aspose file tools*
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes question no. 11 final mock exam hfsj 2nd edition doubt ? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Reply locked New topic
Author

question no. 11 final mock exam hfsj 2nd edition doubt ?

gurpeet singh
Ranch Hand

Joined: Apr 04, 2012
Posts: 924
    
    1

please consider the following question as copied from the hfsj book :


Given these fragments from within a single tag in a Java EE DD:
343. <web-resource-collection>
344. <web-resource-name>Recipes</web-resource-name>
345. <url-pattern>/Beer/Update/*</url-pattern>
346. <http-method>POST</http-method>
347. </web-resource-collection>
...
367. <auth-constraint>
368. <role-name>Member</role-name>
369. </auth-constraint>
...
385. <user-data-constraint>
386. <transport-guarantee>CONFIDENTIAL</transport-guarantee>
387. </user-data-constraint>
Which are true? (Choose all that apply.)
A. A Java EE DD can contain a single tag in which all of these tags can legally co-exist.
B. It is valid for more instances of <auth-constraint> to exist within the single tag described above.
C. It is valid for more instances of <user-data-constraint>
to exist within the single tag described above.
D. It is valid for more instances of <url-pattern> to exist within the <web-resource-collection> tag described above.
E. It is valid for other tags of the same type as the single encasing tag described above to have the same <url-pattern> as the tag above.
F. This tag implies that authorization, authentication, and data integrity security features are all declared for the web application.


the book says option A, B, D, E, F as the correct answers.

while i understood optin A D and E i had doubt about B and F. lets come to option F first. i made a sample program without <login-config> element but WITH <security-constraint> element. when i tried to access constrained resource it gave me 403 access denied error. option f says that the above xml snippet(in the question) declared authenticatin, authorisation and data integrity. while authorisation and data integrity are undersood , it is not true for authentication. we cant predict whether it has declared authentication . it is true that for before authorisation , authentication has to happen and by 403 error we know that the user needs to be authenticated but the exact elements are not declared in the xml file.

option B is wrong unless i misinterpreted the question. i put more than 1 auth-constraint tags inside <Security-constraint> and the web.xml gave error. so in my opinion option B and option f should be rules out unless somebody interprets quesiton in a way that they are true. please respond if somebody else had doubt in the same question ?

Regards
Roel De Nijs
Bartender

Joined: Jul 19, 2004
Posts: 5597
    
  15

Locked

Discussion continues here.


SCJA, SCJP (1.4 | 5.0 | 6.0), SCJD
http://www.javaroe.be/
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: question no. 11 final mock exam hfsj 2nd edition doubt ?