Search your topic in Java2share
Home > SCBCD > SCBCD Question Bank
eXTReMe Tracker


11. Security Management (SCBCD)

Q:1 A developer implements a session bean with a method doStuff which behaves
differently depending on the caller's security role. Only users in security roles "ADMIN" and "USER"
are allowed to call the method. Assume that there is no security-related metadata in the deployment
descriptor. Which two, taken in combination, are appropriate to accomplish this? (Choose two.)

A. Annotate method doStuff with @PermitAll.
B. Annotate method doStuff with @RolesAllowed({"ADMIN","USER"})
C. If EJBContext.getCallerPrincipal returns role "ADMIN", implement the behavior for users in role ADMIN.
D. If EJBContext.isCallerInRole("ADMIN") returns true, implement the behavior defined for users in role
"ADMIN".

Answer: B, D

 Q: 02 The deployment descriptor for a stateless session bean that uses the
isCallerInRole method reads as follows:
3. <security-role-ref>
4. <role-name>manager</role-name>
5. <role-link>humanresources</role-link>
6. <security-role-ref>
16. <security-role>
17. <description>
18. Is allowed to view and update all employee records.
19. </description>
20. <role-name>humanresources</role-name>
21. </security-role>
Which two roles are responsible for creating this deployment descriptor? (Choose two.)

A. Deployer
B. Bean Provider
C. System Administrator
D. Application Assembler

Answer: B, D

 Q: 03 An enterprise bean has security permissions set up using declarative security
features. Under which two conditions can a client be guaranteed to have permission to invoke a business
method on the enterprise bean? (Choose two.)

A. The Application Assembler has marked the enterprise bean method as unchecked.
B. The client's principal has been assigned a security role with permission to invoke the method.
C. The Application Assembler has set the security-identity deployment descriptor to run-as.
D. The Application Assembler has mapped all security role references using the role-link element.

Answer: A, B

Q: 04 Given:
10. @Stateless
11. @RunAs("X")
12. public class SecureBean01 implements Secure01 {
13. @EJB Secure02 secure02;
23. @RolesAllowed("A")
24. public void methodA() {
25. secure02.methodB();
26. }
10. @Stateless
11. public void SecureBean02 implements Secure02 {
23. @RolesAllowed("A")
24. public void methodB() {
A user who is only in role A invokes Secure01.methodA. Assuming NO other security-related metadata,
what is the expected result?

A. An exception is thrown at Line 25.
B. An exception is thrown at Line 13.
C. methodA cannot be invoked by this user.
D. The code executes without raising an exception.

Answer: A