JBridge: Certification Question Of The Day

JBridge Home >> Certification Questions >> Question for Tuesday 3rd June 2003

Tuesday 3rd June 2003

Identify which of the following statements about web application security are true (2 correct answers)

A A servlet can be secured by name in the web deployment descriptor.
B The parent tag for <auth-method> is <login-config>.
C Individual users can be excluded from certain web resources through configuration within the web deployment descriptor alone.
D A web resource collection can be specified without specifying authority constraints.
E The parent tag for <form-login-page> is <login-config>.
Page down for the answer...

The Answer

The correct statements are B and D.
A servlet can't be secured by name; only url patterns can be secured in the web deployment descriptor (so answer A is false).
Individual users cannot be excluded from web resources through the web deployment descriptor alone. Individual users can be associated with roles outside of the web deployment descriptor, through server-specific configuration (Tomcat has a configuration file called tomcat-users.xml for this purpose). The roles can then be protected within the web deployment descriptor. That is why answer C is false.
Finally, the parent tag for <form-login-page> is <form-login-config> (and the parent for <form-login-config> is <login-config>).

EMail: dbridgewater@jbridge.co.uk
Phone: +44 (0)1943 877414
Fax: +44 (0)1943 877414
Mail: David Bridgewater, Willow Dene, Bradford Road, Menston, Ilkley, West Yorkshire, LS29 6ED, UK
Copyright © 2003 David Bridgewater. All rights reserved.