Lipman Li

Ranch Hand
+ Follow
since May 02, 2002
Merit badge: grant badges
For More
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
0
Received in last 30 days
0
Total given
0
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Lipman Li

there're too many authors for the book, every author wrote one or two chapters, and combined them together. so it is hard to see relationships between all the chapters.

this book is not alone, those sort of books alway like that.
18 years ago
let other service, web application be accessed with plain HTTP?

so far I know the only solution is to separate them into 2 WEB applications,
one is accessed with HTTPS, another is accessed with HTTP.

is there any way to make it happen in one application?
19 years ago
so far, there's no any J2EE 1.4 application server available, except J2EE SDK 1.4 RI from SUN. correct me if I'm wrong.

apache Axis is not BP 1.0 compliant currently, its new version 1.2 is under development.

JWSDP 1.4 is better, now supports WS-I Basic Profile 1.1 with Attachments 1.0 and XML and Web Services Security, but is it production quality?

anything else, I can choose? I plan to use web service in my new project.
19 years ago
so far, there's no any J2EE 1.4 application server available, except J2EE SDK 1.4 RI from SUN. correct me if I'm wrong.

apache Axis is not BP 1.0 compliant currently, its new version 1.2 is under development.

JWSDP 1.4 is better, now supports WS-I Basic Profile 1.1 with Attachments 1.0 and XML and Web Services Security, but is it production quality?

anything else, I can choose? I plan to use web service in my new project.
thanks Jasmine, maybe I give some scenario to recount the flow.
I'm using form-based container managed security, and following the tomcat Security How-to docs exactly.
  • 1. At first, user request a protected resources, for example http://localhost:8080/MyApp/protectedresource.jsp
  • 2. container is aware that the requested resource is protected, need user to identify itself by forward the login page to user: https://localhost:8443/MyApp/loginform.jsp
  • 3. At last, user key in correct ID/password, submit to container. the container authenticate the user, and forward to the original request, which is http://localhost:8080/MyApp/protectedresource.jsp


  • the problem is that point 2 did not happen to change HTTP to HTTPS, it still using HTTP, which is http://localhost:8080/MyApp/loginform.jsp, it is configured in web.xml loginform.jsp is CONFIDENTIAL.

    I try another way, if user request URL https://localhost:8443/MyApp/protectedresource.jsp, MyApp is alway using HTTPS, never turn to HTTP.
    19 years ago
    if you want to be sure that you can answer the question correctly, you have to know the thing behind scene.
    business delegate usually talk to Session Facade.
    174 beta questions cover every topic mentioned in exam.
    as this is Beta Test, and there're 174 questions, all mentioned exam objectives are covered.

    I think all Testee will take the same 174 question.
    anybody knows how to do this?
    19 years ago
    as Mr William Brogden is asking, just conclude some point.
    based on J2EE blueprint & my experience , Apache + Tomcat is better approach. there's a strong voice in my mind, Apache is Web server[\B], Tomcat is [B]Application Server. :roll:

    1. Web server usually deployed before DMZ, and application server is
    deployed within private network.

    2. unless your application is not critical, means that it does cost you
    much if it die.

    3. the most simple & available internet attack is DoS.
    I don't know how Tomcat is going to handle this, but I know Apache can
    do some thing.

    4. beside the security reason, I don't know how the application cluster
    could be configured if no web server set up.

    5. anyway, it is your own choice. Tomcat alone can handle the job, and
    everyone feel comfortable with this, specially your customer. then
    tomcat alone is alright.
    There's also a rule, just keep it simple if the simple solution can
    handle the job. as complex solution also introduce more failure points.


    [ May 21, 2004: Message edited by: Lipman Li ]
    19 years ago
    yeah, I remember one guy would take the exam at the same date/time with me.
    never mind, probably we still can meet up later if Sun has another Beta program in future. anyway, Singapore is so small.

    good luck to your exam!

    ooh, sorry, everybody has the same luck, as 174 questions are fixed.


    I thought I could meet somebody up today.

    I did not change the appointment date, took the exam today at Drake, Raffles Quay. spent 3 hours to finish first round, 1 hours review, and
    leave half hour not used.

    I'm not sure if the 174 Beta questions will become most part of question lib for the formal exam. it really cover everything mentioned in exam objectives.

    you could not review the drag & drop questions, the previous answer will be lost if you choose to review.

    some question has typo error.