Group items tagged

Changes for Hibernate 3.5 applications

if your application uses Hibernate 3 classes that are not available in Hibernate 4, for example, some of the validator or search classes, you may see ClassNotFoundExceptions when you deploy your application. If you encounter this problem, you can try one of two approaches: You may be able to resolve the issue by copying the specific Hibernate 3 JARs containing those classes into the application "/lib" directory or by adding them to the classpath using some other method. In some cases this may result in ClassCastExceptions or other class loading issues due to the mixed use of the Hibernate versions, so you will need to use the second approach. You need to tell the server to use only the Hibernate 3 libraries and you will need to add exclusions for the Hibernate 4 libraries. Details on how to do this are described here: JPA Reference Guide.

In previous versions of the application server, the JCA data source configuration was defined in a file with a suffix of *-ds.xml. This file was then deployed in the server's deploy directory. The JDBC driver was copied to the server lib/ directory or packaged in the application's WEB-INF/lib/ directory. In AS7, this has all changed. You will no longer package the JDBC driver with the application or in the server/lib directory. The *-ds.xml file is now obsolete and the datasource configuration information is now defined in the standalone/configuration/standalone.xml or in the domain/configuration/domain.xml file. A JDBC 4-compliant driver can be installed as a deployment or as a core module. A driver that is JDBC 4-compliant contains a META-INF/services/java.sql.Driver file that specifies the driver class name. A driver that is not JDBC 4-compliant requires additional steps, as noted below.

DataSource Configuration

domain mode, the configuration file is the domain/configuration/domain.xml

standalone mode, you will configure the datasource in the standalone/configuration/standalone.xml

MySQL datasource element:

        <connection-url>jdbc:mysql://localhost:3306/YourApplicationURL</connection-url>        <driver-class> com.mysql.jdbc.Driver </driver-class>        <driver> mysql-connector-java-5.1.15.jar </driver>

       <security>            <user-name> USERID </user-name>            <password> PASSWORD</password>        </security>

example of the driver element for driver that is not JDBC 4-compliant. The driver-class must be specified since it there is no META-INF/services/java.sql.Driver file that specifies the driver class name.

 <driver-class>com.mysql.jdbc.Driver</driver-class>

JDBC driver can be installed into the container in one of two ways: either as a deployment or as a core module

Install the JDBC driver

Install the JDBC driver as a deployment

In AS7 standalone mode, you simply copy the JDBC 4-compliant JAR into the AS7_HOME/standalone/deployments directory

example of a MySQL JDBC driver installed as a deployment:     AS7_HOME/standalone/deployments/mysql-connector-java-5.1.15.jar

if you’ve heard Rod Johnson speak he is always adamant that Spring has replaced Java EE. Its good to see that his rhetoric is utter BS!

Sorry, even Spring MVC sucks as much balls as JSF does.

Java EE wins over Spring

CDI closed API hole

Application server started to get their act together with regards to boot time.  It started with Glassfish and ended with JBoss 7.  Both of which can boot in a matter of seconds.

Arquillian allows you to run your unit tests in a real environment with real transactions, etc.  Personally I always despised mocks because they didn’t test in the environment you were going to run in.  I thought they were pointless and to this day, I refuse to use this testing pattern.

I’m glad Rod and company were able to cash out with the VMWare acquisition before Java EE was able to regain its dominance

SpringSource pushed Java EE to innovate and for that I’m very grateful.  For Java EE, it was either evolve or die.  They evolved, now its time for Spring to die.

without a time zone to model the domain

The discussion whether or not to use Spring vs. Java EE for new enterprise Java applications is a no-brainer

Why migrate?

since then fallen a prey to the hungry minds of Venture Capitalists and finally into the hands of a virtualization company called VMware

While the different companies and individuals behind the Spring framework have been doing some work in the JCP their voting behavior on important JSRs is peculiar to say the least

outdated ORM solution like JDBC templates

some developers completely stopped looking at new developments in the Java EE space and might have lost track of the current state of technology

size of the deployment archive

fairly standard Java EE 6 application will take up about 100 kilobytes

comparable Spring application weighs in at a whopping 30 Megabytes!

Lightweight

Firing up the latest JBoss AS 7 Application Server from scratch and deploying a full blown Java EE 6 application into the server takes somewhere between two and five seconds on a standard machine. This is in the same league as a Tomcat / Spring combo

Dependency injection

Java EE 6, the Context and Dependency Injection (CDI) specification was introduced to the Java platform, which has a very powerful contextual DI model adding extensibility of injectable enterprise services

Aspect Oriented Programming

“AOP Light” and this is exactly what Java EE Interceptors do

common pitfall when taking AOP too far is that your code might end up all asymmetric and unreadable. This is due to the fact that the aspect and its implementation are not in the same place. Determining what a piece of code will do at runtime at a glance will be really hard

Testing

With Arquillian we can get rid of mocking frameworks and test Java EE components in their natural environment

Tooling

capabilities comparison matrix below to map Spring’s technology to that of Java EE

Capability Spring JavaEE Dependency Injection Spring Container CDI Transactions AOP / annotations EJB Web framework Spring Web MVC JSF AOP AspectJ (limited to Spring beans) Interceptors Messaging JMS JMS / CDI Data Access JDBC templates / other ORM / JPA JPA RESTful Web Services Spring Web MVC (3.0) JAX-RS Integration testing Spring Test framework Arquillian *

TomEE+

OpenEJB

Java API for XML Web Services (JAX-WS) Java API for RESTful Web Services (JAX-RS) Java EE Connector Architecture Java Messaging Service (JMS)

Java Servlets Java ServerPages (JSP) Java ServerFaces (JSF) Java Transaction API (JTA)

Separating object id and business key

recommend using the "semi"-unique attributes of your persistent class to implement equals() (and hashCode()

The database identifier property should only be an object identifier, and basically should be used by Hibernate only

Instead of using the database identifier for the equality comparison, you should use a set of properties for equals() that identify your individual objects

"name" String and "created" Date, I can use both to implement a good equals() method

Workaround by forcing a save/flush

work around by forcing a save() / flush() after object creation and before insertion into the set

Note that it's highly inefficient and thus not recommended

 @UsingDataSet("datasets/users.yml")

   @ShouldMatchDataSet("datasets/expected-users.yml")

highly type-safe

consistent

portable

CDI enhances the Java EE programming model in two more important ways

allows you to use EJBs directly as JSF backing beans

CDI allows you to manage the scope, state, life-cycle and context for objects in a much more declarative fashion, rather than the programmatic way

CDI has no component model of its own

set of services that are consumed by Java EE components such as managed beans, Servlets and EJBs.

well-defined create/destroy life-cycle that you can get callbacks for via the @PostConstruct and @PreDestroy annotations.

Managed beans

annotation

CDI also integrates with JSF via EL bean name resolution

CDI does not directly support business component services such as transactions, security, remoting, messaging

JSR 330 defines a minimalistic API for dependency injection solutions and is primarily geared towards non-Java EE environments.

Figure 1 shows how CDI fits with the major APIs in the Java EE platform.

none of this uses string names that can be mistyped and all the code is in Java and so is checked at compile time

are additional pieces of meta-data that narrow down a particular class when more than one candidate for injection exists

From Spring to Java EE 6

role name to resolve

Collection of Permissions

free and more feature rich alternative to BlazeDS, but also outranks LCDS’ out-of-the-box features when it comes to data management, streaming media and integrating with mobile devices and Cloud computing

developer tools like code generation, invocation test drive and interoperability with multiple IDEs and frameworks

supporting integration with mobile clients (Android, Windows Phone 7, RIM Playbook and soon iOS) and the Java service layer, which includes support for Java POJOs, EJBs, Spring Beans, Grails controllers, Hibernate Objects and XML Web Services

do not at all describe "who" is able to perform the action(s)

Multiple Parts

Wildcard Permissions support the concept of multiple levels or parts. For example, you could restructure the previous simple example by granting a user the permission printer:query

Multiple Values Each part can contain multiple values. So instead of granting the user both the "printer:print" and "printer:query" permissions, you could simply grant them one: printer:print,query

All Values What if you wanted to grant a user all values in a particular part? It would be more convenient to do this than to have to manually list every value. Again, based on the wildcard character, we can do this. If the printer domain had 3 possible actions (query, print, and manage), this: printer:query,print,manage

simply becomes this: printer:*

Using the wildcard in this way scales better than explicitly listing actions since, if you added a new action to the application later, you don't need to update the permissions that use the wildcard character in that part.

Finally, it is also possible to use the wildcard token in any part of a wildcard permission string. For example, if you wanted to grant a user the "view" action across all domains (not just printers), you could grant this: *:view Then any permission check for "foo:view" would return true

Instance-Level Access Control

instance-level Access Control Lists

Checking Permissions

SecurityUtils.getSubject().isPermitted("printer:print:lp7200")

printer:*:*

all actions on a single printer

printer:*:lp7200

missing parts imply that the user has access to all values corresponding to that part

printer:print is equivalent to printer:print:*

Missing Parts

rule of thumb is to

when performing permission checks

first part is the

that is being operated on (printer)

second part is the

(query) being performed

three parts - the first is the

the second is the

third is the

allow access to

can only leave off parts from the end of the string

Performance Considerations

runtime implication logic must execute for

implicitly using Shiro's default

which executes the necessary implication logic

When using permission strings like the ones shown above, you're

Shiro's default behavior for Realm

for every permission check

need to be checked individually for implication

as the number of permissions assigned to a user or their roles or groups increase, the time to perform the check will necessarily increase

If a Realm implementor has a

more efficient way of checking permissions and performing this implication logic

should implement that as part of their

implies

user:*:12345

user:update:12345

printer

implies

printer:print

Implication, not Equality

permission

are evaluated by

logic - not equality checks

the former implies the latter

superset of functionality

implication logic can be executed at runtime

Query object that can then be executed to return a list of entities or a single entity.

Keeping the query and the code that sets these parameters together makes them both easier to understand