This question is a very popular white board session question for both Java architects and experienced JEE Developers. You need to draw on your experience to tackle this question as there are no right or wrong answers. These high level diagrams and summary will help you refresh your memory.
Q. What should be a typical Java EE architecture for let’s say, a medium-size web-based application? How would you go about designing an online shopping cart?
A. Before start drawing the components on a white board, you need to show that you gather requirements.
#1. Gather Requirements & capacity planning
Ask both functional & non functional questions to gather requirements.
Functional Requirements: E.g. Does it support any loyalty programs or discount vouchers to apply discounts? How are online payments handled?, etc.
Non Functional Requirements: E.g. How many transactions per minute or hour should the system handle? How many concurrent users can we expect? etc.
The above questions will help with determining the baseline architecture & also for performing the capacity planning in terms of how many JEE servers are required, JVM settings in terms of heap memory, etc
#2 Draw the baseline architecture
Draw a big picture diagram. Mark the tiers, layers, key components, frameworks, etc. This is a 100 feet bird’s eye view of the components.
Be prepared for drill down questions like
1) Client pull Vs Server push. Client pull requires a special directive either in the HTML document header. This directive instructs the client to retrieve a specified document after a certain amount of time. In other words, the client opens a new connection to the server. Server push involves sending packets of data to the client periodically. The HTTP connection between the client and the server is kept open indefinitely. For example, you can use an asynchronous servlet.
2) When to use queue vs topic. Queue is for single receiver and a topic is for multiple subscribers.
3) When to use LDAP vs Database. LDAP stores data hierarchically and more suited for read intensive operations like looking up users, roles, etc for authorization, and database is more suited for CRUD operations.
Request 1: “OPTIONS” request as part of the handshake to determine if cross domain is allowed by the server.
Request 2: GET, POST, PUT, or DELETE request that performs the actual operation on the server.
A typical architecture is shown above, but it is imperative to understand various architectural patterns & integration styles. [Refer: Java/JEE integration styles interview questions and answers | Java/JEE Architecture overview interview questions and answers]
#3 Design patterns used
You will be using a number of different design patterns when building applications. In general, a web application will be using the design patterns discussed at 4 JEE Design Patterns Interview Q&As. It is also imperative to understand the DI & IoC patterns. This is explained for Spring at Spring DI & IoC interview Q&As. There could also be GoF design patterns applied as and when makes sense as explained at 12 Java design patterns interview questions & answers
#4 Draw UML & ERD diagrams
You represent your Class design & interactions between the classes & objects via UML diagrams. You can learn more about UML diagrams at 12 UML interview Questions & Answers.
You design your database entities via an ERD diagram. You can learn more about ERD diagrams at 10 ERD (Entity-Relationship Diagrams) Interview Questions and Answers.
#5 Security considerations
Enterprise applications make use of SSO (Single-Sign-On) with enterprise level products like SiteMinder, Tivoli Access Manager, etc.
For example, SSO application like SiteMinder is configured to intercept the calls to authenticate the user. Once the user is authenticated, a HTTP header “SM_USER” is added with the authenticated user name. For example “123”. The user header is passed to Spring 3 security. The “Security.jar” is a custom component that knows how to retrieve user roles for a given user like 123 from a database or LDAP server. This custom component is responsible for creating a UserDetails Spring object that contains the roles as authorities. Once you have the authorities or roles for a given user, you can restrict your application URLs and functions to provide proper access control.
#6 Transaction Management
Transaction management takes place at the service layer. You can use a Spring transaction manager with annotations such as @Transactional to demarcate transactional boundaries. The service class can call multiple data access object (DAOs) within a transactional context.
#7 Quality of Service (QoS) considerations
Quality of service (QoS) requirements are technical specifications that specify the system quality of features such as availability, scalability, serviceability, etc. This is covered in detail under QoS interview questions and answers.
Finally, the modern applications are highly distributed making use of various architecture and integration styles described in:
Java integration styles and Java architectures. A typical enterprise application will make use of a combination of these integration styles and architecture. For example, here is a very simplified trading application making use of “synchronous” and “asynchronous” calls. This allow traders to place buy/sell trades online.
as you can see, it makes use of
1) Message Oriented Middle wares (MOM) like WebMethods or Tibco to publish or subscribe messages (i.e. trades).
2) Web services to perform CRUD (Create Read Update and Delete) operations.
3) MVC architecture to display data on the GUI to provide a user interface.
4) JDBC to persist/read user interactions via CRUD operations.
5) FIX protocol to communicate to the stock exchange. It is a standard to exchange financial information.
#8 Choice of technologies & frameworks
Choose what technologies & frameworks to be used for
1) Development: Java 8, Spring, Hibernate, AngularJS, etc.
2) Unit testing: JUnit, Mockito, Spring Test, etc.
3) Automated testing: Selenium, jBehave, etc.
4) Performance testing & profiling: JMeter, jVisualVM, etc.
5) Penetration testing: Google’s Skipfish, Firefox plugin “tamperdata“, etc.
6) Cross browser compatibility testing: BrowserStack, Litmus, etc.
7) Code repository: Git Hub, etc.
8) Build, Continuous Integration & deployment: Maven, Jenkins, etc.
There are myriad of other tools, frameworks, and technologies. I have listed them at 20+ Pre interview refresher on productivity & debugging tools for Java developers
All the above needs to be documented. You can use Wiki, Confluence, Sharepoint, etc to store the relevant technical & non technical information.