Instructions
Answer all questions in the space provided (10cm). If you feel the need to write more than you can fit in the provided space, you are writing too much and your answer may be not what is wanted!
Duration is 1.5 hours. The final exam will consist of 15 questions only.
Distributed objects just look like local objects but are really quite different. Name and briefly describe 3 major ways that local and remote objects differ and the impact of these differences.
EJB and COM+ are both component technologies that aim to make it easier to build distributed object systems. List 4 ways in which they make this possible.
What purpose does the remote interface declaration serve in the J2EE world? What happens when such a declaration file is compiled and how is any resultant code used?
How does .NET avoid using an IDL but still support multiple programming languages?
How is metadata used to replace the files generated by a COM+ IDL compilation?
What is the J2EE equivalent of .NET Assemblies? How do they differ from Assemblies?
Describe the runtime steps involved in an RMI call using the JRMP protocol. How do these steps change if RMI over IIOP is being used instead?
1

.NET Remoting offers two types of ‘channel’ and two types of ‘formatter’. What are these and why are the choices given at all?
How do COM and .NET remoting manage the lifetime of distributed objects and garbage collect objects that are no longer in use?
Describe the steps that an EJB client has to go through to connect to an EJB server instance/object and start calling its methods.
Describe the steps that a COM+ client has to go through to connect to a COM+ server instance and start calling its methods.
How do COM+ clients get access to object references? Where are these references stored and how do they get there?
How do J2EE clients get access to object references? Where are these references stored and how do they get there?
J2EE implements its own security model, possibly separate from the security mechanisms provided by any supporting operating system. Discuss the advantages and disadvantages of this approach. How does this approach differ from that taken by .NET?
.NET uses ‘evidence’ in determining the permissions that should be granted to code.
What types of evidence does it look at and how is it used in determining privileges. Why does it do this?
Do EJB stateful session beans present any problems when you are trying to build a transactional application? How do stateless session beans avoid this problem?
2

Why are ACID transactions such a successful mechanism for maintaining data consistency despite failures and concurrency? What useful properties do ACID transactions provide to programmers? What are the consequences of the way these useful properties are normally implemented? Are these properties stronger than needed for some classes of application?
Why are ACID transactions unsuitable for long-running operations, or for applications that integrate services provided by untrusting business partners? How do compensators try to address this problem? What problems can you have when writing compensators?
Why do these problems arise?
Discuss the role that asynchronous messaging technologies play in enterprise architectures. Under what circumstances is messaging useful or necessary? Does messaging make it easier or harder to build reliable and consistent distributed applications (explain your answer)?
JMS is an API specification, not a protocol. Discuss the impact of this on the portability and interoperability of JMS applications.
Compare and contrast COM+ Queued components and EJB Message-driven Beans. How are they similar? How are they different?
Queuing technologies, such as MSMQ, MQ Series and JMS, support transactions.
Describe the operations available on transactional queues and how they differ from the transactional method calls supported by COM+ and J2EE.
Compare the COM+ Event mechanism to a multicast mechanism such as TIBCO’s
Rendezvous. Give 4 examples of similarities or differences.
What advantages do stateless designs offer over stateful ones for scalable systems? How can state be maintained in a stateless server?
3

Are enterprise applications ever really stateless? Discuss some of the mechanisms used to handle state in ‘stateless’ applications. What advantages do these techniques have over stateful objects?
What problems do EJB stateful session beans present when you are trying to build highly scalable and available systems? How can they be solved? Are these solutions proprietary or standard?
Are transactional stateful objects harder to build in COM+/.NET applications than stateless objects? Give 2 reasons for your answer. Do the same reasons apply for EJB applications?
What techniques would you use to build a highly scalable and available J2EE application? Will this application be portable?
Give 4 advantages or disadvantages that SOAP has over equivalent existing protocols such as IIOP, RPC or JRMP.
Is SOAP a complete replacement for existing protocols such as IIOP and DCOM RPC?
What applications is it currently best suited for? What features are missing?
Briefly describe the processing steps needed to handle a SOAP request/reply pair as it goes between a client and server and back again.
Describe the extensibility mechanisms built into the SOAP protocol. How is this mechanism used to provide security in the Web Services world?
What is WSDL and what purpose does it serve in the Web Services world? How does it relate to SOAP and UDDI?
4

What is the purpose of the WS-Coordination standard? What are the two transaction mechanisms supported by WS-Transactions and what purposes do they each serve? Why not have just one transaction mechanism?
What security concerns are addressed by the WS-Security standard? Very briefly describe how each of these concerns are handled.
5