About Question enthuware.jwpv6.2.887 :
Posted: Tue Jul 19, 2011 11:56 am
Why the double <security-constraint> in the question?
Java Certification Resources and Java Discussion Forum
https://www.enthuware.com/forum/
Not sure why you think so. Even if there are more roles in the web app, the answers are fine.Another user wrote:Hello!
IMHO it must be mentioned in question that SALES and MKTING are the only roles of the web app.
Otherwise the correct answer is ambiguous.
Code: Select all
<security-constraint>
<web-resource-collection>
<url-pattern>/webdescriptor/security/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>ADMIN</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<url-pattern>/webdescriptor/security/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
Code: Select all
<auth-constraint>
<role-name>MKTING</role-name>
</auth-constraint>
Code: Select all
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
The special role name “*” is a shorthand for all role names defined in the deployment descriptor. The special role name “**” is a shorthand for any authenticated user independent of role. When the special role name “**” appears
in an authorization constraint, it indicates that any authenticated user, independent of role, is authorized to perform the constrained requests.