Thank you all who accepted the challenge and took the quiz. Now it is time to see who are the luckier ones winning the prizes which are copies of GlassFish Security book. To give you an statistic about the quiz participants,
I had 156 participants. though some of them, maybe 20 – 30 are quiz result submitted more than once by some of the participants.
Before we jump to the list of winners, I should explain the questions which I posted in the quiz. The questions I selected for the quiz are mostly based on chapter 3 of the book which is available for free in packt website.
So the questions, the answers and the explanation about each question are as follow.
1. Which one of the following statements is correct? A. We can specify which security realm we want our web module to use in the sun-web.xml. B. We can specify which security realm we want our web module to use in the web.xml. C. We can use sun-application.xml to specify which security realm we want our enterprise application to use D. B and C are correct.
We can use both the web.xml and sun-application.xml to specify the security realm. In the web.xml we use the login-conf element as shown below:
<login-config> <auth-method>BASIC</auth-method> <realm-name>LDAP_Realm</realm-name> </login-config>
And in the sun-application.xml we can specify the application wide security realm as shown in the following snippet.
<sun-application> <realm></realm> </sun-application>
2. Which one of the following statements shows new security features included in Java EE 6?
Yes, all of this new features are included in Java EE 6 to enhance the security APIs and ease their use.
3. Where we should place the login-config element? A. In web.xml
B. In sun-web.xml
C. In sun-application.xml
D. In A and C
4. What are j_username and j_password when it come to Java EE security?
To see some snippet about how we can have FORM authentication, you can take a look at the GlassFish security book chapter 3 which is freely available.
5. When we talk about security, which of the following sequences is more accurate?
A. Identification, Authentication, Authorization
B. Authentication, Authorization, Identification
C. Authentication, Identification, Authorization
D. Authorization, Authentication, Identification
Before we try to authenticate a credential we should receive a credential showing who the requester is claiming to be. After we received the credentials, we should check the credentials validity and finally after we find that the credentials are valid we can check the access level of the provided credentials.
And now the winners The paper copy goes to: Bruno Antunes First ebook copy goes to: Alireza Haghighatkhah Second ebook copy goes to: Deny Wuysan
I have not received replys from some of the participants about their country of residence so I put them into the second list. I will contact the winners to coordinate the distribution of the copies with them.
I am looking for a way to have more contest about GlassFish security book in the coming month. Specially small 2 question quiz which the winner will receive a e-book copy of the title.