GlassFish security book contest: Here are the lucky winners

Thank you all who accepted the challenge and took the quiz. Now it is time to see who are the luckier ones winning the prizes which are copies of GlassFish Security book. To give you an statistic about the quiz participants,

GlassFish Security Book

I had 156 participants. though some of them, maybe 20 – 30 are quiz result submitted more than once by some of the participants.

Before we jump to the list of winners, I should explain the questions which I posted in the quiz.  The questions I selected for the quiz are mostly based on chapter 3 of the book which is available for free in packt website.

So the questions, the answers and the explanation about each question are as follow.


1. Which one of the following statements is correct?

A. We can specify which security realm we want our web module to use in the sun-web.xml.
B. We can specify which security realm we want our web module to use in the web.xml.
C. We can use sun-application.xml to specify which security realm we want our enterprise application to use
D. B and C are correct.

We can use both the web.xml and sun-application.xml to specify the security realm. In the web.xml we use the login-conf element as shown below:

<login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>LDAP_Realm</realm-name>
</login-config>

And in the sun-application.xml we can specify the application wide security realm as shown in the following snippet.

<sun-application>
    <realm>LDAP_Realm</realm>
</sun-application>

The realm is an immediate child of the sun-application element.


2. Which one of the following statements shows new security features included in Java EE 6?

A. The programmatic login and logout methods in logout in HttpServletRequest interface.
B. Inclusion of @ServletSecurity Annotation to annotate a Servlet and enforce security.
C. Inclusion of the authenticate method in the HttpServletRequest interface.
D. All of the above.

Yes, all of this new features are included in Java EE 6 to enhance the security APIs and ease their use.


3. Where we should place the login-config element?

A. In web.xml
B. In sun-web.xml
C. In sun-application.xml
D. In A and C

The login-conf element goes to web.xml to specify the security realm and the authentication method. To see an snippet about this look at the explanation of the first question


4. What are j_username and j_password when it come to Java EE security?

A. These are two per-defined filed names which we must use in FORM authentication to pass the username and the password to the container.
B. These are two per-defined filed names which we must use in BASIC authentication type to pass the username and the password to the container.
C. Both of A and B are correct.
D. None of the above items.

To see some snippet about how we can have FORM authentication, you can take a look at the GlassFish security book chapter 3 which is freely available.


5. When we talk about security, which of the following sequences is more accurate?

A. Identification, Authentication, Authorization
B. Authentication, Authorization, Identification
C. Authentication, Identification, Authorization
D. Authorization, Authentication, Identification

‌Before we try to authenticate a credential we should receive a credential showing who the requester is claiming to be. After we received the credentials, we should check the credentials validity and finally after we find that the credentials are valid we can check the access level of the provided credentials.


And now the winners
The paper copy goes to: Bruno Antunes
First ebook copy goes to: Alireza Haghighatkhah
Second ebook copy goes to: Deny Wuysan

I have not received replys from some of the participants about their country of residence so I put them into the second list. I will contact the winners to coordinate the distribution of the copies with them.

I am looking for a way to have more contest about GlassFish security book in the coming month. Specially small 2 question quiz which the winner will receive a e-book copy of the title.