I guess for the sake of this assignment you cannot say - my architecture assumes declarative security provided by the server and LoginManager class does not exist? I am guessing they excpect to see LoginManager in your class diagram since its part of work flow. Any thoughts?
Joined: Sep 25, 2001
I've changed my mind about this. The spec says the architecture must be J2EE first and foremost. Declarative security is an essential part of J2EE. So as long as I mention this in the assumption I don't need a dedicated LoginManager. Any thoughts anyone?
HI I did not think about security at all for the assignment, and I have no idea about the detail that I have to provide. I know that I amm going to https, but there is slight problem since there are 2 web servers I assume that there will be a Load Balancer, in front of both these servers. Since HTTPS is a session based protocol, we will have sticky sessions, do I have to get into all this detail.