This week's book giveaway is in the Spring forum.
We're giving away four copies of Spring Boot in Practice and have Somnath Musib on-line!
See this thread for details.
Win a copy of Spring Boot in Practice this week in the Spring forum!

Cathy Gorchkova

+ Follow
since Nov 30, 2001
Cows and Likes
Total received
In last 30 days
Total given
Total received
Received in last 30 days
Total given
Given in last 30 days
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Cathy Gorchkova

I am also interested in the book for the certification. But does it cover some sophisticated situations and solutions for them?
Or this is just a guide to pass the exam? And how does it compare to "SCWCD Exam Study Kit: Java Web Component Developer Certification" by Hanumant Deshmukh and Jignesh Malavia?
Hi Ted,
Are there any tools that support RAD for struts? If, for example, I want to start with UML model of the application and then to come down to code. How struts will be intergrated with the model?
Cathy Gorchkova.
19 years ago
So, this book is about server administration and not development, right?
19 years ago
thank you for the answers. I also want to mention that security requirements are very likely to be changed. Very often when the development starts, the customer has not made decision about the authorization rules. This is very inconvenient, because the earlier we know the requirements, the safer system we will have. And relying on the power of EJB security is a risk in that sense. But, anyway I want to add one more rule to the security solutions: keep security logic and business logic orthogonal, if possible
19 years ago
Hi, Brian
What is the best solution for handling instance-level security in Entity beans? How to return to the user a subset of entity beans he can access?
I wish to avoid retreiving all the beans first and then check authorization for every entity.
19 years ago
the decision you described is probably the best in terms of current technologies. But this model lacks a lot of things. The ideal variant will be:
- Do not create the role for each country, but create one parameterized role Manager<Country>. (All the roles share the same access rule).
- Do not create the page for each customer. There may be lots of customers and each of them has access to the page with exactly the same structure (but different data).
I also want some consistency checks. I want to be sure that user does not have access to the pages that show not his data. Is this the future? Does anybody work in this direction?
19 years ago
my personal opinion is that one of the biggest problem is application level security. Let us consider simple example. Customer enters orders and the manager approves or rejects orders. Administrator manages personal data of customers and manages. Here are the minimal security requirements for this application:
1. Administrator has no access to business data.
2. Customers and managers has no access to administration data.
3. Manager can approve/reject orders only from specific regions (region is a customer's attribute)
4. Customer can view/update only his orders
Suppose, this is j2ee application. EJB security is not enough, because it does not cover instance level security (points 3 & 4). Moreover, we should protect not only data but servlets(URLs) for points 1 & 2. If our application is integrated with some external system(for example, loading of orders from CSV files directly to database), we need protection on the database level. Does anybody know how to build the consistent security model for such applications? Are there books/tutorials that address these problems? I think this example is *TYPICAL*. Everybody is welcome to share his experience
19 years ago
Hi ranchers,
Yesterday I wrote to jcert about SUN's level2 exam. They answered:
Regarding your question:
PLATFORM exam as jCert Level 2 and jCert Certified Solutions Developer
The answer is "no" at this time. The Sun does not have any jCert
certification exams in Level 2. Sun is only participating in jCert at Level
1 and Level 3. Candidates who are interested in getting a jCert endorsed
Certified Solutions Developer certification will need to take the 2A
(vendor-neutral exam from Prosoft-CIW, Oracle or IBM) and the 2B exam (from
Hewlett-Packard, IBM or Oracle).
jCert Inititative, Inc.
2333 N. Broadway, Ste. 300
Santa Ana, CA 92706
So, now it is clear