About Question enthuware.jwpv6.2.887 :
Moderator: admin
About Question enthuware.jwpv6.2.887 :
Why the double <security-constraint> in the question?
Re: About Question enthuware.jwpv6.2.887 :
Hello!
IMHO it must be mentioned in question that SALES and MKTING are the only roles of the web app.
Otherwise the correct answer is ambiguous.
IMHO it must be mentioned in question that SALES and MKTING are the only roles of the web app.
Otherwise the correct answer is ambiguous.
-
- Site Admin
- Posts: 10067
- Joined: Fri Sep 10, 2010 9:26 pm
- Contact:
Re: About Question enthuware.jwpv6.2.887 :
Not sure why you think so. Even if there are more roles in the web app, the answers are fine.Another user wrote:Hello!
IMHO it must be mentioned in question that SALES and MKTING are the only roles of the web app.
Otherwise the correct answer is ambiguous.
HTH,
Paul.
If you like our products and services, please help us by posting your review here.
-
- Posts: 2
- Joined: Sat Feb 21, 2015 8:58 pm
- Contact:
Re: About Question enthuware.jwpv6.2.887 :
I think that there's an error in this question, because I tried to reproduce it using TomCat 7 but it did not work.
I did this:
But is not working, the * does not alow others users that do not have the role ADMIN to access the URL.
I did this:
Code: Select all
<security-constraint>
<web-resource-collection>
<url-pattern>/webdescriptor/security/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>ADMIN</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<url-pattern>/webdescriptor/security/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
-
- Site Admin
- Posts: 10067
- Joined: Fri Sep 10, 2010 9:26 pm
- Contact:
Re: About Question enthuware.jwpv6.2.887 :
That's what the question wants, right?
If you like our products and services, please help us by posting your review here.
-
- Posts: 2
- Joined: Sat Feb 21, 2015 8:58 pm
- Contact:
Re: About Question enthuware.jwpv6.2.887 :
Hi,
Accordingly to the question resolution, the answers below are correct:
answer 1:
answer 3:
So my doubt is just that, how can answer 3 be correct if it does not work when I try to run it using Tomcat?
Am I missing something?
Thanks
Accordingly to the question resolution, the answers below are correct:
answer 1:
Code: Select all
<auth-constraint>
<role-name>MKTING</role-name>
</auth-constraint>
Code: Select all
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
Am I missing something?
Thanks
-
- Site Admin
- Posts: 10067
- Joined: Fri Sep 10, 2010 9:26 pm
- Contact:
Re: About Question enthuware.jwpv6.2.887 :
Oh, I see. If tomcat doesn't allow any user to access it then that is a problem with tomcat. As per Servlet 3.1 specification section 13.8 :
The special role name “*” is a shorthand for all role names defined in the deployment descriptor. The special role name “**” is a shorthand for any authenticated user independent of role. When the special role name “**” appears
in an authorization constraint, it indicates that any authenticated user, independent of role, is authorized to perform the constrained requests.
If you like our products and services, please help us by posting your review here.
-
- Posts: 358
- Joined: Fri Nov 29, 2013 8:26 pm
- Contact:
Re: About Question enthuware.jwpv6.2.887 :
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
means all authenticated roles can access /acme/wholesale/*.
If there is another role called "admin", this admin can also access this url.
So, I assume there are only two roles defined :SALES and MKTNG.
<role-name>*</role-name>
</auth-constraint>
means all authenticated roles can access /acme/wholesale/*.
If there is another role called "admin", this admin can also access this url.
So, I assume there are only two roles defined :SALES and MKTNG.
Who is online
Users browsing this forum: No registered users and 135 guests