Transcript Slide 1

Hacking the Sun Certified
Enterprise Architect Exam – Part 1
Brian Briggman
Pat Guimaraes
Konrad Rokicki
Session ID# BOF-0427
2006 JavaOneSM Conference | Session BOF-0427
Hacking the Sun Certified Enterprise
Architect Exam - Part 1
●
●
●
●
●
●
Brian Briggman
System Architect
Software Consultants Inc.
Pat Guimaraes
Principal Software Engineer
Gene Logic
Konrad Rokicki
Software Engineer
Gene Logic
2006 JavaOneSM Conference | Session BOF-0427 |
2
Goal of This Presentation
What You Can Expect to Gain
This session serves as a last minute
review session for all attendees who plan
on taking Part 1 of the Sun Certified
Enterprise Architect exam.
2006 JavaOneSM Conference | Session BOF-0427 |
3
Intended Audience
Who is Expected to Attend
Ideally, any attendees who have already
started studying for the SCEA Part 1
Exam. Our intent is not to teach all the
material necessary to pass the exam, but
rather to share our experiences and help
by distributing a SCEA Study Sheet at the
end of the session.
2006 JavaOneSM Conference | Session BOF-0427 |
4
Agenda With Section Highlights
SCEA Exam Overview
SCEA Exam Objectives
Tips and Tricks
Resources and References
Cram Sheet
For More Information
Q&A
2006 JavaOneSM Conference | Session BOF-0427 |
5
SCEA Exam Overview
●
●
Sun Certified Enterprise Architect for J2EE Technology
(Step 1 of 3)
Exam CX-310-051
●
●
●
●
●
●
●
Prerequisites: None
Cost: $150
Number of questions: 48
Pass score: 68% (33/48)
Time limit: 75 minutes
Delivered at: Authorized Prometric testing centers
Other exams/assignments required for this certification:
Step 2 (CX-310-300A), Step 3 (CX-310-061)
2006 JavaOneSM Conference | Session BOF-0427 |
6
SCEA Exam Objectives
●
Divided into 11 Categories:
●
●
●
●
●
●
●
●
●
●
●
1. Concepts
2. Common Architectures
3. Legacy Connectivity
4. Enterprise JavaBeans Technology
5. Enterprise JavaBeans Container Model
6. Protocols
7. Applicability of J2EE
8. Design Patterns
9. Messaging
10. Internationalization
11. Security
2006 JavaOneSM Conference | Session BOF-0427 |
7
1. Concepts
●
UML - Structural Elements
●
●
●
●
●
●
●
Class – rectangle
Interface – lollipop or stereotyped class
Use Case – oval
Collaboration – dashed oval
Active Class – bold border
Component – rectangle with “plugs”
Node – 3d box
2006 JavaOneSM Conference | Session BOF-0427 |
8
1. Concepts
●
UML - Relationships
●
●
Dependency
Association
●
●
●
●
Composition
Aggregation
Generalization
Realization
2006 JavaOneSM Conference | Session BOF-0427 |
9
2. Common Architectures
●
1-tier - monolithic, standalone
●
●
●
2-tier - client/server, fat client/stored procedures
●
●
●
pros: manageability, availability, reliability, performance, security
cons: scalability, maintainability, extensibility
pros: rapid prototyping
cons: maintainability (client versioning and distribution, business
logic changes)
3-tier/n-tier - typical J2EE architecture
●
●
●
●
●
Client Tier (web clients, applets)
Web Tier (web servers, JSP's, servlets)
Business Tier (EJB's)
EIS Integration Tier (JDBC, ODBC, Corba)
EIS Tier (databases, legacy data)
2006 JavaOneSM Conference | Session BOF-0427 |
10
3. Legacy Connectivity
●
●
Objective: Distinguish appropriate from inappropriate
techniques for providing access to a legacy system from
Java code given an outline description of that legacy
system
Concepts:
●
Screen Scraper – acts as terminal emulator on one end and an
object interface on the other
●
●
Object Mapping – wrappers map legacy objects
●
●
●
used when you have a graphical interface to a mainframe, but no
access to the mainframe source code
used when you have access to the mainframe source code
used if legacy interface changes often
Offboard Server – proxy for legacy system
●
often used with screen scrapers
2006 JavaOneSM Conference | Session BOF-0427 |
11
4. Enterprise JavaBeans Technology
●
●
●
●
Core of any enterprise architecture
Many questions are related to EJB in some way
EJB questions are in-depth
Benefits:
●
●
●
●
●
Distributed architecture
Resource pooling
Transaction management
Persistence
Security
2006 JavaOneSM Conference | Session BOF-0427 |
12
EJB Basics
●
Types of EJB’s and their purposes
●
Stateful Session Beans
●
●
Stateless Session Beans
●
●
Business logic
Entity Beans
●
●
Conversational state
Persistent business entities
Parts of an EJB
●
●
●
Home interface
Remote interface
Bean class
2006 JavaOneSM Conference | Session BOF-0427 |
13
5. Enterprise JavaBeans Container
Model
●
●
●
●
●
Bean finding and creation
Method execution
Passivation
Persistence
State transitions and callbacks (lifecycle
methods)
2006 JavaOneSM Conference | Session BOF-0427 |
14
Transactions
●
ACID principles
●
●
BMT (bean-managed transactions)
●
●
●
Atomic, Consistent, Isolated, Durable
Programmatic transaction demarcation
More flexible
CMT: (container-managed transactions)
●
●
●
Declarative transactions
Easier development
Transaction attributes
●
Result when method is called with or without an existing
transaction
2006 JavaOneSM Conference | Session BOF-0427 |
15
Persistence
●
When to use Entity beans
●
●
●
BMP
●
●
●
Ability to persist complex types
Potentially better performance
CMP
●
●
●
Never
Except when taking the exam
Faster development
Application Server portability
Data Access Objects (DAO)
●
greater database portability
2006 JavaOneSM Conference | Session BOF-0427 |
16
6. Protocols
Protocol
Description
Port
Stateful
Security
HTTP
HTTPS
IIOP
JRMP
Web
HTTP over SSL
CORBA’s transport
RMI’s transport
80
443
535
1099
No
Yes
Yes
Yes
No
Yes
CORBA
SSL & JAAS
IIOP can also be used as an alternative transport for RMI when all
remote interfaces are defined as Java RMI interfaces, which is the
case with EJBs.
2006 JavaOneSM Conference | Session BOF-0427 |
17
7. Applicability of J2EE Technology
Frameworks for Distributed Architectures:
• CORBA – moves state of object (call by value)
• RMI – moves state and behavior of object (call by reference)
Transport Protocols:
• IIOP – Default transport for CORBA, uses JAVA IDL, has access
to CORBA’s services
• RMI-IIOP – Standard protocol for EJBs
• RMI-JRMP – Used for pure Java solutions
Java Interfaces Supporting Distributed Architectures:
• Java IDL – Default interface for CORBA, treats Java like any other
language
• JNI – Used by JRMP to connect to other languages
2006 JavaOneSM Conference | Session BOF-0427 |
18
8. Design Patterns
●
●
●
●
●
From a list, select the most appropriate design pattern
for a given scenario. Patterns will be limited to those
documented in Gamma et al. and named using the
names given in that book.
State the benefits of using design patterns.
State the name of a design pattern (for example,
Gamma) given the UML diagram and/or a brief
description of the pattern's functionality.
Select from a list benefits of a specified design pattern
(for example, Gamma).
Identify the design pattern associated with a specified
J2EE feature
2006 JavaOneSM Conference | Session BOF-0427 |
19
Pattern Gotcha’s
●
Factory Method vs Abstract Factory
●
Both are used to defer instantiation to subclasses
Abstract Factory creates families of objects
●
Often implemented using Factory Methon
●
●
Singleton
●
●
Can maintain more than 1 instance
Template Method vs Strategy
●
Template Method lets you abstract part of algorithm,
Strategy abstracts the entire thing
2006 JavaOneSM Conference | Session BOF-0427 |
20
Enterprise Java Usage of Patterns
●
●
●
●
●
●
Prototype: like Java's Cloneable
Decorator: EJB Container adds security and
transactions to methods
Facade: Session Bean interface to Entity Beans
Flyweight: Session Bean pooling
Proxy: EJB Remote interface (stubs)
Observer: JMS Publish-Subscribe
2006 JavaOneSM Conference | Session BOF-0427 |
21
9. Messaging
Synchronous Messaging:
• Tight coupling
• Blocks sender
• Requires constant network
connectivity
Asynchronous Messaging:
• Loose coupling
• Does not block sender
• Does not require constant
network connectivity
Messaging Models:
Point-to-point: one sender to one receiver, uses Queues
Publish/Subscribe: one sender to multiple receivers, uses Topics
JMS is an interface only, does not include implementation.
JMS supports transactions across multiple messages.
Messages are routed via message brokers.
2006 JavaOneSM Conference | Session BOF-0427 |
22
10. Internationalization
Internationalization is the process of creating a program that can run
on any region. Localization is the process of customizing an
internationalized program to run on a particular region.
Types of data that vary by
region:
Java classes involved in
Internationalization:
• messages, labels
• colors, graphics, icons
• date/number/currency formats
• legal rules (tax algorithms)
• java.util.Locale
• java.util.ResourceBundle
• java.util.Properties
• java.text package
• java.io.Input/OutputStreamReader
2006 JavaOneSM Conference | Session BOF-0427 |
23
11. Security
●
General Applet Restrictions
●
●
●
●
In browsers, the Java Security Manager is installed and used by
default
Running an applet from the command line means that no
security manager is used by default.
Signed applets can connect to arbitrary hosts.
System properties can never be modified.
2006 JavaOneSM Conference | Session BOF-0427 |
24
Applet Abilities and Restrictions
●
Applet Permitted Operations
●
●
●
●
●
●
●
Create a thread
Read but not modify some system properties
Make network connection to the host it was downloaded from
Excessive CPU Usage - not monitored by Security Manger
Excessive Memory Usage - not monitored by Security Manger
Excessive Network Bandwidth Usage - not monitored by Security
Manger
Applet Not Permitted Operations
●
●
●
●
●
●
●
Cannot access files or directories on the host system
Cannot make network connections to any arbitrary host
Cannot read keystrokes intended for other parts of the browser or host
system
Cannot execute arbitrary programs on the host system
Cannot block or kill other threads
Cannot create top level windows
Cannot hide or replace system classes with downloaded classes
2006 JavaOneSM Conference | Session BOF-0427 |
25
Asymetric keys, Public keys, and
Private keys
●
●
●
●
Asymetric keys - use public and private keys to
encrypt messages
Public key - used for encrypting
Private key - used for decrypting
Encrypted messages are not required to be sent
via SSL since they're already encrypted
2006 JavaOneSM Conference | Session BOF-0427 |
26
Jar Signing
●
●
●
Just about any signed code can be
compromised or contain malicious code
Signing a jar signs the individual files it contains.
Unsigned files may be added to a signed jar
without invalidating the signature.
2006 JavaOneSM Conference | Session BOF-0427 |
27
Digital Signatures, Message Digests
and Certificate Authority (CA)
●
●
●
Digital Signature - only proves that the correct
private key was used. nothing more.
Message digest - only proves that a piece of
data has not been altered
Certificate Authority (CA) – only proves public
key belongs to who you think it does
2006 JavaOneSM Conference | Session BOF-0427 |
28
Firewalls, the DMZ, and Tunneling
●
●
●
●
●
●
●
Packet Filtering Routers - typically filter on destination
IP, port, and source IP.
Proxy Server - typically provides content filtering and
passes along packets
Firewalls - typically contain a packet filtering router and
proxy server(s)
Inner Firewall - the firewall between the DMZ and the
inner network
Outer Firewall - the firewall between the DMZ and the
outer world
DMZ - Zone between 2 firewalls
Tunneling - A means of circumventing a firewall
2006 JavaOneSM Conference | Session BOF-0427 |
29
Tips & Tricks
●
General Test Taking
●
●
●
●
●
●
Radio Buttons - Choose 1
Checkboxes - Choose 2 (or more) - pay attention to the "x" in
"Choose x"
Mark - So that you can review the question later
Images - Some questions require a user to view an image to
answer the question. A button provides this functionality.
Scrollbars - some answers to a question may be off the bottom
of the screen, requiring you to scroll to see them.
Time - Time starts once you are given the Terms and Conditions
page, so read them thoroughly beforehand.
2006 JavaOneSM Conference | Session BOF-0427 |
30
Tips & Tricks (continued)
●
●
●
●
Keywords
Mnemonics
Last Minute Cramming
Use of your scratch paper
2006 JavaOneSM Conference | Session BOF-0427 |
31
Resources and References
●
Sun Certified Enterprise Architect for J2EE
Technology Study Guide, Mark Cade and Simon
Roberts. 2002, Sun Microsystems Press.
●
●
●
Strengths: Best All-Around Study Guide – also
covers Part 2 and Part 3
Weaknesses: No coverage of Legacy Connectivity or
Messaging
http://leocrawford.org.uk/work/jcea/part1/
●
Covers the older version, but has good coverage of
messaging and legacy connectivity.
2006 JavaOneSM Conference | Session BOF-0427 |
32
Resources and References
●
●
●
Design Patterns: Elements of Reusable ObjectOriented Software, Erich Gamma, Richard
Helm, Ralph Johnson, John Vlissides, Grady
Booch. 1995, Addison-Wesley.
UML Distilled: A Brief Guide to the Standard
Object Modeling Language, Martin Fowler.
2003, Addison-Wesley.
“SCEA_J2EE” on Yahoo Groups
●
http://groups.yahoo.com/group/scea_j2ee/
2006 JavaOneSM Conference | Session BOF-0427 |
33
Resources and References
●
WhizLabs SCEA Simulator
●
●
●
http://www.whizlabs.com/scea/scea.html
Strengths: Fairly close to actual Prometric test format,
includes 7 sample exams.
Weaknesses: Covers EJB 2.0 and some J2EE
Design Patterns, neither of which are on the exam,
and cost is $89.95.
2006 JavaOneSM Conference | Session BOF-0427 |
34
Cram Sheet
2006 JavaOneSM Conference | Session BOF-0427 |
35
For More Information
●
Sun Certified Enterprise Architect for J2EE
Technology (Step 1 of 3) (CX-310-051)
●
●
Thompson Prometric – Schedule an Exam
●
●
http://securereg3.prometric.com/
This Presentation – Electronic Copy
●
●
http://www.sun.com/training/catalog/courses/CX-310-051.xml
http://www.briggman.com/scea
SCEA Cram Sheet – Electronic Copy
●
http://www.briggman.com/scea
2006 JavaOneSM Conference | Session BOF-0427 |
36
Q&A
Brian Briggman
Pat Guimaraes
Konrad Rokicki
2006 JavaOneSM Conference | Session TS-8360 |
37
Hacking the Sun Certified
Enterprise Architect Exam – Part 1
Brian Briggman
Pat Guimaraes
Konrad Rokicki
[email protected]
[email protected]
[email protected]
Session ID# BOF-0427
2006 JavaOneSM Conference | Session BOF-0427