Help coderanch get a
new server
by contributing to the fundraiser
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Devaka Cooray
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • paul wheaton
  • Henry Wong
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Tim Moores
  • Carey Brown
  • Mikalai Zaikin
Bartenders:
  • Lou Hamers
  • Piet Souris
  • Frits Walraven

login question

 
Ranch Hand
Posts: 218
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello All,

A pre-condition for all use cases requires that the user be logged in. Does this mean that the user must be logged in before the use case starts? For example, in the Prepare Itinerary UC, must the user be logged in while selecting the flights? Is there flexability here?

The reason for concern here is:

The prepare itinerary UC has said that the user must be logged in before confirming the itinerary. If the user is not logged in, the user will log in, and the 'itinerary confirmation window with selected flights' be presented. This is the same window the user was on before the login page was presented. This sequence is not supported by form-based login nor the petstore example. I am hoping for some flexibility in requirement interpretation.

Any responses are kindly welcomed.

-Saha

 
Ranch Hand
Posts: 311
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Saha Kumar:
A pre-condition for all use cases requires that the user be logged in. Does this mean that the user must be logged in before the use case starts? For example, in the Prepare Itinerary UC, must the user be logged in while selecting the flights? Is there flexability here?


In theory: yes, as allready argued in your posting https://coderanch.com/t/154589/java-Architect-SCEA/certification/UML

Originally posted by Saha Kumar:
This sequence is not supported by form-based login


... and even worse: standard form-based login in case of Java/GUI-clients is vendor specific, is performd transparently and therefore in my oppionion must be separated from business workflow like presenting a list of ..., so there is no chance to follow the usecase literally if we do not want to spend more effort on the simple user id / password login than on the rest of the exam.

What do others think?

Thomas
 
Saha Kumar
Ranch Hand
Posts: 218
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello Thomas,

Thanks very much for the post. In the past, I have implemented J2EE security on a number of projects, and recognize its short-comings. The choice of security for a J2EE application is an architecture call. When considering how to meet the security requirements for this certificate, I just kept in mind that, if possible, try not to reinvent the wheel.

-Saha
 
Thomas Taeger
Ranch Hand
Posts: 311
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Saha,

Originally posted by Saha Kumar:
... for this certificate, I just kept in mind that, if possible, try not to reinvent the wheel.


I totally agree. I just rely on the default login behaviour that even may be vendor specific for Java/GUI clients.

But does that mean that you also ignore the business requirement of what I called "presenting a list of ..." on "Customer not logged on"?

Thomas
 
Saha Kumar
Ranch Hand
Posts: 218
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello Thomas,

I am not ignoring the alternate flow of 'User not logged in'.

I will put that in.

I will also abide by the pre-condition that the user be logged in.

One way is user's session timed-out.

-Saha
 
Thomas Taeger
Ranch Hand
Posts: 311
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Saha Kumar:
I will also abide by the pre-condition that the user be logged in.
One way is user's session timed-out.



Hi Saha,
now it becomes interesting: The pre-condition had been true on entering the usecase but is not true any longer because of say time out.

I never thought about that, but indeed a pre-condition is not an invariant.

All the same I probabely will let the default security mechanisms of the web and the EJB container enforce the default login.

Good luck,
Thomas
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic