Which security mechanisms always operate independently of the transport layer? (Choose all that apply.)
(servlet spec: chap 12 )
Given a deployment descriptor with three valid <security-constraint>
elements, all constraining web resource A, whose respective <auth-constraint>
sub-elements are:
(servlet spec: 12.8.1)
<auth-constraint> <role-name>Bob</role-name> </auth-constraint> <auth-constraint/> <auth-constraint> <role-name>Alice</role-name> </auth-constraint>
Who can access resource A?
Which activities would be addressed via a J2EE 1.4 container’s data integrity mechanism? (Choose all that apply.)
(Servlet spec., 12.1)
A. | Verifying that a specific user is allowed access to a specific HTML page. | |
B. | Ensuring that an eavesdropper can’t read an HTTP message being sent from the client to the container. | |
C. | Verifying that a client making a request for a constrained JSP has the proper role credentials to access the JSP. | |
D. | Ensuring that a hacker can’t alter the contents of an HTTP message while it is in transit from the container to a client. |
Which are required fields in the login form when using Form Based Authentication? (Choose all that apply.)
(Servlet spec., 12.5.3:)
Which authentication types require a specific type of HTML action? (Choose all that apply.)
(Servlet spec., 12.5.3.1)
A. | HTTP Basic Authentication | |
B. | Form Based Authentication | |
C. | HTTP Digest Authentication | |
D. | HTTPS Client Authentication. |
Which security mechanisms can be implemented by using a method in the HttpServletRequest
interface? (Choose all that apply.)
(Servlet spec., 12.3)
Which HttpServletRequest
method is most closely associated with the use of the <security-role-ref>
element?
(Servlet spec., 12.3)
Which deployment descriptor elements can contain a <transport-guarantee>
sub-element? (Choose all that apply.)
(Servlet spec., 13.4)
Which authentication mechanism is recommended to be used only if cookies or SSL session tracking is in place?
(Servlet spec., 12.5.3.1)
A. | HTTP Basic Authentication | |
B. | Form Based Authentication | |
C. | HTTP Digest Authentication | |
D. | HTTPS Client Authentication |