read.

I think that A is correct, although I am missing the <security-role> element which lists all the security roles in the application.

Regards,
Frits
 
Parth Twari
Ranch Hand
Posts: 163
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
if anyone sends GET request for index.jsp then it must not be required to be authenticated or authorised and if a POST goes then it must be authenticated and after that authorised to be tomcat.

right?

What will be use of security-role element?
 
Sheriff
Posts: 9707
43
Android Google Web Toolkit Hibernate IntelliJ IDE Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
A is not right. When you enter a URL in the browser's address bar, a GET request will be issued. GET request will not be authenticated so the user won't be prompted for username/password...
 
Frits Walraven
Creator of Enthuware JWS+ V6
Posts: 3411
320
Android Eclipse IDE Chrome
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

A is not right. When you enter a URL in the browser's address bar, a GET request will be issued.


Yes you are right of course, I was sleeping here

The <security-role> element lists all the security roles that can be used in the DD. So using a role-name in a <security-constraint> is only possible if you have listed it before in the <security-role> element

Regards,
Frits
 
Ranch Hand
Posts: 2066
IntelliJ IDE Clojure Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What about C? Cold you please explain?
 
Parth Twari
Ranch Hand
Posts: 163
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
ok ..
So that means

requesting /index.jsp in the browser bar

was the key line here saying that only a GET request is going which ofcourse means it is not required to be authenticated.

What about C? Cold you please explain?



See GET request is not even authenticated so no matter what role a person is in or even if he is not logged in/registered.
He will not be asked for a username or password.

thanks
 
reply
    Bookmark Topic Watch Topic
  • New Topic