Although this chapter introduced the significant aspects of architecture as it pertains to the J2EE platform, the actual architecture of the sample application is gradually built throughout this book using a use case–driven approach. In the chapters to come, we will incrementally build out each use case in the presentation and business tier employing an MVC-based architecture. Central to our discussion are the various design patterns that can be leveraged to provide consistent implementation across all use cases.
Application security is another important aspect of the overall application design for controlling access to protected resources. Security is pervasive in an application, at the same time the security must be incorporated in a manner that offers a high degree of loose coupling between the security components and the components that implement the business logic. A change in the access control mechanism should have little or no effect on the business logic. Classifying the security requirements in terms of channel security, network identity management, and authentication and authorization offers us the opportunity to clearly discern the interaction points between the application and the security infrastructure. This further assists in the creation of guidelines that are helpful in the evaluation of third-party products that may provide either part of the solution or the complete solution.