Showing posts with label web. Show all posts
Showing posts with label web. Show all posts

January 05, 2022

Top 20 Apache Struts 2 Interview Questions and Answers


Struts 2 is a Java enterprise application framework for constructing web applications. It was created by the Apache Software Foundation. In the year 2006, it was first released. It's written in the Java programming language. It is cross-platform compatible. It is built on the MVC architecture, which is a software design paradigm for creating applications. Struts 2 includes features such as simplified testability, Ajax support, Thread-safety, and Template support, among others.

Apache Cassandra Interview Questions and Answers

Ques. 1): What exactly is Struts2?


Apache Struts2 is a Java web application framework that is free source. The OpenSymphony WebWork framework is the foundation for Struts2. It's a significant improvement over Struts1, making it more adaptable, simple to use, and extendable. Action, Interceptors, and Result pages are the three main components of Struts2.

Struts2 offers a variety of options for creating Action classes and configuring them using struts.xml or annotations. For common jobs, we can make our own interceptors. Struts2 includes a large number of tags and makes use of the OGNL expression language. To render result pages, we can design our own type converters. JSPs and FreeMarker templates can be used as result pages.

 Apache Camel Interview Questions and Answers

Ques. 2): What are some of Struts2's features?


Here are some of the fantastic features that can persuade you to use Struts2.

POJO forms and POJO actions − Struts2 has done away with the Action Forms that were an integral part of the Struts framework. With Struts2, you can use any POJO to receive the form input. Similarly, you can now see any POJO as an Action class.

Tag support − Struts2 has improved the form tags and the new tags allow the developers to write less code.

AJAX support − Struts2 has recognised the take over by Web2.0 technologies, and has integrated AJAX support into the product by creating AJAX tags, that function very similar to the standard Struts2 tags.

Easy Integration − Integration with other frameworks like Spring, Tiles and SiteMesh is now easier with a variety of integration available with Struts2.

Template Support − Support for generating views using templates.

Plugin Support − The core Struts2 behaviour can be enhanced and augmented by the use of plugins. A number of plugins are available for Struts2.

Apache Ant Interview Questions and Answers

Ques. 3): What's the difference between Struts 1 and Struts 2?


This is a list of the most common Strut 2 interview questions. The action class in Strut 1 is not a POJO, hence it must inherit the abstract class. An action servlet is used as the front controller. Only JSP is used for the component view. A configuration file can be inserted in the WEB-INF directory in section 1. When processing requests, it makes use of the Request Processor class. Actions and models are separated in Strut 1.

The action class in Strut 2 is a POJO, therefore there's no need to inherit any classes or implement any interfaces. For the view component, it has JSP, free-market, and so on. The function controller in strut 2 is the Struts Prepare and Execute filter. In this, a configuration file must be named as struts.xml and placed inside the classes directory. It uses the concept of Interceptors while processing the request. In strut 2, action and models are combined within the action class.

Apache Tomcat Interview Questions and Answers

Ques. 4): In Struct2, What Is The Use Of


This configuration file allows you to override the framework's default behaviour. In fact, all of the properties in the configuration file can be defined in the web.xml using the init-param, as well as in the struts.xml configuration file using the constant tag. However, if you prefer to keep things separate and more struts specific, you can create this file in the WEB-INF/classes folder. The default values configured in, which is included in the struts2-core-x.y.z.jar distribution, will be overridden by the values configured in this file.

Apache Kafka Interview Questions and Answers

Ques. 5): Explain The Life Cycle Of A Request In Struct2 Application?

Answer :

Following is the life cycle of a request in Struct2 application −

  • User sends a request to the server for requesting for some resource (i.e pages).
  • The FilterDispatcher looks at the request and then determines the appropriate Action.
  • Configured interceptors functionalities applies such as validation, file upload etc.
  • Selected action is executed to perform the requested operation.
  • Again, configured interceptors are applied to do any post-processing if required.
  • Finally the result is prepared by the view and returns the result to the user.

Apache Tapestry Interview Questions and Answers

Ques. 6): What are the inbuilt themes that are provided by strut 2?


There are 3 different inbuilt themes:

Simple theme: It is a minimal theme which is having very little content. It means that the text field tag renders the HTML tag without label, validation, error reporting or any other formatting or functionality.

XHTML theme: It is referred to as the default theme used by struts 2 and provides all the basics that a simple theme provides. It adds the other several features like standard two-column table layout for the HTML labels for each of the HTML, validation and error reporting etc.

Css_xhtml theme: This is the theme that provides all the basics that the simple theme provides, and it adds other several features like the standard two-column CSS-based layout and using div tag for HTML struts tags, labels for each of the HTML struts tags and placed according to the CSS style sheet.

Apache Ambari interview Questions & Answers

 Ques. 7): What is internationalization and how does it work?


This is one of the most common Struts 2 Interview Questions that is asked during an interview. Localization refers to the process of planning and implementing products and services so that they may be easily modified to specific local languages and cultures, whereas internationalization refers to the act of enabling localization.

Apache Hive Interview Questions & Answers

Ques. 8): What is the difference between an interceptor and a filter?


The interceptors are built around struts 2. It runs for all requests that qualify for a servlet filter front controller and can be customised to run extra interceptors for specific action execution. Interceptor methods can be configured to execute or not to execute using exclude and include methods.

Servlet specifications are used to create the filters. Executes on request and non-configurable method calls if the pattern matches.

Apache Spark Interview Questions & Answers

Ques. 9): Explain struts 2's XML-based validation.


XML-based validation in Struts 2 adds more validation options, such as email validation, integer range validation, form validation field, expression validation, regex validation, needed validation, string length validation, and necessary string validation, among others. The XML file must be titled 'actionclass'-validation.xml in Struts 2.

Apache NiFi Interview Questions & Answers

Ques. 10): How Does Validation in Struts 2 Work?


When the user clicks the submit button, Struts 2 will run the validate method, and if any of the if statements inside the method are true, Struts 2 will call the addFieldError method. Struts 2 will not proceed to invoke the execute method if any errors have been introduced. The Struts 2 framework, on the other hand, will return input as a result of calling the action.

When validation fails and Struts 2 returns input, the view file is redisplayed by the Struts 2 framework. Because we utilised Struts 2 form tags, the error messages will appear directly above the completed form.

These are the error messages we specified in the call to the addFieldError function. The addFieldError method takes two arguments. The first is the form field name to which the error applies and the second is the error message to display above that form field.


Ques. 11): What Types Of Validations Are Available In Xml Based Validation In Struts2?


Following is the list of various types of field level and non-field level validation available in Struts2 −

  • date validator
  • double validator
  • email validator
  • expression validator
  • int validator
  • regex validator
  • required validator
  • requiredstring validator
  • stringlength validator
  • url validator


Ques. 12):  How Does Struts 2's Interceptor Work?


The actual action will be performed by calling invocation.invoke() from the interceptor. So, depending on your needs, you can conduct some pre-processing and some post-processing.

The framework initiates the process by using the invoke method on the ActionInvocation object (). When invoke() is called, ActionInvocation consults its state and performs the next available interceptor. The invoke() method will cause the action to be executed once all of the configured interceptors have been invoked.


Ques. 13): What Is Value Stack?

Answer :

The value stack is a set of several objects which keeps the following objects in the provided order −

Temporary Objects − There are various temporary objects which are created during execution of a page. For example the current iteration value for a collection being looped over in a JSP tag.

The Model Object − If you are using model objects in your struts application, the current model object is placed before the action on the value stack.

The Action Object − This will be the current action object which is being executed.

Named Objects − These objects include #application, #session, #request, #attr and #parameters and refer to the corresponding servlet scopes.


Ques. 14): What Is The Difference Between Valuestack And OGNL?


ValueStack is the storage space where Struts2 stores application data for processing client requests. The information is saved in ActionContext objects that use ThreadLocal to store values that are unique to each request thread.

OGNL (Object-Graph Navigation Language) is a sophisticated Expression Language for manipulating data on the ValueStack. Both interceptors and result pages can use OGNL to access data stored on ValueStack, as shown in the architectural diagram.


Ques. 15): What Is The Struts-default Package And How Does It Help?


Struts-default is an abstract package that specifies all of the Struts2 interceptors as well as the most widely used interceptor stack. To prevent having to configure interceptors twice, it's best to extend this package while configuring our application package. This is provided to assist developers by making the work of configuring interceptor and result pages in our application a lot easier.


Ques. 16): What Is The Purpose Of @after Annotation?

Answer :

The @After annotation marks a action method that needs to be called after the main action method and the result was executed. Return value is ignored.

public class Employee extends ActionSupport{


   public void isValid() throws ValidationException {

      // validate model object, throw exception if failed


   public String execute() {

      // perform secure action

      return SUCCESS;




Ques. 17): What Is The Purpose Of @before Annotation?

Answer :

The @Before annotation marks a action method that needs to be called before the main action method and the result was executed. Return value is ignored.

public class Employee extends ActionSupport{


   public void isAuthorized() throws AuthenticationException {

      // authorize request, throw exception if failed


   public String execute() {

      // perform secure action

      return SUCCESS;




Ques. 18): What Is The Difference Between Using An Action Interface And Using An Actionsupport Class For Our Action Classes, And Which Would You Prefer?


To develop our action classes, we can use the Action interface. This interface only has one function, execute(), which we must implement. The main advantage of utilising this interface is that it includes some constants that can be used on result pages, such as SUCCESS, ERROR, NONE, INPUT, and LOGIN.

The ActionSupport class implements the Action interface by default, as well as interfaces for Validation and i18n support. Action, Validateable, ValidationAware, TextProvider, and LocaleProvider are all implemented by the ActionSupport class. To implement field level validation login in our action classes, we can override the validate() method of the ActionSupport class.

Depending on the requirements, we can use any of the approaches to create struts 2 action classes, my favorite is ActionSupport class because it helps in writing validation and i18n logic easily in action classes.


Ques. 19): How Do We Get Servlet Api Requests, Responses, Httpsessions, and Other Objects Into Action Classes?


Servlet API components such as Request, Response, and Session are not directly accessible through Struts2 action classes. However, in some action classes, such as checking the HTTP method or adding cookies in the response, these accesses are required.

As a result, the Struts2 API exposes a number of *Aware interfaces through which we can access these objects. Struts2 API injects Servlet API components into action classes using dependency injection. SessionAware, ApplicationAware, ServletRequestAware, and ServletResponseAware are some of the most essential Aware interfaces.


Ques. 20): Is Struts2 Interceptors And Action Thread Safe?


Because an object is instantiated for each request to process, Struts2 Action classes are thread safe.

Because Struts2 interceptors are singleton classes that launch a new thread to handle the request, they are not thread safe, and we must construct them carefully to avoid any shared data concerns.





January 03, 2022

Top 20 Apache Tomcat Interview Questions and Answers


       Tomcat is a Java Servlet container and web server developed by the Apache Software Foundation's Jakarta project. Client browsers send queries to a web server, which the server answers to with web pages. Web servers can generate dynamic content based on the user's requests. Because it supports both Java servlet and JavaServerPages (JSP) technologies, Tomcat excels at this. Even if a free servlet and JSP engine is required, Tomcat can be utilised as a web server for a variety of applications. It can run on its own or alongside standard web servers like Apache httpd, delivering static pages while Tomcat handles dynamic servlet and JSP queries.

    Apache Tomcat is an open source Java Servlet, JavaServer Pages, Java Expression Language, and Java WebSocket implementation platform. Many firms are hiring Devops engineers, Apache Tomcat administrators, Linux Apache Tomcat jobs, and Hadoop developers at varying levels of experience. The most popular Web server is Apache, and you must be familiar with it if you plan to work as a Middleware/System/Web administrator. Apache HTTP is a free and open-source web server that runs on Windows and Linux.

 Apache Kafka Interview Questions and Answers

Ques. 1): Who is in charge of Tomcat?


The Apache Software Foundation is the correct answer. The Apache Software Foundation is a non-profit organisation that oversees several Open Source projects.

The Apache Software Foundation's Java-based projects are referred to as Jakarta.

Tomcat is an Apache Jakarta project that manages server-side Java (in the form of Servlets and JSPs). Tomcat is the "reference" implementation of the Servlet and JSP specifications, which means that anything that runs in Tomcat should run in any compliant Servlet / JSP container.

 Apache Tapestry Interview Questions and Answers

Ques. 2): Difference between apache and apache-tomcat server?


Apache: Apache is mostly used to serve static content, but there are numerous add-on modules (some of which are included with Apache) that allow it to modify the content and serve dynamic content written in Perl, PHP, Python, Ruby, and other languages.

Apache is an HTTP server that serves HTTP requests.

Tomcat is a servlet/JSP container developed by Apache. It's written in the Java programming language. Although it can provide static information, its primary function is to host servlets and JSPs.

JSP files (which are comparable to PHP and older ASP files) are converted into Java code (HttpServlet), which is then compiled into.class files and run by the Java virtual machine by the server.

Apache Tomcat is used to deploy your Java Servlets and JSPs. So in your Java project, you can build your WAR (short for Web ARchive) file, and just drop it in the deploy directory in Tomcat.

Although it is possible to get Tomcat to run Perl scripts and the like, you wouldn’t use Tomcat unless most of your content was Java.

Tomcat is a Servlet and JSP Server serving Java technologies

 Apache Ambari interview Questions & Answers

Ques. 3):  What exactly is Coyote?


Coyote is a Tomcat Connector component that acts as a web server and supports the HTTP 1.1 protocol. This enables Catalina, which is ostensibly a Java Servlet or JSP container, to additionally serve local files as HTTP documents.

Coyote monitors a specific TCP port for incoming connections to the server and transmits the request to the Tomcat Engine, which processes the request and returns a response to the requesting client.

Coyote is Tomcat's HTTP connector, which offers an interface for browsers to connect to.

 Apache Hive Interview Questions & Answers

Ques. 4): What is a servlet container?


A servlet container is a web server component that communicates with Java servlets. The servlet container is in charge of managing servlet lifecycles, mapping URLs to specific servlets, and ensuring that the URL requester has the appropriate access privileges.

Requests to servlets, JavaServer Pages (JSP) files, and other types of files containing server-side code are handled by the servlet container. The Web container generates servlet instances, loads and unloads servlets, creates and manages request and response objects, and handles other servlet-related operations.

The web component contract of the Java EE architecture is implemented by the servlet container, which defines a runtime environment for web components that includes security, concurrency, lifecycle management, transaction, deployment, and other services.

Apache Spark Interview Questions & Answers 

Ques. 5): How Do I Can Change The Default Home Page Loaded By Tomcat?

Answer :

We can easily override home page via adding welcome-file-list in application $TOMCAT_HOME/webapps//WEB-INF /web.xml file or by editing in container $TOMCAT_HOME/conf/web.xml

In $TOMCAT_HOME/conf/web.xml, it may look like this:




Request URI refers to a directory, the default servlet looks for a "welcome file" within that directory in following order: index.html, index.htm and index.jsp

Apache NiFi Interview Questions & Answers 

Ques. 6): what is a difference between Apache and Nginx web server?


Both are classified as Web Servers, but there are a few key differences. Nginx is an event-driven web server, whereas Apache is a process-driven web server.

Nginx has a reputation for being faster than Apache.

Whereas Nginx does not support OpenVMS or IBMi, Apache supports a wide range of operating systems.

Nginx is still catching up to Apache in terms of module interoperability with backend application servers.

Nginx is a lightweight web server that is rapidly gaining market share. If you're new to Nginx, you might be interested in reading some of my Nginx articles.

 Apache Ant Interview Questions and Answers

Ques. 7): How Do You Create Multiple Virtual Hosts?

Answer :

If you want tomcat to accept requests for different hosts e.g. then you must

Create ${catalina.home}/www/appBase , ${catalina.home}/www/deploy, and ${catalina.home}/conf/Catalina/

Add a host entry in the server.xml file

Create the the following file under conf/Catalina/

Add any parameters specific to this hosts webapp to this context file

Put your war file in ${catalina.home}/www/deploy

When tomcat starts, it finds the host entry, then looks for any context files and will start any apps with a context.


Ques. 8): In Apache Tomcat, what is Catalina?


Once Jasper has completed the compilation, it turns JSP into a servlet, which Catalina can then manage. Catalina is a servlet container for Tomcat. It also implements all of the Java server page and servlet specs. Catalina is a Java engine embedded into Tomcat that provides an efficient environment for servlets to execute in.


Ques. 9): What exactly do you mean by Tomcat's default port, and can it be used with SSL?


Tomcat uses port 8080 as its default port. Well, you can change it by editing the server.xml file in the Tomcat install directory's conf folder. By adjusting the property to the desired port connection port="8080" and then restarting Tomcat, the modifications will take effect.

Tomcat can use SSL, but it will require some configuration. You must complete the following tasks:

Generate a keystore

Then add a connector in server.xml

Restart Tomcat


Ques. 10): What is a mod_evasive module, and what does it do?


Mod_evasive is a third-party module that accomplishes one simple task really well. It identifies when your site is under attack by a Denial of Service (DoS) attack and mitigates the harm that the attack causes. When a single client makes repeated requests in a short period of time, mod evasive recognises this and refuses additional requests from that client. The ban can last for a very short time because it is simply reissued the following time a request is discovered from that same host.


Ques. 11): Explain Directory Structure Of Tomcat?

Answer :

Directory structure of Tomcat are:

bin - contain startup, shutdown, and other scripts (*.sh for UNIX and *.bat for Windows systems) and some jar files also there.

conf - Server configuration files (including server.xml) and related DTDs. The most important file in here is server.xml. It is the main configuration file for the container.

lib - contains JARs those are used by container and Servlet and JSP application programming interfaces (APIs).

logs - Log and output files.

webapps – deployed web applications reside in it .

work - Temporary working directories for web applications and mostly used during in JSP compilation where JSP is converted to a Java servlet.

temp - Directory used by the JVM for temporary files .


Ques. 12): Explain How Running Tomcat As A Windows Service Provides Benefits?

Answer :

Running Tomcat as a windows service provides benefits like:

Automatic startup: It is crucial for environment where you may want to remotely re-start a system after maintenance

Server startup without active user login: Tomcat is run oftenly on blade servers that may not even have an active monitor attached to them. Windows services can be started without an active user

Security: Tomcat under window service enables you to run it under a special system account, which is protected from the rest of the user accounts


Ques. 13): How Do Servlet Life Cycles Work?


The life-cycle of a typical Tomcat servlet is as follows:

Through one of its connectors, Tom-cat receives a request from a client.

This request will be processed. This request is routed through Tomcat to the proper server.

Tomcat checks that the servlet class has been loaded after the request has been forwarded to the proper servlet. If it isn't, Tomcat wraps the servlet in Java Bytecode, which is executed by the JVM and creates a servlet instance.

The servlet is started by Tomcat by invoking its init method. The servlet includes code that can inspect Tomcat configuration files and take appropriate action, as well as declare any resources it might need.

Once the servlet has been started, Tomcat can call the servlet’s service method to proceed the request

Tomcat and the servlet can co-ordinate or communicate through the use of listener classes during the servlet’s lifecycle, which tracks the servlet for a variety of state changes.

To remove the servlet, Tomcat calls the servlets destroy method.


Ques. 14): In Tomcat, what is the difference between a host and a context?


In Tomcat, the host is a component. It's a network name association for the server. On the other hand, context is an element that indicates a web application that is running on a certain virtual host. Web applications are built on top of a Web Application Archive (WAR) file or a corresponding directory that contains all of the unpacked content indicated in the servlet description.


Ques. 15): What Is The Distinction Between A Webserver And An Application Server?


The main distinction between a web server and an application server is that a web server can only execute web applications, such as servlets and JSPs, and has just one container, the Web container, that is used to understand and execute web applications. The application server has the ability to run Enterprise applications, i.e. (servlets, jsps, and EJBs)

it is having two containers:

Web Container(for interpreting/executing servlets and jsps)

EJB container(for executing EJBs).

it can perform operations like load balancing , transaction demarcation etc.


Ques. 16): Apart from Apache Tomcat, what are the different kinds of Web Servers?


There are many web servers as mentioned below:

LiteSpeed Web Server

GWS Web Server

Microsoft IIS Web Server

Nginx Web Server

Jigsaw Web Server

Sun Java System Web Server

Lighttpd Web Server


Ques. 17): How to limit upload size?


I have a web application that allows users to upload files such as word documents, pdf and so on.  How do I limit file upload by users?

You can make use of the LimitRequestBody directive to limit upload file size.

<Directory "usr/local/apache2/uploads">

LimitRequestBody 9000


The value assigned to the LimitRequestBody allows Apache to accept and store file uploads of 9000 bytes by users. You can adjust the value based on the requirement.


Ques. 18): Explain how to use WAR files to deploy a web application.


JSPs, servlets, and their associated files are placed under Tomcat's web applications directory in the appropriate subdirectories. You can combine all of the files in the web apps directory into a single compressed file with the extension.war. A web application can be run by placing a WAR file in the webapps directory. When a web server starts up, it extracts the contents of the WAR file and places them in the proper webapps sub-directories.


Ques. 19): How can an Apache Service be stopped by its control script?


The Apache Service is controlled using a script called the apachectl.

So, to stop the service, we need to run the below-mentioned commands.

#apachectl stop [for Ubuntu based system]

# /etc/inid.t/httpd.stop [for red hat based system]


Ques. 20): What is the purpose of the Listen property in Apache Tomcat?

Listening is very important for Apache Tomcat and the developers.

If a developer has numerous IPs on the server, we must explicitly indicate IP and PORT in the Listen Drive if we want Apache to evaluate only one of them.

For example:



November 28, 2021

Top 20 Oracle Access Manager Interview Questions and Answers


                  Oracle Access Manager (Access Manager) is the key capability for Web Single Sign-on (SSO), authentication, authorization, centralized policy administration and agent management, real-time session management, and auditing in the new Oracle Access Management platform. Access Manager is a 100% Java solution that is incredibly scalable, allowing it to manage Internet-scale installations. It also works with heterogeneous environments that already exist, with agents certified for hundreds of web and application servers. Access Manager increases security, improves user experience and productivity, and improves compliance while lowering total cost of ownership by providing broad capabilities, scalability, and high availability.

Oracle Fusion Applications interview Questions and Answers

Ques: 1). What are the different security modes available in Oracle Access Manager?


Open: Allows communication without encryption. There is no authentication or encryption between the AccessGate and the Access Server in Open mode. The AccessGate does not need the Access Server to provide proof of identification, and the Access Server accepts connections from all AccessGates. Similarly, Identity Server does not require WebPass to provide confirmation of identity.

Simple: Oracle encryption is supported. TLS v1 is used to secure communications between Web clients in Simple mode (WebPass and Identity Server, Policy Manager and WebPass, and Access Server and WebGate). Oracle Access Manager components only use X.509 digital certificates in both Simple and Cert modes. The standard cert-decode plug-in decodes the certificate and delivers certificate information to the standard credential mapping authentication plug-in in Cert Authentication between WebGates and the Access Server. Oracle Access Manager saves the associated private key for each public key in the aaa key.pem file for the Access Server (or ois key.pem for the Identity Server).

Cert: A third-party certificate is required. If you have an internal Certificate Authority (CA) for processing server certificates, use Cert (SSL) mode. Communication between WebGate and Access Server, as well as between Identity Server and WebPass, is encrypted in Cert mode utilising Transport Layer Security (RFC 2246). (TLS v1).

BlockChain Interview Question and Answers

Ques: 2). What Is Oracle Access Manager's Architecture?


Identity Server, WebPass, Policy Manager, Access Server, and a WebGate are the primary components of the Oracle Access Manager architecture. Identity Server is a stand-alone C++ server that connects to LDAP directly.

It also receives requests from Webpass and responds to them. WebPass is a web server plugin that allows information to be passed between the identity server and the web server. It sends Identity XML SOAP requests to Identity Server and redirects HTTP requests from the browser to Access Server.

A web server plugin called Policy Manager (PMP or PAP) interfaces directly with user, configuration, and policy repositories. Access Server, commonly known as PDP, is a stand-alone C++ server. It receives requests from WebGates/AccessGates and responds to them.

It also uses LDAP for communication. It responds to queries from the Access Server SDK. WebGate (PEP) is a web server plugin that communicates with the access server. It passes user authentication data to access server for processing.

Oracle Accounts Payables Interview Questions and Answers

Ques: 3). In Oracle Access Manager, what is the Iwa mechanism?


The OAM offers a feature that allows Microsoft Internet Explorer users to authenticate to their Web packages using their computing device credentials on a regular basis. Windows Native Authentication is the term for this. The user logs in to the computer, and the Windows Domain Administrator authentication mechanism is used to complete the local authentication.

The user launches an Internet Explorer (IE) browser and asks a Web assist from the Access System.

The browser notifies the IIS Web server about the neighbourhood authentication and sends a token.

The token is used by the IIS Web server to authenticate the user and to set the REMOTE USER HTTP header variable, which indicates the customer name provided by the customer and authenticated by the server.

The WebGate creates an ObSSOCookie and sends it lower back to the browser.

The Access System authorization and different techniques proceed as usual.

The maximum session timeout length configured for the WebGate is applicable to the generated ObSSOCookie.

Oracle ADF Interview Questions and Answers           

Ques: 4). What Is An Access Server Sdk?

Answer :

The Access Manager Software Developer's Kit (SDK) allows you to extend the Access System's access management features. You can use this SDK to construct a customised AccessGate. The Access Manager SDK provides an environment in which you can establish an AccessGate by creating a dynamic link library or a shared object. You'll also need configureAccessGate.exe to make sure your client is working properly.

Oracle Fusion HCM Interview Questions and Answers

Ques: 5).  What Is Policy Manager Api?

Answer :

The Policy Manager API provides an interface that allows custom applications to establish and edit Access System policy domains and their contents using the Access Server's authentication, authorization, and auditing capabilities.

Oracle SCM Interview Questions and Answers

Ques: 6). Name some new features of OAM11gR2?


Dynamic Authentication -- Dynamic authentication is the ability to define what authentication scheme should be presented to a user base on some condition.

Persistent Login (Remember Me) -- Persistent Login is the ability to let users login without credentials after the first-time login.

Policy Evaluation Ordering -- The out-of-the -box algorithm is based on the "best match" algorithm for evaluating policies.

Delegated Administration -- The ability to select users who can administer their own application domains.

Unified Administration Console -- The console screen has a new look; a new single 'Launch Pad' screen with services that are enabled based on user roles.

Session Management -- Ability to set idle session timeout's at the application domain level

Oracle Financials Interview questions and Answers

Ques: 7). What is IIS?


Internet Information Services (IIS, formerly Internet Information Server) is a Microsoft extensible web server designed for use with the Windows NT family of operating systems. [2] HTTP, HTTPS, FTP, FTPS, SMTP, and NNTP are all supported by IIS. Since Windows NT 4.0, it has been a fundamental element of the Windows NT family, albeit it may be missing from other editions (e.g. Windows XP Home edition). When Windows is installed, IIS is not enabled by default. The IIS Manager can be accessed through the Control Panel's Microsoft Management Console or Administrative Tools.

Oracle Cloud Interview Questions and Answers

Ques: 8). What is the meaning of an Oracle Access Manager Basic License?


The Oracle Access Manager (OAM) Basic licence was intended to support Oracle AS Single Sign-On (OSSO) customers who purchased the Oracle iAS Suite or other Oracle E-Business Suite products. Customers who have valid Oracle Single Sign-On (OSSO) licences can swap them for an equivalent number of Access Manager licences under the OAM Basic licence, with some restrictions. Access Manager must employ Oracle infrastructure components due to the constraints; this was also a requirement for OSSO. The LDAP directory, for example, must be Oracle Internet Directory or Oracle Virtual Directory, and only Oracle application resources can be protected. Customers who want to remove the restrictions must acquire the complete Access Manager licence.

Oracle PL/SQL Interview Questions and Answers

Ques: 9). What is Oracle Webgate, and how does it work?


Oracle WebGate is a Web server plug-in that comes with Oracle Access Manager out of the box. Users' HTTP requests for Web resources are intercepted by the WebGate and forwarded to the Access Server for authentication and permission.

Oracle SQL Interview Questions and Answers

Ques: 10). 11g Access Manager Oracle HTTP Server 11g and IBM HTTP Server 7.0 support WebGates, but I prefer Apache Web Servers. If I want to use Access Manager 11g, what should I do?


Oracle Access Manager 10g WebGates can communicate with Access Manager 11g servers. Oracle Access Manager 10g WebGates have a wide range of web server certifications, including Apache, Domino, Microsoft IIS, and many others. With thousands of applications, I have a massive Oracle Access Manager 10gR3 implementation. Do I have to transfer them all at once to the new 11gR2 platform? No. Both Oracle Access Manager 10gR3 and Oracle Access Manager 11gR2 servers can be live in production at the same time, protecting distinct sets of applications, thanks to server side coexistence in Access Manager 11gR2. End users will continue having a seamless single sign-on experience as they navigate between applications protected by the two servers. This capability can be leveraged by customers with large deployments to perform the server migration in a phased manner over a period of time without impacting end users.

Oracle RDMS Interview Questions and Answers

Ques: 11). With thousands of applications, I have a massive Sun Access Manager 7.1 or Sun Access Manager 7.1 deployment. Is it necessary to migrate all of them to the new Access Manager 11gR2 platform at the same time?


No. Both the OpenSSO 8.0 (or Sun Access Manager 7.1) and Access Manager 11gR2 servers can be live in production at the same time safeguarding distinct sets of apps with Access Manager 11gR2. End users will continue to have a seamless single sign-on experience as they move between the two servers' protected apps. Customers with big deployments can utilise this capability to migrate servers in stages over time without affecting end users.

BI Publisher Interview Questions and Answers


Ques: 12).What Is An Identity Xml?


IdentityXML provides a programmatic interface for performing the actions that a user can perform while using a browser to access a COREid application. A software can, for example, submit an IdentityXML request to find members of a group defined in the Group Manager software or to add a person to the User Manager. Simple moves and multi-step procedures can be applied to trade person, institution, and company object profiles using IdentityXML. After you've finished constructing the IdentityXML request, you'll need to put up a SOAP wrapper to send the IdentityXML request to WebPass over HTTP. XML over SOAP is used by the IdentityXML API. Using an HTTP request, we send IdentityXML parameters to the COREid Server. A SOAP envelope is included in this HTTP request. When WebPass receives an HTTP request, the SOAP envelope identifies it as an IdentityXML request rather than a standard browser request. The request is passed to the COREid Server, which executes the request and returns a response. You could also use WSDL to put together the SOAP request. This appears to be the SOAP content material: SOAP envelope (with oblix namespace described), SOAP body (with authentication information), genuine request (with software name and params). Userservcenter, groupservcenter, or objservcenter are examples of application names (for companies).

Oracle 10g Interview Questions and Answers


Ques: 13). What are Header Variables and How Do I Use Them?


The Header Variable contains Oracle Access Manager allows administrators to build a web of trust in which a user's credentials are confirmed once and then delivered to each application that the user uses. The programme does not need to re-authenticate the user with its own mechanism when using these credentials. Users who have been authenticated by Oracle Access Manager are able to access applications without having to re-authenticate. A user's credentials can be sent in one of two ways:

• Using Cookies: A specific value is set on the browser's cookie that the application must extract to identify a user.

• Using Header Variables: An HTTP header set on the request by the agent and visible to the application. Authorization Policy Response in the Administration Console Header response values are inserted into a request by an OAM Agent, and can only be applied on Web servers that are protected by an agent registered with OAM 11g If the policy includes a redirect URL that is hosted by a Web server not protected by OAM, header responses are not applied.


Ques: 14). Explain the Oam-oaam Integration Architecture and Integration.


Using all of these products together will provide you complete control over the authentication process and comprehensive pre-/post-authentication testing capabilities against Adaptive Risk Manager models.

Two Oracle Access Manager AccessGates are used in the OAAM's ASA-OAM integration: one for fronting the Web server (a traditional WebGate) to Adaptive Strong Authenticator and one for the embedded AccessGate. The access server SDK must be installed and configured before the AccessGate device can be used. The ASDK location will be updated in the ASA bharosa papers. An application that will use the ASA authentication mechanism and will be tested for the ASA login touchdown page.


Ques: 15). What Happens When A User Submits A Request That Is Protected By An Access Gate (No Longer Webgate)?


The following is an example of the flow:

The consumer sends a resource request to the application or servlet that has the access gate code.

The access gate code creates an ObResourceRequest shape and calls the Access server to determine whether or not the resource is protected.

The server responds to the request for entry. If the aid isn't secured, gaining access to the gate allows anyone to gain access to the resource. Otherwise, Access Gate creates an ObAuthenticationScheme shape to inquire about the credentials the user wishes to send to Access Server. The request for entry to the server is granted. To get the credentials, the programme employs a form or one of several additional methods. The AccessGate creates the ObUserSession structure, which provides the Acc Server with user information. If credentials are verified valid, get admission to gate creates a session token for the person after which sends an authorization request to the get admission to server. Access server validates if the user is authz to get right of entry to that useful resource. Access gate permits user to get entry to the asked resource.


Ques: 16). What exactly is SSO?


SSO (single sign-on) is a session/user authentication method that allows a user to access different apps with just one username and password. The procedure authenticates the user for all of the programmes to which they have been granted access and removes the need for further questions when they switch applications during a session.


  • Provides users with unified sign-on and authentication across all their enterprise resources, including
  • desktops, client-server, custom, and host-based mainframe applications
  • Provides a centralized framework for security and compliance enforcement
  • Eliminates the need for multiple usernames and passwords
  • Helps enforce strong password and authentication policies.
  • Uses any LDAP directory, Active Directory, or any SQL database server as its user profile and credential repository


  • Reduces deployment risk and operational costs.
  • Allows enterprises to provide fast, secure access to applications for employees and partners.
  • Eliminates the overhead and limitations of traditional desktop client deployments.
  • Seamlessly integrates with Oracle Identity Management for common security policy enforcement and compliance reporting across applications


Ques: 17). What is Reverse Proxy?


A reverse proxy gives you architectural flexibility by allowing you to expose the same application on both the intranet and the extranet without having to make any changes to the existing application. By sending all requests through the proxy, you may safeguard all Web content from a single logical component.

This is true even for platforms that Oracle Access Manager does not support. All content on these servers can be safeguarded if you have multiple types of Web servers, such as iPlanet, Apache, and others, running on different platforms, such as MacOS, Solaris x86, mainframe, and so on. A reverse proxy can be used as a workaround for unsupported Web servers, removing the requirement to develop custom AccessGates for unsupported Web servers or systems that do not support AccessGates. This creates a single management point. You can manage the security of all of the Web servers through the reverse proxy without establishing a footprint on the other Web servers.


Ques: 18). What is Identity Store and how does it work? Describe the many types of identity stores.


The term "identity store" refers to a database that contains business users and groups. Weblogic includes an inbuilt LDAP that is used as the identity store by default by fusion middleware components. External LDAP servers, such as OID, AD, and others, can be configured to serve as identity stores.

System Store - Represents the identity store which will have groups or users that will act as “Administrators” to OAM that is only members of this identity store group/user can perform admin functions via oam console.

Default Store - This will be the identity store that will be used at time of patching for migration purpose or by Oracle security token service.


Ques: 19). In OAM, what are Authorization Policies?


The process of assessing whether a user has the permission to access a requested resource is known as authorization. Administrators can establish the circumstances under which a subject or identity has access to a resource by creating one or more authorization policies. A user may seek to view data or run a policy-protected application programme. The requested resource must be part of an application domain and be covered by a specified permission policy within that domain.


Ques: 20). In comparison to the ECC, what are the benefits of the DCC?


From a security and flexibility standpoint, the DCC has several advantages. The DCC can be placed anywhere in the DMZ because it is totally detached from the Access Manager server. It also adds security by terminating all unauthenticated end user login requests at the DCC in the DMZ, isolating the server from unauthenticated network traffic.