Skip to main content

Home/ SoftwareEngineering/ Group items tagged Channels

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
kuni katsuya

BlazeDS Developer Guide - BlazeDS client architecture - 0 views

livedocs.adobe.com/...help.html

blazeds Flex RemoteObject Producer Consumer HTTPService WebService Channels ChannelSets Messages

shared by kuni katsuya on 18 Sep 12 - No Cached
kuni katsuya

TH01-EP03-US004 - Property Mgmt, Edit Location & Directions, Content Mgmt - Projects - ... - 0 views

confluence.visualfrenzy.com/...viewpage.action

shared by kuni katsuya on 06 Dec 12 - No Cached
  • Property Mgmt
  • Property Mgmt
  • Property Mgmt
  • ...18 more annotations...
  • Property Mgmt
  • Property Mgmt
  • Property Mgmt
  • As a user
    • kuni katsuya
      kuni katsuya on 06 Dec 12
       
      with what granted roles? from which organization?
  • ability to see
    • kuni katsuya
      kuni katsuya on 06 Dec 12
       
      permissions required: retrieve these resource types
  • Location Type
  • Description
  • Airports
  • belonging to other organizations
    • kuni katsuya
      kuni katsuya on 06 Dec 12
       
      content (license) owned by organization different than user's
  • clone this information
    • kuni katsuya
      kuni katsuya on 06 Dec 12
       
      clone = retrieve, then create ie. required permissions: {retrieve,create:}
  • have the rights
    • kuni katsuya
      kuni katsuya on 06 Dec 12
       
      generally speaking, there can be a few independent but overlapping mechanism that will control who is allowed to do what with content: 1. any subject's access to the content itself can be controlled via authorization rules (ie. required vs granted permissions) enforced via system-wide resource-based access control 2. content licensors (~content owners) can restrict the usage of their content by: * whom - ie. content licensee (legally/commercially represented by an organization) * how - eg. reuse as unmodified, create derivatives, composite, redistribute, etc * where - ie. distribution channels their content can be used (eg. only on hotel's vbrochure site, but not in any ids/gds channels) * when - temporal restrictions may limit scope of content license grant by: start, end, duration, season, etc 3. content licensees can further filter or funnel content available to them (resulting from a combination of license granted to them and access control) based on their own criteria (eg. generate a templated hotel presentation only if: at least 1 textual description, 5 photos and 1 video for a hotel is available with a license to combine them (composite content)
  • see how other organizations describe the property
    • kuni katsuya
      kuni katsuya on 06 Dec 12
       
      permission required: retrieve hotel descriptive content(?) owned by independent organization
  • Property Mgmt
  • which textual information
  • displayed
    • kuni katsuya
      kuni katsuya on 06 Dec 12
       
      displayed where? on specific channels?
  • ECM will ask user to confirm that the user has rights to use that content
    • kuni katsuya
      kuni katsuya on 06 Dec 12
       
      if ecm/vfml is to manage content licensing as a third party between organizations (content licensors & licensees) shouldn't ecm *know* if the user('s organization) has rights to use the content in question? is this question posed to the user (with required explicit acknowledgement) purely to absolve vfml from liability issues that may result from licensing disagreements?
  • property’s
    • kuni katsuya
      kuni katsuya on 06 Dec 12
       
      this being the user's (organization's) 'version'or 'view'of the hotel, since this user normally wouldn't/shouldn't be granted permissions to replace content for a hotel on a different organization's 'view'or 'version' of the same hotel
  • to see the user’s original content
    • kuni katsuya
      kuni katsuya on 06 Dec 12
       
      this implies that *at least* one version of such (temporarily) replaceable content needs to be managed/maintaned to allow reverting what if, deliberately, ignorantly or maliciously, a user replaces the same piece of--textual or any type, really--content for this hotel n times? will all n versions be required to be managed as an undo history? the user's ''original content'' might have been version 1, but equally might have been 1 mean: - previous version of the content, regardless of which user - initial version of that content attached to the hotel regardless of which user created/updated it and ignoring which organization owns it?, or, -
kuni katsuya

BlazeDS Developer Guide - 0 views

livedocs.adobe.com/...help.html

graniteds flex java type conversion

shared by kuni katsuya on 01 Nov 12 - Cached
  • Serializing between ActionScript and Java
  • java.util.Date (formatted for Coordinated Universal Time (UTC))
  • java.util.Date, java.util.Calendar, java.sql.Timestamp, java.sql.Time, java.sql.Date
  • ...19 more annotations...
  • Object (generic)
  • java.util.Map
  • Array (dense)
  • java.util.List
  • List becomes ArrayList SortedSet becomes TreeSet Set becomes HashSet Collection becomes ArrayList
  • Array (sparse) java.util.Map java.util.Map
  • java.util.Map If a Map interface is specified, creates a new java.util.HashMap for java.util.Map and a new java.util.TreeMap for java.util.SortedMap.
  • BlazeDS passes an instance of java.util.ArrayList to parameters typed with the java.util.List interface and any other interface that extends java.util.Collection. Then these types are
  • sent back to the client as mx.collections.ArrayCollection instances
  • If you require normal ActionScript Arrays sent back to the client, you must set the legacy-collection element to true in the serialization section of a channel-definition's properties; for more information, see Configuring AMF serialization on a channel.
  • legacy-collection Default value is false. When true, instances of
  • java.util.Collection
  • are returned as
  • ActionScript Arrays
  • legacy-map Default value is false. When true, java.util.Map instances are serialized as an ECMA Array or associative array instead of an anonymous Object.
  • A typical reason to use custom serialization is to avoid passing all of the properties of either the client-side or server-side representation of an object across the network tier.
  • standard serialization scheme, all public properties are passed back and forth between the client and the server.
  • Explicitly mapping ActionScript and Java objects
  • Private properties, constants, static properties, and read-only properties, and so on, are not serialized
kuni katsuya

Chapter 3. Project Setup - 0 views

www.graniteds.org/...graniteds.projectsetup.html

graniteds project configuration

shared by kuni katsuya on 08 Aug 12 - No Cached
  • The configuration of a GraniteDS project will generally involve the following steps : Add the GraniteDS jars to the WEB-INF/lib folder of the WAR file or the lib folder of the EAR file Add the GraniteDS listener, servlets and filters in the standard WEB-INF/web.xml configuration file Define the internal configuration of GraniteDS in the WEB-INF/granite/granite-config.xml file Define the application configuration of GraniteDS (remoting destinations, messaging topics...) in the WEB-INF/flex/services-config.xml
  • You will always need granite.jar
  • jar for your JPA provider (granite-hibernate.jar for Hibernate)
  • ...11 more annotations...
  • granite-beanvalidation.jar if you want to benefit from the integration with the Bean Validation API
  • configuration file declares 3 differents things
  • Channel endpoint
  • Service factories
  • Service/destinations
  • destinations using this factory will route incoming remote calls to EJB 3
  • endpoint
  • factory 
  • destination
  • channel 
  • factory
kuni katsuya

TH03-EP01-US001 - Media Management, Media Upload, Media Item Fields (Groomed BE21, FE8)... - 0 views

confluence.visualfrenzy.com/...viewpage.action

UserStory ECM Cube MediaManagement

shared by kuni katsuya on 19 Dec 12 - No Cached
  • Media Management,
  • upload a new media item
  • syndication and encoding - not part of this user story
  • ...26 more annotations...
  • definition
    • kuni katsuya
      kuni katsuya on 19 Dec 12
       
      ie. attach the following metadata to the uploaded media item
  • Owner
  • Rights of owner
    • kuni katsuya
      kuni katsuya on 19 Dec 12
       
      dependent on implementation of licensing/rights management system which is tbd, so these will be best guess stubs for now
  • Rights expiry date
    • kuni katsuya
      kuni katsuya on 19 Dec 12
       
      dependent on implementation of licensing/rights management system which is tbd, so these will be best guess stubs for now
  • Syndication
    • kuni katsuya
      kuni katsuya on 19 Dec 12
       
      dumbed down, feature parity implementation is just a list of idss allowed distribution (i believe) use existing legacy infrastructure? ultimate syndication system will depend on: - licensing - explicit list of syndication channels (much like legacy) - rule-based routing
  • Caption
  • Category
    • kuni katsuya
      kuni katsuya on 19 Dec 12
       
      ota category assumed
  • Seasonality display rules
    • kuni katsuya
      kuni katsuya on 19 Dec 12
       
      this is one (simple) example of rule-based syndication: rule type: temporal (which could include: time range, recurrence, end time, etc) rule: syndicate while startDate>=now() and endDate<=now()
  • Short description
  • Long description
  • Search keywords
  • Associated with
    • kuni katsuya
      kuni katsuya on 19 Dec 12
       
      huh?
  • in the media library
  • can be viewed by users
    • kuni katsuya
      kuni katsuya on 19 Dec 12
       
      not only new ecm users, but legacy viewers as well ie. content uploaded via ecm must be available for display in legacy viewers, at least until legacy system is replaced and shutdown for good
  • Uploaded by
  • Date uploaded
  • Date modified
  • Last modified by
  • Status
    • kuni katsuya
      kuni katsuya on 19 Dec 12
       
      TO DO: for new domain model, should define explicit content life cycle with state diagram
  • File type
  • Media type
  • Dimensions
  • Aspect ratio
    • kuni katsuya
      kuni katsuya on 19 Dec 12
       
      aspect ratio doesn't need to be stored in db as metadata, since it can be calculated cheaply based on the dimensions
  • File size
    • kuni katsuya
      kuni katsuya on 19 Dec 12
       
      units: bytes
  • File name
    • kuni katsuya
      kuni katsuya on 19 Dec 12
       
      is this the original name of the file that was uploaded? if not, and it supposed to be the medlib file name, imho, should not be exposed. the medlib file name should be immaterial to the ecm user and generally, vfml should treat them as opaque to allow future changes without customer dependencies the only time an ecm user should care about a 'file name' is when they're uploading or downloading. but... once the file is uploaded, who cares what the original file name was? it will be recorded, but should be inconsequential to anything since it would never, ever be referred to again on download, (save as...) the original file name *could* be used, but any file name is just as good, since the downloader would also be given the option to rename the file
  • Media units consumed
    • kuni katsuya
      kuni katsuya on 19 Dec 12
       
      calculated/cached value pull from legacy system in future sprints, could start to build phased shell of the marketing xxx system 1. getMediaUnits()
    • kuni katsuya
      kuni katsuya on 19 Dec 12
       
      TODO: confirm with david and/or henry.wu where/how to obtain 'media units consumed' for a media item
kuni katsuya

Externalizing Service Configuration using BlazeDS and LCDS - 0 views

coenraets.org/...uration-using-blazeds-and-lcds

flex service configuration

shared by kuni katsuya on 21 Aug 12 - No Cached
  • Externalizing Service Configuration using BlazeDS
  • RemoteObject
  • *when* the configuration of your services is being read.
  • ...26 more annotations...
  • application stops working when you move it to another server
  • project in Flex Builder
  • check “use remote object access service”
  • This adds a compiler argument pointing to the location of your
  • services-config.xml
  • -services
  • services-config.xml
  • When you then
  • compile
  • your application, the required
  • values
  • of services-config.xml are
  • baked into the SWF
  • read at
  • compile time
  • not at runtime
  • {server.name}
  • {server.port}
  • {context.root}
  • {server.name} and {server.port} are replaced at
  • server the SWF was loaded from
  • {context.root} is still substituted at
  • compile time
  • Flex SDK provides an API that allows you to configure your channels at runtime
  • number of ways you can pass values to a SWF at runtime
  • read a configuration file using HTTPService at application startup
kuni katsuya

2. Flex application initialization - Confluence - 0 views

www.graniteds.org/...lex+application+initialization

graniteds graniteds-tide-cdi-jpa flex client remoting initialization configuration

shared by kuni katsuya on 20 Aug 12 - No Cached
  • Application initialization
  • correct integration singleton for your application
  • depends on the server framework
  • ...7 more annotations...
  • Spring, Seam, Ejb, Cdi
  • It's even possible to use the Tide framework if you don't use GraniteDS as the AMF remoting provider by initializing the application with the singleton Tide.
  • Client-side setup for remoting
  • initialize manually the Flex remoting channels that will be used by Tide
  • use the DefaultServiceInitializer component
  • of course don't forget to change the context root to your web app path
  • { contextRoot: "/my-app" }
kuni katsuya

Chapter 17. Configuration Reference - 0 views

www.graniteds.org/...graniteds.configuration.html

graniteds configuration reference

shared by kuni katsuya on 09 Aug 12 - No Cached
  • &lt;security&gt;
  • custom security service that should implement org.granite.messaging.service.security.SecurityService
  • services-config.xml
  • ...1 more annotation...
  • contains all the remoting and messaging configuration of the application. There are three main sections: channels, factories and services.
kuni katsuya

Chapter 6. Messaging (Gravity) - 0 views

www.graniteds.org/...graniteds.messaging.html

graniteds messaging Gravity JMS ProducerConsumer

shared by kuni katsuya on 09 Aug 12 - No Cached
  • Granite Data Services provides a messaging feature, code name Gravity, implemented as a Comet-like service with AMF3 data polling over HTTP (producer/consumer based architecture)
  • GraniteDS messaging relies on two main AS3 components on the Flex side: org.granite.gravity.Consumer and org.granite.gravity.Producer
  • 6.3.&nbsp;Common Configuration There are three main steps to configure Gravity in an application: Declare the Gravity servlet implementation for your target server in web.xml Declare a messaging service and destination in services-config.xml, mapped to a specific channel definition of type GravityChannel
  • ...10 more annotations...
  • org.granite.gravity.tomcat.GravityTomcatServlet
  • /gravityamf/*
  • 6.3.1.&nbsp;Supported Application Servers
  • GraniteDS provides a generic servlet implementation that can work in any compliant servlet container
  • blocking IO and thus will provide relatively limited scalability
  • GraniteDS thus provides implementations of non blocking messaging for the most popular application servers.
  • asynchronous non blocking servlets
  • JBoss 5+org.granite.gravity.jbossweb.GravityJBossWebServletOnly with APR/NIO enabled (APR highly recommended)
  • GlassFish 3.xorg.granite.gravity.async.GravityAsyncServletUsing Servlet 3.0
  • Tomcat 7.x / Jetty 8.xorg.granite.gravity.async.GravityAsyncServletUsing Servlet 3.0
kuni katsuya

Session Management Cheat Sheet - OWASP - 0 views

www.owasp.org/...Session_Management_Cheat_Sheet

OWASP BestPractices CheatSheet SessionManagement

shared by kuni katsuya on 21 Sep 12 - No Cached
  • Session Management Cheat Sheet
  • should not be extremely descriptive nor offer unnecessary details
  • change the default session ID name of the web development framework to a generic name
  • ...50 more annotations...
  • length must be at least 128 bits (16 bytes)
  • Session ID Length
  • Session ID Name Fingerprinting
  • Session ID Properties
  • Session ID Entropy
  • must be unpredictable (random enough) to prevent guessing attacks
  • good PRNG (Pseudo Random Number Generator) must be used
  • must provide at least 64 bits of entropy
  • Session ID Content (or Value)
  • content (or value) must be meaningless
  • identifier on the client side
  • meaning and business or application logic associated to the session ID must be stored on the server side
  • session objects or in a session management database or repository
  • create cryptographically strong session IDs through the usage of cryptographic hash functions such as SHA1 (160 bits).
  • Session Management Implementation
  • defines the exchange mechanism that will be used between the user and the web application to share and continuously exchange the session ID
  • token expiration date and time
  • This is one of the reasons why cookies (RFCs 2109 &amp; 2965 &amp; 6265 [1]) are one of the most extensively used session ID exchange mechanisms, offering advanced capabilities not available in other methods
  • Transport Layer Security
  • use an encrypted HTTPS (SSL/TLS) connection for the entire web session
  • not only for the authentication
  • process where the user credentials are exchanged.
  • “Secure” cookie attribute
  • must be used to ensure the session ID is only exchanged through an encrypted channel
  • never switch a given session from HTTP to HTTPS, or viceversa
  • should not mix encrypted and unencrypted contents (HTML pages, images, CSS, Javascript files, etc) on the same host (or even domain - see the “domain” cookie attribute)
  • should not offer public unencrypted contents and private encrypted contents from the same host
  • www.example.com over HTTP (unencrypted) for the public contents
  • secure.example.com over HTTPS (encrypted) for the private and sensitive contents (where sessions exist)
  • only has port TCP/80 open
  • only has port TCP/443 open
  • “HTTP Strict Transport Security (HSTS)” (previously called STS) to enforce HTTPS connections.
  • Secure Attribute
  • instructs web browsers to only send the cookie through an encrypted HTTPS (SSL/TLS) connection
  • HttpOnly Attribute
  • instructs web browsers not to allow scripts (e.g. JavaScript or VBscript) an ability to access the cookies via the DOM document.cookie object
  • Domain and Path Attributes
  • instructs web browsers to only send the cookie to the specified domain and all subdomains
  • “Domain” cookie attribute
  • “Path” cookie attribute
  • instructs web browsers to only send the cookie to the specified directory or subdirectories (or paths or resources) within the web application
  • vulnerabilities in www.example.com might allow an attacker to get access to the session IDs from secure.example.com
  • Expire and Max-Age Attributes
  • “Max-Age”
  • “Expires” attributes
  • it will be considered a
  • persistent cookie
  • and will be stored on disk by the web browser based until the expiration time
  • use non-persistent cookies for session management purposes, so that the session ID does not remain on the web client cache for long periods of time, from where an attacker can obtain it.
  • Session ID Life Cycle
kuni katsuya

Forgot Password Cheat Sheet - OWASP - 0 views

www.owasp.org/...Forgot_Password_Cheat_Sheet

security authentication password ForgotPassword PasswordReset

shared by kuni katsuya on 21 Sep 12 - No Cached
  • Forgot Password Cheat Sheet
  • no industry standard for implementing a Forgot Password feature
  • Step 1) Gather Identity Data or Security Questions
  • ...12 more annotations...
  • asks the user for multiple pieces of hard data that should have been
  • previously collected
  • send the password reset information to some
  • out-of-band side-channel
  • such as a (possibly different) email address or an SMS text number, etc. to be used in Step 3.
  • Step 2) Verify Security Questions
  • application verifies that each piece of data is correct for the given username
  • If anything is incorrect, or if the username is not recognized, the second page displays a generic error message such as “Sorry, invalid data”. If all submitted data is correct, Step 2 should display at least two of the user’s pre-established personal security questions, along with input fields for the answers.
  • Avoid sending the username as a parameter
  • Do not provide a drop-down list
  • server-side session
  • user's email account may have already been compromised
1 - 11 of 11
Showing 20 items per page