This week's book giveaway is in the Java in General forum.
We're giving away four copies of Beginning Java 17 Fundamentals: Object-Oriented Programming in Java 17 and have ishori Sharan & Adam L Davis on-line!
See this thread for details.
Win a copy of Beginning Java 17 Fundamentals: Object-Oriented Programming in Java 17 this week in the Java in General forum!

Christian Nicoll

Ranch Hand
+ Follow
since Mar 09, 2008
Cows and Likes
Total received
In last 30 days
Total given
Total received
Received in last 30 days
Total given
Given in last 30 days
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Christian Nicoll

Hi Anton

thanks a lot for your input.

For all the others, I'm done, so I don't expect any additional inputs concerning this question.

Thanks for the feedback.
Thank you for answering.

K. Tsang wrote:Are your users be accessing a web app or desktop UI?

Users will access the system over a web app. However from my point of understanding this doesn't really makes a difference, because I don't want that on each local machine is a VPN client installed. Instead of this VPN means for me in this context a Site-to-Site VPN (or Gateway-to-Gateway-VPN).

K. Tsang wrote:Is a VPN server or the like needed? I let you do some research or ask your company support staff what is needed to support VPN.

What I found out so far is that there is no dedicated VPN server, instead in each connected network does a gateway (router) exists who is able to create and maintain this VPN tunnel. Additional effort and complexity can occurs if there is an overlapping between the new virtual network and the existing networks, and so extensive natting might be required.


I'm a bit unsure for the security aspects of my assignment. I've to build a new solution with different servers and have to ensure that employees of let's say 30 different networks all around the world are able to access the new system. Important to note is that the users are limited to those networks, and that no other people should be able to access the new system. I see generally two approaches for doing it, The first one would be to make the solution on a network level available for any device on the web and to restrict the access over user+pwd and a second factor (like SMS code). All network traffic would be in this approach encrypted over https. The second approach would be to create for each of the 30 networks a VPN tunnel to my new network system. In a specific would here user+pwd with the VPN tunnel also a strong second factor.

Does someone has also used a VPN solution in his assignment and passed ? What is about the running costs for VPN? For solution 1 a thing like the SMS server would definitely produce some costs...

Thanks for your input. I've thought also a bit more about it and I would definetly go with the SLSB. For an MDB I need an onMessage() method which doesn't make sense in this scenario. Further in the SLSB I would be able to annotate also private methods with timer-based annotations to ensure that they can't be called directly.
Thanks for your input. In real life I totatly agree with you, that the solution can be also something else than Java. For the context of my questions, let's not overthink it and see it more from the part 1. If you have the possibilities MDB and SLSB, which one is better suited, and why?
From my perspective, also after checking the (OWSAP) links, 2a is the better solution than 2b.

What do you think?
5 years ago

let's image that an cloud provider wants to send each day the price of the last 24 hours to their customers. The whole business logic for calculating this value and sending it to the customer is out of scope. Let's concentrate on the possibilities how such 24h timer service can be implemented through an EJB. From my understanding this is either possible through a message driven bean (MDB) or a stateless session bean (SLSB). The  SLSB is for me the better choice because no messaging system is involved. On the other hand I read that an MDB will never be called directly from a client, which is also good for this requirement, and for an SLSB this is not true. Still, I would go with the SLSB.

What is your choice?

Currently I'm preparing my second shot, and therefore I've created my own notes.

Any feedback is welcome.

Thanks a lot for your feedback Matt.
5 years ago

more than 6 years ago I worked last time with JSF 1.2. At this time the default validation mechanism just happened at the server and not a the client. If someone would like to add an additional client-side validation through Ajax, he was responsible to implement it on his own. Is this with JSF 2.0 still the case, or is there something like an automated client-side validation that would also generate this JavaScript code? Finally this would mean from my understanding that the same checks would executed twice (at client- and at server-level).

Thanks for your response!

I've the same understanding. Based on this, the statement "Having such data stored in HTTP session will most likely reduce (network) performance because of transfer the data back and forth each time. " doesn't make much sense for me, because also the (same) POJO data of the EJB would have to been transferred to the client. Further if the Web container and the EJB container runs on two different machines additional network traffic would be required between those two machines that would not be required if the httpSession would be used instead of a stateful session bean.

To sum it up, I still find it hard to find good reasons in this case to use an EJB instead of the httpSession.
Hello K. Tsang

thanks for your fast response.

K. Tsang wrote:Stateless session bean and entity bean are out.

Now the question mentioned "huge" amount of data. Now HTTP session is in the web tier, and stateful session bean in the EJB tier.

Sa far, I'm totally with you. I've the same understanding

K. Tsang wrote:Having such data stored in HTTP session will most likely reduce (network) performance because of transfer the data back and forth each time.

I don't understand this point. Why should the data being transferred back and forth each time? Do you mean between the Web tier and the client? My understanding is that only the session ID will be exchanged between the client and the server, but the session data will be stay on the server. Further with just using the httpSession I don't see the need to have an EJB container, therefore I don't see there also not a potential data transfer way. I would be happy if you could explain this point a bit more.


I found the following question (

You are responsible for architecting an application for car agents. The application should save a lot of effort to its users. Instead of traversing about 30 commerce sites to check the new car offers, the application will collect these offers and render the list to the agent in one page. The agent will also be able to buy the car through this application directly.
You expect a limited number of users to get access to the application. And for performance reasons you have to cache huge amount of data collected from the various commerce sites that must be maintained during the user session that spans the regular day working hours.

What is recommended to use in this case to maintain the user session?

1) httpSession
2) stateful session bean
3) entity bean
4) stateless session bean

I don't see here the requirement of using an stateful session bean and have chosen httpSession, which is false. What have I overseen?

Kind regards,
No thoughts about those points? Is it perhaps not that clear at all?