I have few questions on the way people are approaching part-2 - Is anyone using EJB3 Persistence ? If so, are you showing EntityManager and related classes in the class diagram ? - What level of detail should go in class diagram ? All classes from all tiers ?
So, on a JEE 5 architect examination, could you see a reason NOT to use the EJB3 persistence and an Entity Manager?
I'm being a bit facetious, but I'm not going to have any .Net components on my design, because that probably wouldn't impress the people at Sun too much. Conversely, to not use some of the most important features of JEE 5 in an enterprise architecture, such as JSF or the Entity Manager, well, I'm not saying it would be wrong, but I do think you'd have to have some very strong justifications for your decisions.
Remember, this exam is not only about knowing how to architect a solution, but it's about knowing how to properly leverage the new and important features of JEE 5.
Mark Cade's SCEA book has about 2.5 times the number of classes that the base class diagram provides. He includes about a dozen Java classes, and 3 SLSBs. He mentions "At this point, attributes and operations have not been added to the classes because that information will be done during the detailed design." I've heard the number of classes on people's designs ranging from 20 - 30. Remember, there are no right answers - only wrong answers. As long as you don't get a wrong answer, you're ok.
I noticed no persistence classes or view layer components (servlets) listed on Cade's class diagram. Of course, who knows what type of mark he got on his final submission?
It's not quick, but Java Security is a big topic, and Chapter 5 of Core Security Patterns, which is the J2EE Security Architecture chapter, covers what you need to know in only 56 pages, so that's what I recommend. However, you may need to at least skim chapters 2 (Basics of Security), 3 (The Java 2 Platform security) and 4 (Java Extensible security Architecture and APIs) to fully understand chapter 5.
I don't normally post links to my own posts, but for the second time today one of my old posts applies, so here is the link: Core Security Patterns