Java Spring Multiple Choice Questions & Answers (MCQs) on “Securing URL Access”.
1. Way to secure web app’s URL.
a) servlet filters
b) refresh-check-delay
c) http servlet filters
d) none of the mentioned
Answer: a
Clarification: Spring Security enables you to secure a web application’s URL access in a declarative way through simple configuration. It handles security by applying servlet filters to HTTP requests.
2. Servlet filter registered in web deployment descriptor, which filters request in spring application context.
a) DelegatingFilter
b) DelegatingFilterProxy
c) DelegatingProxy
d) None of the mentioned
Answer: b
Clarification: As servlet filters must be registered in the web deployment descriptor to take effect, you have to register a DelegatingFilterProxy instance in the web deployment descriptor, which is a servlet filter that delegates request filtering to a filter in Spring’s application context.
3. Servlet APIs to access security information of web application.
a) HttpServletRequest.isUserInRole()
b) HttpServletRequest.getUserPrincipal()
c) None of the mentioned
d) All of the mentioned
Answer: d
Clarification: Servlet API integration: This allows you to access security information in your web application via standard Servlet APIs, such as HttpServletRequest.isUserInRole() and HttpServletRequest.getUserPrincipal().
4. To load root application context at the start up.
a) ContextListener
b) ContextLoader
c) ContextLoaderListener
d) ContextEventListener
Answer: c
Clarification: In the web deployment descriptor (i.e., web.xml), you register ContextLoaderListener to load the root application context at startup.
5. To dispatch requests for web application.
a) DispatcherServlet
b) ViewHandler
c) ViewResolver
d) None of the mentioned
Answer: a
Clarification: Spring MVC DispatcherServlet is used to dispatch requests.
6. The responsibility of DelegatingFilterProxy is simply to delegate HTTP request filtering to a Spring bean that implements the interface:-
a) java.util.logging.Filter
b) java.util.logging.net
c) java.util.logging.FilterHttp
d) none of the mentioned
Answer: a
Clarification: The responsibility of DelegatingFilterProxy is simply to delegate HTTP request filtering to a Spring bean that implements the java.util.logging.Filter interface.
7. By default, DelegatingFilterProxy delegates to a bean whose name is the same as its filter-name property.
a) True
b) False
Answer: a
Clarification: By default, it delegates to a bean whose name is the same as its filter-name property, but you can override the bean name in its targetBeanName init parameter.
8. Filter chain configured by Spring security, when web app security enabled.
a) springSecurityFilterChain
b) delegatingFilterProxy
c) none of the mentioned
d) all of the mentioned
Answer: a
Clarification: As Spring Security will automatically configure a filter chain with the name springSecurityFilterChain when you enable web application security, you can simply use this name for your DelegatingFilterProxy instance.
9. The http auto-config=”false” element automatically configures the basic security services that a typical web application needs.
a) True
b) False
Answer: b
Clarification: The http auto-config=”true” element automatically configures the basic security services that a typical web application needs. You can fine-tune these services with the corresponding sub elements inside it.
10. Element used to restrict access to a particular URL.
a) restrict-url
b) intercept-url
c) intercept-restrict
d) none of the mentioned
Answer: b
Clarification: Inside the http configuration element, you can restrict access to particular URLs with one or more intercept-url elements.
11. Element which configures authentication services.
a) authentication-provider
b) authentication-manager
c) all of the mentioned
d) none of the mentioned
Answer: c
Clarification: You can configure authentication services in the authentication-provider element, which is nested inside the authentication-manager element.
12. Element which defines user details.
a) user-service
b) user-details
c) user-requirements
d) user-servicerequirements
Answer: a
Clarification: Spring Security also supports defining user details in user-service directly for simple security requirements. You can specify a
username, a password, and a set of authorities for each user.
13. Which of the following way to provide authenticity of users is/are supported by Spring Security?
a) Authenticating against a database
b) LDAP repository
c) All of the mentioned
d) None of the mentioned
Answer: c
Clarification: Spring Security supports several ways of authenticating users, including authenticating against a database or an LDAP repository.
14. The basic security services registered and configured by Spring Security.
a) Form-based login service
b) Logout Service
c) HTTP Basic authentication.
d) All of the mentioned
Answer: d
Clarification: Spring Security will automatically register and configure several basic security services, including the above mentioned.
15. HTTP Basic authentication support is configured by:-
a) logout
b) http-basic
c) http-basicauth
d) none of the mentioned
Answer: d
Clarification: The HTTP Basic authentication support can be configured via the http-basic element. When HTTP Basic authentication is required, a browser will typically display a login dialog or a specific login page for users to log in.