Hi Frits,
the statement says: "Assume that there is a security constraint in the web deployment descriptor that allows "student" and "teacher" to access the URL."
which is to be understood: whatever annotations @RolesAllowed the class may have, they are overridden with the settings in the dd. Right?
If that's true, then options 3 and 4 are correct.
Please correct me if i'm wrong.
Thanks,
Alex
About Question enthuware.ocejws.v6.2.224 :
Moderators: Site Manager, fjwalraven
-
- Posts: 19
- Joined: Tue Feb 11, 2014 8:35 am
- Contact:
-
- Posts: 429
- Joined: Tue Jul 24, 2012 2:43 am
- Contact:
Re: About Question enthuware.ocejws.v6.2.224 :
Hi Alex,
What I meant by
The @RolesAllowed could be overridden by an ejb-jar.xml deployment descriptor however this cannot be done by the web.xml deployment descriptor. (overriding of @RolesAllowed is typically a question you can expect in the EJB EE6 Certification exam)
Would it be clearer if I added the security constraint to the problem statement?
Regards,
Frits
What I meant by
is the following security constraint:Assume that there is a security constraint in the web deployment descriptor that allows "student" and "teacher" to access the URL.
Code: Select all
<security-constraint>
<web-resource-collection>
<web-resource-name>secure addition</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>student</role-name>
<role-name>teacher</role-name>
</auth-constraint>
</security-constraint>
Would it be clearer if I added the security constraint to the problem statement?
Regards,
Frits
-
- Posts: 19
- Joined: Tue Feb 11, 2014 8:35 am
- Contact:
Re: About Question enthuware.ocejws.v6.2.224 :
Hi,
i now still have trouble understanding why the third option is wrong. The method level @RolesAllowed should override the class level and allow student to invoke the method.
Seems to be the same case as here: http://docs.oracle.com/cd/E16439_01/doc ... m#BGBHEBJB
Thanks,
Alex
oh...i had overlooked thatThe @RolesAllowed could be overridden by an ejb-jar.xml deployment descriptor however this cannot be done by the web.xml deployment descriptor.
i now still have trouble understanding why the third option is wrong. The method level @RolesAllowed should override the class level and allow student to invoke the method.
Seems to be the same case as here: http://docs.oracle.com/cd/E16439_01/doc ... m#BGBHEBJB
Thanks,
Alex
-
- Posts: 429
- Joined: Tue Jul 24, 2012 2:43 am
- Contact:
Re: About Question enthuware.ocejws.v6.2.224 :
Oh, yes I see your point, the annotation on the method should not be there!
Thanks for your feedback!
Regards
Frits
Thanks for your feedback!
Regards
Frits
Who is online
Users browsing this forum: No registered users and 66 guests