Page: 1
Unit-5 : Web Application Security
Objectives 1. Based on the servlet specification, compare and contrast the following security mechanisms: (a) authentication, (b) authorization, (c) data integrity, and (d) confidentiality. 2. In the deployment descriptor, declare a security constraint, a Web resource, the transport guarantee, the login configuration, and a security role. 3. Compare and contrast the authentication types (BASIC, DIGEST, FORM, and CLIENT-CERT); describe how the type works; and given a scenario, select an appropriate type. Q1. Given: 3. class MyServlet extends HttpServlet { 4. public void doPut(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { 5. // servlet code here ... 26. } 27. } If the DD contains a single security constraint associated with MyServlet and its only <http-method> tags and <auth-constraint> tags are: <http-method>GET</http-method> <http-method>PUT</http-method> <auth-constraint>Admin</auth-constraint> Which four requests would be allowed by the container? (Choose four.) A. A user whose role is Admin can perform a PUT. B. A user whose role is Admin can perform a GET. C. A user whose role is Admin can perform a POST. D. A user whose role is Member can perform a PUT. E. A user whose role is Member can perform a POST. F. A user whose role is Member can perform a GET. Answer: A, B, C, E
Page: 1
1
2
3
4
5
6
7
8
9
10
|