About Question enthuware.ocejws.v6.2.218 :

Moderators: Site Manager, fjwalraven

Post Reply
blacksnow666
Posts: 13
Joined: Thu Apr 24, 2014 9:23 pm
Contact:

About Question enthuware.ocejws.v6.2.218 :

Post by blacksnow666 » Thu Apr 24, 2014 9:31 pm

Question 3:
There is a RESTful Web Service that adds two numbers:

Code: Select all

@ApplicationPath("jax") 
@Path("rs") 
public class AdditionService extends Application { 
	@GET   
	@Path("/add/{num1}/{num2}")   
	public String addp(@PathParam("num1") int num, @PathParam("num2") int num2){
		return "" + (num+num2);
	}
}
We want to secure this Web Service in order to only allow users in the role "student". What is the correct web.xml to implement this requirement?

this is the answer that the mock test says is correct.

Code: Select all

<security-constraint>
	<web-resource-collection>
		<web-resource-name>secure addition</web-resource-name>
		<url-pattern>/*</url-pattern>
		<http-method>GET</http-method>
	</web-resource-collection>
	<auth-constraint>
		<role-name>student</role-name>
	</auth-constraint>
</security-constraint>
"This will secure all GET requests."


this might cause other web services to require "student" role as well..

fjwalraven
Posts: 429
Joined: Tue Jul 24, 2012 2:43 am
Contact:

Re: About Question enthuware.ocejws.v6.2.218 :

Post by fjwalraven » Thu Apr 24, 2014 10:53 pm

Hi
this might cause other web services to require "student" role as well..
Yes, you are right.

In a real life situation you want finer grained security constraints however this option is the only option that fulfills the requirement of the problem statement.

Regards,
Frits

ramy6_1
Posts: 123
Joined: Wed Feb 12, 2014 2:44 am
Contact:

Re: About Question enthuware.ocejws.v6.2.218 :

Post by ramy6_1 » Thu Nov 12, 2015 6:57 am

Hello ,

I believe using such method permission authorization REQUIRES also to enforce declarative authentication in the web.xml.

kindly clarify

fjwalraven
Posts: 429
Joined: Tue Jul 24, 2012 2:43 am
Contact:

Re: About Question enthuware.ocejws.v6.2.218 :

Post by fjwalraven » Thu Nov 12, 2015 10:20 am

True, but that has already been taken care of. The students login using their student number.

I will add that to the explanation.

Regards,
Frits

Post Reply

Who is online

Users browsing this forum: No registered users and 3 guests