Would appreciate your opinion or comment on my approach for secure communication to the Payment system.
The customer would use web for payment. The web server would be (web) will be configured for HTTPS. As such, all the URL requestes via web will follow HTTPS protocol and web server would be configured for HTTPS. The requests will be HTTPS (from web client) that would invoke business delegate (and Business Tier) to do the payment
On the contrary, as the Travel agents do not have any web interface, the swing version would call Business Delegate (and Business Tier) and use JSSE for secure communication to the Payment system.
Does it seem like a viable approach?
Point I am making is, all requests are HTTPS for web. For Swing, follow JSSE. Obviously, the process of payment is made from the business tier only. Cleint tier does not directly connect to the payment system.
When you make the request to payment service through business delegate, its not necessary to use HTTPS for web client only. You can always use HTTPS call even from thick client. Also, its not necessary for the architect to accept what a companies CEO/CIO says. You can also argue that Travel Agent uses web intranet client or even internet client. All you have to give is pros and cons and make them buy that. Hope this helps.
Hi guys, I've been thinking for a while about the Travel Agent GUI and I'm more and more convinced that I will go for a Javaapplet. This allows to build a Rich Interface, can connect easily back to the master host to invoke business tier (shared with the Web client) and make distribution (upgrade and/or new installation) much easier.
Any specific reason why a pure Swing application would be better than an applet? I can't see the elements to say one choice is absolutely better than the other, however lots of candidates seem to go down the Swing root. What are you thoughts?
Yes, I have. And I agree it's beyond the scope... The point I'm trying to make is that I don't see the clear benefits (at least in the FBN scenario) to choose one over the other.
Another tricky aspect of SCEA is that is not clear if you have to stick to J2EE only or make assumptions and extend to other (Java) technology (WebStart ain't J2EE).
Sam, I agree with your solution. If you use JSSE in EJB, that would be convinient to have two implementations to access TranMaster application. 1. To communicate with the future implementation of TransMaster. 2. This is an optional one. To communicate with the existing TransMaster application. In case TransMaster couldn't provide their new implementation on time, FBN can still run its new version whenever its ready. no need to wait for the TransMaster to complete. It gives flexibility. Pls let me know, how do you feel about my suggestion.
I guess, there shouldn't be any problem using JSSE in EJB.
