aspose file tools*
The moose likes Architect Certification (SCEA/OCMJEA) and the fly likes Question about Security topic in OCMJEA 6 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Architect Certification (SCEA/OCMJEA)
Bookmark "Question about Security topic in OCMJEA 6" Watch "Question about Security topic in OCMJEA 6" New topic
Author

Question about Security topic in OCMJEA 6

Baba Sahbi
Greenhorn

Joined: Mar 11, 2013
Posts: 21
    
    1
Hello all,
I am actually preparing to sit for the OCMJEA 6 exam.
Exam topics are available in this page :
http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=5001&get_params=p_exam_id:1Z0-807

In particular, there is something unclear for me concerning Security topic :

"Select appropriate locations to implement Java EE security technologies or features in a UML component and deployment diagram."

I do not see a particular link between Security technologies and UML diagrams...
Can anyone enlighten me about this objective ?
Thanks in advance for your help !

Best regards.


SCJP 6 | SCWCD 5 | OCMJEA 5 | CAPM
Amritendu De
author
Ranch Hand

Joined: Feb 21, 2009
Posts: 128
    
    6

Component diagrams may have security ports on the component. Deployment diagram may haive firewalls, DMZ which are security components.


Senior Architect (SCEA 5, TOGAF 9, IBM OOAD, PMI certified)
[Spring 4 and Hibernate 4: Agile Java Design and Development] [OCMJEA Practice Guide] [OCA Java SE-7 and SE-6 Practice Exams]
Baba Sahbi
Greenhorn

Joined: Mar 11, 2013
Posts: 21
    
    1
Thanks a lot for your response.
BR.
Baba Sahbi
Greenhorn

Joined: Mar 11, 2013
Posts: 21
    
    1
Hi all,

I have another question related to security , this time in second topic :

"Identify design patterns that address specific challenges in the web tier, including authentication, authorization, and scaling and clustering to meet demand."

Is the exam speaking about patterns like Authentication Enforcer, Authorization Enforcer, Intercepting Validator ... ?

See this link for a full list : http://coresecuritypatterns.com/patterns.htm

Thanks and best regards.


Amritendu De
author
Ranch Hand

Joined: Feb 21, 2009
Posts: 128
    
    6

That's correct!
Baba Sahbi
Greenhorn

Joined: Mar 11, 2013
Posts: 21
    
    1
Hello,
Thanks Amritendu De for your answer.
That makes a lot of patterns to prepare (GOF patterns, Core JEE patterns, Webservices patterns, Adam Bien's patterns, Security patterns, Antipatterns...)

May I ask a question :

Is there any literature concerning : "Select appropriate locations to implement Java EE security technologies or features in a UML component and deployment diagram." ?
because except your reply I can't manage to find anything on the subject.

Thanks and best regards.
Esteban Herrera
author
Greenhorn

Joined: Dec 25, 2004
Posts: 21

Hello Baba. I just took the beta exam and I didn't get any question about the objective "Select appropriate locations to implement Java EE security technologies or features in a UML component and deployment diagram." No UML at all in the exam.

About security I can recommend you to study best practices, difference between declarative and programmatic security, the concept of single sign-on, how to program to mitigate security attacks like XSS, the Java Cryptography Architecture, and the concepts of a firewall and DMZ.
Baba Sahbi
Greenhorn

Joined: Mar 11, 2013
Posts: 21
    
    1
Ok thanks a lot Esteban for your reply !
Best regards
 
jQuery in Action, 2nd edition
 
subject: Question about Security topic in OCMJEA 6