• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Login Module and Security

 
Antonio Rafael Rodrigues
Ranch Hand
Posts: 74
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi everyone.
I had three big doubts in my mind, two of them I found answered here on Ranch, specifically to my assignment.
But I didn't see any thread on the third one, maybe it's a problem just for me. Here it goes:

In each Use Case's description, the first step is: The user enters username and password. Seriously, I've never worked in this way, I've always used container managed authentication and when the user has logged one time, there is no need to log again unless the session expires of course.

If I create the login mechanisms by myself, I could force authentication in every screen, but I'd be breaking the best practices. By other side, if I use container managed authentication, I'd be breaking the first step of all use cases. I did a good research here and I saw that most of times they describe the authentication as a global service and it's not my case.

I thought about writing a assumption, saying that the username and pass wouldn't be requested if the user was authenticated already. But I'd be breaking my own rules: "Stay true to the use cases."

Do you think it's acceptable to make this assumption?

Thanks in advance.
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 35279
384
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The use cases are written as if they are all happening independently. Of course this is not how it really works as you know. What I did in my assignment was write a "helper" use case for login. That way I was still designing the functionality, but it was polluting each use case. I didn't use container managed authentication in the assignment though as I thought that would be oversimplification of the problem Some websites (such as this one) do have to do login security by themselves.
 
Antonio Rafael Rodrigues
Ranch Hand
Posts: 74
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello Jeanne, thank you again.
It's good read that. That point of view is the most sensate, for sure.
But I found it very strange since all the people that I heard about the assignment told that the login wasn't described as mine. I thought that mine had a particular reason to be in that way.
 
Mike Degteariov
Ranch Hand
Posts: 145
8
Java Mac MySQL Database Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello Antonio,

Jeanne is right saying that use cases should start clean - assuming that the actor never used this computer before, the first step is signing in.
In my use cases, the first step is "The user logs in to the system".
I think that in your case it is an explicit requirement to provide password-based authentication (either JAAS container-based, which I would prefer, or application-based) -
as opposed to, say, certificate-based authentication.
 
Raghavendra Hegde
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Antanio, my assignment also had use cases which was mentioning login in each use case.

I had put an Action class, Business class & DAO each for login flow. No need to provide implementation level details there. Just one login method will do.
Also, I had kept one small separate sequence diagram for login flow even though there was no such use case in the assignment. Mentioned the same in my notes list.

I passed OCMJEA this month with a score of 149
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic