• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

A few questions about component diagrams

 
Mike Degteariov
Ranch Hand
Posts: 145
8
Java Mac MySQL Database Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hey Ranchers,

I think I can use some help with component diagram.

1. What tier to put FacesServlet to ?

The reason to include it into component diagram is that, while it is not used directly,
an assignments explicitly says that servlets should be included in component diagram, and FacesServlet is a servlet, after all.
So if we include it: where should it go ? It certainly does not belong to the business, persistence, or integration tier.
I think it does not belong to resource tier either - so, should it go to Presentation tier ? Or should it be just put on a side, outside of all tiers ?

Or maybe it should not be a part of component diagram at all ?
The reason not to include it is that it is provided by container, and we do not put everything provided by container into component diagram.

So can you tell me, how do/did you handle FacesServlet in your component diagram ?

2. What to do with JAAS/container managed security ?

My solution has a JAAS with DB login module and form-based authentication.
All container-managed, based on container configuration (realms, roles, configuration of DB login module), web application configuration (login and error pages, security-constraint, login-config, and security-role to web.xml) and annotations for authorization on EJBs.

So my security implementation is spread across different parts:
code and views (annotations in EJBs, login and error pages), config files that are part of application (web.xml), and config files that belong to container.
This is all wired together by container, and this thread suggests to have a "security" component in Component diagram.

So I guess my questions are:
2.1 Do you think that "Security", or, probably, "container-managed security" component should be created, to hold all the security-related configuration changes that were implemented on container level ? If so, what tier should this component belong to ?
2.2 Do you think that another component - "web security" should be added to presentation tier, to include security-related changes in web.xml, along with security related pages (login page, error page) ?
2.3 Most importantly, how did you implement security in your component diagram ?


Your help is appreciated !
 
Andres Olarte
Ranch Hand
Posts: 46
2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Mike,

1- If you feel inclined to list it, I would put it in the presentation layer. All servlets are presentation components after all. However, I personally don't think listing this servlet is a must, specially if you're showing your facelets. The FacesServlet is one of those things you get for "free" when you use a container, and while you do have declare it in the web.xml, I still feel it's part of the container.

2.1 and 2.2 I wouldn't create a "security" component. I would list the relevant parts of the security framework that you provide. For example. the login.jsp in the presentation layer. A LoginModule in the business tier, etc.
2.3 In my case, I didn't address security in my component diagram. I did have some of the parts of the security system in my component diagram. For the most part there I described my security strategy in separate security section. My security section was mostly text, with a few simple diagrams to explain the trickier parts.
 
Mike Degteariov
Ranch Hand
Posts: 145
8
Java Mac MySQL Database Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you Andres.

I think I will not include FacesServlet and Security component into component diagram, and will put a comment to the diagram justifying this decision.

I was also going to create a separate page for security considerations, I am glad we think the same way.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic