Page 1 of 1
About Question enthuware.ocejws.v6.2.224 :
Posted: Tue Feb 25, 2014 6:53 am
by t.alex
Hi Frits,
the statement says: "Assume that there is a security constraint in the web deployment descriptor that allows "student" and "teacher" to access the URL."
which is to be understood: whatever annotations @RolesAllowed the class may have, they are overridden with the settings in the dd. Right?
If that's true, then options 3 and 4 are correct.
Please correct me if i'm wrong.
Thanks,
Alex
Re: About Question enthuware.ocejws.v6.2.224 :
Posted: Tue Feb 25, 2014 3:49 pm
by fjwalraven
Hi Alex,
What I meant by
Assume that there is a security constraint in the web deployment descriptor that allows "student" and "teacher" to access the URL.
is the following security constraint:
Code: Select all
<security-constraint>
<web-resource-collection>
<web-resource-name>secure addition</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>student</role-name>
<role-name>teacher</role-name>
</auth-constraint>
</security-constraint>
The @RolesAllowed could be overridden by an ejb-jar.xml deployment descriptor however this cannot be done by the web.xml deployment descriptor. (overriding of @RolesAllowed is typically a question you can expect in the EJB EE6 Certification exam)
Would it be clearer if I added the security constraint to the problem statement?
Regards,
Frits
Re: About Question enthuware.ocejws.v6.2.224 :
Posted: Wed Feb 26, 2014 2:16 am
by t.alex
Hi,
The @RolesAllowed could be overridden by an ejb-jar.xml deployment descriptor however this cannot be done by the web.xml deployment descriptor.
oh...i had overlooked that
i now still have trouble understanding why the third option is wrong. The method level @RolesAllowed should override the class level and allow student to invoke the method.
Seems to be the same case as here:
http://docs.oracle.com/cd/E16439_01/doc ... m#BGBHEBJB
Thanks,
Alex
Re: About Question enthuware.ocejws.v6.2.224 :
Posted: Wed Feb 26, 2014 6:18 am
by fjwalraven
Oh, yes I see your point, the annotation on the method should not be there!
Thanks for your feedback!
Regards
Frits