Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to handler security for the rich client application

 
Mark Cave
Ranch Hand
Posts: 92
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,

Could you please Giri, Matt, Dhanesh and the others share with me the way you handled or plan to handle the security for the rich client application? I am not familiar with the different security models for these kind of applications.
[ June 21, 2005: Message edited by: Mark Cave ]
 
David Follow
Ranch Hand
Posts: 223
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Mark,

do you plan for the Swing client to directly access the business tier or do you also go through the presentation tier?

D.
 
Mark Cave
Ranch Hand
Posts: 92
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Mark,

do you plan for the Swing client to directly access the business tier or do you also go through the presentation tier?

D.

Directly accessing the business tier.
 
Mark Cave
Ranch Hand
Posts: 92
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Matt suggested this excellent thread.
 
raj b
Ranch Hand
Posts: 35
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Mark,
Does that mean the Container Managed Security involves mapping a database containing customers who can be authenticated.
Then this looks like a solution in which both types of clients(online customers and customers booking thru TA) can be authenticated.
Then why do we need role based security here. since there is no role and TA are infact booking tickets for customers
 
Giri Alwar
Ranch Hand
Posts: 37
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The use case requirements mention that SSL should be used for secure communication. I made a note in my assumptions that SSL will be employed in the solution.

Many folks here have been discussing the various approaches for authentication (and authorization?). My take is a quite different: I believe that we are not required to provide details on authentication and authorization for this assignment (I did not). My reasoning is as follows: while the assignment requirements does mention a Login use case it does not provide any details on it. How then can we come up with a login mechanism? For instance, my approach would conceivably be quite different if the authentication is done using database, LDAP or single sign-on (for web clients). I made no assumptions on which approach to take since no information has been provided (I noted it as such). The same goes for authorization as well.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic