Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

1z0-865 Security Assumption

 
Sergio Figueras
Ranch Hand
Posts: 56
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi folks,

In my battle against 1z0-865 assignment, I've another question about assumptions.

My assignment explicitly says that security is a concern, in assignment's business model is not provided an user entity or anything about security. But my use cases mentions about login.

So, I've developed a simple authentication using an User entity, but I don't believe that rewrites the wheel and solely that would provide security for me.

I was thinking if can I assume that there's an enterprise authentication system, which I can connect and retrieve authentication and authorization, instead of stay with my current model (AuthenticationService, UserDAO, User).

Can I assume that there's an external authentication and authorization system? What's better to do?

Best,

Sergio.
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 35279
384
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If your assignment gives some indication the business is large enough to have one, that makes sense. (and most should be). If not, you can always do a basic LDAP one.

You wouldn't see anything in the provided entity list about security because it isn't a business entity. It is a technical feature that is important.
 
Sergio Figueras
Ranch Hand
Posts: 56
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Jeanne Boyarsky wrote:If your assignment gives some indication the business is large enough to have one, that makes sense. (and most should be). If not, you can always do a basic LDAP one.

You wouldn't see anything in the provided entity list about security because it isn't a business entity. It is a technical feature that is important.


Thanks for your answer Jeanne!

I'll assume a CAS server to provide security.

Best,

Sergio.
 
Mike Degteariov
Ranch Hand
Posts: 145
8
Java Mac MySQL Database Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Sergio,

Does your assignment mention entites that can extend abstract User, like Employee or Customer ?
If so, then you can implement a common parent JPA entity User for db-based authentication.
 
Sergio Figueras
Ranch Hand
Posts: 56
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Mike Degteariov wrote:Hi Sergio,

Does your assignment mention entites that can extend abstract User, like Employee or Customer ?
If so, then you can implement a common parent JPA entity User for db-based authentication.


Hi Mike,

Thanks for your reply! .

My assignment says "login of purchasing agents" and says that "security is a key requirement". As it is a company broker of gems, it doesn't seems to me there's a good security approach use a simple db login based, because there're other systems (recently, this company bought a inventory system made in Java).
 
Mike Degteariov
Ranch Hand
Posts: 145
8
Java Mac MySQL Database Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Sergio,

One of responsibilities of the architect is to gather all business requirements and translate them to the architecture.

The architecture created will then be given to development teams to implement.

I guess my question is: do you business requirements contain the information about external authentication mechanism that you should use ?

If the answer is yes, then yes, you are done.

But if the answer is no, how can you assume that the system is there when, in fact, it is not there ? Where those who will have to implement your solution will take the authentication system that does not exist ?

 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic