• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Jeanne Boyarsky
  • Tim Cooke
Sheriffs:
  • Liutauras Vilda
  • paul wheaton
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Frits Walraven
Bartenders:
  • Piet Souris
  • Himai Minh

XML-RPC over HTTPS requirement for both web and Swing client for Payment

 
Ranch Hand
Posts: 281
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Would appreciate your opinion or comment on my approach for secure communication to the Payment system.

The customer would use web for payment. The web server would be (web) will be configured for HTTPS. As such, all the URL requestes via web will follow HTTPS protocol and web server would be configured for HTTPS. The requests will be HTTPS (from web client) that would invoke business delegate (and Business Tier) to do the payment

On the contrary, as the Travel agents do not have any web interface, the swing version would call Business Delegate (and Business Tier) and use JSSE for secure communication to the Payment system.

Does it seem like a viable approach?

Point I am making is, all requests are HTTPS for web. For Swing, follow JSSE. Obviously, the process of payment is made from the business tier only. Cleint tier does not directly connect to the payment system.
 
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
When you make the request to payment service through business delegate, its not necessary to use HTTPS for web client only. You can always use HTTPS call even from thick client. Also, its not necessary for the architect to accept what a companies CEO/CIO says. You can also argue that Travel Agent uses web intranet client or even internet client. All you have to give is pros and cons and make them buy that. Hope this helps.
 
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi guys,
I've been thinking for a while about the Travel Agent GUI and I'm more and more convinced that I will go for a Java applet.
This allows to build a Rich Interface, can connect easily back to the master host to invoke business tier (shared with the Web client) and make distribution (upgrade and/or new installation) much easier.

Any specific reason why a pure Swing application would be better than an applet? I can't see the elements to say one choice is absolutely better than the other, however lots of candidates seem to go down the Swing root.
What are you thoughts?

Tnx.

Beps
 
pie sneak
Posts: 4727
Mac VI Editor Ruby
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Beppe Catanese:
... and make distribution (upgrade and/or new installation) much easier.


This might be going beyond the scope of the assignment, but have you ever heard of Java Web Start?
 
Beppe Catanese
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Tnx Marc for the reference.

Yes, I have. And I agree it's beyond the scope...
The point I'm trying to make is that I don't see the clear benefits (at least in the FBN scenario) to choose one over the other.

Another tricky aspect of SCEA is that is not clear if you have to stick to J2EE only or make assumptions and extend to other (Java) technology (WebStart ain't J2EE).
 
Ranch Hand
Posts: 88
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Sam, I agree with your solution.
If you use JSSE in EJB, that would be convinient to have two implementations to access TranMaster application.
1. To communicate with the future implementation of TransMaster.
2. This is an optional one. To communicate with the existing TransMaster application. In case TransMaster couldn't provide their new implementation on time, FBN can still run its new version whenever its ready. no need to wait for the TransMaster to complete. It gives flexibility. Pls let me know, how do you feel about my suggestion.

I guess, there shouldn't be any problem using JSSE in EJB.

Thanks,
 
Friends help you move. Good friends help you move bodies. This tiny ad will help:
Free, earth friendly heat - from the CodeRanch trailboss
https://www.kickstarter.com/projects/paulwheaton/free-heat
reply
    Bookmark Topic Watch Topic
  • New Topic