This week's book giveaway is in the Spring forum.
We're giving away four copies of Spring Boot in Practice and have Somnath Musib on-line!
See this thread for details.
Win a copy of Spring Boot in Practice this week in the Spring forum!

Cathy Gorchkova

Greenhorn
+ Follow
since Nov 30, 2001
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
0
Received in last 30 days
0
Total given
0
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Cathy Gorchkova

Hi,
I am also interested in the book for the certification. But does it cover some sophisticated situations and solutions for them?
Or this is just a guide to pass the exam? And how does it compare to "SCWCD Exam Study Kit: Java Web Component Developer Certification" by Hanumant Deshmukh and Jignesh Malavia?
Regards,
Cathy
Hi Ted,
Are there any tools that support RAD for struts? If, for example, I want to start with UML model of the application and then to come down to code. How struts will be intergrated with the model?
Regards,
Cathy Gorchkova.
SJCP
19 years ago
Hi,
So, this book is about server administration and not development, right?
19 years ago
Brian,
thank you for the answers. I also want to mention that security requirements are very likely to be changed. Very often when the development starts, the customer has not made decision about the authorization rules. This is very inconvenient, because the earlier we know the requirements, the safer system we will have. And relying on the power of EJB security is a risk in that sense. But, anyway I want to add one more rule to the security solutions: keep security logic and business logic orthogonal, if possible
19 years ago
Hi, Brian
What is the best solution for handling instance-level security in Entity beans? How to return to the user a subset of entity beans he can access?
I wish to avoid retreiving all the beans first and then check authorization for every entity.
19 years ago
Patrick,
the decision you described is probably the best in terms of current technologies. But this model lacks a lot of things. The ideal variant will be:
- Do not create the role for each country, but create one parameterized role Manager<Country>. (All the roles share the same access rule).
- Do not create the page for each customer. There may be lots of customers and each of them has access to the page with exactly the same structure (but different data).
I also want some consistency checks. I want to be sure that user does not have access to the pages that show not his data. Is this the future? Does anybody work in this direction?
19 years ago
Hello,
my personal opinion is that one of the biggest problem is application level security. Let us consider simple example. Customer enters orders and the manager approves or rejects orders. Administrator manages personal data of customers and manages. Here are the minimal security requirements for this application:
1. Administrator has no access to business data.
2. Customers and managers has no access to administration data.
3. Manager can approve/reject orders only from specific regions (region is a customer's attribute)
4. Customer can view/update only his orders
Suppose, this is j2ee application. EJB security is not enough, because it does not cover instance level security (points 3 & 4). Moreover, we should protect not only data but servlets(URLs) for points 1 & 2. If our application is integrated with some external system(for example, loading of orders from CSV files directly to database), we need protection on the database level. Does anybody know how to build the consistent security model for such applications? Are there books/tutorials that address these problems? I think this example is *TYPICAL*. Everybody is welcome to share his experience
19 years ago
Hi ranchers,
Yesterday I wrote to jcert about SUN's level2 exam. They answered:
---------------------------------
Regarding your question:
Can I include the SUN CERTIFIED WEB COMPONENT DEVELOPER FOR J2EE[tm]
PLATFORM exam as jCert Level 2 and jCert Certified Solutions Developer
certification.
The answer is "no" at this time. The Sun does not have any jCert
certification exams in Level 2. Sun is only participating in jCert at Level
1 and Level 3. Candidates who are interested in getting a jCert endorsed
Certified Solutions Developer certification will need to take the 2A
(vendor-neutral exam from Prosoft-CIW, Oracle or IBM) and the 2B exam (from
Hewlett-Packard, IBM or Oracle).
jCert Inititative, Inc.
2333 N. Broadway, Ste. 300
Santa Ana, CA 92706
jcertinfo@jcert.org
--------------------
So, now it is clear