1

Details

I have an activity diagram for Login section designed in Eclipse Papyrus. Now I have to write OCL constraints for the following conditions:

  1. a username must be string and < 8 characters
  2. a password must be numeric+special chars and > 10 characters
  3. a user can attempt maximum up to 5 times otherwise the system will lock the login

My Effort

I already done this in class diagram like this but don't know how to apply constraints in activity diagram. I have read a lot of articles, watched videos and research papers and checked questions like this, this, this and this but none of them provide a proper answer.

Sample of my activity diagram image

halfer
  • 19,824
  • 17
  • 99
  • 186
discky
  • 7
  • 3
  • i already had a question on [link] (https://stackoverflow.com/questions/50315035/how-to-specify-ocl-constraints-for-login-in-class-diagram) but it was not answered properly and still i am confused. – discky May 18 '18 at 09:31
  • If you want a sensible answer, you need to provide a zipped project of your best attempt. You really cannot expect the fragmentary information from this and this and this to be pieced together by a respondent. – Ed Willink May 18 '18 at 10:19
  • @EdWillink you mean that i have to upload my project file here ?? – discky May 18 '18 at 20:37
  • Yes. If you want me to look at your model you have to provide your model. Eclipse OCL specific bugs are more usually on https://www.eclipse.org/forums/index.php/f/26/ – Ed Willink May 19 '18 at 05:26
  • @EdWillink here https://www.dropbox.com/s/45ngodt508s99yx/Login%20class%2Bactivity%20with%20OCL.zip?dl=0 is my project file . – discky May 19 '18 at 07:44
  • I see no ZIP archive; just some disparate files, one of which (.project) is unreadable. – Ed Willink May 19 '18 at 11:26
  • @EdWillink sorry for the file issue,, may i know any other medium to send you the project folder. i have re upload to dropbox https://www.dropbox.com/s/ig2nrs18j9sfmop/Login%20activity%20with%20OCL.zip?dl=0 – discky May 19 '18 at 12:23
  • What's the problem with creating a ZIP file? Eclipse has File->Export->Archive File – Ed Willink May 19 '18 at 16:43
  • @EdWillink here is archive file , https://www.dropbox.com/s/vjkm0zocdm52oww/archive%20file.zip?dl=0 – discky May 19 '18 at 20:20
  • @EdWillink can you draw the activity diagram with the mentioned OCL in eclipse for me. help will be appreciated. – discky May 24 '18 at 10:20
  • Yes I can. But my time more valuable to me, unless you are interested in paying an exorbitant consultancy fee upfront. – Ed Willink May 24 '18 at 14:51

1 Answers1

0

This doesn't seem to have much to do with Activity Diagrams. Your new wording is clear, 5 attempts on one form or one attempt on each of five forms is bad, so User_Account::failedAttempts (rather than login::attempts) is a sensible model feature.

The Constraint is most eaaily defined as an upperbound of 5 on User_Account::failedAttempts. Note that a Constraint defines what is valid not how to react to invalidity. You could more use an invariant to upperbound against a maximumAttempts() computed value. You could inadvisedly use pre/ postconditions on operations or just knit your control operations.

You could sensibly have a User_Account::isLocked() operation whose body is failedAttempts >= maximumAttempts().

The Activity provides the Control for the Model. Presumably it has a lifeline associated with creation/destruction of a login. Presumably it makes use of a DataBase::checkPassword(userName, password) operation that return the User_Account and increments User_Account::failedAttempts as a side-effect. The enforcement of the maximum is therefore in User_Account::checkPassword. (NB you should not do two stage access for User_Account lookup then password validation to ensure that hackers cannot distinguish, possibly just by response time, whether a failure is due to a bad username or bad password.)

You need to clearly identify what is in the Model; what persists for the duration of your system, perhaps being restored from backup following a system restart. Therefore User_Account must have username and password and failedAttempts properties to define the persistent state.

Conversely what is part of the View/Control can be lost and recreated when another user interaction is initiated. The login form therefore also has username and password properties to represent what is entered on the form and which will be correlated with the Model DataBase by perhaps DataBase::getUserAccount and UserAccount::checkPassword.

I would not pollute the persistent DataBase model with transient login content. If you require recreation of in-progress login attempts across a server failure, I would have a separate ViewDataBase of transient viewed state. If nothing else you would recover the server failure by reactivating the persistent DataBase before reactivating the transient activities.

Ed Willink
  • 1,205
  • 7
  • 8