Win a copy of Spring Boot in Practice this week in the Spring forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Liutauras Vilda
  • Henry Wong
  • Devaka Cooray
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Al Hobbs
  • Carey Brown
Bartenders:
  • Piet Souris
  • Mikalai Zaikin
  • Himai Minh

1z0-865 Security Assumption

 
Ranch Hand
Posts: 56
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi folks,

In my battle against 1z0-865 assignment, I've another question about assumptions.

My assignment explicitly says that security is a concern, in assignment's business model is not provided an user entity or anything about security. But my use cases mentions about login.

So, I've developed a simple authentication using an User entity, but I don't believe that rewrites the wheel and solely that would provide security for me.

I was thinking if can I assume that there's an enterprise authentication system, which I can connect and retrieve authentication and authorization, instead of stay with my current model (AuthenticationService, UserDAO, User).

Can I assume that there's an external authentication and authorization system? What's better to do?

Best,

Sergio.
 
author & internet detective
Posts: 41185
848
Eclipse IDE VI Editor Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If your assignment gives some indication the business is large enough to have one, that makes sense. (and most should be). If not, you can always do a basic LDAP one.

You wouldn't see anything in the provided entity list about security because it isn't a business entity. It is a technical feature that is important.
 
Sergio Figueras
Ranch Hand
Posts: 56
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Jeanne Boyarsky wrote:If your assignment gives some indication the business is large enough to have one, that makes sense. (and most should be). If not, you can always do a basic LDAP one.

You wouldn't see anything in the provided entity list about security because it isn't a business entity. It is a technical feature that is important.



Thanks for your answer Jeanne!

I'll assume a CAS server to provide security.

Best,

Sergio.
 
Ranch Hand
Posts: 145
8
Mac MySQL Database Java Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Sergio,

Does your assignment mention entites that can extend abstract User, like Employee or Customer ?
If so, then you can implement a common parent JPA entity User for db-based authentication.
 
Sergio Figueras
Ranch Hand
Posts: 56
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Mike Degteariov wrote:Hi Sergio,

Does your assignment mention entites that can extend abstract User, like Employee or Customer ?
If so, then you can implement a common parent JPA entity User for db-based authentication.



Hi Mike,

Thanks for your reply! .

My assignment says "login of purchasing agents" and says that "security is a key requirement". As it is a company broker of gems, it doesn't seems to me there's a good security approach use a simple db login based, because there're other systems (recently, this company bought a inventory system made in Java).
 
Mike Degteariov
Ranch Hand
Posts: 145
8
Mac MySQL Database Java Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Sergio,

One of responsibilities of the architect is to gather all business requirements and translate them to the architecture.

The architecture created will then be given to development teams to implement.

I guess my question is: do you business requirements contain the information about external authentication mechanism that you should use ?

If the answer is yes, then yes, you are done.

But if the answer is no, how can you assume that the system is there when, in fact, it is not there ? Where those who will have to implement your solution will take the authentication system that does not exist ?

 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic