Enthuware

Posted: **Thu Apr 24, 2014 9:31 pm**

Question 3:
There is a RESTful Web Service that adds two numbers:

@ApplicationPath("jax") 
@Path("rs") 
public class AdditionService extends Application { 
	@GET   
	@Path("/add/{num1}/{num2}")   
	public String addp(@PathParam("num1") int num, @PathParam("num2") int num2){
		return "" + (num+num2);
	}
}

We want to secure this Web Service in order to only allow users in the role "student". What is the correct web.xml to implement this requirement?

this is the answer that the mock test says is correct.

Code: Select all

<security-constraint>
	<web-resource-collection>
		<web-resource-name>secure addition</web-resource-name>
		<url-pattern>/*</url-pattern>
		<http-method>GET</http-method>
	</web-resource-collection>
	<auth-constraint>
		<role-name>student</role-name>
	</auth-constraint>
</security-constraint>

"This will secure all GET requests."

this might cause other web services to require "student" role as well..

Posted: **Thu Apr 24, 2014 10:53 pm**

Hi

this might cause other web services to require "student" role as well..

Yes, you are right.

In a real life situation you want finer grained security constraints however this option is the only option that fulfills the requirement of the problem statement.

Regards,
Frits

Posted: **Thu Nov 12, 2015 6:57 am**

Hello ,

I believe using such method permission authorization REQUIRES also to enforce declarative authentication in the web.xml.

kindly clarify

Posted: **Thu Nov 12, 2015 10:20 am**

True, but that has already been taken care of. The students login using their student number.

I will add that to the explanation.

Regards,
Frits

Enthuware

About Question enthuware.ocejws.v6.2.218 :

About Question enthuware.ocejws.v6.2.218 :

Re: About Question enthuware.ocejws.v6.2.218 :

Re: About Question enthuware.ocejws.v6.2.218 :

Re: About Question enthuware.ocejws.v6.2.218 :