Which two statements are true?

A Java EE application server has four different security realms for user management. One of the
security realms is custom made. This realm supports only individual user entries, no grouping of
users, and is used by the application. Which two statements are true? (Choose two.)

A Java EE application server has four different security realms for user management. One of the
security realms is custom made. This realm supports only individual user entries, no grouping of
users, and is used by the application. Which two statements are true? (Choose two.)

A.
EJB developers cannot use the isCallerInRole method.

B.
The annotation @RunAs(�AAA�) can still be used for this application.

C.
All security roles need a role-link entry in the deployment descriptor.

D.
All security roles can be mapped successfully to individual users in the realm.

Explanation:
Not A, not C:
A security role reference defines a mapping between the name of a role that is called from a web
component using isUserInRole(String role) and the name of a security role that has been defined
for the application. If no security-role-ref element is declared in a deployment descriptor and

the isUserInRole method is called, the container defaults to checking the provided role name
against the list of all security roles defined for the web application. Using the default method
instead of using the security-role-ref element limits your flexibility to change role names in an
application without also recompiling the servlet making the call.
For example, to map the security role reference cust to the security role with role name
bankCustomer, the syntax would be:
<servlet>
<security-role-ref>
<role-name>cust</role-name>
<role-link>bankCustomer</role-link>
</security-role-ref>
</servlet>
Note:
*A realm is a security policy domain defined for a web or application server. A realm contains a
collection of users, who may or may not be assigned to a group.
*The protected resources on a server can be partitioned into a set of protection spaces, each with
its own authentication scheme and/or authorization database containing a collection of users and
groups. A realm is a complete database of users and groups identified as valid users of one or
more applications and controlled by the same authentication policy.
*In some applications, authorized users are assigned to roles. In this situation, the role assigned to
the user in the application must be mapped to a principal or group defined on the application
server.
*A role is an abstract name for the permission to access a particular set of resources in an
application. A role can be compared to a key that can open a lock. Many people might have a
copy of the key. The lock doesnt care who you are, only that you have the right key.
Reference:The Java EE 6 Tutorial,Declaring and Linking Role References

Show Hint

Leave a Reply 0

Your email address will not be published. Required fields are marked *