Design Patterns: (Add to DP.txt) - Questions involved Iterator, Mediator, and what patterns is the EJB Home interface ("official" answer is Abstract Factory although to me it should be Factory Method). - Patterns examples. - Proxy: EJB, RMI - Bridge: JNDI, Business Delegate - Facade: SessionFacde - Iterator: Resultset - AbstractFactory: EJBHome - http://www.javaworld.com/javaworld/jw-01-2001/jw-0112-singleton.html - http://developer.java.sun.com/developer/technicalArticles/J2EE/patterns/ Worldwide Institute of Software Architects (WWISA) http://www.wwisa.org/ defines the role of the software architect in this way: The architect understands the wants and needs of the client, designs a solution, communicates that design to the client for approval and to the builder for construction. The architect then superintends construction to ensure the client expectations are met and that disputes or changes are appropriately managed ** Order of this file (TOC): - SCEA Objectives - Part 1: Topics, number of questions, description - Part 2 - Part 3 - Courses found at Sun'ed for SCEA - DNS Round robin (RR) - Security - VPN - Legacy Connectivity - Messaging - Protocols - Internationalization / Localization - Guidelines / Advice - Sample Questions - Links - Books - Todo ** SCEA Objectives: 1. List the required classes/interfaces that must be provided for an EJB. 2. Distinguish stateful and stateless Session beans 3. Distinguish Session and Entity beans 4. Recognize appropriate uses for Entity, Stateful Session, and Stateless Session beans 5. State benefits and costs of Container Managed Persistence 6. State the transactional behavior in a given scenario for an enterprise bean method with a specified transactional attribute as defined in the deployment descriptor 7. Given a requirement specification detailing security and flexibility needs, identify architectures that would fulfill those requirements 8. Identify costs and benefits of using an intermediate data-access object between an entity bean and the data resource 9. State the benefits of bean pooling in an EJB container 10. State the benefits of passivation in an EJB container 11. State the benefit of monitoring of resources in an EJB container 12. Explain how the EJB container does lifecycle management and has the capability to increase scalability ** Part 1: Topics, number of questions, description - Concepts: 6 - Common Architectures: 6 - Legacy Connectivity: 5 - EJB: 9 - Relativly, EJB is heavy in this exam. Focus on reading the spec itself is better than books. Bean state in container is important (including what if server crashed). - EJB Container Model: 5 - Focus on the how the container manages EJB lifecycle. - Protocols: 3 - Applicability of J2EE: 3 - Design Patterns: 5 - Sun's course (GB-SL-500) covers only Adapter, Facade, Proxy, Iterator, Observer, Mediator, Factory Method, Abstract Factory, Singleton and Builder so committing to memory all 23 may not be neccesary. - Messaging: 2 - Internationalization: 2 - Security: 2 - UML - Focus on class and sequence diagram - You should know about associations, multiplicy and sequence diagrams. - http://jcp.org/aboutJava/communityprocess/review/jsr026/ - http://www.jguru.com/faq/view.jsp?EID=568126 (UML Tools) - data access objects - Firewalls - HTTP Tunnelling - Scalability: is the ability to economically support the required quality of service as the load increases. Two types: Vertical and Horizontal. - Vertical: Achieved by adding capacity (memory, CPUs, etc.) to existing servers. Requires few to no changes to the architecture of a system. - Increases: Capacity, Manageability - Decreases: Reliability, Availability (single failure is more likely to lead to system failure) - Vertical scalability is usually cheaper than horizontal scalability. - J2EE supports vertical scaling because of automatic lifecycle management. Adding more capacity to a server allows it to manage more components (EJBs, etc.). - Horizontal: Achieved by adding servers to the system. Increases the complexity of the system architecture. - Increases: Reliability, Availability, Capacity, Performance (depends on load balancing), Flexibility - Decreases: Manageability (more elements in the physical architecture) - J2EE supports horiz. scaling because the container and server handle clustering and load-balancing. - Availability and reliability are obtained through scalability. - Scalability affects capacity. The more scalable the system is the more capacity it can support. This must be traded-off against the complexity & manageability costs. - Maintainability: related to Flexibility: Flexibility is the ability to change the architecture to meet new requirements in a cost-efficient manner. A flexible system should be more maintainable in the face of changes to the environment and/or to the application itself. - Flexibility improves: Availability, Reliability, Scalability - Flexibility slightly decreases: Performance, Manageability - Flexibility is achieved via code that can be distributed across servers with load balancing that prevents one system from being overburdened. The use of a multi-tier architecture also helps achieve flexibility. - Availability: is about assuring that services are available to the required number of users for the required proportion of time. - Reliability: The ability to ensure the integrity and consistency of the application and all of its transactions. You increase reliability through the use of horizontal scalability, i.e., by adding more servers. This only works up to a certain point, though. When you increase reliability you increase availability. - Extensibility: The ability to modify or add functionality without impacting the existing functionality. The key to an extensible design is to make an effective OO design. Extensibility pays the most towards the font end of a system. J2EE supports extensibility because it is component-based and allows you to separate the roles of an app. JSPs can handle presentation. Servlets can handle routing, and EJBs can handle business logic. - Performance: Architectural performance is concerned with creating an architecture that forces end-to-end performance. The purpose of an architecture that ensures performance is to control expensive calls and to identify bottlenecks. If you know the boundaries of the various parts of the system, the technologies, and the capabilities of the technologies you can do a good job of controlling performance. Try to minimize process-to-process calls because they are expensive. Use resource pooling to reduce the number of expensive resources that need to be created like network connections, database connections, etc. - Manageability refers to the ability to manage a system to ensure the health of the system. A single tier or monolithic app would be more manageable from a management perspective than a multi-tier system but this must be weighed against the possibility of a change rippling through a monolithic app. A simple architecture may not be as flexible or available as a more complex system but the amount of effort required to keep the system up & functioning will be less. A component-based architecture like J2EE offsets some of the manageability problems caused by a multi-tier system. - DAO is Data Access Object.This object you can use in Web layer to talk to DB.As this object you will be using in any layer where you require Database Info.,this object becomes portable and that is its advantage. - DataObject: It is separate class for connecting to Database which you can import in your application to talk to DB. - ValueObject: Instead of getting info. bit by bit over the net you will be wrapping all the info in One Object and sending it over the network only once.You retrive whatever information you need from this object.This will reduce network traffic as you don't have to request for your information each time over the network to another layer.This Object is called as ValueObject. - if you understand all of the concepts and have a good sw designer / architect "sense", you'll be fine. - Pay attention to description, it would be helpful if u could quickly make up a small diagram out of description & try to understand the facts said about the problem/scenario very clearly. - Just need remember Arm F PC Set: A Availability R Reliability M Manageability F Flexibility P Performance C Capability S Security E Extensibility T Testability - Links http://java.sun.com/j2ee/tutorial/1_3-fcs/doc/J2eeTutorialTOC.html ** Part 2 - %age distribution of - Class Diagram (40) - Component Diagram (40) - Sequence/Collaboration Diagrams (20) - UML deliverables for - Class diagram - Sequence or collaboration diagrams - Component diagram - Is a design project for an airline ticket booking system. You need to submit a few diagrams to Sun. You don't have to do any coding. - The task: produce a scalable, enterprise level design demonstrating your knowledge of software architectures and J2EE. - Utilize common J2EE patterns and sound software design methodology - UML modeling to capture the requirements - MVC separates presentation layer from business logic - J2EE specific patterns to implement portions of the design: http://developer.java.sun.com/developer/restricted/patterns/J2EEPatternsAtAGlance.html - Don't sweat the small stuff. I can't say that I am proud of what I accomplished, but I am proud of not having spent more time than necessary. Sun does not seem to be looking for a bullet-proof design. As long as your submission is formally correct and makes somewhat sense, you will pass this. - Is more or less technology neutral, as the same solution can be implemented using various platforms and environments - I am showing all the presentation tier, business tier and integration tier patterns in my sequence diagrams. My class diagram contains all the classes for controller, business delegate, service locator, facades, EJB, DAO and VO's. Yes, the sequence diagram is detailed with all these objects. - First understand the use cases... make some assumptions... indentify the objects... create seq diag and then create class diag.... the book Java with UML is good... this will actually teach u to draw seq diag from the use cases... - If read carefully, the consumer is allowed to change iteration segment. That means that the system will provide all segments (or more than one iteration with diff seg). the consumer can pick one, change on later. - I provided an index.html page as specified in the assignment, with an anchor to each diagram (mine were PNGs produced from Rational Rose v2001). I also provided a link to an assumptions.html page describing all my assumptions and design decisions. - You should draw separate sequence diagram for alternate flow if need be. - Links http://www.newarchitectmag.com/documents/s=2286/new1015626014044/index.html ** Part 3 - Deliverable for - Essay exam on your specific architecture - A walk in the park if you did the work (SUN uses it to ensure that this was the case) - Is about explaining the architecture and design you came up with for your assignment. You will have to justify your decisions. You won't find these questions difficult if you have worked on your assignments all by yourself. ** Courses found at Sun'ed for SCEA: - Object-Oriented Application Analysis and Design for Java[tm] Technology (UML): The Object-Oriented Application Analysis and Design for Java[tm] Technology (UML) course teaches system developers how to use object-oriented (OO) methodologies to perform analysis and design (OOA&D), using the Unified Modeling Language (UML). Superior software applications are not static, they grow and evolve to meet changing business and consumer needs. Being able to analyze these needs and translate them into new software models provides a competitive advantage. The object-oriented analysis and design methodologies taught in this class enable software professionals to realize the efficiencies inherent in modern OO languages, such as the Java programming language. The various concepts and analysis and design techniques associated with the Unified Modeling Language (UML) are related to the phases in the iterative, incremental, unified software development process. Also discussed are the use of Design Patterns, Object and Dynamic models, system design, and partitioning techniques. - Architecting and Designing J2EE[tm] Applications: Building robust enterprise applications requires a blueprint that allows for rapid growth. In addition to learning how to scale applications, participants in Architecting and Designing J2EE[tm] Applications will learn how to address flexibility, performance, security and manageability issues with a series of general guidelines. Through discussion groups, participants will learn how to apply these guidelines using real-world architectures and design patterns to create Java 2 Platform, Enterprise Edition (J2EE) applications. Based on the material found in the J2EE companion book from J2EE Blueprints "Designing Enterprise Applications" and additional examples drawn from the real-world experiences of Sun Microsystems' Java Professional Services, this course provides a fast-track and immediately applicable learning experience for system architects ** DNS Round robin (RR) - Round robin DNS is a method of managing server congestion by distributing connection loads across multiple servers. Round robin works on a rotating basis in that one server IP address is handed out, then moves to the back of the list; the next server IP address is handed out, then it moves to the end of the list; and so on, depending on the number of servers being used. This works in a looping fashion. - Round robin is load sharing, different than load balancing. Load balancing distributes connection loads across multiple servers, giving preference to those servers with the least amount of congestion. In round robin's case, server distribution remains on a rigid one IP address to one user rotating basis. - Limitations: Inability to handle server failures, since DNS RR does not recognize hardware failure, however DNS RR can be modified to do so. ** Security - Javasoft tutorial - Pay attention to the package names and their functionalities, since some questions on the exam require that knowledge - Keytool: creates key pairs and self-signed X.509 v1 certificates, and manages keystores. Keys and certificates are used to digitally sign applications and applets. A keystore is a protected database that holds keys and certificates. - keytool generate a private key and public key. The public key is wrapped into the x.509 certificate. In other words, a certificate is created. - Jarsigner: signs JAR files, and verifies the signature(s) of signed JAR files. It accesses the keystore when it needs to find the key when signing a JAR file. Keytool and jarsigner replace together the javakey tool of JDK 1.1. - Signer signs a jar file with the private key created by keytool. The jar file contains .FS and .DSA file with the corresponding public key certificate stored in the .DSA file. In other words, the jar file, besides containing the class files, has a signature, the public key certificate and some SHA values. - Exporting/Importing of certificates. By default, if a signer creates a private/public key pair using the default certificates provided by Sun SDK, exporting/importing of certificates is not necessary. However, if the signer uses a x.509 cert that is not one of the default certs, then exporting/importing of cert is required. - When the signed jar file is downloaded, the java plug-in will check on the policy file for the necessary permission. This check is based on the certificate and the signer name (signedBy). - Policytool: creates and modifies the external policy configuration files that define your installation's security policy. Policies are stored into the policy database. - Need to know very basic/general terms and concepts about encryption. Also need to understand JDK 1.2 and possibly JDK 1.1 security model - Security ensures that info is neither modified nor disclosed except in accordance with the security policy. - Tradeoffs: personal privacy, ease of use, and expense. - A highly secure system is: - More costly - Harder to define and develop - Requires more watchdog activities - Principles of Security: - Identity: The user is correctly ID’d thru an authentication mechanism - Authority: The user can perform only allowed activities - Integrity: Data can only be modified in allowed ways - Privacy: Data is disclosed to authorized entities in authorized ways - Auditability: The system maintains logs of actions taken for later analysis - Select from a list security restrictions that Java 2 environments normally impose on applets running in a browser. - The Java 2 security model is policy-based and has superseded the sandbox/trusted approach of Java 1.1. In Java 1.1 remote code (applets, for example) that was not trusted was constrained to the sandbox. If the remote code was signed and trusted then it could access local resources. - Code Source: A combination of a set of signers (certificates) and a code base URL. By default, Java 2 uses a policy file to associate permissions with code sources - Security Policy File: A permission is the right to access a protected resource or guarded object For Java 2 permissions are specified in the security policy file Only one policy is in effect at a time A policy file consists of a number of grant entries Each grant entry describes the permissions (one or multiple) granted to a code source - Policy class: You can use java.security.Policy to create your own security policy. - java.security package: The following are some of the classes in the java.security package: - CodeSource: This class extends the concept of a codebase to encapsulate not only the location (URL) but also the certificate(s) that were used to verify signed code originating from that location. - KeyStore: This class represents an in-memory collection of keys and certificates. It manages keys and trusted certificates. - MessageDigest: The MessageDigest class provides applications the functionality of a message digest algorithm, such as MD5 or SHA. - Permission: Abstract class for representing access to a system resource. - Policy: This is an abstract class for representing the system security policy for a Java application environment (specifying which permissions are available for code from various sources). - ProtectionDomain: The ProtectionDomain class encapulates the characteristics of a domain, which encloses a set of classes whose instances are granted the same set of permissions. - Security: Centralizes all security properties and common security methods. - Given an architectural system specification, identify appropriate locations for implementation of specified security features, and select suitable technologies for implementation of those features. - Exposure to threats can be mitigated by using: - Authentication - Authorization (ACLs) - Protecting Messages - Auditing - Web tier authentication (This is the usual location for this): - Basic HTTP: the web server authenticates a principal with user name & password from Web client - Form-based: lets developers customize the authentication user - HTTPS mutual authentication: the client and server use X.509 certificates to establish identity over a SSL channel. - EJB/EIS tier authentication: For EJBs can use protection domains. Thus the EJB tier could entrust the web tier to vouch for the identity of users. Put a protected web resource in front of a protected EJB resource have every web resource that calls an EJB resource route through a protected web resource - For access to EIS tier resources authentication is usually carried out by the component accessing the EIS resource. You can have the container manage the EIS resource authentication or have the app do this itself. - Authorization: In J2EE, a container serves as an authorization boundary between callers and its components. The authorization boundary is inside the authentication boundary so authorization occurs within the context of successful authentication. - For component to component invocations inside the container the calling component must make its credentials available to the called component. - You can have file-based & code-based security in J2EE. - Access control policy is set a deployment time. - Controlling access to resources in the container (deployment descriptor): To control access to web resources, specify constraint in the deployment descriptor. To control access to EJB, specify roles in the deployment descriptor. You can specify methods of the remote & home interface that each security role is allowed to invoke - Protecting Messages: To ensure message integrity you can use: - Message signature: a enciphered digest of the message contents (costly in terms of CPU cycles) - Message confounder: ensures message authentication is useful only once - A deployer must configure the containers involved in a call to implement integrity mechanisms either because the call will traverse open or unprotected networks or because the call will be made between components that do not trust each other. - Auditing: When security is breached it is usually more important to know who has been allowed access than who has not. Audit records need to be well protected tapes or logging to a printer vs disk drive - Question were related to standard applet restrictions and when to use secure mode. I thinks the tutorial lists the applet restrictions: these are the one I know - no file I/O, no server sockets, no process forking, no network connections except to machine applet loaded from, no access to certain System properties such as user name. - When we say an applet is signed and trusted, it means the applet will not run in the sandbox and will get the permssions granted in the policy file. Generally applets are not allowed to access local system resources, and connect to other hosts (except from which it was downloaded). Trusted applets are the signed applets which carry a digital signature with them , which will get verified at the time of download. - In Java 1.1, you have signed or unsigned applet. Signed applets have all permissions as local application. From Java 1.2, you have finer control on applet, and, you can give necessary permissions to an applet, for example, permission to read and not write, etc. You no longer use signed, but these applets are trusted for those permissions. So you can have non signed and trusted applets. - Links http://www.javaworld.com/javaworld/jw-04-2000/jw-0428-security_p.html http://www.javaworld.com/javaworld/jw-07-2000/jw-0728-security_p.html http://java.sun.com/sfaq/ http://www.opengroup.org/security/papers/pc_week/cover.htm http://www.tml.hut.fi/Opinnot/Tik-110.501/1998/papers/6secinjava/secinjava.html http://www-4.ibm.com/software/webservers/appserv/doc/v40/ae/infocenter/was/060618.html http://www.javaworld.com/javaworld/jw-04-2000/jw-0428-security.html http://developer.netscape.com/docs/manuals/security/pkin/contents.htm http://www.oreilly.com/catalog/fire/chapter/ch04.html http://www-106.ibm.com/developerworks/security/library/j-tunnel/ http://www.securiteam.com/tools/5WP042K55U.html http://www.j-netdirect.com/JDataFeatures_HTTPTunnel.htm http://www.faqs.org/faqs/firewalls-faq/ http://grc.com/su-firewalls.htm http://service.real.com/firewall/ http://moat.nlanr.net/IP.sec.casest/ http://home.netscape.com/security/techbriefs/certificates/ [PDF] http://www.redbooks.ibm.com/pubs/pdfs/redbooks/sg242109.pdf [PDF] http://www.3com.com/other/pdfs/infra/corpinfo/en_US/50309001.pdf ** VPN - 3 Types of VPN: hardware-based systems, firewall-based VPNs and standalone VPN application packages. IPSec is an evolving standard for secure private communications over the Internet. - Some advantages to using VPNs include: - The ability to securely connect high speed remote users over broadband technology, including lines, which before VPNs had not been possible. - VPNs will work with any last mile technology as long as IP is run over the connection. - no administrative headache for managing direct access telephone lines, T1 or PRI lines used for data, or for the RAS equipment (modems or other network access servers) terminating the phone calls potential cost savings, especially if many of your remote users are located outside your local calling area. - Some disadvantages include: - Potentially lower bandwidth available to remote users over a VPN connection as compared to a l-in line. - inconsistent remote access performance due to changes in Internet connectivity. To counteract this, you can have your users choose Service Providers that have higher levels of service, perhaps the same ISP from which you purchase your corporate Internet connection to keep traffic inside the same backbone. - No entrance in to the network if the Internet connection is broken (Some administrators choose to leave a limited amount of dial-in access for emergency access) - How do I control who uses a VPN to access my site?: By definition, a VPN generally requires configuration of some sort of access device, either software or hardware-based, to setup a secure channel using private encryption and security parameters. A casual user can't just "use" my VPN, since some knowledge is required to allow the remote user or site access to my network (or even to begin a VPN handshake!). - Allowing VPN access only in conjunction with strong authentication also prevents an intruder from successfully authenticating to your network, even if they somehow configured/captured a VPN session. - Links http://www.rad.net.id/homes/edward/intranet/intra7 ** Legacy Connectivity - chapter in Jamie Jarowski book - Legacy connectivity, at the most basic level, refers to the ability of Java and non-Java code to interoperate. - If you have a distributed application with heterogeneous components, some of which are written in Java and some that aren't, you have a few choices. You can use RMI, wrapping the non-Java code with RMI-enabled Java objects using the Java Native Interface (JNI). Another option is to use another object distribution scheme such as CORBA that supports language independent object interfaces. A third option involves the new RMI/IIOP functionality that allows RMI objects to communicate directly with remote CORBA objects over IIOP. - Message-oriented-middleware or MOM is an important way to integrate legacy systems into the enterprise. Also Read Chapter 1 of "Java Message Service", Understanding the Messaging Paradigm (pages 1-16). - Screen Scrapers: Screen scraping is programming that translates between legacy application programs (written to communicate with now generally obsolete input/output devices and user interfaces) and new user interfaces so that the logic and data associated with the legacy programs can continue to be used. Screen scraping is sometimes called advanced terminal emulation. A program that does screen scraping must take the data coming from the legacy program that is formatted for the screen of an older type of terminal such as an IBM 3270 display or a Digital Equipment Corporation VT100 and reformat it for a Windows 98 user or someone using a Web browser. The program must also reformat user input from the newer user interfaces (such as a Windows graphical user interface or a Web browser) so that the request can be handled by the legacy application as if it came from the user of the older device and user interface. Screen scrapers may be used to integrate applet (or other) interface with an existing system. They are particularly useful when the client interface is tightly coupled to the other tiers of the system. A screen scraper is an application that translates an existing client interface into a set of objects. Screen scrapers usually function as a terminal emulator on one end and an object interface on the other. The screen scraper is configured to read data from terminal fields of the legacy interface and make them available via objects. Screen scrapers have the following advantages: - Provides a low-level object-based interface to the legacy app. - Allows you to build a new GUI over the existing client interface. Disadvantages of screen scrapers: - Any changes to the legacy interface can break the new GUI. - Prone to causing errors in the new GUI because of unexpected outputs from the legacy interface. - Prone to causing the new GUI to "freeze" when the legacy interface is expecting input that the screen scraper in unaware of. - Distinguish appropriate from inappropriate techniques for providing access to a legacy system from Java code given an outline description of that legacy system. - Upgrading Client-Tier GUIs: In cases where the GUI is loosely coupled to the other legacy tiers you can use an applet or a small application to replace the GUI. - Applets can communicate with the other tiers via TCP sockets. The applet can be signed and trusted, if necessary to access resources. Applets can also communicate with COM and CORBA objects (using bridge or Java IDL). - Object Mapping Tools: can be used if you choose to ignore the existing legacy interface and access the underlying tiers directly. These tools are used to create proxy objects that access legacy system functions and make them available in an object-oriented form. Object mapping tools are usually more effective than screen scrappers because they are not dependent on the format generated by the existing legacy interface. - Upgrading Application Business Logic: Java servlets provide a capability to make existing applications available via an intranet or the Internet. Clients (browsers and/or applets) access servlets via HTTP or HTTPS. The servlets take the requests and communicate with the legacy system. - EJBs provide a component-based approach to upgrading legacy applications. - Java’s support for CORBA enables CORBA objects to be accessed from Java and Java objects to be accessed as CORBA objects. - Microsoft’s JVM provides (or used to provide) a bridge between Java and COM objects. - JNI may be used to write custom code to interface new business logic with an existing legacy system. - Upgrading the Data Storage Tier: JDBC may be used to access relational databases in a legacy system. In many cases the legacy database will not support a pure JDBC driver. If the database provides ODBC support the JDBC-ODBC bridge can be used. If the existing legacy database is hierarchical or flat-file then it may be able to be imported into an RDBMS. - Securing Legacy System Components: Retrofitting a system with security is generally more expensive and less productive the redesigning and redeveloping the system to operate in a secure manner. However, budget constraints may prevent this. Legacy systems may be isolated from threats by placing them behind a firewall. Access control to legacy systems can be controlled by requiring users and external applicationsto authenticate themselves with the firewall before they can access the legacy system. Auditing features of the legacy system should be used to determine who is accessing the legacy system and when. - A VPN may be used to secure all communications with a legacy system. - Links http://java.sun.com/j2se/1.3/docs/guide/rmi-iiop/rmi_iiop_pg.html http://www.messageq.com/communications_middleware/bolton_1.html http://yrrid.com/lof/lof.htm http://www.cs.umu.se/~hed/java/ch32.htm http://www.cs.umu.se/~hed/java/ch33.htm http://www.resqnet.com/News/GeneralBar/ScreenScrapers.htm http://search390.techtarget.com/sDefinition/0,,sid10_gci213654,00.html http://www.javaworld.com/javaworld/jw-12-1999/jw-12-iiop_p.html http://www-106.ibm.com/developerworks/java/rmi-iiop/summary.html ** Messaging - Java Messaging Service (JMS) provides a common way for Java programs to create, send, receive and read an enterprise messaging system’s messages. JMS defines a set of message interfaces. - Identify scenarios that are appropriate to implementation using messaging, EJB, or both. - The current EJB spec (1.1) defines beans that are invoked synchronously via method calls from EJB clients. - JMS provides client interfaces that can interface with point-to-point and publish-subscribe systems. - In the future (EJB 2.0) will add a form of asynchronous bean that is invoked when a JMS client sends it a message. - List benefits of synchronous and asynchronous messaging. - Select scenarios from a list that are appropriate to implementation using synchronous and asynchronous messaging. - Asynchronous messaging - Loose coupling between sender and receiver - Does not block sender - Network does not need to be available, messages can be queued - Least demanding on comm. mechanisms - Good for publish-subscribe - Must use messaging to get reliability (?) - Synchronous messaging - Tight coupling between sender and receiver - Blocks sender until receiver is finished processing - Network must be available - More demanding on comm. Mechanisms - Good for transaction processing - Fail-safe comm. - Coping with error situations - PTP: built around the concept of message queues each message is addressed to a specific queue; clients get messages from the queue(s) created to hold their messages - Publish-Subscribe: Publishers address messages to a node or address - System distributes the messages arriving from a publisher to the subscribers of that publisher - Nothing prevents a JMS application from combining PTP and publish-subscribe but JMS focuses on applications that use one approach or the other. - JMS does NOT include the following: - Load balancing/fault tolerance - Error/advisory notification - Administration - Security - Wire protocol - Message Type Repository ** Protocols - Given a scenario description, distinguish appropriate from inappropriate protocols to implement that scenario. - Identify a protocol, given a list of some of its features, where the protocol is one of the following: HTTP, HTTPS, IIOP, JRMP - Read ports, Protocol appropriateness. - TCP/IP - IP doesnt gurantee delivery of packets - TCP gurantees delivery by using CheckSum. - HTTP:80 - Client-Server Architecture - The HTTP protocol is based on a request/response paradigm. The communication generally takes place over a TCP/IP connection on the Internet. The default port is 80, but other ports can be used. This does not preclude the HTTP/1.0 protocol from being implemented on top of any other protocol on the Internet, so long as reliability can be guaranteed. - The HTTP protocol is connectionless and stateless After the server has responded to the client's request, the connection between client and server is dropped and forgotten. There is no "memory" between client connections. The pure HTTP server implementation treats every request as if it was brand-new, i.e. without context. - An extensible and open representation for data types HTTP uses Internet Media Types (formerly referred to as MIME Content-Types) to provide open and extensible data typing and type negotiation. When the HTTP Server transmits information back to the client, it includes a MIME-like (Multipart Internet Mail Extension) header to inform the client what kind of data follows the header. Translation then depends on the client possessing the appropriate utility (image viewer, movie player, etc.) corresponding to that data type. - SSL - SSL is a medium using which messages are sent between client and server using encryption and decryption. - At the application protocol level (SSL) the data would be encrypted and the encrypted data would be sent to the TCP/IP layer and then the network layer and then gets transmitted over the wire. Hence at the TCP/IP and network layer the encrypted data would be wrapped around the header info. The header info should not be encrypted. If the header info is encrypted then the routers cannot understand the destination address and the packet gets lost on the internet :) - HTTPS:443 (Secure Hypertext Transfer Protocol) - HTTPS is a Web protocol developed by Netscape and built into its browser that encrypts and decrypts user page requests as well as the pages that are returned by the Web server. HTTPS is really just the use of Netscape's Secure Socket Layer (SSL) as a sublayer under its regular HTTP application layer. (HTTPS uses port 443 instead of HTTP port 80 in its interactions with the lower layer, TCP/IP.) SSL uses a 40 or 128-bit key size for the RC4 stream encryption algorithm, which is considered an adequate degree of encryption for commercial exchange. - HTTPS and SSL support the use of X.509 digital certificates from the server so that, if necessary, a user can authenticate the sender. SSL is an open, nonproprietary protocol that Netscape has proposed as a standard to the World Wide Consortium (W3C). - HTTPS is not to be confused with SHTTP, a security-enhanced version of HTTP developed and proposed as a standard by EIT. - IIOP - CORBA and IIOP assume the client/server model of computing in which a client program always makes requests and a server program waits to receive requests from clients. When writing a program, you use an interface called the General Inter-ORB Protocol (GIOP). The GIOP is implemented in specialized mappings for one or more network transport layers. Undoubtedly, the most important specialized mapping of GIOP is IIOP, which passes requests or receives replies through the Internet's transport layer using the Transmission Control Protocol (TCP). Other possible transport layers would include IBM's Systems Network Architecture (SNA) and Novell's IPX. - For a client to make a request of a program somewhere in a network, it must have an address for the program. This address is known as the Interoperable Object Reference (IOR). Using IIOP, part of the address is based on the server's port number and Internet Protocol (IP) address. In the client's computer, a table can be created to map IORs to proxy names that are easier to use. The GIOP lets the program make a connection with an IOR and then send requests to it (and lets servers send replies). - A Common Data Representation (CDR) provides a way to encode and decode data so that it can be exchanged in a standard way. - CORBA is not the only architecture that uses IIOP. Because a TCP/IP-based proxy is usable on almost any machine that runs today, more parties now use IIOP. When another architecture is IIOP-compliant, it not only establishes a well-proven communication transport for its use, but it also can communicate with any ORB implementation that is IIOP-compliant. The possibilities are endless. - RMI - JRMP - The Transport layer employs JRMP, also known as the RMI Wire Protocol, to send method invocations and associated parameters and to return values and exceptions from one Java virtual machine (JVM) to another. JRMP is a simple protocol consisting of five messages, plus an extra five for multiplexing flow control. - All JRMP sessions consist of a header followed by one or more messages. The header contains just the ASCII codes for the characters JRMI , the protocol version, and the "subprotocol" to be used. There are three subprotocols: SingleOpProtocol, StreamProtocol, and MultiplexProtocol. SingleOpProtocol signifies that only one message follows a header before the end of a session (i.e., the connection closes). StreamProtocol and MultiplexProtocol can transfer one or more messages. The latter is used when multiplexing calls from both client and server on a single socket. - Communicating clients and servers typically each open a socket to the other (i.e., both systems connect and listen for connections). The client's socket typically invokes methods on server-side objects, and the server's socket calls client-side objects (e.g., callbacks). The client sends the Call message to invoke a server object's method; the server then invokes this method and replies with a Return containing any results. Assuming that a remote object is returned, the client then sends a DgcAck message to let the server's garbage collector know that it has received the remote object. On another socket, the server sends a Ping to find out whether the client is alive, which replies with a PingAck. - Default applet security restrictions deny applets the right to open sockets back to any server other than their originating host; they also block any attempt to listen for socket connections. This being the case, how do clients listen for server connections? Enter the MultiplexProtocol and its group of five messages: Open, Close, CloseAck, Request, and Transmit. They allow client and server to simulate the StreamProtocol's two-way communication using a single socket. In the current implementation, up to 256 virtual connections can be opened, each identified by a unique ID. Unfortunately, connecting via a socket back to the server is not always possible for applets running behind firewalls (e.g., on a corporate intranet), which typically block any attempt to open a socket back to the Internet. Should it fail to open a connection, an RMI client wraps its method invocation inside the body of an HTTP request (which is the protocol browsers use to communicate with Web servers), and the RMI server sends any results as an HTTP response. This workaround is a smart solution, since HTTP is a firewall-trusted protocol. Still, performance takes a hit due to the time needed to convert messages to HTTP requests. In addition, no multiplexing of invocations can be accomplished, because keeping the connection open between client and server is not part of HTTP 1.0. The primary reason for SingleOpProtocol's existence is to encapsulate RMI through HTTP. - CORBA - JDBC - JNDI - LDAP - DNS - Who they talk to: - HTTP HTML: forms based client interacts with the servlet on the server. Server interacts with the business layer and business layer interacts with the persistence layer. - RMI: This is a possible if the objects in the user interface and the business layers are all Java objects. The persistence layer is mostly accessed through JDBC. Other relational object mapping of the data layer is also possible. Advantage of RMI: Object are passed by value. The server/ client can reconstitute the objects easily. Data type can be any Java objects. Any Java objects can be passed as arguments. Arguments has to implement the serializable interface. Disadvantage of RMI: Heterogeneous objects are not supported. - Corba: If the objects in the client layer and the business layer are heterogeneous, i.e. the objects are implemented in C, C++ Java, Smalltalk then Corba is most suitable. Advantage of Corba: Heterogeneous objects are supported. Disadvantage: of Corba Objects are not passed by value, only the argument data is passed. The server/ client has to reconstitute the objects with the data. Only commonly accepted data types can be passed as arguments. - DCOM: This works best in windows environment. Distributed Object Communication. - The three-Tier Java Technology Architecture is achieved by HTML, Applet, Java Application on the client. Servlet, Java Server Pages, EJB on the Middle Tier. JDBC communication to the persistence or Database layer - Conclusions / Comparisions: - HTTP and HTTPS are very similar protocols with only the fact that HTTPS provides a layer of security(the SSL). They are both capable of passing a variety of data types but there is no logic, objects may only be executed if there's another protocol to handle them. HTTP is the lowest layer of logic and can only be used as a delivery mechanism for other protocols. - HTTP is connectionless protocol where as HTTPS is connectionbased because a connection is set between server and client using SSL till the end of conversation between Client and Server. - JRMP is a robust object server that communicates well when working with JAVA based objects. It is capable of passing objects refrences rather than just values that have to be reconstituted so that the object may be executed by the client rather than the server. In the event that the server is secure or cannot communicate in the most efficient manner JRMP falls back to HTTP. JRMP is only capable of passing JAVA objects. - IIOP is the most flexible of the transport mechanisms, it can communicate objects created in C, C++, JAVA, and smalltalk but only passes data by value requiring the server to do all the work and requiring that only common data types be passed as arguments making it more restrictive than JRMP which allows any JAVA data type. - Links http://as400bks.rochester.ibm.com/html/as400/v5r1/ic2924/index.htm?info/rzain/rzainoverview.htm http://whatis.techtarget.com/ http://developer.netscape.com/docs/manuals/security/sslin/contents.htm http://www.whatis.com/https.htm http://www.blackmagic.com/people/gabe/iiop.html http://www.byte.com/art/9802/sec4/art3.htm ** Internationalization / Localization - I18N chapter from Java Tutorial - need to know about Locale, Resource Bundles, IOStreams (the sun website has a good tutorial for i18n). Read John Weatherbee's notes from Javaranch for all the other topics. Go thru the files and bookmarks section of this group. - Don't forget those stream reader/writer's role in I18N. - jGuru's online tutorial at http://d23xapp2.cn.ibm.com/developerWorks/education/unicode/i18n_eng/ is a good, short, intro sufficient for the exam.Do pay attention to which classes/packages provide what functionality. For example, what package is used to format date and currency according to specified locale? - Essentials of the Java Programming Language, Chapter 12 by Monica Pawlan, available online: http://developer.java.sun.com/developer/Books/Essentials/page1.html - An internationalized program has the following characteristics: - With the addition of localization data, the same executable can run worldwide. - Textual elements, such as status messages and the GUI component labels, are not hard-coded in the program. Instead they are stored outside the source code and retrieved dynamically. - Support for new languages does not require recompilation. - Culturally-dependent data, such as dates and currencies, appear in formats that conform to the end user's region and language. - It can be localized quickly. - Localization is the process of adapting a program for use in a specific locale. A locale is a geographic or political region that shares the same language and customs. Localization includes the translation of text such as GUI labels, error messages, and online help. It also includes the culture-specific formatting of data items such as monetary values, times, dates, and numbers. - Objectives 1) State three aspects of any application that might need to be varied or customized in different deployment locales. There are many types of data that vary with region or language. Examples of this data are: - Messages - Labels on GUI components - Online help - Sounds - Colors - Graphics - Icons - Dates - Times - Numbers - Currencies - Measurements - Phone numbers - Honorifics and personal titles - Postal addresses - Page layouts 2) Match the following features of the Java 2 platform with descriptions of their functionality, purpose or typical uses: - Properties: The java.util.Properties class represents a persistent set of properties. The Properties can be saved to a stream or loaded from a stream. Each key and its corresponding value in the property list is a string. A properties file stores information about the characteristics of a program or environment including internationalization/localization information. By creating a Properties object and using the load method a program can read a properties file. The program can then access the values by using the key as follows: Properties props = new Properties(); props.load(new BufferedInputStream(new FileInputStream("filename"); String value = System.getProperty("key"); If the key is not found getProperty returns null. - Locale: A java.util.Locale object represents a specific geographical, political, or cultural region. An operation that requires a Locale to perform its task is called locale-sensitive and uses the Locale to tailor information for the user. For example, displaying a number is a locale-sensitive operation--the number should be formatted according to the customs/conventions of the user's native country, region, or culture. Because a Locale object is just an identifier for a region, no validity check is performed when you construct a Locale. If you want to see whether particular resources are available for the Locale you construct, you must query those resources. For example, ask the NumberFormat for the locales it supports using its getAvailableLocales method. Note: When you ask for a resource for a particular locale, you get back the best available match, not necessarily precisely what you asked for. For more information, refer to the ResourceBundle section. The Locale class provides a number of convenient constants that you can use to create Locale objects for commonly used locales. For example, the following creates a Locale object for the United States: "Locale.US". Once you've created a Locale you can query it for information about itself. Use getCountry to get the ISO Country Code and getLanguage to get the ISO Language Code. You can use getDisplayCountry to get the name of the country suitable for displaying to the user. Similarly, you can use getDisplayLanguage to get the name of the language suitable for displaying to the user. Interestingly, the getDisplayXXX methods are themselves locale sensitive and have two versions: one that uses the default locale and one that uses the locale specified in the argument. - ResourceBundle: Resource bundles contain locale-specific objects. When your program needs a locale specific resource, a String for example. Your program can load it from the resource bundle that is appropriate for the current user's locale. In this way, you can write program code that is largely independent of the user's locale isolating most, if not all, of the locale-specific information in resource bundles. This allows you to write programs that can: - be easily localized, or translated, into different languages - handle multiple locales at once - be easily modified later to support even more locales One resource bundle is, conceptually, a set of related classes that inherit from ResourceBundle. Each related subclass of ResourceBundle has the same base name plus an additional component that identifies its locale. For example, suppose your resource bundle is named MyResources. The first class you are likely to write is the default resource bundle which simply has the same name as its family "MyResources". You can also provide as many related locale-specific classes as you need: for example, perhaps you would provide a German one named MyResources_de. Each related subclass of ResourceBundle contains the same items, but the items have been translated for the locale represented by that ResourceBundle subclass. For example, both MyResources and MyResources_de may have a String that's used on a button for canceling operations. In MyResources the String may contain Cancel and in MyResources_de it may contain Abbrechen. If there are different resources for different countries, you can make specializations: for example, MyResources_de_CH is the German language (de) in Switzerland (CH). If you want to only modify some of the resources in the specialization, you can do so. When your program needs a locale-specific object, it loads the ResourceBundle class using the getBundle method: ResourceBundle myResources = ResourceBundle.getBundle("MyResources", currentLocale); The first argument specifies the family name of the resource bundle that contains the object in question. The second argument indicates the desired locale. getBundle uses these two arguments to construct the name of the ResourceBundle subclass it should load as follows. The resource bundle lookup searches for classes with various suffixes on the basis of (1) the desired locale and (2) the current default locale as returned by Locale.getDefault(), and (3) the root resource bundle (baseclass), in the following: order from lower-level (more specific) to parent-level (less specific): baseclass + "_" + language1 + "_" + country1 + "_" + variant1 baseclass + "_" + language1 + "_" + country1 + "_" + variant1 + ".properties" baseclass + "_" + language1 + "_" + country1 baseclass + "_" + language1 + "_" + country1 + ".properties" baseclass + "_" + language1 baseclass + "_" + language1 + ".properties" baseclass + "_" + language2 + "_" + country2 + "_" + variant2 baseclass + "_" + language2 + "_" + country2 + "_" + variant2 + ".properties" baseclass + "_" + language2 + "_" + country2 baseclass + "_" + language2 + "_" + country2 + ".properties" baseclass + "_" + language2 baseclass + "_" + language2 + ".properties" baseclass baseclass + ".properties" For example, if the current default locale is en_US, the locale the caller is interested in is fr_CH, and the resource bundle name is MyResources, resource bundle lookup will search for the following classes, in order: MyResources_fr_CH MyResources_fr MyResources_en_US MyResources_en MyResources The result of the lookup is a class, but that class may be backed by a properties file on disk. That is, if getBundle does not find a class of a given name, it appends ".properties" to the class name and searches for a properties file of that name. If it finds such a file, it creates a new PropertyResourceBundle object to hold it. Following on the previous example, it will return classes and and files giving preference as follows: (class) MyResources_fr_CH (file) MyResources_fr_CH.properties (class) MyResources_fr (file) MyResources_fr.properties (class) MyResources_en_US (file) MyResources_en_US.properties (class) MyResources_en (file) MyResources_en.properties (class) MyResources (file) MyResources.properties If a lookup fails, getBundle() throws a MissingResourceException. The baseclass must be fully qualified (for example, myPackage.MyResources, not just MyResources). It must also be accessable by your code; it cannot be a class that is private to the package where ResourceBundle.getBundle is called. Note: ResourceBundles are used internally in accessing NumberFormats, Collations, and so on. The lookup strategy is the same. Resource bundles contain key/value pairs. The keys uniquely identify a locale-specific object in the bundle. Here's an example of a ListResourceBundle that contains two key/value pairs: class MyResource extends ListResourceBundle { public Object[][] getContents() { return contents; } static final Object[][] contents = { // LOCALIZE THIS {"OkKey", "OK"}, {"CancelKey", "Cancel"}, // END OF MATERIAL TO LOCALIZE }; } Keys are always Strings. In this example, the keys are OkKey and CancelKey. In the above example, the values are also Strings--OK and Cancel--but they don't have to be. The values can be any type of object. You retrieve an object from resource bundle using the appropriate getter method. Because OkKey and CancelKey are both strings, you would use getString to retrieve them: button1 = new Button(myResourceBundle.getString("OkKey")); button2 = new Button(myResourceBundle.getString("CancelKey")); The getter methods all require the key as an argument and return the object if found. If the object is not found, the getter method throws a MissingResourceException. Besides getString; ResourceBundle supports a number of other methods for getting different types of objects such as getStringArray. If you don't have an object that matches one of these methods, you can use getObject and cast the result to the appropriate type. For example: int[] myIntegers = (int[]) myResources.getObject("intList"); NOTE: You should always supply a baseclass with no suffixes. This will be the class of "last resort", if a locale is requested that does not exist. In fact, you must provide all of the classes in any given inheritance chain that you provide a resource for. For example, if you provide MyResources_fr_BE, you must provide both MyResources and MyResources_fr or the resource bundle lookup won't work right. The Java 2 platform provides two subclasses of ResourceBundle, ListResourceBundle and PropertyResourceBundle, that provide a fairly simple way to create resources. (Once serialization is fully integrated, we will provide another way.) As you saw briefly in a previous example, ListResourceBundle manages its resource as a List of key/value pairs. PropertyResourceBundle uses a properties file to manage its resources. If ListResourceBundle or PropertyResourceBundle do not suit your needs, you can write your own ResourceBundle subclass. Your subclasses must override two methods: handleGetObject and getKeys(). The following is a very simple example of a ResourceBundle subclass, MyResources, that manages two resources (for a larger number of resources you would probably use a Hashtable). Notice that if the key is not found, handleGetObject must return null. If the key is null, a NullPointerException should be thrown. Notice also that you don't need to supply a value if a "parent-level" ResourceBundle handles the same key with the same value (as in United Kingdom below). Also notice that because you specify an en_GB resource bundle, you also have to provide a default en resource bundle even though it inherits all its data from the root resource bundle. Example: // default (English language, United States) abstract class MyResources extends ResourceBundle { public Object handleGetObject(String key) { if (key.equals("okKey")) return "Ok"; if (key.equals("cancelKey")) return "Cancel"; return null; } } // German language public class MyResources_de extends MyResources { public Object handleGetObject(String key) { // don't need okKey, since parent level handles it. if (key.equals("cancelKey")) return "Abbrechen"; return null; } } You do not have to restrict yourself to using a single family of ResourceBundles. For example, you could have a set of bundles for exception messages, ExceptionResources (ExceptionResources_fr, ExceptionResources_de, ...), and one for widgets, WidgetResource (WidgetResources_fr, WidgetResources_de, ...); breaking up the resources however you like. - Unicode: Unicode is an international effort to provide a single character set that everyone can use. Java uses the Unicode 2.0 (or 2.1) character encoding standard. In Unicode, every character occupies two bytes. Ranges of character encodings represent different writing systems or other special symbols. For example, Unicode characters in the range 0x0000 through 0x007F represent the basic Latin alphabet, and characters in the range 0xAC00 through 0x9FFF represent the Han characters used in China, Japan, Korea, Taiwan, and Vietnam. UTF is a multibyte encoding format, which stores some characters as one byte and others as two or three bytes. If most of your data is ASCII characters, it is more compact than Unicode, but in the worst case, a UTF string can be 50 percent larger than thecorresponding Unicode string. Overall, it is fairly efficient. Despite the advantages of Unicode, there are some drawbacks: Unicode support is limited on many platforms because of the lack of fonts capable of displaying all the Unicode characters. - java.text: This package provides classes and interfaces for handling text, dates, numbers, and messages in ways that are independent of natural languages. This allows programs to be written in a language-independent manner and relies on separate, dynamically linked localized resources. These classes are capable of formatting dates, numbers, and messages, parsing; searching and sorting strings; and iterating over characters, words, sentences, and line breaks. This package contains three main groups of classes and interfaces: - Classes for iteration over text - Classes for formatting and parsing - Classes for string collation Some of the classes in the java.text package are: - Annotation: An Annotation object is used as a wrapper for a text attribute value if the attribute has annotation characteristics. These characteristics are: - The text range that the attribute is applied to is critical to the semantics of the range. That means, the attribute cannot be applied to subranges of the text range that it applies to, and, if two adjacent text ranges have the same value for this attribute, the attribute still cannot be applied to the combined range as a whole with this value. - The attribute or its value usually no longer applies if the underlying text is changed.An example is grammatical information attached to a sentence: For the previous sentence, you can say that "an example" is the subject, but you cannot say the same about "an", "example", or "exam". When the text is changed, the grammatical information typically becomes invalid. Another example is Japanese reading information (yomi). Wrapping the attribute value into an Annotation object guarantees that adjacent text runs don't get merged even if the attribute values are equal, and indicates to text containers that the attribute should be discarded if the underlying text is modified. - CollationKey: A CollationKey represents a String under the rules of a specific Collator object. Comparing two CollationKeys returns the relative order of the Strings they represent. Using CollationKeys to compare Strings is generally faster than using Collator.compare. Thus, when the Strings must be compared multiple times, for example when sorting a list of Strings. It's more efficient to use CollationKeys. You can not create CollationKeys directly. Rather, generate them by calling Collator.getCollationKey. You can only compare CollationKeys generated from the same Collator object. Generating a CollationKey for a String involves examining the entire String and converting it to series of bits that can be compared bitwise. This allows fast comparisons once the keys are generated. The cost of generating keys is recouped in faster comparisons when Strings need to be compared many times. On the other hand, the result of a comparison is often determined by the first couple of characters of each String. Collator.compare examines only as many characters as it needs which allows it to be faster when doing single comparisons. - Collator: The Collator class performs locale-sensitive String comparison. You use this class to build searching and sorting routines for natural language text. Collator is an abstract base class. Subclasses implement specific collation strategies. You can use the static factory method, getInstance, to obtain the appropriate Collator object for a given locale. - Format: Format is an abstract base class for formatting locale-sensitive information such as dates, messages, and numbers. Format defines the programming interface for formatting locale-sensitive objects into Strings (the format method) and for parsing Strings back into objects (the parseObject method). Any String formatted by format is guaranteed to be parseable by parseObject. Format has three subclasses: DateFormat, MessageFormat, NumberFormat - InputStreamReader: An InputStreamReader is a bridge from byte streams to character streams: It reads bytes and translates them into characters according to a specified character encoding. The encoding that it uses may be specified by name, or the platform's default encoding may be accepted. The class has two constructors: one that uses the platform’s default encoding and one that takes an encoding (as a String). Encodings can be represented by their ISO numbers, i.e., ISO 8859-9 is represented by "8859_9". There is no easy way to determine which encodings are supported. You can use the getEncoding() method to get the name of the encoding being used by the Reader. Characters that do not exist in a specific character set produce a substitution character, usually a question mark. - OutputStreamReader: An OutputStreamWriter is a bridge from character streams to byte streams: Characters written to it are translated into bytes according to a specified character encoding. The encoding that it uses may be specified by name, or the platform's default encoding may be accepted. Each invocation of a write() method causes the encoding converter to be invoked on the given character(s). The resulting bytes are accumulated in a buffer before being written to the underlying output stream. The size of this buffer may be specified, but by default it is large enough for most purposes. Note that the characters passed to the write() methods are not buffered. The class has two constructors: one that uses the platform’s default encoding and one that takes an encoding (as a String). Encodings can be represented by their ISO numbers, i.e., ISO 8859-9 is represented by "8859_9". There is no easy way to determine which encodings are supported. You can use the getEncoding() method to get the name of the encoding being used by the Writer. Characters that do not exist in a specific character set produce a substitution character, usually a question mark. - Do the Javasoft tutorial. The questions in the exam were very basic. - Links http://java.sun.com/docs/books/tutorial/i18n/index.html ** Guidelines / Advice - PAY ATTN TO SUN OBJECTIVES - SCJEA Part I coverage of EJB does not have questions on specific method signatures, or EJB's Java interfaces. You won't see any Java code related to EJB. This exam is more conceptual. - Highly recommend that you take IBM's Pre-Assessment/Sample Test for "Test 483, Enterprise Connectivity (with J2EE) Test" currently available at http://www-4.ibm.com/software/ad/certify/tests/sampletest/sam483.html - Also highly recommend taking www.brainbench.com design patterns test (used to be free, I don't know if it still is). The questions were fairly close in spirit to those on the SCJEA, and provide a good practice run. For SCJEA purposes, ignore all questions with non-GoF patterns. - Read all the requirements documents supplied very, VERY carefully. The requirements supplied by Sun are, IMHO, incomplete, contradictory and confusing in places. Give yourself TIME to digest these documents - say at least a couple of weeks. Re-read them over and over again and MAKE NOTES as you go along of any assumptions you make - and YOU WILL have to make some assumptions - Document your project submission properly. Don't just send off your submission with a quick list of what your diagrams are called and where they are located (you don't need this anyway as you'll HTML anchor them from your readme). Instead, write a proper, long HTML document that explains your approach. Make this document NEAT. - Don't get lost in the detail. Remember, the submission is about OVERALL ARCHITECTURE, not how many EJBs/Beans/Servlets/JSPs/Classes/Methods etc., etc. you need, or whether Fly-By-Night should be doing this, or that, or the other. Don't loose sight of the BIG PICTURE - as that's what you are supposed to be presenting: a well-considered, reasonable, flexible architecture that serves the main goals of the requirements - Study the petsore demo code and the book (Designing Enterprise Applications with the Java2 Platform) HARD. - Diagrams. Keep them clean and simple. I used Rational Rose. You can get a demo disk off them or download it from their site. This is the same tool that Sun used for the diagrams they supplied, and it's easy to save your work directly as HTML. Use UML notes, stereotypes and sensible naming conventions to add clarity to your diagrams. Make sure you document your naming conventions in the document I listed above as part of your submission - Keep it SIMPLE. Don't put on any extraneous classes. For instance, I didn't put ANY GUI classes (JSP, Swing, etc.) on my Sequence Diagram. At the end of the day the GUI interface is just a 'request generator', so why not just show requests as the start of your sequence diagram elements? Better still, what about translating requests to events? All that machinery could clutter the diagram even further. So, LEAVE IT OFF. Just show events as the entry points on your Sequence diagrams - Follow the same approach for all your diagrams - i.e. make sure they are logically consistent - Follow-up exam. Take it as soon as you make your submission. Take a copy of the document you submitted along with your submission to the test centre and re-read it a couple of times before taking the exam (you won't be able to take this document in with you to the examining room, of course). The aim here is to make sure your exam replies are consistent with your submission. The exam questions are quite easy and fairly broad. Like the project, Sun wants you to concentrate on higher-level architectural choices, and the pro's and con's of various approachs, particularly the approach you chose for your submission. You will not be asked any detailed questions on EJBs/JSPs/etc.. - The exam should take you no more than 10-15 minutes. I wasted time by not reading all the questions first, and therefore ended up repeating myself and having to go back and cut-n-paste answers around. Do yourself a favour and read all the questions first - There are only 4 of them anyway. Don't write too much. For detail, refer the examiner to the appropriate sections of the document you submitted - Roman's book is an easy read, but slightly out of date with EJB1.0. For someone who has both, I recommend the following path: Read AppendixA (RMI concepts) and AppendixB (JNDI concepts) from Roman. Read Chapters 1 thru 6 from Roman to get a good grounding in different architectures' pros & cons and to get a good understanding of session beans. Session beans are probably easier to understand, and definitely easier to deploy, than entity beans. After that, read Monson-Haefel. This book covers EJB 1.1, and so is more current than Roman's book. If you find that you can easily grasp the material in this book, you may want to skip Roman's book except for the appendices and the (first 2?) introductory chapters on EJB architectures. Definitely read Ch. 8 on Transactions in Monson-Haefel. It is excellent. This is almost certainly overkill for Part 1, but after this you'll really know your EJBs! - In some other areas such as internationalization and security there were questions which made references to java packages. - For Part I, you need only the 23 patterns in the GoF book. In particular, you do not need to know the relatively new "J2EE Patterns" from Sun. You will need to understand those when you get to Part II - You should know the features and characteristics of common protocols and standards such as: HTTP, HTTPS, SSL, IIOP, RMI, JRMP, CORBA, JDBC, JNDI, LDAP, DNS, etc. etc - I was so afraid that this test could be EJB 1.1 centered that I have read the 1.1 specifications(hating Sun for this).No need to do it.The test is 100% conceptual:when to use session bean instead of entity,and this kind of things. - One question expected you to know the port numbers that various protocols go through - For Parts 2 and 3: Read and think about the problem for one or two weeks before you do anything!! Discussion groups are a great help but you have to produce the architecture. - You need to know what clustering is in general and what quality attributes (e.g. scalability, maintainability, etc. it affects). - More than 25 top-level classes will lead to problems - Every use case should be able to be implemented using domain model methods - Common Architecture: A question on what makes a system manageable came up twice. By comparing the two sets of answers provided, the correct answer was "code factoring and code reuse". ** Sample Questions - Where is JNDI used in JSM?: It is used to look up several of the key objects in the JSM model. - What pattern does JDBC ResultSet implement? Iterator - What aspect of firewalls affects the ability of various protocols to get through. Three of the possible answers were: port filtering, address filtering and address translation. - What 2 services does EJBs provide? Three of the 4 options were: life cycle management, transaction services, remote method invocation: I believe the answer is life-cycle management and transaction services. EJBs do provide remote access, but it isn’t considered a considered a service. - Where would encryption be necessary in a scenario where a buyer and a seller used a web browser to buy and sell items on the web and credit card info was verified by a separate system. Items being sold are stored in a database. Select 2 of the three possible places: between buyer and server, seller and server, server and credit card authority. Where ever credit card info is passed which is from buyer to system/database and between system and credit card authority. I don’t recall anything more specific than this being asked about encryption. Some questions that I can’t remember in detail required knowledge of JDK security model and I believe it touched on the differences between JDK 1.1 and JDK 1.2 security models. - What aspects of a system vary by locale? String formats, dates, order that things are sorted, how currency is displayed. - What kind of operations should be performed in ejbPassivate and ejbActivate on a stateful EJB? Free/restore connections to resources. - One question tested understanding of EJB transaction attributes (not supported, supported, required, required new, etc.) - One question required understanding of a Handle object relative to EJBs. - One of the sets: ********************** start *************************************** 1. What does CTM stands for a)CORBA transaction monitor. b)Component transaction monitor. c)Component task monitor. 2. javax.ejb.EJBObject extends a)javax.ejb.EJBHome b)javax.ejb.SessionBean c)javax.ejb.Remote d)java.rmi.Remote 3. Bean's business methods are implemented by a)javax.ejb.EJBHome b)javax.ejb.EJBObject c)javax.ejb.EntityBean 4. All EJB remote interface types types extend a)javax.ejb.EJBHome b)javax.ejb.SessionBean c)javax.ejb.EJBObject 5. The life-cycle methods of a server-side bean are defined by a)javax.ejb.EJBObject b)javax.ejb.EJBHome c)javax.ejb.EntityBean 6. Session beans don’t have a)ejbCreate() method b)ejbStore() method c)ejbRemove() method 7 EntityDescriptor extends a)SessionDescriptor b)ControlDescriptor c)DeploymentDescriptor 8 After an entity bean is instantiated and placed in the pool, it is given reference to a ----------------------- a)javax.ejb.EJBHome b)javax.ejb.EJBObject c)javax.ejb.EJBContext 9 State of Entity Bean instances is persisted directly into a)secondary storage b)database 10 A stateful session bean is a)shared among multiple clients b)not shared among multiple clients 11 Entity beans are a)shared components b)non-shared components 12 EJB by default -------------- concurrent access to bean instances. a)allows b)prohibits 13 EJB specification -------------- synchronized key words. a)prohibits b)allows 14 JRMP lacks inherent support for ------------ and ------------------- services that is part of the CORBAIIOP specification. 15 When a bean instance is in the --------- state, it can accept client requests. a)Ready b)Pooled c)Does not exist 1)A developer successfully creating and tests a stateful bean following deployment, intermittent "NullpointerException" begin to occur, particularly when the server is hardly loaded. What most likely to related problem. a) setSessionContext b) ejbCreate c) ejbPassivate d) beforeCompletion e) ejbLoad 2)2 example implementations os Proxy are RMI & EJb 3)If an RMI parameter implements java.rmi.Remote, how is it passed "on-the-wire?" Choice 1 It can never be passed. Choice 2 It is passed by value. Choice 3 It cannot be passed because it implements java.rmi.Remote. Choice 4 It cannot be passed unless it ALSO implements java.io.Serializable. Choice 5 It is passed by reference. ans)2 ----------------- 4)public synchronized void txTest(int i) { System.out.println("Integer is: " + i); } What is the outcome of attempting to compile and execute the method above, assuming it is implemented in a stateful session bean? Choice 1 Run-time error when bean is created Choice 2 The method will run, violating the EJB specification. Choice 3 Compile-time error for bean implementation class Choice 4 Compile-time error for remote interface Choice 5 Run-time error when the method is executed ans)2 ------------------- 5)What is the CORBA naming service equivalent of JNDI? Choice 1 Interface Definition Language Choice 2 COS Naming Choice 3 Lightweight Directory Access Protocol Choice 4 Interoperable Inter-Orb Protocol Choice 5 Computer Naming Service ans)2 ----------------------- 6)InitialContext ic = new InitialContext(); TestHome th = (TestHome) ic.lookup("testBean/TestBean"); TestRemote beanA = th.create(); TestRemote beanB = th.create(); TestRemote beanC = th.create(); beanC.remove(); TestRemote beanD = th.create(); TestRemote beanE = th.create(); beanC = th.create(); Given the above code, container passivates which bean instance first if the container limited the bean pool size to four beans and used a "least-recently-used" algorithm to passivate? Choice 1 Bean A Choice 2 Bean B Choice 3 Bean C Choice 4 Bean D Choice 5 Bean E ------------------------- 7)Which one of the following phenomena is NOT addressed by read-consistency? a Phantom read b Cached read c Dirty read d Non-repeatable read e Fuzzy read ans)b,e -------------------------- 8)Which one of the following methods is generally called in both ejbLoad() and ejbStore()? a getEJBObject() b getHandle() c remove() d getEJBHome() e getPrimaryKey() ans)e ----------------------------- 9)public void ejbCreate(int i) { System.out.println("ejbCreate(i)"); } Given a currently working stateless session bean, what will be the outcome upon deploying and executing the bean if you added the above unique method to the implementation class of a stateless session bean (and made no other changes)? a Compile time error during stub/skeleton generation b Compile time error for home interface c Code will compile without errors. d Compile time error for remote interface e Compile time error for bean implementation ans)a ---------------------------------- 10)Given the above code in your stateless session bean business method implementation, and the transaction is container-managed with a Transaction Attribute of TX_SUPPORTS, which one of the following is the first error generated? a Error when compiling home interface b Error while generating stubs and skeletons c NullPointerException during deployment d Runtime error e Compile-time error for the bean implementation ans)b ---------------------------------- 11)Which one of the following is the result of attempting to deploy a stateless session bean and execute one of the method M when the bean implementation contains the method M NOT defined in the remote interface? a Compile time error for remote interface b Compile time error for bean implementation c Compile time error during stub/skeleton generation d Code will compile without errors. e Compile time error for home interface ans)d ------------------------------ 12)Which one of the following characteristics is NOT true of RMI and Enterprise Java Beans? a They must execute within the confines of a Java virtual machine (JVM). b They serialize objects for distribution. c They require .class files to generate stubs and skeletons. d They do not require IDL. e They specify the use of the IIOP wire protocol for distribution. ans)a 13. Which one of the following is the result of attempting to deploy a stateless session bean and execute one of the method M when the bean implementation contains the method M NOT defined in the remote interface? a Compile time error for remote interface b Compile time error for bean implementation c Compile time error during stub/skeleton generation d Code will compile without errors. e Compile time error for home interface 14. If a unique constraint for primary keys is not enabled in a database, multiple rows of data with the same primary key could exist in a table. Entity beans that represent the data from the table described above are likely to throw which exception? a NoSuchEntityException b FinderException c ObjectNotFoundException d RemoveException e NullPointerException 15. A developer needs to deploy an Enterprise Java Bean, specifically an entity bean, but is unsure if the bean container is able to create and provide a transaction context. Which attribute below will allow successful deployment of the bean? a BeanManaged b RequiresNew c Mandatory d Required e Supports 16. What is the outcome of attempting to compile and execute the method above, assuming it is implemented in a stateful session bean? a Compile-time error for remote interface b Run-time error when bean is created c Compile-time error for bean implementation class d The method will run, violating the EJB specification. e Run-time error when the method is executed 17. Which one of the following is the result of attempting to deploy a stateless session bean and execute one of the method M when the bean implementation contains the method M NOT defined in the remote interface? a Compile time error for remote interface b Compile time error for bean implementation c Compile time error during stub/skeleton generation d Code will compile without errors. e Compile time error for home interface 18. If a unique constraint for primary keys is not enabled in a database, multiple rows of data with the same primary key could exist in a table. Entity beans that represent the data from the table described above are likely to throw which exception? a NoSuchEntityException b FinderException c ObjectNotFoundException d RemoveException e NullPointerException 19. There are two Enterprise Java Beans, A and B. A method in "A" named "Am" begins execution, reads a value v from the database and sets a variable "X" to value v, which is one hundred. "Am" adds fifty to the variable X and updates the database with the new value of X. "Am" calls "Bm", which is a method in B. "Bm" begins executing. "Bm" reads an additional value from the database. Based on the value, "Bm" determines that a business rule has been violated and aborts the transaction. Control is returned to "Am". Requirement: If "Bm" aborts the transaction, it is imperative that the original value be read from the database and stored in variable X. Given the scenario above, which Transaction Attributes will most likely meet the requirements stated? a A-RequiresNew, B-Mandatory b A-Mandatory, B-RequiresNew c A-RequiresNew, B-Supports d A-NotSupported, B-RequiresNew e A-RequiresNew, B-RequiresNew If an RMI parameter implements java.rmi.Remote, how is it passed "on-the-wire?" Choice 1 It can never be passed. Choice 2 It is passed by value. Choice 3 It cannot be passed because it implements java.rmi.Remote. Choice 4 (Correct) It cannot be passed unless it ALSO implements java.io.Serializable. Choice 5 It is passed by reference. ----------------- public synchronized void txTest(int i) { System.out.println("Integer is: " + i); } What is the outcome of attempting to compile and execute the method above, assuming it is implemented in a stateful session bean? Choice 1 Run-time error when bean is created Choice 2 The method will run, violating the EJB specification. Choice 3 (Correct) Compile-time error for bean implementation class Choice 4 Compile-time error for remote interface Choice 5 Run-time error when the method is executed ------------------- What is the CORBA naming service equivalent of JNDI? Choice 1 Interface Definition Language Choice 2 (Correct) COS Naming Choice 3 Lightweight Directory Access Protocol Choice 4 Interoperable Inter-Orb Protocol Choice 5 Computer Naming Service ----------------------- InitialContext ic = new InitialContext(); TestHome th = (TestHome) ic.lookup("testBean/TestBean"); TestRemote beanA = th.create(); TestRemote beanB = th.create(); TestRemote beanC = th.create(); beanC.remove(); TestRemote beanD = th.create(); TestRemote beanE = th.create(); beanC = th.create(); Given the above code, container passivates which bean instance first if the container limited the bean pool size to four beans and used a "least-recently-used" algorithm to passivate? Choice 1 Bean A Choice 2 Bean B Choice 3 Bean C Choice 4 (Correct, Since only Statefull session bean and Entity Bean can be passivated, and Entitybean can not call as th.create() normally, I take it as statefull session bean) Bean D Choice 5 Bean E ------------------------- Which one of the following phenomena is NOT addressed by read-consistency? a Phantom read (Correct) b Cached read c Dirty read d Non-repeatable read e Fuzzy read -------------------------- Which one of the following methods is generally called in both ejbLoad() and ejbStore()? a getEJBObject() b getHandle() c remove() d getEJBHome() e getPrimaryKey() (Correct) ----------------------------- public void ejbCreate(int i) { System.out.println("ejbCreate(i)"); } Given a currently working stateless session bean, what will be the outcome upon deploying and executing the bean if you added the above unique method to the implementation class of a stateless session bean (and made no other changes)? a Compile time error during stub/skeleton generation (Correct) b Compile time error for home interface c Code will compile without errors. d Compile time error for remote interface e Compile time error for bean implementation ---------------------------------- Given the above code in your stateless session bean business method implementation, and the transaction is container-managed with a Transaction Attribute of TX_SUPPORTS, which one of the following is the first error generated? a Error when compiling home interface b Error while generating stubs and skeletons (Correct) c NullPointerException during deployment d Runtime error e Compile-time error for the bean implementation ---------------------------------- Which one of the following is the result of attempting to deploy a stateless session bean and execute one of the method M when the bean implementation contains the method M NOT defined in the remote interface? a Compile time error for remote interface b Compile time error for bean implementation c Compile time error during stub/skeleton generation d Code will compile without errors. (Correct) e Compile time error for home interface ------------------------------ Which one of the following characteristics is NOT true of RMI and Enterprise Java Beans? a They must execute within the confines of a Java virtual machine (JVM). b They serialize objects for distribution. c They require .class files to generate stubs and skeletons. d They do not require IDL. e They specify the use of the IIOP wire protocol for distribution. (InCorrect) 1 Scheduling project activities such as functional increments and test case development, which one of the following OOAD artifacts is the MOST useful? a) Use cases b) Interaction diagrams c) Activity diagrams d) Package diagrams e) Class Diagrams Single Select - Please select the best answer (one and only one choice must be selected). 2) When using OOAD artifacts to organize and assign team responsibilities on a project, it is BEST to: a) evenly distribute use cases among team members and have them work as independently as possible in order to minimize code dependencies b) designate one team for implementing interaction diagrams related to the "common code path" and another team for implementing interaction diagrams related to "code path variations" (for example ? conditional or error paths) c) divide teams according to package diagram dependencies and utilize use cases to schedule the work for the individual team members d) divide teams according to the layers in the software architecture and have them work as independently as possible in order to minimize dependencies between the layers} Single Select - Please select the best answer (one and only one choice must be selected). 3) To MOST effectively manage teams working on different packages within a large project, which one of the following should be true? a) One technical lead should control the project details and communicate decisions to the different teams. b) Type of database ( DB2 UDB, Oracle, Sybase, or InstantDB ) c) The team leads should focus on quality designs for the internals of their packages, mentoring their team members. d) Communications between the teams should be minimized to reduce overhead burdens while they work on separate, independent use cases for their packages. Single Select - Please select the best answer (one and only one choice must be selected). 4) http://certify.torolab.ibm.com/figures/test486F3.gif What is wrong with the following analysis use case? a) There are design details intermixed with the requirements. b) The actor's actions and system responses are not separated. c) "Sell goods" is too broad to be a use case. d) There is nothing wrong with this use case. Single Select - Please select the best answer (one and only one choice must be selected). 5) http://certify.torolab.ibm.com/figures/test486F5.gif When creating the use cases related to the "Prepare for an Event" scenario in the Figure ChefScenario, which one of the following BEST represents the type of terminology that the use cases should contain? a) chef, menu, recipes, ingredients b) end user, bill of fare, cooking specifications, food contents c) chef object, menu object, recipe object, ingredient object d) person record, menu print stream, recipe container, ingredient array Single Select - Please select the best answer (one and only one choice must be selected). 6) http://certify.torolab.ibm.com/figures/test486F4.gif Which one of the following is the BEST set of potential use cases for the "Prepare for an Event" scenario in Figure ChefScenario? a) Prepare for party, Display menu, Generate shopping list, Exclude ingredients on hand, Generate utensil list, Generate to do list b) Prepare for party, Display menu, Generate shopping list, Generate utensil list, Pack utensils, Generate to do list c) Display menu, Generate shopping list, Generate utensil list, Generate to do list d) Display menu, Generate shopping list, Exclude ingredients on hand, Generate utensil list, Generate to do list e) Generate shopping list, Exclude ingredients on hand, Generate utensil list, Generate to do list, Check utensil list Single Select - Please select the best answer (one and only one choice must be selected). 7) Which of the following are recommended when developing an OO system? a) Write a description of the concept that a class represents whenever a new class is declared. b) Use interfaces for types or roles that objects may play, independent of their location in the class hierarchy. c) Apply design patterns where applicable in the system. d) Name classes based on their design specifics, such as "array" or "queue". Multiple Select - Please select all of the correct answers (this question has 3 correct choices). 8) Which one of the following is a good strategy for resolving class name collisions that occur during OO analysis? a) Allow each team member to choose a preferred name. b) Create a class for each domain name, passing on requests to the one class that implements the behavior for all of them to share. c) Discover better names for different concepts that are referred by the same term. Single Select - Please select the best answer (one and only one choice must be selected). 9) http://certify.torolab.ibm.com/figures/test486F12.gif Referring to the partial class diagram in Figure Qualified Association, which of the following BEST describes the relationship? a) Access to SalesLineItems is by Product. A SalesTransaction can have multiple SalesLineItems for one Product. b) Access to Products is by SalesLineItem. A SalesTransaction has zero or more SalesLineItems for one Product. c) SalesTransactions contain Products, which are listed by one or more SalesLineItems. d) SalesLineItems are for a quantity of one or more Products for a particular SalesTransaction. Single Select - Please select the best answer (one and only one choice must be selected). 10) http://certify.torolab.ibm.com/figures/test486F9.gif Refer to the Figure Sample 1. Consider the scenario that eStore.com sells small appliances over the Internet. Currently, the store's catalog includes over 50 appliances from 10 different suppliers. A partial class diagram is shown in Figure Sample 1. If there is a new requirement to restock the warehouse automatically as products are sold, how is the new requirement BEST handled? a) Add "reorderLevel" and "reorderQuantity" attributes used by a new deplete() method in the Inventory class. Use these to generate new orders as InventoryProducts are sold. b) Add "reorderLevel" and "reorderQuantity" attributes used by a new deplete() method in the InventoryProduct class. Use these to generate new orders as InventoryProducts are sold. c) Add a deliver() method to the Supplier class that uses the InventoryProduct's amountOnHand attribute to maintain the InventoryProducts in the warehouse. d) Add "reorderLevel" and "reorderQuantity" to InventoryProduct. Create a Warehouse class that monitors the InventoryProducts' "amountOnHand", generating an order as levels drop below a "reorderQuantity". Single Select - Please select the best answer (one and only one choice must be selected). 11) http://certify.torolab.ibm.com/figures/test486F18.gif What is the BEST model change for the following new requirements in the mortgage processing system? a) Add an updateAssessedValue( newValue ) method to the Mortgage class, which uses newValue in collaboration with the Property's tax rates to provide tax amounts. b) Add an updateAssessedValue( newValue ) method to the Property class, which uses newValue in collaboration with the TaxingAuthority's tax rates to provide tax amounts. c) Add an updateAssessedValue( newValue ) method to the TaxingAuthority class, which uses its tax rates to provide tax amounts. d) Add an updateAssessedValue( newValue ) method to the Property class, which uses its tax notes to provide tax amounts. Single Select - Please select the best answer (one and only one choice must be selected). 12) Which of the following details are required in OO diagrams? a) Show navigability of associations in conceptual class diagrams. b) Show different scenario of a use case on the same interaction diagram for clear understanding. c) Show message sequence numbers in collaboration diagrams. d) If asynchronous messages exist in a scenario, show them in interaction diagrams. Multiple Select - Please select all of the correct answers (this question has 2 correct choices). 13) http://certify.torolab.ibm.com/figures/test486F16.gif Refer to the state diagram in Figure State for MortgageApplication. Suppose that there is a requirement to add state transitions to a "Cancelled" state from any states except "Closed". Which of the following are valid ways to add the "Cancelled" state? a) Funnel all cancellations from only one of the other states. b) Add a "Cancelled" superstate to the diagram. c) Add transitions from "Submitted" and "Qualified" to a new "Cancelled" state. d) Add an "Active" superstate that handles the transition to "Cancelled". Multiple Select - Please select all of the correct answers (this question has 2 correct choices). 14) http://certify.torolab.ibm.com/figures/test486F19.gif Which of the following is the BEST description of the sequence diagram in Figure Interaction? When an instance of a: a) Person is asked for its assets, it sums the balances of each of its asset Accounts. b) Customer is asked for its assets, it sums the balances of each of its asset Accounts. c) Person is asked for its assets, it returns the balance of its asset Account. d) Customer is asked for its assets, it returns the balance of its asset Account. Single Select - Please select the best answer (one and only one choice must be selected). 15) Software entropy is a phenomenon wherein programs begin with well designed state, but as new functionalities are added, they lose their structure. Refactoring of classes is done to avoid software entropy. What are good practices to follow during refactoring? a) Renaming a method and moving a field from one class to another should be done in small steps, testing changes as required. b) Break down classes that are heavily loaded with responsibilities into smaller classes and distribute the responsibilities among them effectively. c) Consolidate similar methods from different classes in the same type hierarchy into a common super class wherever possible. d) Add functionality and refactor simultaneously in order to obtain an efficient and effective design. Multiple Select - Please select all of the correct answers (this question has 3 correct choices). 16) Which of the following are good practices to use while designing for reuse? a) Define a persistence framework that provides services for persisting objects. b) Use design patterns, wherein complete solutions are already defined. c) Use controller objects to control the flow of processes in the system. d) Assign responsibilities to classes such that coupling between them remains low. e) Design classes with low cohesion. Multiple Select - Please select all of the correct answers (this question has 2 correct choices). 17) http://certify.torolab.ibm.com/figures/test486F22.gif A partial class diagram of a college course management application is shown in Figure studentInstructor. A student knows all of the instructors he is registered with. Similarly, an instructor also knows all the students who are registered with him. A new requirement is added which specifies that an instructor can also be a student for some courses. What is the BEST partial application redesign shown in the Figure? a) Design 'A' b) Design 'B' c) Design 'C' d) Design 'D' e) Design 'E' Single Select - Please select the best answer (one and only one choice must be selected). 18) When using OOAD artifacts to organize and assign team responsibilities on a project, it is BEST to: a) evenly distribute use cases among team members and have them work as independently as possible in order to minimize code dependencies b) designate one team for implementing interaction diagrams related to the "common code path" and another team for implementing interaction diagrams related to "code path variations" (for example ? conditional or error paths) c) divide teams according to package diagram dependencies and utilize use cases to schedule the work for the individual team members d) divide teams according to the layers in the software architecture and have them work as independently as possible in order to minimize dependencies between the layers} Single Select - Please select the best answer (one and only one choice must be selected). 19) An iterative development process: a) represents a structured methodology, which includes functional decomposition. b) is a technique for managing complexity and plans for change during software development. c) is a top-down approach without the dataflow diagrams. d) is equivalent to an incremental development process. Single Select - Please select the best answer (one and only one choice must be selected). 20) If a use case had a requirement "Calculate account balance," which OOAD artifact would be the BEST source for determining the name of the public method used to invoke the operation? a) Use case b) Interaction diagram c) Class diagram d) Activity diagram Single Select - Please select the best answer (one and only one choice must be selected). 21) http://certify.torolab.ibm.com/figures/test486F4.gif When creating the use cases related to the "Prepare for an Event" scenario in the Figure ChefScenario, which one of the following BEST represents the type of terminology that the use cases should contain a) chef, menu, recipes, ingredients b) end user, bill of fare, cooking specifications, food contents c) chef object, menu object, recipe object, ingredient object d) person record, menu print stream, recipe container, ingredient array Single Select - Please select the best answer (one and only one choice must be selected). 22) http://certify.torolab.ibm.com/figures/test486F1.gif What are the system's actors in the diagram, Figure Use Case ? a) Clerk, Manager b) Clerk, Manager, Customer c) Clerk, Manager, Bank network d) Clerk, Manager, Bank network, Customer Single Select - Please select the best answer (one and only one choice must be selected). 23) When designing the user interface for an application, if it is unclear what skill level the end user of an application will possess, which of the following is the BEST approach to take? a) Define the level of skill that will be required by the end user and make the necessary arrangements for educating the users. b) Define the level of skill that will be required by the end user and provide detailed on-line help that can be accessed by the users when needed. c) Prototype portions of the user interface and perform some usability tests to identify any problem areas. Document any issues in the product readme and have the users read it before using the product. d) Prototype portions of the user interface and perform some usability tests to determine the users level of satisfaction. Make any necessary changes and repeat the process.} Single Select - Please select the best answer (one and only one choice must be selected). 24) Which of the following is true about a deployment diagram? a) Since there is always some kind of response to a message, the dependencies are two-way between deployment components. b) Dependencies between deployment components tend to be the same as the package dependencies. c) Deployment diagrams are NOT to be used to show physical modules of code. d) Deployment diagrams do NOT show physical distribution of a system across computers Single Select - Please select the best answer (one and only one choice must be selected). 25) http://certify.torolab.ibm.com/figures/test486F13.gif Referring to the diagram in Figure Interface, which of the following are true? a) Classes "X" and "Y" are subclasses of Mortgageable. b) Instances of "X" and "Y" can be passed as parameters declared as type Mortgageable. c) "X" and "Y" must implement a getAppraisedValue() method. d) There are instances of Mortgageable in the production system. Multiple Select - Please select all of the correct answers (this question has 2 correct choices). 26) A resulting benefit of using polymorphism is reduction of: a) methods in the associated classes b) subclasses needed to accomplish the same functionality c) case statements and conditionals d) coupling between classes in the system Single Select - Please select the best answer (one and only one choice must be selected). 27 http://certify.torolab.ibm.com/figures/test486F20.gif eStore.com sells small appliances over the Internet. Currently, the store's catalog includes over 50 appliances from 10 different suppliers. A partial class diagram is shown in Figure Sample 1. There are two new requirements for eStore.com: discounts for damaged goods, and searches by size and color. Using Figure Sample 2, which of the following is the BEST way to extend the class diagram to handle these requirements? a) Extend the InventoryProduct class to handle the new requirements. b) Create a new class "PhysicalProduct" that represents an actual product in the warehouse. Associate the PhysicalProduct with its related InventoryProduct. c) Add new capabilities to the Inventory class for the management of its Products. d) No changes are needed due to these requirements. Single Select - Please select the best answer (one and only one choice must be selected). 28) When creating a subclass, the: a) selected superclass should be chosen because it has some methods the subclass can reuse, even if others do not apply. b) class name should normally be a qualification of its superclass' name c) subclass should be of the same type as all of its superclasses d) superclass should be marked as abstract Multiple Select - Please select all of the correct answers (this question has 2 correct choices). 29) http://certify.torolab.ibm.com/figures/test486F14.gif Given the requirement statement, which of the following public methods would be used in a related sequence diagram? a) aBalance.subtract( anAmount ) b) anAmortizationTable.calculateInterestUsing( aPayment ) c) anAmortizationTable.apply( aPayment ) d) aMortgage.apply( aPayment ) Multiple Select - Please select all of the correct answers (this question has 2 correct choices). 30) http://certify.torolab.ibm.com/figures/test486F18.gif What is the BEST model change for the following new requirements in the mortgage processing system? a) Add an updateAssessedValue( newValue ) method to the Mortgage class, which uses newValue in collaboration with the Property's tax rates to provide tax amounts. b) Add an updateAssessedValue( newValue ) method to the Property class, which uses newValue in collaboration with the TaxingAuthority's tax rates to provide tax amounts. c) Add an updateAssessedValue( newValue ) method to the TaxingAuthority class, which uses its tax rates to provide tax amounts. d) Add an updateAssessedValue( newValue ) method to the Property class, which uses its tax notes to provide tax amounts. Single Select - Please select the best answer (one and only one choice must be selected). 1. Which two are the most interested for an Architect? a. Scalability b. Availability c. Manageability d. Reliability e. Maintainability f. Extensibility 2. Which can do more complicated mapping? CMP or BMP? _________________________________________________________________ See ,there are the following rules for xml declaration: 1.The document type declaration must be placed between the XML declaration and the first element (root element) in the document. 2.The keyword DOCTYPE must be followed by the name of the root element in the XML document. 3. The keyword DOCTYPE must be in upper case. Note the following rules for mixed content 1.(#PCDATA) must come first in the mixed content declaration. 2.The operator (*) must follow the mixed content declaration if children elements are included. As all these rules are fullfilled by conditions (a) and (c) so answer is......... a ,c. ______________________________________________________________________ 3. Which of the following code is valid? a)