SCWCD(一)

237.Given an HttpServletRequest request and an HttpServletResponse response: (给定一个HttpServletRequest请求和一个HttpServletResponse响应:)
41. HttpSession session = null; 
42. // insert code here 
43. if(session == null) { 
44. // do something if session does not exist  
45. } else { 
46. // do something if session exists 
47. } 
To implement the design intent, which statement must be inserted at line 42? (实现设计意图,哪一句声明必须插入行42吗?)
A. session = response.getSession(); 
B. session = request.getSession(); 
C. session = request.getSession(true); 
D. session = request.getSession(false); 
E. session = request.getSession("jsessionid"); 

C.getSession(true)如果没有该域中没有session就新建一个并返回
D.getSession(false)如果没有session,返回null
Answer: D 

 

236.Which two statements are true about using the isUserInRole method to implement security in a Java EE application? (Choose two.)

(哪两个语句是正确的关于使用isUserInRole方法在Java EE应用程序实现安全吗?(选择两个)
A. It can be invoked only from the doGet or doPost methods.
B. It can be used independently of the getRemoteUser method.
C. Can return "true" even when its argument is NOT defined as a valid role name in the
deployment descriptor.
D. Using the isUserInRole method overrides any declarative authentication related to the method in which
it is invoked.
E. Using the isUserInRole method overrides any declarative authorization related to the method in which
it is invoked.

a.它可以只从doGet或doPost方法调用。
b.它可以独立于getRemoteUser方法。
c.可以返回“true”即使它的参数不是在部署描述符中定义为一个有效的角色名。
d.使用isUserInRole方法覆盖任何声明性验证相关的方法被调用。
e.使用isUserInRole方法覆盖任何声明式授权相关的方法被调用。
解析：
B.isUserInRole能单独用于getRemoteUser方法中
C.如果角色没有定义，isUserInRole返回true

Answer: B,C 

 

235.Which interface must a session attribute implement if it needs to be notified when a web container
persists a session? （当web容器持久化一个会话,如果需要通知,一个会话属性必须实现哪一个接口?）
A. javax.servlet.http.HttpSessionListener
B. javax.servlet.http.HttpSessionBindingListener
C. javax.servlet.http.HttpSessionAttributeListener
D. javax.servlet.http.HttpSessionActivationListener

解析：HttpSessionActivationListener监听session的活动状态
Answer: D 

 

234.A web application uses the HttpSession mechanism to determine if a user is "logged in." When a user supplies a valid user name and password, an HttpSession is created for that user. The user has access to the application for only 15 minutes after logging in. The code must determine how long the user has been logged in, and if this time is greater than 15 minutes, must destroy the HttpSession. Which method in HttpSession is used to accomplish this?

(234.一个web应用程序使用HttpSession机制来确定用户”登录。“当一个用户提供一个有效的用户名和密码,为该用户创建HttpSession。用户访问应用程序仅15分钟后登录。代码必须确定多长时间用户已经登录,如果这个时间大于15分钟,必须摧毁HttpSession。在HttpSession中哪一个方法用于完成这个?)
A. getCreationTime
B. invalidateAfter
C. getLastAccessedTime
D. getMaxInactiveInterval

A.getCreationTime获得session创建时间，比较当前时间就可以知道会话产生时间。
D.getMaxInactiveInterval获得session存活时间。
Answer: A 

 

233.Which two are required elements for the <web-resource-collection> element of a web application deployment descriptor? (Choose two.) 

(233.web应用程序的<web-resource-collection>元素部署描述符需要哪两个元素?(选择两个))
A. <realm-name>
B. <url-pattern>
C. <description>
D. <web-resource-name>
E. <transport-guarantee>

解析：<web-resource-colection>必须有<web-resource-name>和<url-pattern>,可选<description>和<http-method>
Answer: B,D 

 

232.Which element of a web application deployment descriptor <security-constraint> element is required?

(web应用程序部署描述符<security-constraint>元素时，哪个元素是必需的?)
A. <realm-name>
B. <auth-method>
C. <security-role>
D. <transport-guarantee>
E. <web-resource-collection>

解析：<security-constraint>必须有资源列表
Answer: E 

 

231.Which two statements are true about the security-related tags in a valid Java EE deployment descriptor? (Choose two)

(231.哪两个语句是真实的有效的JavaEE部署描述符中与安全相关的标签吗?(选择两个)
A. Every <security-constraint> tag must have at least one <http-method> tag.
B. A <security-constraint> tag can have many <web-resource-collection> tags.
C. A given <auth-constraint> tag can apply to only one <web-resource-collection> tag.
D. A given <web-resource-collection> tag can contain from zero to many <url-pattern> tags.
E. It is possible to construct a valid <security-constraint> tag such that, for a given resource, no user roles
can access that resource.

a.每个<安全约束>标记必须有至少一个< http方法>标记。
b.<安全约束>标记可以有多个< web-resource-collection >标签。
c.给定< auth-constraint >标记适用于只有一个< web-resource-collection >标记。
d.给定< web-resource-collection >标记可以包含从0到许多< url模式>标记。
e.可以构造一个有效的<安全约束>标记,像这样,对于一个给定的资源,没有用户角色可以访问该资源。

A.<security-constraint>的子标签<http-method>是可选的，如果没有该标签表示禁止所以HTTP方法。
B.<security-constraint>标签体内能有多个<web-resource-collection>标签。
E.可以有没有角色能访问的资源。
配置格式：
<security-constraint>
　　<web-resource-coolection>
　　<web-resource-name>Proprietary</web-resource-name>
　　<url-pattern>/propritary/*</url-pattern>
　　</web-resource-coolection>
　　<!-- ... -->
</security-constraint>

Answer: B,E 

 

230.You web application uses a lot of Java enumerated types in the domain model of the application. Built
into each enum type is a method, getDisplay(), which returns a localized, user-oriented string.
There are many uses for presenting enums within the web application, so your manager has asked you to
create a custom tag that iterates over the set of enum values and processes the body of the tag once for
each value; setting the value into a page-scoped attribute called,
enumValue. Here is an example of how this tag is used:

您的web应用程序使用了很多Java枚举类型的应用程序的域模型。内置每个枚举类型是一种方法,getDisplay(),它返回一个局部,面向用户的字符串。有许多用途呈现枚举中的web应用程序,所以你的经理要求你创建一个自定义标记,遍历枚举值的设定和过程的主体标记为每个值;一旦变成page-scoped属性设置值,enumValue。这是一个如何使用这个标签的例子:
10. <select name='season'> 
11. <t:everyEnum type='com.example.Season'> 
12. <option value='${enumValue}'>${enumValue.display}</option> 
13. </t:everyEnum> 
14. </select> 
You have decided to use the Simple tag model to create this tag handler. 
Which tag handler method will accomplish this goal? 
A. public void doTag() throw JspException { 
try { 
for ( Enum value : getEnumValues() ) 
{
pageContext.setAttribute("enumValue", value)
;
getJspBody().invoke(getOut())
;
}
} (Exception e) { throw new JspException(e); 
}
}B. public void doTag() throw JspException 
{
try 
{
for ( Enum value : getEnumValues() ) 
{
getJspContext().setAttribute("enumValue", value)
;
getJspBody().invoke(null)
;
}
} (Exception e) { throw new JspException(e); 
}
}
C. public void doTag() throw JspException 
{
try 
{
for ( Enum value : getEnumValues() ) 
{ 
The safer , easier way to help you pass any IT exams.
102 / 104
getJspContext().setAttribute("enumValue", value)
;
getJspBody().invoke(getJspContext().getWriter())
;
}
} (Exception e) { throw new JspException(e); 
}
}
D. public void doTag() throw JspException 
{
try 
{
for ( Enum value : getEnumValues() ) 
{
pageContext.setAttribute("enumValue", value)
;
getJspBody().invoke(getJspContext().getWriter())
;
}
} (Exception e) { throw new JspException(e); 
}
}

解析：SimpleTag的doTag()可以设置标签体使用的一个属性，要先调用getJspContext().setAttribute(),再调用getJspBody().invoke()
invoke(null)输出的结果不被缓存。
Answer: B 

 

229.Which two are true concerning the objects available to developers creating tag files? (Choose two.)

哪两个是正确的关于对象提供给开发人员创建标记文件?(选择两个)
A. The session object must be declared explicitly.
B. The request and response objects are available implicitly.
C. The output stream is available through the implicit outStream object.
D. The servlet context is available through the implicit servletContext object.
E. The JspContext for the tag file is available through the implicit jspContext object.

a.会话对象必须显式声明。
b.可以隐式的请求和响应对象。
c.输出流是可以通过隐式outStream对象。 

d.servlet上下文可以通过隐式servletContext对象。

e.JspContext标记文件可以通过隐式JspContext对象。

解析：
tag file中的out.config.request.response.session.application能够隐式调用。
E.tag file中的JspContext编译时会转为jspContext对象
implicit:隐式的。

Answer: B,E

 

228.Given in a single JSP page:
<%@ taglib prefix='java' uri='myTags' %>
<%@ taglib prefix='JAVA' uri='moreTags' %>
Which two are true? (Choose two.)
A. The prefix 'java' is reserved.
B. The URI 'myTags' must be properly mapped to a TLD file by the web container.
C. A translation error occurs because the prefix is considered identical by the web container.
D. For the tag usage <java:tag1/>, the tag1 must be unique in the union of tag names in 'myTags'
and 'moreTags'.

解析：
A.java是保留关键字
B.uri指定标签库文件
C.prefix并没有重复
D.不同标签库中的标签名可以重复
Answer: A,B 

 

227.You are creating a content management system (CMS) with a web application front-end. The JSP
that displays a given document in the CMS has the following general structure:

你创建一个内容管理系统(CMS)与web应用程序的前端。JSP显示给定文档在CMS具有以下结构:
1. <%-- tag declaration --%>
2. <t:document> 
The safer , easier way to help you pass any IT exams.
100 / 104
...
11. <t:paragraph>... <t:citation docID='xyz' /> ...</t:paragraph>
...
99. </t:document>
The citation tag must store information in the document tag for the document tag to generate a reference
section at the end of the generated web page.
The document tag handler follows the Classic tag model and the citation tag handler follows the Simple
tag model. Furthermore, the citation tag could also be embedded in other custom tags that could have
either the Classic or Simple tag handler model.
Which tag handler method allows the citation tag to access the document tag?

引文标记必须在文档中存储信息标签文档的标签来生成一个参考部分结束时生成的web页面。文档标记处理程序遵循经典标记模型和引文标记处理程序遵循简单的标签模型。此外,引用标记也可以嵌入到其他自定义标记,经典的或简单的标记处理程序模型。哪一个标记处理程序方法允许引用标记访问文档标签?
A. public void doTag() {
JspTag docTag = findAncestorWithClass(this, DocumentTag.class);
((DocumentTag)docTag).addCitation(this.docID);}
B. public void doStartTag() {
JspTag docTag = findAncestorWithClass(this, DocumentTag.class)
;
((DocumentTag)docTag).addCitation(this.docID);}
C. public void doTag() {
Tag docTag = findAncestor(this, DocumentTag.class);
((DocumentTag)docTag).addCitation(this.docID);}
D. public void doStartTag() {
Tag docTag = findAncestor(this, DocumentTag.class);
((DocumentTag)docTag).addCitation(this.docID);}

解析：SimpleTag只有doTag()方法,BodyTag才有doStartTag()方法。
findAncestor递归查找tag标签.
Answer: A