Which of the following elements sets up a requirement to receive the constrained requests over a
protected layer connection, such as TLS (Transport Layer Security)?
A.
User data constraint
B.
Authorization constraint
C.
Web resource collection
D.
Accounting constraint
Explanation:
User data constraint is a security constraint element summarized in the Java Servlet
Specification 2.4. It sets up a requirement to receive the constrained requests over a protected
layer connection, such as TLS (Transport Layer Security). The user data constraint offers
guarantee (NONE, INTEGRAL, and CONFEDENTIAL) for the transportation of data betweenclient and server. If a request does not have user data constraint, the container accepts the
set of URL patterns and HTTP operations that define all resources required to be protected. It is a
security constraint element summarized in the Java Servlet Specification v2.4. The Web resource
Authorization constraint is a security constraint element summarized in the Java Servlet
Specification 2.4. It sets up a requirement for authentication and names the authorization roles
that can access the URL patterns and HTTP methods as defined by the security constraint. In the
absence of a security constraint, the container accepts the request without requiring any user
authentication. If no authorization role is specified in the authorization constraint, the container
cannot access constrained requests. The wildcard character “*” specifies all authorization role
constraint element.