About Question enthuware.jwpv6.2.887 :
Posted: Tue Jul 19, 2011 11:56 am
Why the double <security-constraint> in the question?
Enthuware
Java Certification Resources and Java Discussion Forum
https://www.enthuware.com/forum/
About Question enthuware.jwpv6.2.887 :
Page 1 of 1
Re: About Question enthuware.jwpv6.2.887 :
Posted: Tue Jul 19, 2011 12:00 pm
nm, I guess it does belong there
Re: About Question enthuware.jwpv6.2.887 :
Posted: Wed Oct 24, 2012 3:52 am
Hello!
IMHO it must be mentioned in question that SALES and MKTING are the only roles of the web app.
Otherwise the correct answer is ambiguous.
IMHO it must be mentioned in question that SALES and MKTING are the only roles of the web app.
Otherwise the correct answer is ambiguous.
Re: About Question enthuware.jwpv6.2.887 :
Posted: Sun Oct 28, 2012 1:11 pm
Not sure why you think so. Even if there are more roles in the web app, the answers are fine.Another user wrote:Hello!
IMHO it must be mentioned in question that SALES and MKTING are the only roles of the web app.
Otherwise the correct answer is ambiguous.
HTH,
Paul.
Re: About Question enthuware.jwpv6.2.887 :
Posted: Sat Feb 21, 2015 9:03 pm
I think that there's an error in this question, because I tried to reproduce it using TomCat 7 but it did not work.
I did this:
But is not working, the * does not alow others users that do not have the role ADMIN to access the URL.
I did this:
Code: Select all
<security-constraint>
<web-resource-collection>
<url-pattern>/webdescriptor/security/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>ADMIN</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<url-pattern>/webdescriptor/security/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint> Re: About Question enthuware.jwpv6.2.887 :
Posted: Sat Feb 21, 2015 9:34 pm
That's what the question wants, right?
Re: About Question enthuware.jwpv6.2.887 :
Posted: Sun Feb 22, 2015 1:52 pm
Hi,
Accordingly to the question resolution, the answers below are correct:
answer 1:
answer 3:
So my doubt is just that, how can answer 3 be correct if it does not work when I try to run it using Tomcat?
Am I missing something?
Thanks
Accordingly to the question resolution, the answers below are correct:
answer 1:
Code: Select all
<auth-constraint>
<role-name>MKTING</role-name>
</auth-constraint>Code: Select all
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>Am I missing something?
Thanks
Re: About Question enthuware.jwpv6.2.887 :
Posted: Sun Feb 22, 2015 9:46 pm
Oh, I see. If tomcat doesn't allow any user to access it then that is a problem with tomcat. As per Servlet 3.1 specification section 13.8 :
The special role name “*” is a shorthand for all role names defined in the deployment descriptor. The special role name “**” is a shorthand for any authenticated user independent of role. When the special role name “**” appears
in an authorization constraint, it indicates that any authenticated user, independent of role, is authorized to perform the constrained requests.
Re: About Question enthuware.jwpv6.2.887 :
Posted: Sat Apr 09, 2016 9:13 pm
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
means all authenticated roles can access /acme/wholesale/*.
If there is another role called "admin", this admin can also access this url.
So, I assume there are only two roles defined :SALES and MKTNG.
<role-name>*</role-name>
</auth-constraint>
means all authenticated roles can access /acme/wholesale/*.
If there is another role called "admin", this admin can also access this url.
So, I assume there are only two roles defined :SALES and MKTNG.