Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Spring security
1. 1. Form-based login is configured by:-
a) servlet filters
b) refresh-check-delay
c) form-login
d) none of the mentioned
Answer: c
Explanation: The form-based login service will render a web page that contains a login form
for users to input their login details and process the login form submission. It’s configured
via the form-login element.
2. Action URL can be customized using form-login.
a) True
b) False
Answer: a
Explanation: Note that the form action URL and the input field names are Spring Security–
specific. However, the action URL can be customized with the login-url attribute of form-
login.
3. Attribute used to display custom login page.
a) login-url
b) custom-login
c) login-custom
d) custom-login
Answer: a
Explanation: In order for Spring Security to display your custom login page when a login is
requested, you have to specify its URL in the login-page attribute.
4. Attribute which specifies redirection URL on login error.
a) authentication-failure-url
b) authentication-failure_login-url
c) authentication-login-url
d) none of the mentioned
Answer: a
Explanation: If you specify a custom login page, you will have to configure the
authentication-failure-url attribute to specify which URL to redirect to on login error.
5. Session scope attribute to display error message.
a) SPRING_SECURITY_FIRST_EXCEPTION
b) SPRING_SECURITY_LAST_EXCEPTION
c) SPRING_SECURITY_EXCEPTION
d) SPRING_SECURITY_LAST_ERROR
Answer: b
Explanation: If an error has occurred, you will have to display the error message by
2. accessing the session scope attribute SPRING_SECURITY_LAST_EXCEPTION, which
stores the last exception for the current user.
6. Logout service is configured by:-
a) logout
b) login
c) logout-basic
d) logout_basic
Answer: a
Explanation: The logout service provides a handler to handle logout requests. It can be
configured via the logout element.
7. Element which redirects to a specific URL on logout.
a) logout-success
b) logout-success_url
c) logout-url
d) logout-success-url
Answer: d
Explanation: By default, a user will be redirected to the context path root when the logout
succeeds, but sometimes, you may wish to direct the user to another URL.
8. Anonymous login services can be configured by:-
a) anonymous-basic
b) anonymous
c) anonymous-target
d) none of the mentioned
Answer: b
Explanation: The anonymous login service can be configured via the anonymous element.
9. Default values of customized Username and authorities are anonymousUser and
ROLE_ANONYMOUS respectively.
a) True
b) False
Answer: a
Explanation: You can customize the username and authorities of an anonymous user,
whose default values are anonymousUser and ROLE_ANONYMOUS.
10. Remember-me support can be configured by:-
a) remember-me
b) remember-me-basic
c) remember-basic
d) none of the mentioned
Answer: a
Explanation: Remember-me support can be configured via the remember-me element.
3. 11. By default, Remember-me encodes the username, password, remember-me expiration
time, and a private key as a token, and stores it as a cache in the user’s browser.
a) True
b) False
Answer: b
Explanation: Remember-me stores as cookie in the user’s browser not as cache.
12. Spring Security algorithms to secure password.
a) MD5
b) SHA
c) All of the mentioned
d) None of the mentioned
Answer: c
Explanation: Spring Security supports several algorithms for encoding passwords (including
MD5 and SHA) and provides built-in password encoders for these algorithms.
13. Connection of database with Apache derby server requires.
a) Derby client.jar
b) Spring JDBC support
c) None of the mentioned
d) All of the mentioned
Answer: d
Explanation: To connect to a database in the Apache Derby server, you need the Derby
client .jars, as well as the Spring JDBC support.
14. You can specify the statements for querying a user’s information and authorities in the
users-by-username-query and authorities-by-username-query attributes.
a) True
b) False
Answer: a
Explanation: Spring Security also supports using custom SQL statements to query a legacy
database for user details.
15. Utility to calculate MD5 digests for your password.
a) CheckSum
b) BeanShell
c) Jacksum
d) None of the mentioned
Answer: c
Explanation: Jacksum, which you can download from
http://sourceforge.net/projects/jacksum/ and extract to a directory of your choice. Then
execute the following command to calculate a digest for a text:
java -jar jacksum.jar -a md5 -q “txt:secret”