This week's book giveaway is in the Mac OS forum.
We're giving away four copies of a choice of "Take Control of Upgrading to Yosemite" or "Take Control of Automating Your Mac" and have Joe Kissell on-line!
See this thread for details.
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Question 30 - Final mock exam HFSJ Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Question 30 - Final mock exam HFSJ" Watch "Question 30 - Final mock exam HFSJ" New topic
Author

Question 30 - Final mock exam HFSJ

Paul Statham
Ranch Hand

Joined: Dec 05, 2008
Posts: 43
The question is


Your web application has a valid DD in which student and sensei are the only security roles that have been defined. The DD contains two security constraints that declare the same resource to be constrained. The first security constraint contains:




And the second security constraint contains




Which are true? (Choose all that apply.)

A. As the DD stands now, the constrained resource can be accessed by both roles.
B. As the DD stands now, the constrained resource can be accessed only be sensei users.
C. As the DD stands now, the constrained resource can be accessed only by student users.
D. If the second <auth-constraint> tag is removed, the constrained resource can be accessed by both roles.
E. If the second <auth-constraint> tag is removed, the constrained resource can be accessed only by sensei users.
F. If the second <auth-constraint> tag is removed, the constrained resource can be accessed only by student users.


The answer given is D.

I think the answer should be E, as removing the second auth-constraint means all users are no longer restricted, but students are still restricted to the resource, therefore only sensei users can access it. Please tell me if I'm correct?
Piyush Joshi
Ranch Hand

Joined: Jun 10, 2011
Posts: 207

Again here also you are confusing the meaning of <auth-constraint> tag. See This.
<auth-constraint>
<role-name>student</role-name>
</auth-constraint>
does NOT mean that the given request on the given resource is restricted for student role. It means that the given request on the given resource is restricted for roles OTHER THAN student.

Piyush
Paul Statham
Ranch Hand

Joined: Dec 05, 2008
Posts: 43
Thank you Piyush, I had it mixed up obviously.
Ankur Gargg
Ranch Hand

Joined: Sep 11, 2011
Posts: 55

As per me the answer should be F.
Correct me if I am wrong..



Piyush Joshi
Ranch Hand

Joined: Jun 10, 2011
Posts: 207

No its wrong..
Remember that if there is no auth-constraint tag then every role is allowed.

First auth-constraint says students are allowed
If second auth-constraint tag is removed then it will mean that every role is allowed.
Therefore the combined effect of these two will be that every role will be allowed.

Things to remember:
Role1 + Role2 = Role1 and Role2
Role1 + everybody = everybody
Role1 + nobody = nobody
Stoian Azarov
Ranch Hand

Joined: Jun 01, 2011
Posts: 113
Then it is good to correct the errata because someone reported the same mistake(wrong correction).

And this proposition even got approved
Errata - Page 843 Question 30
Piyush Joshi
Ranch Hand

Joined: Jun 10, 2011
Posts: 207

Yes the errata should be corrected.

Servlet 3.0 specification section 13.8 says:
If no authorization constraint applies to a request, the container must accept the
request without requiring user authentication.


also in the HFSJ book at page 668 it's mentioned as:
If an <auth-constraint> does NOT exist, the Container MUST allow unauthenticated access for these URLs.


Then for combining constraints:

Servlet 3.0 Specification section 13.8.1 says:
A security constraint that does not contain an authorization constraint shall combine with authorization constraints that name or imply roles to allow unauthenticated access.


From this, its clear that the option D is correct.

But how to correct the errata? Should another errata be raised to correct it?
Stoian Azarov
Ranch Hand

Joined: Jun 01, 2011
Posts: 113
I have seen many duplicate reports, so I suppose that there is not established process of editing the existing posts.
Even though we might ask o'reilly for any case.
 
GeeCON Prague 2014
 
subject: Question 30 - Final mock exam HFSJ