Skip to main content

Home/ SoftwareEngineering/ Group items tagged apache

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
kuni katsuya

UsernamePasswordToken (Apache Shiro 1.2.1 API) - 0 views

shiro.apache.org/...UsernamePasswordToken.html

ApacheShiro security authentication token AuthenticationToken UsernamePasswordToken

shared by kuni katsuya on 03 Sep 12 - No Cached
  • UsernamePasswordToken
  • HostAuthenticationToken interface to retain the host name or IP address location from where the authentication attempt is occuring.
  • A simple username/password authentication token to support the most widely-used authentication mechanism
kuni katsuya

Testing | Apache Shiro - 0 views

shiro.apache.org/testing.html

security ApacheShiro testing

shared by kuni katsuya on 22 Sep 12 - No Cached
  • Testing with Apache Shiro
  • how to enable Shiro in unit tests.
  • Subject
  • ...14 more annotations...
  • is security-specific view of the
  • 'currently executing' user
  • and that Subject instances are always bound to a thread to ensure we know who is executing logic at any time during the thread's execution
  • Subject instance must be created
  • Subject instance must be bound to the currently executing thread
  • Subject must be unbound to ensure that the thread remains 'clean' in any thread-pooled environment
  • Shiro has architectural components that perform this bind/unbind logic automatically
  • root Shiro Filter performs this logic when filtering a request
  • after creating a Subject instance, it must be bound to thread
  • Test Setup
  • 'setup' and 'teardown'
  • can be used in both unit testing and integration testing
  • AbstractShiroTest
  • abstract class AbstractShiroTest
kuni katsuya

Subject | Apache Shiro - 0 views

shiro.apache.org/subject.html

security ApacheShiro subject documentation

shared by kuni katsuya on 23 Sep 12 - No Cached
  • Understanding Subjects in Apache Shiro
  • 'Subject'
  • is just a security term that means a
  • ...8 more annotations...
  • security-specific 'view'
  • of an application user
  • Subject instance represents both security state and operations for
  • a single application user
  • in the security world, the term 'Subject' is actually the recognized nomenclature
  • Subject currentUser = SecurityUtils.getSubject();
  • obtain the currently executing Subject by using org.apache.shiro.SecurityUtils:
  • Subject based on user data associated with current thread or incoming request.
kuni katsuya

Fetching Client IP Address and Header information in JBoss AS7 access log « J... - 0 views

middlewaremagic.com/jboss

jbossas7 AccessLog

shared by kuni katsuya on 11 Oct 12 - No Cached
  • Fetching Client IP Address and Header information in JBoss AS7 access log
  • “org.apache.catalina.valves.AccessLogValve”
  • More informations about this Valve can be found in the following link: http://tomcat.apache.org/tomcat-5.5-doc/config/valve.html#Access_Log_Valve
  • ...10 more annotations...
  • Some of the useful patterns
  • %h - Remote host name (or IP address if resolveHosts is false)
  • %a - Remote IP address
  • %u - Remote user that was authenticated (if any), else '-'
  • %r - First line of the request (method and request URI)
  • %s - HTTP status code of the response
  • %b - Bytes sent, excluding HTTP headers, or '-' if zero
  • %S - User session ID
  • %t - Date and time, in Common Log Format
  • %m - Request method (GET, POST, etc.)
  • kuni katsuya on 11 Oct 12
     
    "/subsystem=web/virtual-server=default-host/access-log=configuration:add(pattern="%h %l %u %t "%r" %s %b %{User-Agent}i %{JSESSIONID}c")"
kuni katsuya

Session Management | Apache Shiro - 1 views

shiro.apache.org/session-management.html

ApacheShiro SessionManagement SessionClustering clustering

shared by kuni katsuya on 08 Nov 12 - No Cached
  • Session Clustering
  • can cluster Subject sessions natively and never need to worry again about how to cluster sessions based on your container environment
  • if you configure a cluster-capable SessionDAO, the DAO can interact with a clustering mechanism and Shiro's SessionManager never needs to know about clustering concerns
  • ...8 more annotations...
  • Therefore enabling Session clustering in Shiro is
  • as simple as configuring Shiro to use a distributed cache
  • Ehcache+TerraCotta
  • When Shiro initializes the
  • SessionDAO implements the CacheManagerAware interface
  • call the
  • setCacheManager
  • Ehcache + Terracotta
kuni katsuya

DomainPermission (Apache Shiro 1.2.1 API) - 0 views

shiro.apache.org/...DomainPermission.html

ApacheShiro DomainPermission JPA

shared by kuni katsuya on 29 Aug 12 - No Cached
  • used as a base class for JPA/Hibernate persisted permissions that wish to store the parts of the permission string in separate columns (e.g. 'domain', 'actions' and 'targets' columns)
kuni katsuya

The Future Of JBoss Seam And Apache DeltaSpike - 0 views

www.infoq.com/...seam-deltaspike

JBoss Seam ApacheDeltaSpike

shared by kuni katsuya on 01 Sep 12 - No Cached
  • The Future Of JBoss Seam And Apache DeltaSpike
  • Apache DeltaSpike (currently in incubation) is a set of extensions on Java CDI (Contexts and Dependency Injection)
  • Apr 11, 2012
  • ...2 more annotations...
  • We have no intention of releasing Seam 4
  • eventual aim is to migrate all of Seam 3 and MyFaces CODI to DeltaSpike
kuni katsuya

Web Features | Apache Shiro - 0 views

shiro.apache.org/web-features.html

Shiro web features

shared by kuni katsuya on 09 Aug 12 - No Cached
  • Apache Shiro Web Features
kuni katsuya

Java Authorization Guide | Apache Shiro - 0 views

shiro.apache.org/java-authorization-guide.html

Shiro authorization documentation

shared by kuni katsuya on 09 Aug 12 - No Cached
  • Java Authorization Guide with Apache Shiro
  • Levels of permission granularity
  • specify an actions (open, read, delete, etc)
  • ...18 more annotations...
  • resource (door, file, customer record, etc)
  • define a permission to any depth
  • Resource Level
  • Instance Level
  • Attribute Level
  • instance of a resource
  • attribute of an instance or resource
  • Permissions Defined
  • Permissions represent what can be done in your application
  • A well formed permission describes a resource types and what actions are possible when you interact with those resources
  • Roles Defined
  • Roles are effectively a collection of permissions
  • Explicit Roles
  • An explicit role has permissions explicitly assigned to it and therefore is an explicit collection of permissions
  • Implicit Roles
    • kuni katsuya
      kuni katsuya on 24 Aug 12
       
      do not use!!!
  • Annotation Authorization
  • @RequiresPermissions(“account:create”)‏
  • Permission Check
kuni katsuya

Architecture | Apache Shiro - 0 views

shiro.apache.org/architecture.html

apache shiro architecture

shared by kuni katsuya on 15 Aug 12 - No Cached
  • Realm is essentially a security-specific DAO
  • 3 primary concepts:
  • Subject
  • ...51 more annotations...
  • SecurityManager
  • Realms
  • High-Level Overview
  • Subject
  • essentially a security specific 'view' of the the currently executing user
  • Subject
  • instances are all bound to (and require) a
  • SecurityManager
  • When you interact with a Subject, those interactions translate to subject-specific interactions with the SecurityManager
  • SecurityManager
  • 'umbrella’ object that coordinates its internal security components that together form an object graph
  • Realms
  • ‘connector’ between Shiro and your
  • application’s security data
  • Shiro looks up many of these things from one or more Realms configured for an application
  • Subject
  • SecurityManager
  • Authenticator
  • Authorizer
  • component responsible determining users' access control in the application
  • if a user is allowed to do something or not
  • SessionManager
  • knows how to create and manage user
  • Session
  • lifecycles
  • Shiro has the ability to natively manage user Sessions in any environment, even if there is no Web/Servlet or EJB container available
  • Shiro will use
  • an existing session mechanism
  • if available, (e.g. Servlet Container)
  • if there isn't one, such as in a standalone application or non-web environment, it will use its
  • built-in enterprise session management
  • SessionDAO
  • exists to allow any datasource to be used to
  • persist sessions
  • SessionDAO
  • performs Session persistence (CRUD) operations on behalf of the SessionManager
  • allows any data store to be plugged in to the Session Management infrastructure
  • CacheManager
  • creates and manages Cache instance lifecycles used by other Shiro components
  • improve performance while using these data source
  • Cryptography
  • Realms
  • ‘connector’ between Shiro and your application’s security data
  • Realms
  • Realms
  • Realms
  • ‘connector’ between Shiro and your application’s security data
  • ‘connector’ between Shiro and your application’s security data
  • ‘connector’ between Shiro and your application’s security data
  • ‘connector’ between Shiro and your application’s security data
  • ‘connector’ between Shiro and your application’s security data
kuni katsuya

HTTP Authentication and Security with Apache Shiro | Xebia Blog - 0 views

blog.xebia.com/...apache-shiro

apache shiro security SpringSecurity

shared by kuni katsuya on 15 Aug 12 - No Cached
  • Spring Security
  • However, it is tied to the Spring technology and the size of the library — more than 10 JAR of dependencies
  • kuni katsuya on 15 Aug 12
     
    "its "
kuni katsuya

Temporary Documentation - Apache DeltaSpike - Apache Software Foundation - 0 views

cwiki.apache.org/...Temporary+Documentation

ApacheDeltaSpike documentation CDI

shared by kuni katsuya on 16 Aug 12 - No Cached
  • DeltaSpike will consist of a number of portable CDI extensions that provide useful features for Java application developers
  • de-facto standard of CDI-Extensions
  • Project-Configuration (with Maven)
‹ Previous 21 - 40 of 103 Next › Last »
Showing 20 items per page