File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes authorization question (role names) Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "authorization question (role names)" Watch "authorization question (role names)" New topic

authorization question (role names)

Ronan Dowd
Ranch Hand

Joined: Jan 21, 2006
Posts: 84
Hi all,

In the Head First (2nd edition) book, the same mock exam at the back, page 823, Question 43 is as below:

Given that a deployment descriptor has only one security role, defined as:


Which are valid <auth-constraint> elements that will allow users to access resources constrained by the security role declared ? (choose all that apply)

A: <auth-constraint/>
B: <auth-constraint>*</auth-constraint>
C: <auth-constraint>Member</auth-constraint>
D: <auth-constraint>MEMBER</auth-constraint>
E: <auth-constraint>"Member"</auth-constraint>

The answer given is B and C. I would have thought the correct answer was only B. The reason I say this is that can you specify the role name in auth-constraint without putting the role name inside a <role-name> ? I thought not. I check the errata but found no mention of it.

I would have though that if B was as below then it would be correct:


Any thoughts/advice would be great.
Thanks - Ro

Ankit Garg

Joined: Aug 03, 2008
Posts: 9466

I can't find the question in my book but what you are saying is right, role names should be in role-name tags...

SCJP 6 | SCWCD 5 | Javaranch SCJP FAQ | SCWCD Links
Frits Walraven
Creator of Enthuware JWS+ V6
Saloon Keeper

Joined: Apr 07, 2010
Posts: 2100

Hi Ronan,

You are right.

Have a look at the topic in another thread: auth-constraint

Ronan Dowd
Ranch Hand

Joined: Jan 21, 2006
Posts: 84
Great stuff, thanks Fritz..
I agree. Here's the link:
subject: authorization question (role names)
It's not a secret anymore!