neelArchitect saha

Greenhorn
+ Follow
since Feb 20, 2005
Merit badge: grant badges
For More
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
0
Received in last 30 days
0
Total given
0
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by neelArchitect saha

In my design can i use
Front Controller-->Application Controller-->Business Delegate.
Can i say Application Controller as Request processor.
Please any SCEA help !!!
What will be the preparation for part 3.Do i have to look at part 1 notes.or looking at desing is enough!!!
how i will prepare for part 3.What are the expected question for that.
Thanks in advance.

Which means if you go for declarative you have not to include components regarding this. But other components which are related to a user activity you may have


Can you explain a bit what does user activity ?means here?
I am planning to use protocol router for the application.
For both type of clients i will use

view-->protocol router-->front controller-->Session Facade-->EJB
but req says application client should be fast.so is my design wrong.
Can SCEA passed with above 90% had applied it still managed to get good score
How your swing client connects with EJB tier ,through web tier or directly swing-->BD-->EJB.
waiting for ur reply.
what


Ask your self how important is it to protect the ejb tier from the swing tier especially in this case ? This of course depends in which network zone the travel agents are located. Search the forum and you will find some answers.

By the way, some containers offer anown authentication or also authorization for J2EE client. i.e. as mentioned above Weblogic offer this by using JNDI. So if you like to go alos there for a declarative way you have to propagate the user principals in the J2EE client which is there programmatically. i.e. code which I personally use in a weblgic app


code:
--------------------------------------------------------------------------------

Hashtable hashtable = new Hashtable(); hashtable.put( Context.SECURITY_PRINCIPAL,"105000"); hashtable.put( Context.SECURITY_AUTHENTICATION, "simple" ); hashtable.put( Context.SECURITY_CREDENTIALS, "105000" ); hashtable.put("java.naming.provider.url","t3://127.0.0.1:7001" ); new InitialContext( hashtable );


Thanks Mark for your great replies.I am able to clear lots of doubt from ur answers!!
I am assuming two scenarios
a>swing client inside same network,inside same firewall.do we need some kind of authentication and authorization here.
b>swing client outside network ,connecting through tunnelling .Then how it is possible to authentication .can it be done declratively.can it be done programmtically.

SECURITY_PRINCIPAL,"105000
SECURITY_AUTHENTICATION, "simple"
SECURITY_CREDENTIALS, "105000"
what does it mean.where i put this code into business delegate or where.or hardcoded in swing
My design swing directly connecting to EJB.How then authentication and authorization will be handled.As per my knowledge EJB can not do authentication
My design swing directly connecting to EJB.How then authentication and authorization will be handled.As per my knowledge EJB can not do authentication

This correct, if you like to go for the full declarative approach then you have not to use an intereception filter. Both containers will then do the authentication and authorization for you.


what is the role of intereception filter,if i do authentication and authorization in front controller itself?
can i use both intereception filter,and front controller both.is it good design.

Uste the declarative possiblity of your web container and verify that it is compatible with the ejb container product so that an automatic principal propagation is possible

- If the web container and ebj container are not compatible, you have to write your own realm class in the web container which propagates the principals. That is what I tried to explain in the posts above



Thanks for the reply.It means for declarative i need not write code to get password and check for it.Authenticaion and authorization will happen automatically.
Can i get ur email id.
In want to know in generic terms ,what are the components that we can use for authentication/authorization how these work.
If i use interception filter and declarative security of web container ,do i need to take help of, AccountManager Fa�ade ,AccountDAO etc.
Or it will be done automatically.
I mean in design doc mentioning interception filter and declarative security is enough!!!

Credit Card Authorisation should happen in a secure way ... you can use XMLRPC over HTTPS !



Can You tell where I get good material on that.So that i can refer.
In design can i show one stateless EJB connecting with Trasamaster by XML-RPC over SHTTP.That will be suffice,or i have to show more..........
Thanks Pant.
For Performance Client--> EJB is better than Client-->servlet.
But if i use Client--> EJB ,then how can i handle security.Any idea about that.
In design enterprise application book ,they used protocol router(servlet filter,eg signON).I can handle security in a better way.
But i am cluless about Client--> EJB thing.any material on that.