About Question enthuware.jwpv6.2.887 :

Moderator: admin

Post Reply
ETS User

About Question enthuware.jwpv6.2.887 :

Post by ETS User »

Why the double <security-constraint> in the question?

Guest

Re: About Question enthuware.jwpv6.2.887 :

Post by Guest »

nm, I guess it does belong there ;)

Another user

Re: About Question enthuware.jwpv6.2.887 :

Post by Another user »

Hello!

IMHO it must be mentioned in question that SALES and MKTING are the only roles of the web app.
Otherwise the correct answer is ambiguous.

admin
Site Admin
Posts: 10036
Joined: Fri Sep 10, 2010 9:26 pm
Contact:

Re: About Question enthuware.jwpv6.2.887 :

Post by admin »

Another user wrote:Hello!

IMHO it must be mentioned in question that SALES and MKTING are the only roles of the web app.
Otherwise the correct answer is ambiguous.
Not sure why you think so. Even if there are more roles in the web app, the answers are fine.

HTH,
Paul.
If you like our products and services, please help us by posting your review here.

avraamisvi
Posts: 2
Joined: Sat Feb 21, 2015 8:58 pm
Contact:

Re: About Question enthuware.jwpv6.2.887 :

Post by avraamisvi »

I think that there's an error in this question, because I tried to reproduce it using TomCat 7 but it did not work.

I did this:

Code: Select all

 <security-constraint>
    <web-resource-collection>
      <url-pattern>/webdescriptor/security/*</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
    </web-resource-collection>
    
    <auth-constraint>
      <role-name>ADMIN</role-name>
    </auth-constraint>
    
    <user-data-constraint>
      <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
  </security-constraint>
  
  <security-constraint>
    <web-resource-collection>
      <url-pattern>/webdescriptor/security/*</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
    </web-resource-collection>
    
    <auth-constraint>
      <role-name>*</role-name>
    </auth-constraint>
    
  </security-constraint>  
But is not working, the * does not alow others users that do not have the role ADMIN to access the URL.

admin
Site Admin
Posts: 10036
Joined: Fri Sep 10, 2010 9:26 pm
Contact:

Re: About Question enthuware.jwpv6.2.887 :

Post by admin »

That's what the question wants, right?
If you like our products and services, please help us by posting your review here.

avraamisvi
Posts: 2
Joined: Sat Feb 21, 2015 8:58 pm
Contact:

Re: About Question enthuware.jwpv6.2.887 :

Post by avraamisvi »

Hi,

:D

Accordingly to the question resolution, the answers below are correct:

answer 1:

Code: Select all

<auth-constraint>     
<role-name>MKTING</role-name>   
</auth-constraint>
answer 3:

Code: Select all

<auth-constraint>     
<role-name>*</role-name>  
</auth-constraint>
So my doubt is just that, how can answer 3 be correct if it does not work when I try to run it using Tomcat?
Am I missing something?

Thanks

admin
Site Admin
Posts: 10036
Joined: Fri Sep 10, 2010 9:26 pm
Contact:

Re: About Question enthuware.jwpv6.2.887 :

Post by admin »

Oh, I see. If tomcat doesn't allow any user to access it then that is a problem with tomcat. As per Servlet 3.1 specification section 13.8 :
The special role name “*” is a shorthand for all role names defined in the deployment descriptor. The special role name “**” is a shorthand for any authenticated user independent of role. When the special role name “**” appears
in an authorization constraint, it indicates that any authenticated user, independent of role, is authorized to perform the constrained requests.
If you like our products and services, please help us by posting your review here.

himaiMinh
Posts: 358
Joined: Fri Nov 29, 2013 8:26 pm
Contact:

Re: About Question enthuware.jwpv6.2.887 :

Post by himaiMinh »

<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
means all authenticated roles can access /acme/wholesale/*.

If there is another role called "admin", this admin can also access this url.
So, I assume there are only two roles defined :SALES and MKTNG.

Post Reply

Who is online

Users browsing this forum: No registered users and 25 guests