Spring Questions and Answers – Handling Security in Views and Domain object security

This set of Java Spring Multiple Choice Questions & Answers (MCQs) focuses on “Handling Security in Views and Domain object security”.

1. Element used to secure methods.
a) security:intercept-methods
b) global-method-security
c) all of the mentioned
d) none of the mentioned
View Answer

Answer: c
Explanation: First, you can embed a security:intercept-methods element in a bean definition to secure its methods. Alternatively, you can configure a global global-method-security element to secure multiple methods.

2. @Secured annotation is used to secure methods implemented by beans.
a) True
b) False
View Answer

Answer: a
Explanation: You can also annotate methods declared in a bean interface or an implementation class with the @Secured annotation and then enable security for them in global-method-security.

3. Element used to specify access attributes for bean’s methods.
a) security:protect
b) security:intercept
c) security:intercept-security
d) none of the mentioned
View Answer

Answer: a
Explanation: In a bean’s security:intercept-methods, you can specify multiple security:protect elements to specify access attributes for this bean’s methods.
advertisement
advertisement

4. Attribute used to specify custom access decision manager.
a) access-decision-manager-ref
b) access-decision-ref
c) access-decision
d) none of the mentioned
View Answer

Answer: a
Explanation: If you would like to use a custom access decision manager, you can specify it in the access-decision-manager-ref.

5. JSP technology is also used to handle security of JSP views.
a) True
b) False
View Answer

Answer: a
Explanation: Spring Security provides a JSPtag library for you to handle security in JSP views.
Note: Join free Sanfoundry classes at Telegram or Youtube

6. Tag which displays user’s Authentication object.
a) security:tag
b) security_Tag
c) security:authentication
d) none of the mentioned
View Answer

Answer: c
Explanation: The security:authentication tag exposes the current user’s Authentication object for you to render its properties.

7. Tag which renders the granted authorities one by one.
a) c:for
b) c:forEach
c) c:doWhile
d) c:while
View Answer

Answer: b
Explanation: You can store the authorities property, which contains the authorities granted to the user, in the JSP variable authorities, and render them one by one with a c:forEach tag.
advertisement

8. Tag used to render view contents conditionally.
a) security:authorize
b) security:authority
c) security:authenticate
d) none of the mentioned
View Answer

Answer: a
Explanation: If you would like to render view contents conditionally according to a user’s authorities, you can use the security:authorize tag.

9. Attribute used to render enclosed content.
a) ifGranted
b) if_Granted
c) ifAllGranted
d) none of the mentioned
View Answer

Answer: c
Explanation: If you want the enclosing content to be rendered only when the user has been granted certain authorities at the same time, you have to specify them in the ifAllGranted attribute.
advertisement

10. Module that allows each domain to have it’s own access.
a) access share list
b) access common list
c) access control list
d) access list
View Answer

Answer: c
Explanation: Spring Security provides a module named ACL that allows each domain object to have its own access control list (ACL).

11. ACL(Access control list) consists of:-
a) object identity
b) access control entities
c) none of the mentioned
d) all of the mentioned
View Answer

Answer: a
Explanation: An ACL contains a domain object’s object identity to associate with the object, and also holds multiple access control entries (ACEs).

12. ACEs(Access control entries) core consists of:-
a) Permissions
b) Security Identity
c) All of the mentioned
d) None of the mentioned
View Answer

Answer: c
Explanation: Multiple access control entries (ACEs), each of which contains the above mentioned two core parts.

13. Which of the following is/are part of BasePermission class:-
a) CREATE
b) READ/WRITE
c) DELETE
d) All of the mentioned
View Answer

Answer: d
Explanation: The BasePermission class predefines five basic permissions as constant values for you to use: READ (bit 0 or integer 1), WRITE (bit 1 or integer 2), CREATE (bit 2 or integer 4), DELETE (bit 3 or integer 8), and ADMINISTRATION (bit 4 or integer 16).

14. SID(Security Identity) associates with permission using.
a) principal(PrincipalSid)
b) authority (GrantedAuthoritySid)
c) all of the mentioned
d) none of the mentioned
View Answer

Answer: c
Explanation: Each ACE contains permissions for a particular SID. An SID can be a principal (PrincipalSid) or an authority (GrantedAuthoritySid) to associate with permissions.

15. Interfaces that defines operation of an ACL service.
a) AclService
b) MutableAclService
c) All of the mentioned
d) None of the mentioned
View Answer

Answer: c
Explanation: In Spring Security, there are two interfaces that define operations of an ACL service: AclService and MutableAclService. AclService defines operations for you to read ACLs.

Sanfoundry Global Education & Learning Series – Java Spring.
To practice all areas of Java Spring, here is complete set of 1000+ Multiple Choice Questions and Answers.

If you find a mistake in question / option / answer, kindly take a screenshot and email to [email protected]

advertisement
advertisement
Subscribe to our Newsletters (Subject-wise). Participate in the Sanfoundry Certification contest to get free Certificate of Merit. Join our social networks below and stay updated with latest contests, videos, internships and jobs!

Youtube | Telegram | LinkedIn | Instagram | Facebook | Twitter | Pinterest
Manish Bhojasia - Founder & CTO at Sanfoundry
Manish Bhojasia, a technology veteran with 20+ years @ Cisco & Wipro, is Founder and CTO at Sanfoundry. He lives in Bangalore, and focuses on development of Linux Kernel, SAN Technologies, Advanced C, Data Structures & Alogrithms. Stay connected with him at LinkedIn.

Subscribe to his free Masterclasses at Youtube & discussions at Telegram SanfoundryClasses.