As it is to serve as an example rather than a commercial application, some areas have been ignored. However, these are essentially refinements, and do not affect the system architecture:
No security will be implemented for credit card purchasing. HTTPS would be used in a real application, but the details of setting this up vary between J2EE servers.
A real system would connect to an external payment processing system to process credit card payments. In the sample application, this is replaced by a dummy component that blocks for a varying period of time and randomly decides whether to approve or reject transactions.
No allowances will be made for special seating requirements such as wheelchair access, although this is an important consideration in most ticketing systems.