Page: 9
Unit-5 : Web Application Security
Q23. Which two statements are true about using the isUserInRole method to implement security in a Java EE application? (Choose two.) A. It can be invoked only from the doGet or doPost methods. B. It can be used independently of the getRemoteUser method. C. Can return "true" even when its argument is NOT defined as a valid role name in the deployment descriptor. D. Using the isUserInRole method overrides any declarative authentication related to the method in which it is invoked. E. Using the isUserInRole method overrides any declarative authorization related to the method in which it is invoked. Answer: B, C Q24.developer has used this code within a servlet: 62. if(request.isUserInRole("vip")) { 63. // VIP-related logic here 64. } What else must the developer do to ensure that the intended security goal is achieved? A. create a user called vip in the security realm B. define a group within the security realm and call it vip C. define a security-role named vip in the deployment descriptor D. declare a security-role-ref for vip in the deployment descriptor Answer: D
Page: 9
1
2
3
4
5
6
7
8
9
10
|