Help coderanch get a
new server
by contributing to the fundraiser

Yi Meng

Ranch Hand
+ Follow
since May 07, 2003
Merit badge: grant badges
For More
Cows and Likes
Total received
In last 30 days
Total given
Total received
Received in last 30 days
Total given
Given in last 30 days
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Yi Meng

i am using jboss as 4.2

I can explicitly authenticate & authorize a subject, but how do i associate it to the current user?

16 years ago
ok, let me phrase it in another way, my questions are:

1. how to store the client cert securely on client's pc?

2. how to detect if the client cert has been copied to another pc?
16 years ago

I intend to distribute my rich client application with a client cert so that they can subsequently connect to the server using client-cert authentication and then authorization...

The app is supposed/licensed to run from only one computer, but i also don't want to have an installation key kinda stuff. So I would like to ensure this by only allowing connection from one computer per cert.

Naturally, or ideally, the best would be that i store the client's MAC address when it makes first connection to the server and subsequently deny access from any other MAC addresses for this cert. But i suppose i have no way to get the client's MAC.

So, anyone got a suggestion? thanks
16 years ago
as lazy as me....and scored as high as me as well...

Originally posted by Jibu Thomas:
SCEA looks for a design that supports both web and application clients.
BTB, AA, Please give your name


And in the real world, i do expect thick client to act faster than the web client and travel agents do need that speed differences. In addition, thick client allows local system/hardware pheripirals integration.
As you may already be aware that Business Delegate is used between Systems ...not just between UI and Business layers..

Therefore, what if FBN switches to a different credit card gateway later on?

Originally posted by Sam Gehouse:
I will appreciate your input on the questions below.

Question 1) Is my understanding below correct?

Travel Agent : Uses thick client Java app for Freq Flyer and Booking Travel.

Customer : Uses web client for Freq Flyer, Booking Travel and Payment.

Is this correct?

Question 2) What client (web or thick) does the Travel Agent use for making payment for the customer.

The requirement says that the new TransMaster payemnt system will use XML-RPC over HTTPS.

Does that mean that the Travel Agent will switch to web client for making payment for the Customer? Or, should the Customer use thick client for making payment??

HTTPS has nothing to do with web client. And it does not seem logical for the travel agent to switch between systems.

3) If the Travel Agent has to use thick client (Swing) for making payment, is it sufficient to mention that the Swing client will use JSSE?

What would be other approaches to connect to TransMaster payment system securely from the Swing client?

I would say yes, typically an HttpUrlConnection will do.

4) Need your opinion on if it is still needed to show Business Delegate for each of the apps (web and Swing)?

The web client app (created for Customer) and Swing client app (created for Customers) are two separate apps. These two apps are deployed separately.

My design is:

UI -> Controller -> StatelessSessionEJB (SLSB)->DAO.

For web app (used by Customers), UI is JSP, and Controller is Servlet.
For non-web thick client (used by Travel Agent), UI is Swing and Controller is POJO. However, both the Swing app and web app use the same SLSB and DAO.

Is there still any need to introduce Business Delegate in between UI and Controller for each of the web app and the Swing app?

Business Delegate does decoupling of presentation and SLSB. I believe that my Controller does that. Business delegate is the strong solution if different flavors of UI clients (e.g. thick client, web and others) try to connect to SLSB (stateless Session EJB). However, as both the apps (Swing and web) are deployed separately, do I still have any need to show Delegate pattern for each of the apps (Swing and web)?

You have to make your own decision and justify whether or not to use the Business Delegate pattern and clearly state it in your submission. As for whether or not to show it in the diagrams, i would say optional.

5) Do I need to show UI classes in Class diagram?

The UI classes are JSP for web and Swing for thick client. As I read the difference between class and Componet diagram,it is valid to show JSP in Component diagram. In the same token, it is valid to show Swing classes in Class diagram.

That being said, should I show UI components in both Class and Componet Diagram?

In Class diagram, the UI would refer to Swing classes. In Component diagram, the UI would refer to JSP.

Is my assumption correct?

i would say optional....nothing much as UI implementations are pretty standard. The technologies themselves are well architected for implementation.

6) Are both Travel Agent and ustomer ators for all the 4 Use Cases (for which Sequence Diagrams need to be drawn)?

I ask the question because, the the Brief Description says the actor is both Travel Agent and Customer. In the Flow of Events, it only mentions Customer.

From the system point of view, there is no difference between Travel Agent and Customer, just that they act through different UI.

7) Can I show all the other classes (Controller, DAO, SLSB etc.) in the Class diagram?

Or, does the Class diagram require me to show only the domain types classes and their extensions only?

I think Cade's diagrams are excellent for this certification
[ May 07, 2007: Message edited by: Yi Meng ]

Originally posted by Lakshmi Kalidindi:
Thanks for your suggetions.
Yesterday I passed SCEA level 1. Can you pl advice me how to start with
for Level 2. I would appreciate if you can send me any links or material which you used for your preparation.

If you have real world experience, then just read through Cade's book about the sample project and follow similarly.

If you are not confident, then there are a lot links in for you. I don't have a single secret one Most importantlt for you to pass this part 2/3, you need a fair understanding of j2ee design patterns and network protocols.

Originally posted by dinesh pande:
I have'nt seen any other SCEA who has used JMS as part of their assignment.

Just curious, how could you know?

When uploading your assignment, some candidates experience problems uploading files greater than a 1000K. We suggest optimizing the graphics to reduce the file size to between 200k and 400k.
If the password you have created contains the # sign, please create a new password without the # sign as this may possibly cause problems when you are trying to upload your assignment.

Please be aware that you are allowed only one upload. Make sure to review your assignment thoroughly prior to uploading it. Should you need to upload a revised version of your assignment before it is graded
or if you fail the assignment, you will need to contact your local Sun office to pay the respective resubmisson fee.

You cannot pass part II without writing part III paper

As most will say, as long as you did the assignment on your own, you are ready for part III.
Read Cade's book again and again!

You will find the difference betwenn yours and Cade's or you should not have failed otherwise.
I believe there is no such thing called web services when this SCEA certification exam was first released.

However, it may help if you can leverage Web Services in the design appropriately given its popularity today.

Originally posted by Sam Gehouse:
Can I produce separate sequence diagrams for swing client and web client for each use use?

Agree or not, access to business services should be unified through one single interface regardless of that whether the request comes from a web client or swing client, and there is simply no need for you to have sepatate diagrams.

Originally posted by Subramanian Narayanaswamy:
Just to add on to this discussion - what is the impact of using a stateful session bean with a DAO ? Why is it a bad practice - or is it just that stateless session + DAO is better than stateful session + DAO?

IMHO, It does not matter to the DAO, if your design mandates you to use a SFSB and that SFSB needs to do some db stuff, just go ahead with SFSB+DAO.

But since DAOs are just POJOs, you prabably want to have a SLSB as a gatewate to all the DAOs and also have a single point where transaction attribute can be configured and controled......

so it becomes SFSB->SLSB->DAO