Examice

Exam 1z0-900 All QuestionsBrowse all questions from this exam

Go to Exam

Question 52

You want to allow one set of roles to POST to a resource and another set of roles to GET it.

Which two configuration options should you use? (Choose two.)

two separate @HttpMethodConstraints annotations and sets of roles

a single @HttpMethodContstraint annotation and a map of method to roles

two with different in the deployment descriptor

a single with two with different in the deployment descriptor

Correct Answer: A, C

To allow one set of roles to POST to a resource and another set of roles to GET it, you should use two separate @HttpMethodConstraints annotations with sets of roles, which would enable specifying different roles for different HTTP methods directly in the code. Additionally, another option is to use two <web-resource-collection> elements with different <http-method> elements in the deployment descriptor, allowing fine-grained role management based on HTTP methods in the configuration file.

Discussion

devmsalehOptions: AC

Answer is : A,C

orjavaOptions: AC

Answer A, C https://docs.oracle.com/cd/E19226-01/820-7627/bncbl/index.html @ServletSecurity(httpMethodConstraints = { @HttpMethodConstraint(value="GET", rolesAllowed={"user"}), @HttpMethodConstraint(value="POST", rolesAllowed={"admin"})})