• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Login Module and Security

 
Ranch Hand
Posts: 75
1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi everyone.
I had three big doubts in my mind, two of them I found answered here on Ranch, specifically to my assignment.
But I didn't see any thread on the third one, maybe it's a problem just for me. Here it goes:

In each Use Case's description, the first step is: The user enters username and password. Seriously, I've never worked in this way, I've always used container managed authentication and when the user has logged one time, there is no need to log again unless the session expires of course.

If I create the login mechanisms by myself, I could force authentication in every screen, but I'd be breaking the best practices. By other side, if I use container managed authentication, I'd be breaking the first step of all use cases. I did a good research here and I saw that most of times they describe the authentication as a global service and it's not my case.

I thought about writing a assumption, saying that the username and pass wouldn't be requested if the user was authenticated already. But I'd be breaking my own rules: "Stay true to the use cases."

Do you think it's acceptable to make this assumption?

Thanks in advance.
 
author & internet detective
Posts: 41860
908
Eclipse IDE VI Editor Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The use cases are written as if they are all happening independently. Of course this is not how it really works as you know. What I did in my assignment was write a "helper" use case for login. That way I was still designing the functionality, but it was polluting each use case. I didn't use container managed authentication in the assignment though as I thought that would be oversimplification of the problem Some websites (such as this one) do have to do login security by themselves.
 
Antonio Rafael Rodrigues
Ranch Hand
Posts: 75
1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello Jeanne, thank you again.
It's good read that. That point of view is the most sensate, for sure.
But I found it very strange since all the people that I heard about the assignment told that the login wasn't described as mine. I thought that mine had a particular reason to be in that way.
 
Ranch Hand
Posts: 145
8
Mac MySQL Database Java Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello Antonio,

Jeanne is right saying that use cases should start clean - assuming that the actor never used this computer before, the first step is signing in.
In my use cases, the first step is "The user logs in to the system".
I think that in your case it is an explicit requirement to provide password-based authentication (either JAAS container-based, which I would prefer, or application-based) -
as opposed to, say, certificate-based authentication.
 
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Antanio, my assignment also had use cases which was mentioning login in each use case.

I had put an Action class, Business class & DAO each for login flow. No need to provide implementation level details there. Just one login method will do.
Also, I had kept one small separate sequence diagram for login flow even though there was no such use case in the assignment. Mentioned the same in my notes list.

I passed OCMJEA this month with a score of 149
 
reply
    Bookmark Topic Watch Topic
  • New Topic