Win a copy of 97 Things Every Java Programmer Should Know this week in the Java in General forum!

Akar Rafidj

Ranch Hand
+ Follow
since Aug 30, 2005
Cows and Likes
Total received
In last 30 days
Total given
Total received
Received in last 30 days
Total given
Given in last 30 days
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Akar Rafidj

I think that Hibernate is now part of J2EE, it has been selected as persistence mechanism for EJB 3.0. The latest release of Hibernate is 3.1 rc2.
The final release will be ready soon.


FBN has only one price for each class:
-first class for who have much money: your boss (travel with the comfort of a flying palace)
-coach (or other term: economy) class for who have few money: you and me (travel with the comfort of a flying truck)


Originally posted by Giju George:
Hi Akar,
Did you show different tiers in component diagram.. I mean did u physically seperate your components in diff tiers ??

I followed a standard, my components were aligned from left to right:
"Web/application client tier--->Business tier---->Integration tier ---->EIS tier"
The different tiers are obvious


Did you discribe your security solution in detail,Even include in component diagram or sequence diagram?

No, only what solution i selected for each client type and how credentials are exchanged between instance servers (if your architecture is distributed)

Would you be able to share how you have used the Mileage Account in FBN? Did you access the FMS database directly?

It's up to to choose the solution which meets all requirements,you should take in mind easy to use, performances,security, reliability, readonly or read/write requests...For the assignment i think that you have the choice between screen scraping and JDBC

Did you include the DAO ,EJB, Bussiness Delegate class in you class diagram?
Can you tell me your assumption's structure

My class diagram was neutral, only business objects. Read my first post for my documentation structure.In the assumptions chapter i tried to refine and clarify the use cases (without breaking the requirements), uses cases should be compatible,i wrote also what i understood from the interviews and the BDOM.

i have already gone thru redbook chaps on security.

JAAS is programmatic security .Can I implement JAAS on stand alone client in conjunction with declarative EJB security or I will have to call EjbContext methods getCallerP in my EJBs to perform authorization (programmatic EJB security).

Did you specify the components which will be protected/un protected or just the approach used will suffice.


Yes you can when JAAS is activated on the server, at application installation step, you map security roles to users/groups. You may use the default server implementation of JAAS or your own and you configure the server to use it, but i think that you don't have to go at this level of details. If your standalone application runs inside a J2EE client container and you configure CSIv2 standard, you have nothing to add. Usually getCallerPrincipal and isCallerInRole are used when you want a fine control on method execution; for example you may have constraint on a method execution : "if condition == true OK for the role defined in the security-role-ref element".You may also use getCallerPrincipal if you want to monitor and log travel agents activities.
The approach used will suffice

Can you share your PART III exam experience....?
How lengthy was your answer ...?

Don't worry about part III, i recommand to study carefully your submission before taking the test, your answers should be coherent with what you wrote in your documentation

[ October 21, 2005: Message edited by: Akar Rafidj ]

For MVC, i used my own framework but you can use any existing framework: WAF, Struts, JSF...J2EE recommandation (J2EE blueprint) is to use so existing frameworks, advantages: productivity, robustness, flexibility and extensibility, but don't try to kill a fly with a machine gun.
For security, i'll recommand studying an IBM redbook: "WebSphere V6: Security Handbook", free download from
It's really excellent (almost chapters 5 through 8) with good samples. developed concepts may be applied to any J2EE server.
Hope this helps
Yesterday i got my result for SCEA part 2/3 : 96%

Grade: P
Score: 96
This report shows the total points that could have been awarded in each section and the actual amount of points you were awarded. This information is provided in order to give you feedback on your relative strengths on a section basis. The maximum number of points you could have received is 100, minimum to pass is 70.

Class Diagram (44 maximum) .......................... 43
Component Diagram (44 maximum) ...................... 41
Sequence/Collaboration Diagrams (12 maximum) ........ 12

Summary of my submission:
UML version: 2.0, modeling tool: trial version of Sparx Enterprise Architect 5
Class diagram: 23 classes, only entity objects, don't changed the BDOM, extented some concepts: Customer, Equipment, Seat, Flight...tried to separate what may change from what is stable...
Component diagram (very clean): 33 components (all depencencies stereotyped and a lot of notes, showed only parent components for composite components...)
Sequence diagrams: components based
Documentation: 8 pages:
-Introduction: my vision of the requirements (summary of "must have" requirements: System should provide, allow or meet....)
-Assumptions: interviews, BDOM, use cases...
-Architectural choices: tiers, local vs distributed, session management, transaction model,QoS, security...
-Design choices: J2EE components, modules, J2EE design patterns...

Thanks for all ranchers


I'll recommand studying "Developing enterprise applications with J2EE", free pdf download from sun web site, it's the J2EE blueprint.

Hope this helps.

An interface is a specification, a contract: operation or set of operations (i don't use terms as methods or procedures, it's independent from any programming language) published ( accessible to a client) by a component (this component may be a single class of a complex module.

[ October 19, 2005: Message edited by: Akar Rafidj ]

J2EE and UML differ on component definition, for J2EE, jsps, servlets, EJBs, application clients, VOs (if based on javaBeans technology) sre all J2EE components (refer to the specification or J2EE blueprint). They are all reusable components from J2EE viewpoint.I don't understand why you say that jsps, servlets... don't talk to each other through interfaces ???
I think that you don't have to show well known interfaces (Home or EJBObject...) in the component diagram.

I don't think that you have to go at this level of details.There're many clustering strategies for scalability and availability:
Clustered pairs
Two-node clusters
Scalable (N-to-N)
N+1 (Star)
Usually, you select your clustering strategy after load tests. This strategy depends also of your architecture(local vs distributed) and your hardware. (one or more servers).
For a local architecture and one server,one scenario may be: 3 J2EE server instances at 60% max capacity (weighted load balancing strategy), each running in its server domain, le first and the second for scalability, the third (active or in stand by) for availability (star strategy)

[ October 17, 2005: Message edited by: Akar Rafidj ]
From the J2EE viewpoint, JSPs, servlets, EJBs, JCA resources, applications client, applets.. are all J2EE components !( we should add also JavaBeans).
See specification
May be, it's possible to model jsp pages as a generic component labeled "view" with a attached note listing all your jsp pages.

Hope this helps


For your first question:
For reliability, you should take in mind also:
-robustness:strong test plan and exception handling mechanism...
-resources management: finding, acquiring, using and releasing resources.I'll recommand studying Pattern-Oriented Software Architecture: Patterns for Resource Management, Volume 3 by Michael Kircher and Prashant Jain ISBN:0470845252
John Wiley & Sons � 2004
Hope this helps

[ October 17, 2005: Message edited by: Akar Rafidj ]
Even with CMP 2.0, you must define EJBQL query for finders OTHER THAN findByPrimaryKey in the deploiment descriptor so the server can generate implementation.


It's the architect's job to refine and clarify the use cases without breaking the requirements, use cases should be compatible.

Hope this helps