Objectives
1. Based on the servlet specification, compare and contrast the following security mechanisms: (a) authentication, (b) authorization, (c) data integrity, and (d) confidentiality.
2. In the deployment descriptor, declare a security constraint, a Web resource, the transport guarantee, the login configuration, and a security role.
3. Compare and contrast the authentication types (BASIC, DIGEST, FORM, and CLIENT-CERT); describe how the type works; and given a scenario, select an appropriate type.
Q1. Given:
3. class MyServlet extends HttpServlet {
4. public void doPut(HttpServletRequest req, HttpServletResponse resp) throws ServletException,
IOException {
5. // servlet code here ...
26. }
27. }
If the DD contains a single security constraint associated with MyServlet and its only <http-method> tags
and <auth-constraint> tags are:
<http-method>GET</http-method>
<http-method>PUT</http-method>
<auth-constraint>Admin</auth-constraint>
Which four requests would be allowed by the container? (Choose four.)
A. A user whose role is Admin can perform a PUT.
B. A user whose role is Admin can perform a GET.
C. A user whose role is Admin can perform a POST.
D. A user whose role is Member can perform a PUT.
E. A user whose role is Member can perform a POST.
F. A user whose role is Member can perform a GET.
Answer: A, B, C, E
Page:
1
2
3
4
5
6
7
8
9
10
|