Skip to main content

Home/ SoftwareEngineering/ Group items tagged web framework

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
kuni katsuya

Article Series: Migrating Spring Applications to Java EE 6 - Part 1 | How to JBoss - 1 views

howtojboss.com/...plications-to-java-ee-6-part-1

spring javaee6 migration

shared by kuni katsuya on 06 Jun 12 - No Cached
  • In fact people still love those books without realizing that the world has changed dramatically ever since
  • The reality check here is to wonder whether the rhetorics set forth by Rod Johnson in his 2003/2004 books are still actual today
  • So if you still care about those books, the best way to show your appreciation is probably to use them as your monitor stand
  • ...21 more annotations...
  • The discussion whether or not to use Spring vs. Java EE for new enterprise Java applications is a no-brainer
  • Why migrate?
  • since then fallen a prey to the hungry minds of Venture Capitalists and finally into the hands of a virtualization company called VMware
  • While the different companies and individuals behind the Spring framework have been doing some work in the JCP their voting behavior on important JSRs is peculiar to say the least
  • outdated ORM solution like JDBC templates
  • some developers completely stopped looking at new developments in the Java EE space and might have lost track of the current state of technology
  • size of the deployment archive
  • fairly standard Java EE 6 application will take up about 100 kilobytes
  • comparable Spring application weighs in at a whopping 30 Megabytes!
  • Lightweight
  • Firing up the latest JBoss AS 7 Application Server from scratch and deploying a full blown Java EE 6 application into the server takes somewhere between two and five seconds on a standard machine. This is in the same league as a Tomcat / Spring combo
  • Dependency injection
  • Java EE 6, the Context and Dependency Injection (CDI) specification was introduced to the Java platform, which has a very powerful contextual DI model adding extensibility of injectable enterprise services
  • Aspect Oriented Programming
  • “AOP Light” and this is exactly what Java EE Interceptors do
  • common pitfall when taking AOP too far is that your code might end up all asymmetric and unreadable. This is due to the fact that the aspect and its implementation are not in the same place. Determining what a piece of code will do at runtime at a glance will be really hard
  • Testing
  • With Arquillian we can get rid of mocking frameworks and test Java EE components in their natural environment
  • Tooling
  • capabilities comparison matrix below to map Spring’s technology to that of Java EE
  • Capability Spring JavaEE Dependency Injection Spring Container CDI Transactions AOP / annotations EJB Web framework Spring Web MVC JSF AOP AspectJ (limited to Spring beans) Interceptors Messaging JMS JMS / CDI Data Access JDBC templates / other ORM / JPA JPA RESTful Web Services Spring Web MVC (3.0) JAX-RS Integration testing Spring Test framework Arquillian *
kuni katsuya

Session Management Cheat Sheet - OWASP - 0 views

www.owasp.org/...Session_Management_Cheat_Sheet

OWASP BestPractices CheatSheet SessionManagement

shared by kuni katsuya on 21 Sep 12 - No Cached
  • Session Management Cheat Sheet
  • should not be extremely descriptive nor offer unnecessary details
  • change the default session ID name of the web development framework to a generic name
  • ...50 more annotations...
  • length must be at least 128 bits (16 bytes)
  • Session ID Length
  • Session ID Name Fingerprinting
  • Session ID Properties
  • Session ID Entropy
  • must be unpredictable (random enough) to prevent guessing attacks
  • good PRNG (Pseudo Random Number Generator) must be used
  • must provide at least 64 bits of entropy
  • Session ID Content (or Value)
  • content (or value) must be meaningless
  • identifier on the client side
  • meaning and business or application logic associated to the session ID must be stored on the server side
  • session objects or in a session management database or repository
  • create cryptographically strong session IDs through the usage of cryptographic hash functions such as SHA1 (160 bits).
  • Session Management Implementation
  • defines the exchange mechanism that will be used between the user and the web application to share and continuously exchange the session ID
  • token expiration date and time
  • This is one of the reasons why cookies (RFCs 2109 & 2965 & 6265 [1]) are one of the most extensively used session ID exchange mechanisms, offering advanced capabilities not available in other methods
  • Transport Layer Security
  • use an encrypted HTTPS (SSL/TLS) connection for the entire web session
  • not only for the authentication
  • process where the user credentials are exchanged.
  • “Secure” cookie attribute
  • must be used to ensure the session ID is only exchanged through an encrypted channel
  • never switch a given session from HTTP to HTTPS, or viceversa
  • should not mix encrypted and unencrypted contents (HTML pages, images, CSS, Javascript files, etc) on the same host (or even domain - see the “domain” cookie attribute)
  • should not offer public unencrypted contents and private encrypted contents from the same host
  • www.example.com over HTTP (unencrypted) for the public contents
  • secure.example.com over HTTPS (encrypted) for the private and sensitive contents (where sessions exist)
  • only has port TCP/80 open
  • only has port TCP/443 open
  • “HTTP Strict Transport Security (HSTS)” (previously called STS) to enforce HTTPS connections.
  • Secure Attribute
  • instructs web browsers to only send the cookie through an encrypted HTTPS (SSL/TLS) connection
  • HttpOnly Attribute
  • instructs web browsers not to allow scripts (e.g. JavaScript or VBscript) an ability to access the cookies via the DOM document.cookie object
  • Domain and Path Attributes
  • instructs web browsers to only send the cookie to the specified domain and all subdomains
  • “Domain” cookie attribute
  • “Path” cookie attribute
  • instructs web browsers to only send the cookie to the specified directory or subdirectories (or paths or resources) within the web application
  • vulnerabilities in www.example.com might allow an attacker to get access to the session IDs from secure.example.com
  • Expire and Max-Age Attributes
  • “Max-Age”
  • “Expires” attributes
  • it will be considered a
  • persistent cookie
  • and will be stored on disk by the web browser based until the expiration time
  • use non-persistent cookies for session management purposes, so that the session ID does not remain on the web client cache for long periods of time, from where an attacker can obtain it.
  • Session ID Life Cycle
kuni katsuya

7. Tide Framework - Confluence - 0 views

www.graniteds.org/...7.+Tide+Framework

graniteds Tide documentation

shared by kuni katsuya on 09 Aug 12 - No Cached
  • GDS/Tide project represents the Data Services part of GDS
  • comparable to LiveCycle Data Services, which is neither open source nor free, as it provides similar features such as client container of managed entities, data paging, and integration with server components, but it is based on completely different principles:
  • strongly typed Hibernate/JPA detached objects
  • ...5 more annotations...
  • All managed entity instances are unique in a Tide context
  • Tide keeps the classic three layers web architecture, when LCDS removes the service layer, and is some kind of remote JPA provider for Flex applications
  • Tide approach is to minimize the amount of code needed to make things work between the client and the server
  • principles are very similar to the ones of JBoss Seam, which is the main reason why the first integration of Tide has been done with this framework. Integrations with Spring, EJB 3 and CDI are also available
  • need to compile your MXML/AS sources with the granite-essentials.swc and granite.swc libraries
kuni katsuya

FreeMarker: Java Template Engine Library - Overview - 0 views

freemarker.org

java template engine

shared by kuni katsuya on 18 May 12 - Cached
  • What is FreeMarker?
  • FreeMarker is not a Web application framework. It is suitable as a component in a Web application framework, but the FreeMarker engine itself knows nothing about HTTP or servlets
kuni katsuya

Why I will use Java EE instead of Spring in new Enterprise Java Projects in 2012 - Java... - 0 views

www.javacodegeeks.com/...ll-use-java-ee-instead-of.html

javaee vs spring

shared by kuni katsuya on 10 May 12 - No Cached
  • J2EE was horrible
  • This is why the Spring framework was created
  • It was lightweight, easy to use, and applications could be deployed in a web container (such as Tomcat) instead of a heavy J2EE application server
  • ...5 more annotations...
  • Pros and Cons of JEE and Spring
  • Advantages of JEE
  • set of standard specifications, thus it is vendor-independent
  • testing is possible!
  • Lightweight application servers and frameworks such as Arquillian arrived
kuni katsuya

Around the World in Java: Deconstructing Spring myths - 0 views

hwellmann.blogspot.ca/...constructing-spring-myths.html

spring myths

shared by kuni katsuya on 25 May 12 - No Cached
  • the glory of Spring's founding myth of killing the beast that was J2EE seems to be fading. The former beast is now as manageable and easy to use as Spring ever was, or even more so
  • Deconstructing Spring myths
  • looking at the capabilities of the Spring Framework itself, where are the killer features?
  • ...4 more annotations...
  • list of reasons why I feel more productive on Java EE 6 than on Spring 3.1
  • these days there's really no reason for preferring vendor-specific APIs over JPA 2.0
  • Spring and Java EE applications mostly differ in the following areas only: the web framework (Spring MVC vs. JSF vs. Wicket vs. Vaadin vs. Struts vs.....) Spring Beans vs. EJB Spring Dependency Injection vs. CDI or Java EE 5 @EJB or @Resource injection
  • Spring MVC feels rather old-school
kuni katsuya

2. Flex application initialization - Confluence - 0 views

www.graniteds.org/...lex+application+initialization

graniteds graniteds-tide-cdi-jpa flex client remoting initialization configuration

shared by kuni katsuya on 20 Aug 12 - No Cached
  • Application initialization
  • correct integration singleton for your application
  • depends on the server framework
  • ...7 more annotations...
  • Spring, Seam, Ejb, Cdi
  • It's even possible to use the Tide framework if you don't use GraniteDS as the AMF remoting provider by initializing the application with the singleton Tide.
  • Client-side setup for remoting
  • initialize manually the Flex remoting channels that will be used by Tide
  • use the DefaultServiceInitializer component
  • of course don't forget to change the context root to your web app path
  • { contextRoot: "/my-app" }
kuni katsuya

WebORB for Java Overview - 0 views

www.themidnightcoders.com/...weborb-for-java

opensource blazeds alternative

shared by kuni katsuya on 18 May 12 - No Cached
  • WebORB for Java
  • Solid Alternative to Adobe LCDS and BlazeDS
  • drop-in replacement for Adobe Live Cycle Data Services (LCDS) and BlazeDS
  • ...5 more annotations...
  • free and more feature rich alternative to BlazeDS, but also outranks LCDS’ out-of-the-box features when it comes to data management, streaming media and integrating with mobile devices and Cloud computing
  • developer tools like code generation, invocation test drive and interoperability with multiple IDEs and frameworks
  • supporting integration with mobile clients (Android, Windows Phone 7, RIM Playbook and soon iOS) and the Java service layer, which includes support for Java POJOs, EJBs, Spring Beans, Grails controllers, Hibernate Objects and XML Web Services
  • WebORB for Java
  • WebORB for Java
1 - 20 of 22 Next ›
Showing 20 items per page