This week's book giveaway is in the Spring forum.
We're giving away four copies of Spring in Action (5th edition) and have Craig Walls on-line!
See this thread for details.
Win a copy of Spring in Action (5th edition) this week in the Spring forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Devaka Cooray
  • Liutauras Vilda
  • Jeanne Boyarsky
Sheriffs:
  • Knute Snortum
  • Junilu Lacar
  • paul wheaton
Saloon Keepers:
  • Ganesh Patekar
  • Frits Walraven
  • Tim Moores
  • Ron McLeod
  • Carey Brown
Bartenders:
  • Stephan van Hulst
  • salvin francis
  • Tim Holloway

Cade example - where is security handled?  RSS feed

 
Ranch Hand
Posts: 103
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hey everyone,

I was showing someone my design for the assignment and they asked me where my security was implemented. I was taken a little off gaurd.

I guess I've pretty much followed the Cade part 2 example. So my answer was security is handled by the Controllers. What do others think about this?

Thanks,

Peter
 
Ranch Hand
Posts: 527
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Peter,

As its part of a implementation, Cade's casestudy doesn't emphasize on SSL implementation.

If you want, you can just put a NOTE b/w tiers in Deployment diagram.

Anil
 
Ranch Hand
Posts: 317
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Originally posted by PETER BERGOFF:
Hey everyone,

I was showing someone my design for the assignment and they asked me where my security was implemented. I was taken a little off gaurd.

I guess I've pretty much followed the Cade part 2 example. So my answer was security is handled by the Controllers. What do others think about this?

Thanks,

Peter



Hi Peter,
I think everyone should spend some time walking through their architecture from a security point of view after all the business needs are met. It will raise some very interesting questions. Things like, how will security be handled in the web app vs the java app? how will security credentials be propogated? do you only need authentication or authorization constraints too? would you choose to use ejb client container security or ejb server security? and why? is there a need for performing programmatic authorization? and if yes, where does that responsibility lie? what kind of security would you need while interfacing with external system? who handles it? Does every function need security? what are its implication on performance?
After you go through all these scenarios and many others, which I might have missed, you would be in a better position to envision the security hooks in your architecture.

Parag
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!