Hey Ranchers,
I think I can use some help with component diagram.
1. What tier to put FacesServlet to ?
The reason to include it into component diagram is that, while it is not used directly,
an assignments explicitly says that
servlets should be included in component diagram, and FacesServlet is a servlet, after all.
So if we include it: where should it go ? It certainly does not belong to the business, persistence, or integration tier.
I think it does not belong to resource tier either - so, should it go to Presentation tier ? Or should it be just put on a side, outside of all tiers ?
Or maybe it should not be a part of component diagram at all ?
The reason not to include it is that it is provided by container, and we do not put everything provided by container into component diagram.
So can you tell me, how do/did you handle FacesServlet in your component diagram ?
2. What to do with JAAS/container managed security ?
My solution has a JAAS with DB login module and form-based authentication.
All container-managed, based on container configuration (realms, roles, configuration of DB login module), web application configuration (login and error pages, security-constraint, login-config, and security-role to web.xml) and annotations for authorization on EJBs.
So my security implementation is spread across different parts:
code and views (annotations in EJBs, login and error pages), config files that are part of application (web.xml), and config files that belong to container.
This is all wired together by container, and
this thread suggests to have a "security" component in Component diagram.
So I guess my questions are:
2.1 Do you think that "Security", or, probably, "container-managed security" component should be created, to hold all the security-related configuration changes that were implemented on container level ? If so, what tier should this component belong to ?
2.2 Do you think that another component - "web security" should be added to presentation tier, to include security-related changes in web.xml, along with security related pages (login page, error page) ?
2.3 Most importantly, how did you implement security in your component diagram ?
Your help is appreciated !