This week's book giveaways are in the Refactoring and Agile forums.
We're giving away four copies each of Re-engineering Legacy Software and Docker in Action and have the authors on-line!
See this thread and this one for details.
Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

auth-constraint doubt

 
Parth Twari
Ranch Hand
Posts: 163
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Given a deployment descriptor with three valid <security-constraint> elements, all constraining web resource AX, whose respective <auth-constraint> sub-elements are:



<auth-constraint>*</auth-constraint>
<auth-constraint>Bob</auth-constraint>
<auth-constraint>Alice</auth-constraint>


Who can access resource AX?

A.no one
B.all
C.only bob
D.only alice
E.bob and alice

Source :SAI

the given answer is B

But I think there will be an error because there is not role-name element within the auth-constraint element.
Right?
 
Frits Walraven
Creator of Enthuware JWS+ V6
Saloon Keeper
Pie
Posts: 2278
81
Android Chrome Eclipse IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
But I think there will be an error because there is not role-name element within the auth-constraint element.
Right?

Yes, you must have a <role-name> around the role's

Regards,
Frits
 
Parth Twari
Ranch Hand
Posts: 163
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
ok thanks ..

but when we test it in tomcat it does not show error in DD during server startup
instead it says
Acces to resource is denied


where can I see that error has been raised?
 
Frits Walraven
Creator of Enthuware JWS+ V6
Saloon Keeper
Pie
Posts: 2278
81
Android Chrome Eclipse IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
where can I see that error has been raised?

There is no error: as you haven't got the <role-name> element inside a <auth-constraint> element, the server takes this as an empty <auth-constraint />, meaning: no one is allowed

It seems Tomcat doesn't mind having text inside the body of the <auth-constraint> element.....

Regards
Frits
 
Parth Twari
Ranch Hand
Posts: 163
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Got it
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic