• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

XML-RPC over HTTPS requirement for both web and Swing client for Payment

 
Sam Gehouse
Ranch Hand
Posts: 281
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Would appreciate your opinion or comment on my approach for secure communication to the Payment system.

The customer would use web for payment. The web server would be (web) will be configured for HTTPS. As such, all the URL requestes via web will follow HTTPS protocol and web server would be configured for HTTPS. The requests will be HTTPS (from web client) that would invoke business delegate (and Business Tier) to do the payment

On the contrary, as the Travel agents do not have any web interface, the swing version would call Business Delegate (and Business Tier) and use JSSE for secure communication to the Payment system.

Does it seem like a viable approach?

Point I am making is, all requests are HTTPS for web. For Swing, follow JSSE. Obviously, the process of payment is made from the business tier only. Cleint tier does not directly connect to the payment system.
 
Yogaraj Jayaprakasam
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
When you make the request to payment service through business delegate, its not necessary to use HTTPS for web client only. You can always use HTTPS call even from thick client. Also, its not necessary for the architect to accept what a companies CEO/CIO says. You can also argue that Travel Agent uses web intranet client or even internet client. All you have to give is pros and cons and make them buy that. Hope this helps.
 
Beppe Catanese
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi guys,
I've been thinking for a while about the Travel Agent GUI and I'm more and more convinced that I will go for a Java applet.
This allows to build a Rich Interface, can connect easily back to the master host to invoke business tier (shared with the Web client) and make distribution (upgrade and/or new installation) much easier.

Any specific reason why a pure Swing application would be better than an applet? I can't see the elements to say one choice is absolutely better than the other, however lots of candidates seem to go down the Swing root.
What are you thoughts?

Tnx.

Beps
 
Marc Peabody
pie sneak
Sheriff
Posts: 4727
Mac Ruby VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Beppe Catanese:
... and make distribution (upgrade and/or new installation) much easier.

This might be going beyond the scope of the assignment, but have you ever heard of Java Web Start?
 
Beppe Catanese
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Tnx Marc for the reference.

Yes, I have. And I agree it's beyond the scope...
The point I'm trying to make is that I don't see the clear benefits (at least in the FBN scenario) to choose one over the other.

Another tricky aspect of SCEA is that is not clear if you have to stick to J2EE only or make assumptions and extend to other (Java) technology (WebStart ain't J2EE).
 
Makesh Kumar Ramakrishnan
Ranch Hand
Posts: 88
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sam, I agree with your solution.
If you use JSSE in EJB, that would be convinient to have two implementations to access TranMaster application.
1. To communicate with the future implementation of TransMaster.
2. This is an optional one. To communicate with the existing TransMaster application. In case TransMaster couldn't provide their new implementation on time, FBN can still run its new version whenever its ready. no need to wait for the TransMaster to complete. It gives flexibility. Pls let me know, how do you feel about my suggestion.

I guess, there shouldn't be any problem using JSSE in EJB.

Thanks,
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic