View
34
Download
2
Category
Preview:
DESCRIPTION
Hacking the Sun Certified Enterprise Architect Exam – Part 1. Brian Briggman Pat Guimaraes Konrad Rokicki. Session ID# BOF-0427. Hacking the Sun Certified Enterprise Architect Exam - Part 1. Brian Briggman System Architect Software Consultants Inc. Pat Guimaraes - PowerPoint PPT Presentation
Citation preview
2006 JavaOneSM Conference | Session BOF-0427
Hacking the Sun Certified Enterprise Architect Exam – Part 1Brian BriggmanPat GuimaraesKonrad Rokicki
Session ID# BOF-0427
2006 JavaOneSM Conference | Session BOF-0427 | 2
Hacking the Sun Certified Enterprise Architect Exam - Part 1
● Brian Briggman● System Architect
Software Consultants Inc.
● Pat Guimaraes● Principal Software Engineer
Gene Logic
● Konrad Rokicki● Software Engineer
Gene Logic
2006 JavaOneSM Conference | Session BOF-0427 | 3
This session serves as a last minute review session for all attendees who plan on taking Part 1 of the Sun Certified Enterprise Architect exam.
What You Can Expect to GainGoal of This Presentation
2006 JavaOneSM Conference | Session BOF-0427 | 4
Ideally, any attendees who have already started studying for the SCEA Part 1 Exam. Our intent is not to teach all the material necessary to pass the exam, but rather to share our experiences and help by distributing a SCEA Study Sheet at the end of the session.
Who is Expected to AttendIntended Audience
2006 JavaOneSM Conference | Session BOF-0427 | 5
Agenda With Section Highlights
SCEA Exam OverviewSCEA Exam ObjectivesTips and TricksResources and ReferencesCram SheetFor More InformationQ&A
2006 JavaOneSM Conference | Session BOF-0427 | 6
SCEA Exam Overview
● Sun Certified Enterprise Architect for J2EE Technology (Step 1 of 3)
● Exam CX-310-051 ● Prerequisites: None ● Cost: $150● Number of questions: 48 ● Pass score: 68% (33/48)● Time limit: 75 minutes
● Delivered at: Authorized Prometric testing centers● Other exams/assignments required for this certification:
Step 2 (CX-310-300A), Step 3 (CX-310-061)
2006 JavaOneSM Conference | Session BOF-0427 | 7
SCEA Exam Objectives● Divided into 11 Categories:
● 1. Concepts● 2. Common Architectures● 3. Legacy Connectivity● 4. Enterprise JavaBeans Technology● 5. Enterprise JavaBeans Container Model● 6. Protocols● 7. Applicability of J2EE● 8. Design Patterns● 9. Messaging● 10. Internationalization● 11. Security
2006 JavaOneSM Conference | Session BOF-0427 | 8
1. Concepts
● UML - Structural Elements● Class – rectangle● Interface – lollipop or stereotyped class● Use Case – oval● Collaboration – dashed oval● Active Class – bold border● Component – rectangle with “plugs”● Node – 3d box
2006 JavaOneSM Conference | Session BOF-0427 | 9
1. Concepts
● UML - Relationships● Dependency● Association
● Composition● Aggregation
● Generalization● Realization
2006 JavaOneSM Conference | Session BOF-0427 | 10
2. Common Architectures
● 1-tier - monolithic, standalone● pros: manageability, availability, reliability, performance, security● cons: scalability, maintainability, extensibility
● 2-tier - client/server, fat client/stored procedures● pros: rapid prototyping ● cons: maintainability (client versioning and distribution, business
logic changes)● 3-tier/n-tier - typical J2EE architecture
● Client Tier (web clients, applets)● Web Tier (web servers, JSP's, servlets)● Business Tier (EJB's)● EIS Integration Tier (JDBC, ODBC, Corba)● EIS Tier (databases, legacy data)
2006 JavaOneSM Conference | Session BOF-0427 | 11
3. Legacy Connectivity
● Objective: Distinguish appropriate from inappropriate techniques for providing access to a legacy system from Java code given an outline description of that legacy system
● Concepts:● Screen Scraper – acts as terminal emulator on one end and an
object interface on the other● used when you have a graphical interface to a mainframe, but no
access to the mainframe source code● Object Mapping – wrappers map legacy objects
● used when you have access to the mainframe source code● used if legacy interface changes often
● Offboard Server – proxy for legacy system● often used with screen scrapers
2006 JavaOneSM Conference | Session BOF-0427 | 12
4. Enterprise JavaBeans Technology
● Core of any enterprise architecture● Many questions are related to EJB in some way● EJB questions are in-depth● Benefits:
● Distributed architecture● Resource pooling● Transaction management● Persistence● Security
2006 JavaOneSM Conference | Session BOF-0427 | 13
EJB Basics
● Types of EJB’s and their purposes ● Stateful Session Beans
● Conversational state● Stateless Session Beans
● Business logic● Entity Beans
● Persistent business entities
● Parts of an EJB● Home interface● Remote interface● Bean class
2006 JavaOneSM Conference | Session BOF-0427 | 14
5. Enterprise JavaBeans Container Model
● Bean finding and creation● Method execution● Passivation● Persistence● State transitions and callbacks (lifecycle
methods)
2006 JavaOneSM Conference | Session BOF-0427 | 15
Transactions
● ACID principles● Atomic, Consistent, Isolated, Durable
● BMT (bean-managed transactions)● Programmatic transaction demarcation● More flexible
● CMT: (container-managed transactions)● Declarative transactions● Easier development● Transaction attributes
● Result when method is called with or without an existing transaction
2006 JavaOneSM Conference | Session BOF-0427 | 16
Persistence
● When to use Entity beans● Never● Except when taking the exam
● BMP● Ability to persist complex types● Potentially better performance
● CMP● Faster development● Application Server portability
● Data Access Objects (DAO)● greater database portability
2006 JavaOneSM Conference | Session BOF-0427 | 17
6. Protocols
Protocol Description Port Stateful Security
HTTP Web 80 No NoHTTPS HTTP over SSL 443 Yes YesIIOP CORBA’s transport 535 Yes CORBAJRMP RMI’s transport 1099 Yes SSL & JAAS
IIOP can also be used as an alternative transport for RMI when all remote interfaces are defined as Java RMI interfaces, which is the case with EJBs.
2006 JavaOneSM Conference | Session BOF-0427 | 18
7. Applicability of J2EE TechnologyFrameworks for Distributed Architectures:• CORBA – moves state of object (call by value)• RMI – moves state and behavior of object (call by reference)
Transport Protocols:• IIOP – Default transport for CORBA, uses JAVA IDL, has access to CORBA’s services• RMI-IIOP – Standard protocol for EJBs• RMI-JRMP – Used for pure Java solutions
Java Interfaces Supporting Distributed Architectures:• Java IDL – Default interface for CORBA, treats Java like any other language• JNI – Used by JRMP to connect to other languages
2006 JavaOneSM Conference | Session BOF-0427 | 19
8. Design Patterns
● From a list, select the most appropriate design pattern for a given scenario. Patterns will be limited to those documented in Gamma et al. and named using the names given in that book.
● State the benefits of using design patterns.● State the name of a design pattern (for example,
Gamma) given the UML diagram and/or a brief description of the pattern's functionality.
● Select from a list benefits of a specified design pattern (for example, Gamma).
● Identify the design pattern associated with a specified J2EE feature
2006 JavaOneSM Conference | Session BOF-0427 | 20
Pattern Gotcha’s
● Factory Method vs Abstract Factory● Both are used to defer instantiation to subclasses● Abstract Factory creates families of objects● Often implemented using Factory Methon
● Singleton● Can maintain more than 1 instance
● Template Method vs Strategy● Template Method lets you abstract part of algorithm,
Strategy abstracts the entire thing
2006 JavaOneSM Conference | Session BOF-0427 | 21
Enterprise Java Usage of Patterns
● Prototype: like Java's Cloneable● Decorator: EJB Container adds security and
transactions to methods● Facade: Session Bean interface to Entity Beans● Flyweight: Session Bean pooling● Proxy: EJB Remote interface (stubs)● Observer: JMS Publish-Subscribe
2006 JavaOneSM Conference | Session BOF-0427 | 22
9. Messaging
Synchronous Messaging:• Tight coupling• Blocks sender• Requires constant network connectivity
Asynchronous Messaging:• Loose coupling• Does not block sender• Does not require constant network connectivity
Messaging Models:Point-to-point: one sender to one receiver, uses QueuesPublish/Subscribe: one sender to multiple receivers, uses Topics
JMS is an interface only, does not include implementation.JMS supports transactions across multiple messages.Messages are routed via message brokers.
2006 JavaOneSM Conference | Session BOF-0427 | 23
10. InternationalizationInternationalization is the process of creating a program that can run on any region. Localization is the process of customizing an internationalized program to run on a particular region.
Types of data that vary by region:
• messages, labels• colors, graphics, icons• date/number/currency formats• legal rules (tax algorithms)
Java classes involved in Internationalization:
• java.util.Locale• java.util.ResourceBundle• java.util.Properties• java.text package• java.io.Input/OutputStreamReader
2006 JavaOneSM Conference | Session BOF-0427 | 24
11. Security
● General Applet Restrictions● In browsers, the Java Security Manager is installed and used by
default● Running an applet from the command line means that no
security manager is used by default.● Signed applets can connect to arbitrary hosts.● System properties can never be modified.
2006 JavaOneSM Conference | Session BOF-0427 | 25
Applet Abilities and Restrictions● Applet Permitted Operations
● Create a thread● Read but not modify some system properties● Make network connection to the host it was downloaded from● Excessive CPU Usage - not monitored by Security Manger● Excessive Memory Usage - not monitored by Security Manger● Excessive Network Bandwidth Usage - not monitored by Security Manger
● Applet Not Permitted Operations● Cannot access files or directories on the host system● Cannot make network connections to any arbitrary host● Cannot read keystrokes intended for other parts of the browser or host
system● Cannot execute arbitrary programs on the host system● Cannot block or kill other threads● Cannot create top level windows● Cannot hide or replace system classes with downloaded classes
2006 JavaOneSM Conference | Session BOF-0427 | 26
Asymetric keys, Public keys, and Private keys
● Asymetric keys - use public and private keys to encrypt messages
● Public key - used for encrypting● Private key - used for decrypting● Encrypted messages are not required to be sent
via SSL since they're already encrypted
2006 JavaOneSM Conference | Session BOF-0427 | 27
Jar Signing
● Just about any signed code can be compromised or contain malicious code
● Signing a jar signs the individual files it contains.● Unsigned files may be added to a signed jar
without invalidating the signature.
2006 JavaOneSM Conference | Session BOF-0427 | 28
Digital Signatures, Message Digests and Certificate Authority (CA)
● Digital Signature - only proves that the correct private key was used. nothing more.
● Message digest - only proves that a piece of data has not been altered
● Certificate Authority (CA) – only proves public key belongs to who you think it does
2006 JavaOneSM Conference | Session BOF-0427 | 29
Firewalls, the DMZ, and Tunneling● Packet Filtering Routers - typically filter on destination
IP, port, and source IP.● Proxy Server - typically provides content filtering and
passes along packets● Firewalls - typically contain a packet filtering router and
proxy server(s)● Inner Firewall - the firewall between the DMZ and the
inner network● Outer Firewall - the firewall between the DMZ and the
outer world● DMZ - Zone between 2 firewalls● Tunneling - A means of circumventing a firewall
2006 JavaOneSM Conference | Session BOF-0427 | 30
Tips & Tricks
● General Test Taking● Radio Buttons - Choose 1● Checkboxes - Choose 2 (or more) - pay attention to the "x" in
"Choose x"● Mark - So that you can review the question later● Images - Some questions require a user to view an image to
answer the question. A button provides this functionality.● Scrollbars - some answers to a question may be off the bottom
of the screen, requiring you to scroll to see them.● Time - Time starts once you are given the Terms and Conditions
page, so read them thoroughly beforehand.
2006 JavaOneSM Conference | Session BOF-0427 | 31
Tips & Tricks (continued)
● Keywords● Mnemonics● Last Minute Cramming● Use of your scratch paper
2006 JavaOneSM Conference | Session BOF-0427 | 32
Resources and References
● Sun Certified Enterprise Architect for J2EE Technology Study Guide, Mark Cade and Simon Roberts. 2002, Sun Microsystems Press.
● Strengths: Best All-Around Study Guide – also covers Part 2 and Part 3
● Weaknesses: No coverage of Legacy Connectivity or Messaging
● http://leocrawford.org.uk/work/jcea/part1/● Covers the older version, but has good coverage of
messaging and legacy connectivity.
2006 JavaOneSM Conference | Session BOF-0427 | 33
Resources and References
● Design Patterns: Elements of Reusable Object-Oriented Software, Erich Gamma, Richard Helm, Ralph Johnson, John Vlissides, Grady Booch. 1995, Addison-Wesley.
● UML Distilled: A Brief Guide to the Standard Object Modeling Language, Martin Fowler. 2003, Addison-Wesley.
● “SCEA_J2EE” on Yahoo Groups● http://groups.yahoo.com/group/scea_j2ee/
2006 JavaOneSM Conference | Session BOF-0427 | 34
Resources and References
● WhizLabs SCEA Simulator● http://www.whizlabs.com/scea/scea.html● Strengths: Fairly close to actual Prometric test format,
includes 7 sample exams.● Weaknesses: Covers EJB 2.0 and some J2EE
Design Patterns, neither of which are on the exam, and cost is $89.95.
2006 JavaOneSM Conference | Session BOF-0427 | 35
Cram Sheet
2006 JavaOneSM Conference | Session BOF-0427 | 36
For More Information
● Sun Certified Enterprise Architect for J2EE Technology (Step 1 of 3) (CX-310-051)
● http://www.sun.com/training/catalog/courses/CX-310-051.xml
● Thompson Prometric – Schedule an Exam● http://securereg3.prometric.com/
● This Presentation – Electronic Copy● http://www.briggman.com/scea
● SCEA Cram Sheet – Electronic Copy● http://www.briggman.com/scea
2006 JavaOneSM Conference | Session TS-8360 | 37
Q&ABrian Briggman
Pat Guimaraes
Konrad Rokicki
2006 JavaOneSM Conference | Session BOF-0427
Hacking the Sun Certified Enterprise Architect Exam – Part 1
Brian BriggmanPat GuimaraesKonrad Rokicki
Session ID# BOF-0427
b.briggman@briggman.com
pguimara@genelogic.com
konrad@gwu.edu
Recommended