Help coderanch get a
new server
by contributing to the fundraiser
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

1z0-865 Security Assumption

 
Ranch Hand
Posts: 56
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi folks,

In my battle against 1z0-865 assignment, I've another question about assumptions.

My assignment explicitly says that security is a concern, in assignment's business model is not provided an user entity or anything about security. But my use cases mentions about login.

So, I've developed a simple authentication using an User entity, but I don't believe that rewrites the wheel and solely that would provide security for me.

I was thinking if can I assume that there's an enterprise authentication system, which I can connect and retrieve authentication and authorization, instead of stay with my current model (AuthenticationService, UserDAO, User).

Can I assume that there's an external authentication and authorization system? What's better to do?

Best,

Sergio.
 
author & internet detective
Posts: 41945
911
Eclipse IDE VI Editor Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If your assignment gives some indication the business is large enough to have one, that makes sense. (and most should be). If not, you can always do a basic LDAP one.

You wouldn't see anything in the provided entity list about security because it isn't a business entity. It is a technical feature that is important.
 
Sergio Figueras
Ranch Hand
Posts: 56
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Jeanne Boyarsky wrote:If your assignment gives some indication the business is large enough to have one, that makes sense. (and most should be). If not, you can always do a basic LDAP one.

You wouldn't see anything in the provided entity list about security because it isn't a business entity. It is a technical feature that is important.



Thanks for your answer Jeanne!

I'll assume a CAS server to provide security.

Best,

Sergio.
 
Ranch Hand
Posts: 145
8
Mac MySQL Database Java Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Sergio,

Does your assignment mention entites that can extend abstract User, like Employee or Customer ?
If so, then you can implement a common parent JPA entity User for db-based authentication.
 
Sergio Figueras
Ranch Hand
Posts: 56
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Mike Degteariov wrote:Hi Sergio,

Does your assignment mention entites that can extend abstract User, like Employee or Customer ?
If so, then you can implement a common parent JPA entity User for db-based authentication.



Hi Mike,

Thanks for your reply! .

My assignment says "login of purchasing agents" and says that "security is a key requirement". As it is a company broker of gems, it doesn't seems to me there's a good security approach use a simple db login based, because there're other systems (recently, this company bought a inventory system made in Java).
 
Mike Degteariov
Ranch Hand
Posts: 145
8
Mac MySQL Database Java Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Sergio,

One of responsibilities of the architect is to gather all business requirements and translate them to the architecture.

The architecture created will then be given to development teams to implement.

I guess my question is: do you business requirements contain the information about external authentication mechanism that you should use ?

If the answer is yes, then yes, you are done.

But if the answer is no, how can you assume that the system is there when, in fact, it is not there ? Where those who will have to implement your solution will take the authentication system that does not exist ?

 
In the renaissance, how big were the dinosaurs? Did you have tiny ads?
We need your help - Coderanch server fundraiser
https://coderanch.com/t/782867/Coderanch-server-fundraiser
reply
    Bookmark Topic Watch Topic
  • New Topic