About Question enthuware.ocejws.v6.2.224 :

All the posts and topics that contain only an error report will be moved here after the error is corrected. This is to ensure that when users view a question in ETS Viewer, the "Discuss" button will not indicate the presence of a discussion that adds no value to the question.

Moderators: Site Manager, fjwalraven

Post Reply
t.alex
Posts: 19
Joined: Tue Feb 11, 2014 8:35 am
Contact:

About Question enthuware.ocejws.v6.2.224 :

Post by t.alex »

Hi Frits,

the statement says: "Assume that there is a security constraint in the web deployment descriptor that allows "student" and "teacher" to access the URL."

which is to be understood: whatever annotations @RolesAllowed the class may have, they are overridden with the settings in the dd. Right?

If that's true, then options 3 and 4 are correct.

Please correct me if i'm wrong.

Thanks,
Alex

fjwalraven
Posts: 429
Joined: Tue Jul 24, 2012 2:43 am
Contact:

Re: About Question enthuware.ocejws.v6.2.224 :

Post by fjwalraven »

Hi Alex,

What I meant by
Assume that there is a security constraint in the web deployment descriptor that allows "student" and "teacher" to access the URL.
is the following security constraint:

Code: Select all

<security-constraint>
	<web-resource-collection>
		<web-resource-name>secure addition</web-resource-name>
		<url-pattern>/*</url-pattern>
		<http-method>GET</http-method>
	</web-resource-collection>
	<auth-constraint>
		<role-name>student</role-name>
		<role-name>teacher</role-name>
	</auth-constraint>
</security-constraint>
The @RolesAllowed could be overridden by an ejb-jar.xml deployment descriptor however this cannot be done by the web.xml deployment descriptor. (overriding of @RolesAllowed is typically a question you can expect in the EJB EE6 Certification exam)

Would it be clearer if I added the security constraint to the problem statement?

Regards,
Frits

t.alex
Posts: 19
Joined: Tue Feb 11, 2014 8:35 am
Contact:

Re: About Question enthuware.ocejws.v6.2.224 :

Post by t.alex »

Hi,
The @RolesAllowed could be overridden by an ejb-jar.xml deployment descriptor however this cannot be done by the web.xml deployment descriptor.
oh...i had overlooked that :)

i now still have trouble understanding why the third option is wrong. The method level @RolesAllowed should override the class level and allow student to invoke the method.

Seems to be the same case as here: http://docs.oracle.com/cd/E16439_01/doc ... m#BGBHEBJB

Thanks,
Alex

fjwalraven
Posts: 429
Joined: Tue Jul 24, 2012 2:43 am
Contact:

Re: About Question enthuware.ocejws.v6.2.224 :

Post by fjwalraven »

Oh, yes I see your point, the annotation on the method should not be there!

Thanks for your feedback!

Regards
Frits

Post Reply

Who is online

Users browsing this forum: No registered users and 17 guests