File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Architect Certification (SCEA/OCMJEA) and the fly likes passed part II/III with 93 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Certification » Architect Certification (SCEA/OCMJEA)
Bookmark "passed part II/III with 93" Watch "passed part II/III with 93" New topic
Author

passed part II/III with 93

Mark Egloff
Ranch Hand

Joined: Dec 30, 2004
Posts: 30
Hello all!

I got today my result for the part II/III. Score was 93.
I would say thank you to all who has answered me some questions during this hard times. This forum is great.

I will visit within the next few days the forum so you can ask me some questions regarding the certification.

Best regards
Mark

Sun Certified Enterprise Architect for Java 2 Platform Enterprise Edition Technology Part II (310-061)
Date Taken: 2005-03-25 07:28:59.217
Grade: P
Score: 93
Comment: This report shows the total points that could have been awarded in each section and the actual amount of points you were awarded. This information is provided in order to give you feedback on your relative strengths on a section basis. The maximum number of points you could have received is 100, minimum to pass is 70.

Class Diagram (44 maximum) .......................... 44
Component Diagram (44 maximum) ...................... 39
Sequence/Colloboration Diagrams (12 maximum) ........ 10

[ March 25, 2005: Message edited by: Mark Egloff ]
[ March 25, 2005: Message edited by: Mark Egloff ]
Deepak Pant
Ranch Hand

Joined: Feb 13, 2004
Posts: 443
Mark,

Congratulations !!!

Your class and component score are exact opposite of mine. I got 39 in class diagram and 44 in component diagram.

regards,
Deepak
Mark Egloff
Ranch Hand

Joined: Dec 30, 2004
Posts: 30
Yes I have seen it... together we would have 100%
congratulations too...

regards
Mark
neel architect
Greenhorn

Joined: Mar 26, 2005
Posts: 13
I have some questions
#Connecting Trasmaster is synchronous or asynchronous call.
#For sending Email can i use message driven bean
#How can i handle security for web tier(I am using Intercepting filter).Is it programmtically ,or changing config file.Where i get good materail on that.
Mark Egloff
Ranch Hand

Joined: Dec 30, 2004
Posts: 30
Your questions are very detailed. I would like to answer these but as you know the froum has there some rules regarding he details.

#Connecting Trasmaster is synchronous or asynchronous call.
Transmaster is RPC, which is normally synchronous

#For sending Email can i use message driven bean
yes, you can. You also can use other J2EE things like a session bean. But be careful, the expected standard is EJB 1.1.

#How can i handle security for web tier(I am using Intercepting filter).Is it programmtically ,or changing config file.Where i get good materail on that.

Intercepting filter is used inside the servlet framework i.e. for authentication. How you use it for authorization afterwards depends on you. Both is posible. You find enough examples if you are searching the net.
Unfortunately I changed the computer, so I lost my bookmarks.

regards
Mark
neel architect
Greenhorn

Joined: Mar 26, 2005
Posts: 13
Thanks Mark Egloff .
Still I have some confusion on handling security
I am going for decl security handling.

Web based clients can be authenticated by to let the web container (running on the web servers) authenticate the user and then propagate the User Principalto the ejb container (security propagation) and then the ejb container can handle the authentication/authorization portion of it.
In that case for SignOnFilter i have to mention AccountManager Fa�ade ,AccountDAO etc.or just mentioning decl security handling is enough
neel architect
Greenhorn

Joined: Mar 26, 2005
Posts: 13
In your architecture Swing client directly connects EJB tier or swing connects using protocol router as thin client .
If using protocol router then how you handle 5 secs performance issue.
Mark Egloff
Ranch Hand

Joined: Dec 30, 2004
Posts: 30
#Web based clients can be authenticated by to let the web container (running on the web servers) authenticate the user and then propagate the User Principalto the ejb container (security propagation) and then the ejb container can handle the authentication/authorization portion of it.

This is fine for me and where is now your confusion?

#In that case for SignOnFilter i have to mention AccountManager Fa�ade ,AccountDAO etc.or just mentioning decl security handling is enough

I mnetioned the full level of design in my component diagramm and also in the description. I recommend to mention both (what kind of components your are using for authentication/authorization and how these work)

#In your architecture Swing client directly connects EJB tier or swing connects using protocol router as thin client .
If using protocol router then how you handle 5 secs performance issue.

You have to take assumptions and to mention them clearly in the description. So If you decide to connect directly to the EJB layer then you have to be ware of that the travel agents must be able to connect to this layer, so you have to define in which network zone the travel angents are located i.e. intranet or extranet?

I would recommend to keep the things clearly and simple. My assumption was that all travel agents are working for the same company and are located in the same network zone. Even if they work at differenct locations they could use VPN.

regards
Mark
neel architect
Greenhorn

Joined: Mar 26, 2005
Posts: 13
Mark, i am very unclear about how declarative web container security works.i looked at sun tutorial and designing enterpreise application security portion.I could not figure it out.
Can you explain me , how authentication/authorization works in web container as declarative mode .Thanks in advance.
Mark Egloff
Ranch Hand

Joined: Dec 30, 2004
Posts: 30
Hello Neel

Keep running don't give up. The fact why you are so confused is because there exist no "real" standard how the concept of the automatic user principals propagation is working. This is the magic of the underlying products. You as a servlet or EJB programmer has to follow the instructions of the tool/product provider.

For instance hava a look at there:Example for using security in JOnAS with Tomcat
in JOnAS you can just use a full declarative approach and you have no clue how the propagation is technically working. If you like to know you have to study the especially coded realm class "org.objectweb.security.catalina41.realm.MemoryRealm"

Weblogic for instance is using for User propagation the JNDI approach:
Using JNDI Authentication
So you will insert this programmatically from your servlet/jsp into a context which then is getting automatically propagated by the container to the ejb tier. May be there exists also some uttility/realm classes which does this then for you automatically if you are using the declarative approach in the web tier.

hope this helped you a little bit...

best regards
Mark
Mark Egloff
Ranch Hand

Joined: Dec 30, 2004
Posts: 30
By the way I downloaded the source code from the newest jonas and did a quick look how the propagation works. Here the classes which are interesting, these classes do the marshalling of the security context:
// realm for newer tomcat versions
org.objectweb.jonas.security.realm.web.catalina50.JAAS (line 208)
org.objectweb.security.context.SecurityContext (holder for principals etc.)
org.objectweb.security.context.Marshalling (byte marshalling)
// iiop or jrmp coomunication handlers
org.objectweb.jonas.security.interceptors.jrmp.ClientSecurityInterceptor
org.objectweb.jonas.security.interceptors.iiop.SecurityInterceptor
org.objectweb.jonas.security.interceptors.iiop.CorbaClientSecurityInterceptor

regards
Mark
Jamy Wang
Ranch Hand

Joined: Sep 21, 2003
Posts: 83
Congratulations!

Could you talk about something about your class diagram?
You got a perfect score in class diagram.

Shoud we show pattern related classes in the diagram? such as bussiness delegate, filter, controller etc?


Best Regards<br /> <br />SCJP1.4 SCJD1.4 SCEA
Mark Egloff
Ranch Hand

Joined: Dec 30, 2004
Posts: 30
Hello Jamy

Your questin is very common, search this forum and you will get information from others regarding your questions.

I did not change the provided BDOM except that I added of course classes or inserted it between two classes which had a releationship to each other.

My class diagram was technology independent (you will find a lot of discussions if you search the forum for this topic). This means I did not show them in the class diagram. I added it in my description and component diagram.

regards
Mark
neelArchitect saha
Greenhorn

Joined: Feb 20, 2005
Posts: 24
If i use interception filter and declarative security of web container ,do i need to take help of, AccountManager Fa�ade ,AccountDAO etc.
Or it will be done automatically.
I mean in design doc mentioning interception filter and declarative security is enough!!!
neelArchitect saha
Greenhorn

Joined: Feb 20, 2005
Posts: 24
In want to know in generic terms ,what are the components that we can use for authentication/authorization how these work.
Mark Egloff
Ranch Hand

Joined: Dec 30, 2004
Posts: 30
#I mean in design doc mentioning interception filter and declarative security is enough!!!

Hello saha

Of course you are right. This will be enough.

I just want to clarify how the declarative approach and principal propagation is working. While this is product dependent I recommend to mention this in the description. If you search in the forum regarding both things you find more questions then answers from others.

#In want to know in generic terms ,what are the components that we can use for authentication/authorization how these work.

There are several possiblities, which one you choose depends on you.

- Do it programmatically with Interception Filter. This would require a business call from the web tier to the ejb tier.

- Do it programmatically in the main servlet. This would also require a business call from the web tier to the ejb tier.

- Uste the declarative possiblity of your web container and verify that it is compatible with the ejb container product so that an automatic principal propagation is possible

- If the web container and ebj container are not compatible, you have to write your own realm class in the web container which propagates the principals. That is what I tried to explain in the posts above

hope this helps
regards

Mark
neelArchitect saha
Greenhorn

Joined: Feb 20, 2005
Posts: 24
Uste the declarative possiblity of your web container and verify that it is compatible with the ejb container product so that an automatic principal propagation is possible

- If the web container and ebj container are not compatible, you have to write your own realm class in the web container which propagates the principals. That is what I tried to explain in the posts above


Thanks for the reply.It means for declarative i need not write code to get password and check for it.Authenticaion and authorization will happen automatically.
Can i get ur email id.
Mark Egloff
Ranch Hand

Joined: Dec 30, 2004
Posts: 30
This correct, if you like to go for the full declarative approach then you have not to use an intereception filter. Both containers will then do the authentication and authorization for you.

regards
Mark
neelArchitect saha
Greenhorn

Joined: Feb 20, 2005
Posts: 24
This correct, if you like to go for the full declarative approach then you have not to use an intereception filter. Both containers will then do the authentication and authorization for you.

what is the role of intereception filter,if i do authentication and authorization in front controller itself?
can i use both intereception filter,and front controller both.is it good design.
Manju Karthik
Greenhorn

Joined: Mar 03, 2005
Posts: 21
Hi Mark,

Understand that declarative security is for protected resources, which is specified in deployment descriptor. The users and user-role mapping are done via the app server console.

But, what about the end users userid/password which are stored in application database. When a login screen is provided, the user enters his user id and pwd (which the user himself had chosen during the registration process). The details provided will be verified with the userid/password stored in application db right? How is this userid mapped to the role for declarative security???

- Manju.
Manju Karthik
Greenhorn

Joined: Mar 03, 2005
Posts: 21
Hi Mark,

Question on class diagram... Did you show attributes and operations in your class diagram. How abt composition/aggregation??

-Manju.
neelArchitect saha
Greenhorn

Joined: Feb 20, 2005
Posts: 24
My design swing directly connecting to EJB.How then authentication and authorization will be handled.As per my knowledge EJB can not do authentication
Mark Egloff
Ranch Hand

Joined: Dec 30, 2004
Posts: 30
Originally posted by neelArchitect saha:

what is the role of intereception filter,if i do authentication and authorization in front controller itself?
can i use both intereception filter,and front controller both.is it good design.


the interception filter is especially designed for doing tasks which are not related to the business logic but more related on the content (as the name says "filter"). The desing uses inside a "chain of responsibility" which allows a simple separation of concerns. Mostly are filters used for:

- content / resource filtering
- authentication or authorization
- logging
- any kind of interceptions (AOP)

If you do authorization and authentication in the front controller and still use a interception filter, it would in my eyes make no sense.

To have a front controller and intereception filter, makes sense because the front controller is responsible for the page flow and is realized as an MVC. It defines which logic/event handlers have to be called in order to collect the data from the business tier and controls which pages have to be called in which order to complete the process.

to get more information regarding the J2EE patterns and how to use them, have a look here:

SUN Core J2EE Patterns

hope this helps regards
Mark
Mark Egloff
Ranch Hand

Joined: Dec 30, 2004
Posts: 30
Hello Manju.

Originally posted by Manju Karthik:

Understand that declarative security is for protected resources, which is specified in deployment descriptor. The users and user-role mapping are done via the app server console.

But, what about the end users userid/password which are stored in application database. When a login screen is provided, the user enters his user id and pwd (which the user himself had chosen during the registration process). The details provided will be verified with the userid/password stored in application db right? How is this userid mapped to the role for declarative security???


Your understanding is fine. In practise you are able to use the a dynamical mapping of the userid, but therefore you have to use the possiblilites of the underlying container product. Most containers provide you with specific realm classes which supports the lookup by JNDI or databases (or other possiblities). Have a look for instance at the Tomcat example above and on its homepage. There exist a "database realm".

In the end you are also able to do it fully declarative. However I would recommend to include in your description that the used container have to support this in order to give a clear understanding to the experts.

regards
Mark
Mark Egloff
Ranch Hand

Joined: Dec 30, 2004
Posts: 30
Hello Manju

Originally posted by Manju Karthik:
Question on class diagram... Did you show attributes and operations in your class diagram. How abt composition/aggregation??


Please search the forum regarding these basic questions and you will find tons of answers.

Ask yourself, what will you expect from a good class diagram if you are a simple programmer? And you find the answer also in the assignment doc, means you have not to provide a full detail for each operation and attribute. Include only that which makes sense and necessary to understand how the classes are collaborating with each other.

My self I would expect from a class diagram to see the details especially for relations. If you do not show the directions or if it is an aggregation or composition then confusions by the programmer are predetermined.

regards
Mark
[ March 30, 2005: Message edited by: Mark Egloff ]
Mark Egloff
Ranch Hand

Joined: Dec 30, 2004
Posts: 30
Hello saha

Originally posted by neelArchitect saha:
My design swing directly connecting to EJB.How then authentication and authorization will be handled.As per my knowledge EJB can not do authentication


Ask your self how important is it to protect the ejb tier from the swing tier especially in this case ? This of course depends in which network zone the travel agents are located. Search the forum and you will find some answers.

By the way, some containers offer anown authentication or also authorization for J2EE client. i.e. as mentioned above Weblogic offer this by using JNDI. So if you like to go alos there for a declarative way you have to propagate the user principals in the J2EE client which is there programmatically. i.e. code which I personally use in a weblgic app




hope this helps.

regards
Mark
Niraj Kumar
Greenhorn

Joined: Feb 25, 2004
Posts: 4
Hi Mark,
congratulations! Great score!
Which tool did you use to draw the diagrams?
Thanks
Niraj
Mark Egloff
Ranch Hand

Joined: Dec 30, 2004
Posts: 30
for the class diagram I used poseidonUML community edition... for the sequence diagram I switched then do Together 6.1.

regards
Mark
Manju Karthik
Greenhorn

Joined: Mar 03, 2005
Posts: 21
Hi Mark,

Thanks for your reply on authentication/authorization. And also your views on class diagram.

Infact i am done with the diagrams and document. Just that last minute doubts and clarifications when i am reviewing it :-) When i saw your score, full marks on class diagram... thought will confirm with u


-Manju.
neelArchitect saha
Greenhorn

Joined: Feb 20, 2005
Posts: 24

Ask your self how important is it to protect the ejb tier from the swing tier especially in this case ? This of course depends in which network zone the travel agents are located. Search the forum and you will find some answers.

By the way, some containers offer anown authentication or also authorization for J2EE client. i.e. as mentioned above Weblogic offer this by using JNDI. So if you like to go alos there for a declarative way you have to propagate the user principals in the J2EE client which is there programmatically. i.e. code which I personally use in a weblgic app


code:
--------------------------------------------------------------------------------

Hashtable hashtable = new Hashtable(); hashtable.put( Context.SECURITY_PRINCIPAL,"105000"); hashtable.put( Context.SECURITY_AUTHENTICATION, "simple" ); hashtable.put( Context.SECURITY_CREDENTIALS, "105000" ); hashtable.put("java.naming.provider.url","t3://127.0.0.1:7001" ); new InitialContext( hashtable );

Thanks Mark for your great replies.I am able to clear lots of doubt from ur answers!!
I am assuming two scenarios
a>swing client inside same network,inside same firewall.do we need some kind of authentication and authorization here.
b>swing client outside network ,connecting through tunnelling .Then how it is possible to authentication .can it be done declratively.can it be done programmtically.

SECURITY_PRINCIPAL,"105000
SECURITY_AUTHENTICATION, "simple"
SECURITY_CREDENTIALS, "105000"
what does it mean.where i put this code into business delegate or where.or hardcoded in swing
Manju Karthik
Greenhorn

Joined: Mar 03, 2005
Posts: 21
Hi,

This link explains declarative security for web applications and also how the users can be mapped to one role "Weak authentication". Hope this helps for those who have questions regarding declarative sec for web apps.

http://www.javaworld.com/javaworld/jw-03-2005/jw-0307-captcha.html

-Manju.
Mark Egloff
Ranch Hand

Joined: Dec 30, 2004
Posts: 30
Hello saha

#a>swing client inside same network,inside same firewall.do we need some kind of authentication and authorization here.

This is your decision. You are the architect

#b>swing client outside network ,connecting through tunnelling .Then how it is possible to authentication .can it be done declratively.can it be done programmtically.

Be careful this is not J2EE standard, the used underlying product have to support that.

#what does it mean.where i put this code into business delegate or where.or hardcoded in swing


This is using the JNDI standard. Which means you can use the directry service to transfer objects. To use JNDI for authorization and authentication can be seen as a standard, but not every container product supports it.

You have to put this code simple in your client. At which location depends on you
The trickhow it works is the "java.naming.provider.url" there you specify to which jndi service you are connecting. This is normally a runnig process/service inside your ejb container.

If you do then a RMI service call, the JNDI service is used in the background for lookup and connection. It uses therefore automatically the Context which you have created above.example:



I hope this clarifies your issues. However you do not have to go into the details during your assignment. Just mention in your description if you go for a declarative approach that the containers have to support principal propagation, because this is not a real J2EE standard as you have seen.

regards
Mark
[ March 30, 2005: Message edited by: Mark Egloff ]
Mark Egloff
Ranch Hand

Joined: Dec 30, 2004
Posts: 30
Originally posted by Manju Karthik:
Hi,

This link explains declarative security for web applications and also how the users can be mapped to one role "Weak authentication". Hope this helps for those who have questions regarding declarative sec for web apps.

http://www.javaworld.com/javaworld/jw-03-2005/jw-0307-captcha.html

-Manju.


very good example... I looked myself very hard for a "CAPTCHA" possibility to include it in a forum application...now I am know how this stuff is called... thanks!

You will become a good architect....
Ravi Dhanum
Ranch Hand

Joined: Feb 27, 2005
Posts: 46
Mark,

#For sending Email can i use message driven bean
yes, you can. You also can use other J2EE things like a session bean. But be careful, the expected standard is EJB 1.1.


Thanks for pointing this out! Where did you read this?

Thank you again. It makes a real difference when designing the class diagrams.

-Ravi
Ravi Dhanum
Ranch Hand

Joined: Feb 27, 2005
Posts: 46
Mark,

I don't know if I made it clear. My question is how did you know to use EJB 1.1? Where did you read it?

Thanks in advance.

-Ravi
Mark Egloff
Ranch Hand

Joined: Dec 30, 2004
Posts: 30
Hello Ravi

I am still here, just let me sleep, work ,eat and then I am ready for you.
While I am located on the other side of the planet earth you may have to wait a few hours...

If you search for posts, articles and even read the recommended books they often talk only about EJB 1.1. EJB 2.0 possiblilites are sometimes mentioned but not handled in detail. For isntance they talk about the message model, but do not mention explicitely the Message driven Beans. Or they talk about the local interface regarding performance improvements, but not more. That's more or less all.

I got also a question in my first part of the certification between the difference of ejb 1.0 and ejb 1.1. There was no specific question regarding 2.0.

If you look at the overview of the certification at the sun webpage you also see no clear indication which standard is expected.

Sun Certified Enterprise Architect for J2EE Technology

have alos a look here:
Get the inside track on J2EE architect certification see at the end section "Future Exams"

Will Sun upgrade the EJB part of SCEA to EJB2.0 ?

I simple recommend to include in your description which standard you like to use and why. This will clarify all issues for the experts.

Regarding the class diagram, I don't see there a poinz why this should affect the class design. Search the forum for "technology independent" class diagram. I chosed this approach and got the full score.

So the olny thing which is affected is of course the component diagram. There you have clearly to define which standard and solution you take and why.

hope this helps

regards
Mark
[ March 31, 2005: Message edited by: Mark Egloff ]
Ravi Dhanum
Ranch Hand

Joined: Feb 27, 2005
Posts: 46
Hi Mark,

Thank you for clearing that up. I don't want to be too persistant in my questions, but i thought it may help others to see the distinction you found. Thanks, I appreciate your find.

Here is how it may help:
Although a design should be implementation nonspecific, I have found with EJB that an exception must be made. If I am using EJB 2.0, I will use more data objects as cmp entity beans instead of DAO. If I'm using EJB1.*, then I may not have any entity beans. This change would show up in the class diagram and sequence diagram.

Also, I have read the discussions about whether to indicate EJB classes in the class diagram. Since this project is a mandatory J2EE project, then I think it is ok and appropriate to mention indicate the presence of EJB classes in the class diagram.

Thanks again, Mark for pointing out the EJB version.

-Ravi
neel architect
Greenhorn

Joined: Mar 26, 2005
Posts: 13
In my design swing client and web client connecting through web tier.In the web tier i am using declarative security .So In the component diagram do i have to show Login ,Logout delegate, AccountManager,AccountDAO.
As per my knowledge ,in declarative authentication,container will do authentication automatically.So i donot need to show in component diagram.
Wating for your suggesstion.
Mark Egloff
Ranch Hand

Joined: Dec 30, 2004
Posts: 30
Hello neel

What you like to display in the component diagram is alone your decision. I can not give you an answer on this.

Regarding declarative security, this is only a principle for authentication/authorization. Which means if you go for declarative you have not to include components regarding this. But other components which are related to a user activity you may have.

I recommend you to study some J2EE architectures as for instance "Struts", "Java ServerFaces" or "Cocoon" to get more experience of which components these consists and how these handle the process of a user activity. You have only to understand those architectures at high level. I did this and became the necessary understanding.

Hope this helps

regards
Mark
[ April 03, 2005: Message edited by: Mark Egloff ]
neelArchitect saha
Greenhorn

Joined: Feb 20, 2005
Posts: 24
Which means if you go for declarative you have not to include components regarding this. But other components which are related to a user activity you may have

Can you explain a bit what does user activity ?means here?
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: passed part II/III with 93