Enterprise Java Development@TOPIC@
Your project will be graded primarily on the demonstration ability to implement concepts covered in this portion of the course. A perfect score will need to implement the full end-to-end scenario. A passing score will need to make sure to cover the grading criteria outlined below within the partial end-to-end implemented.
README provided that describes where each requirement satisfied and describes the non-obvious: 10pts total
Projects cleanly builds with Maven and deploys required modules: 10pts total
Project cleanly builds the required modules (JAR, EJB, WAR, and EAR) with Maven: 5pts
Tests are based on provided Wildfly configuration files (no rogue users): 3pts
Server-side tests do not rely on DB residue from unit tests: 2pts
Project 1 and 2 functionality: 5pts total
Client Security Login: 10pts total
Demonstrated ability to authenticate a client call using JNDI and RMI: 3pts
Demonstrated ability to detect that a client RMI call was unauthorized: 2pts
Demonstrated ability to authenticate a client call using HTTP and JAX-RS: 3pts
Demonstrated ability to detect that a client JAX-RS call was unauthorized: 2pts
EJB Security: 10pts total
Demonstrated use of declarative EJB access restrictions: 2pts
Demonstrated use of programmatic EJB access restrictions: 2pts
Demonstrated acceptance of an authenticated and authorized caller: 2pts
Demonstrated ability to determine the authenticated identity of an EJB caller: 2pts
Demonstrated denial of an unauthorized caller: 2pts
WAR Security: 10pts total
Demonstrated ability to have an HTTP URI client caller identity authenticated: 5pts
Demonstrated proper denial of an unauthorized HTTP URI client caller: 5pts
JavaEE Interceptors/Validator: 10pts total
Demonstrated ability to configure a JavaEE Interceptor around an EJB call: 4pts
Demonstrated ability to isolate the business and DAO logic from DTO validation: 3pts
Demonstrated denial of a call containing an DTO failing javax.validation: 3pts
JMS Message: 5pts total
Demonstrated ability to design JMS message to carry a portable payload: 3pts
Demonstrated ability to design a JMS message to be filtered by a selector: 2pts
EJB JMS Publisher: 5pts total
Demonstrated ability to inject JMS resources: 2pts
Demonstrated ability to construct a JMS message: 1pts
Demonstrated ability to publish a JMS message: 2pts
EJB MDB Subscriber: 5pts total
Demonstrated ability to receive a JMS message using an MDB: 2pts
Demonstrated ability to configure an MDB to filter JMS messages based on a selector: 2pts
Demonstrated ability to extract a portable payload from a JMS message: 1pts
EJB Timers: 10pts total
Demonstrated ability to declare an EJB callback method for a timer: 2pts
Demonstrated ability to define a timer to callback an EJB method: 5pts
Demonstrated ability to complete an EJB Timer callback: 3pts
End-to-End Integration Test: 10pts total
Clean, easy to follow, sequence of steps through the end-to-end flow demonstrated: 10pts
The following table contains examples of where projects have lost points in the past. Of course, each project submitted can introduce new issues or different severity levels of the same issues. Do not treat this as a complete list.
Table 29.1. Sample Lost Points
| README | |||
|---|---|---|---|
| The WebUI is hard to navigate (fine) but README offered no assistance | 5 |
| Projects cleanly builds with Maven | |||
|---|---|---|---|
| Using rogue users that are not part of the standard class setup in your end-to-end. | 3 | ||
| Initial build fails. Looks to depend on DB schema bleedover between unit and IT tests. | 2 |
| Project 1 and 2 functionality | |||
|---|---|---|---|
| Second application being deployed as EAR and not WAR | 2 | ||
| Relying on persistence unit to create schema -- thus blowing away all DB data on deployment | 2 | ||
| Missing scenario feature (e.g., wrong data) from project 2 end-to-end scenario. | 1 | ||
| Attempting to set the state of a @Stateless EJB. What do you think will happen to that state when you get a different bean instance the next time you call? | 2 | ||
| Not self managing schema. With the end-to-end having resetAll() in place, why did you rely on the JPA provider to initialize your schema? | 1 |
| Client Security Login | |||
|---|---|---|---|
| EJB Security | |||
|---|---|---|---|
| Using credential logins for the JMS Connection from EJBs -- versus leveraging the @RunAs role | 1 | ||
| Not relying on declaritive security to perform the role checks. You are also having the caller authorized for the role supply instance-specific information. For example, any division coordinator is allowed to report the score for any division. | 2 | ||
| Not constraining authorized caller to manage only their information. Caller is passing references to information using identifiers that could be associated with any user versus "manage my stuff". By relying on those identifiers you are allowing them to "manage that stuff which may or may not be my stuff". | 3 | ||
| EJB module not being associated with a specific security-domain. Relying on defaults. | 2 | ||
| @RunAs takes a role -- not a principal | 1 |
| WAR Security | |||
|---|---|---|---|
| Requiring login to pages that should allow anonymous access. | 1 | ||
| WAR is not properly locked down. | 2 | ||
| Mixed use of BASIC and FORM. When signing in to perform action a Basic authentication popup appears and logout no longer functions, need to close browser to log out. |
| EJB JMS Publisher | |||
|---|---|---|---|
| Copied provided example wholesale and did not adjust to be your solution (e.g., features specific to the example are not required for project, comments specific to example are not appropriate for a project solution). | 2 | ||
| Not closing resources (JMS 1.1) This eventually exhausts resources over time. | 2 | ||
| Could not find testing of this anywhere to makeup for the fact that the end-to-end was not implemented | 2 |
| EJB MDB Subscriber | |||
|---|---|---|---|
| Not implemented | 10 | ||
| Using System.out versus logging framework or better error reporting | 1 |
| Java SE JMS Listener | |||
|---|---|---|---|
| Did not provide your subscriber any credentials to interact with the server. | 2 | ||
| Didn't work out of box. JMS topic mis-named | 1 |
| EJB Timers | |||
|---|---|---|---|
| It would be a better design to treat the timer() callback as an interface facade and not the triggering implementation mechanism. You have combined EJB Timer, JMS publishing, and business logic within a single method. | 0 |
| End-to-end Integration Test | |||
|---|---|---|---|
| Your configuration made it hard to run the end-to-end scenario in a debugger. All JNDI names and properties were solely expressed in the pom.xml rather than having suitable defaults in the IT test and overrides from the pom.xml. With that type of setup you did not have your pom.xml and surefire setup to allow remote debugging. | 2 | ||
| Poluted, hard to follow, too much extra stuff | 2 | ||
| Missing resetAll and populate at start of scenarios | 5 | ||
| Missing step X | 1 | ||
| No. I want different functionality in this step | 1 |