Your web application has a valid dd with a single <security-constraint> tag. Within this tag exists:
- a single url pattern that declares directory1
- a single http method that declares POST
- a single role name that declares GUEST
If all of the resources for your application exist within directory1 and directory2, and MEMBER is also a valid role, which are true? (Choose all that apply.)
A. GUESTs cannot do GET requests in directory1.
B. GUESTs can do GET requests in both directories.
C. GUESTs can do POST requests only in directory2.
D. MEMBERs can do GET requests in both directories.
E. GUESTs can do POST requests in both directories.
F. MEMBERs can do only POST requests in directory1.
The answers given are BDE, I think it should be BCD. This is because according to the above GUESTs are restricted from making POST requests to directory1, but not directory2.
The security-constaint described in question declares that only GUESTs can do POST request in directory 1. It doesn't mean that GUESTs are restricted from making POST requests to directory 1, actually it means exact opposite! Any user except GUEST can not do Post request in directory 1.
For a quick review see page 665 of HF JSP & Servlets.