An organization has business logic implemented in EJB components. Current clients use container-managed, role-based security to access the business logic using RMI. Management has determined that the business logic must be made available to non-RMI clients using a Web service.
Which container-managed Web service security mechanism would the development team? use to allow Web service clients to use the current security model? (Choose one)
A.
XKMS
B.
XACML
C.
XML Digital Signature
D.
HTTP Basic Authentication
E.
annotations mapped to the JAX-WS runtime
What about A?
Hey Guys,
Someone have presented the 1z0-897 exam? any questions here appear in the real exam?
Thanks.
Hey Gays,
Can anyone help me to find the documentation of 1z0-897?
thanks
Correct response is D because is configured on the web container (web.xml)
do these questions appear in 1z0-897 exam?
D) http basic authentication is correct: deployment file web.xml has contained the role-principal/group mapping as well as the application has implemented authorization on application roles, the web service client can utilized existing authentication/authorization mechanism.
Like below sample security role mapping defined in the web.xml, user “Duke” is stored in the security store of application server and permission of role “Duke” is defined in the web application, the web service based on jax-rpc could utilize existing security mechnism
Viewer
Duke
Admin
Director