Skip to main content

Home/ SoftwareEngineering/ Group items tagged application

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
kuni katsuya

Pro JPA 2: Mastering the Java™ Persistence API > Advanced Topics > SQL Querie... - 0 views

my.safaribooksonline.com/...sql_queries

jpa SqlQueries NativeQueries

shared by kuni katsuya on 25 Jul 12 - No Cached
  • queries are also known as native queries
  • SQL Queries
  • reasons why a developer using JP QL might want to integrate SQL queries into their application
  • ...32 more annotations...
  • JPA 2.0, still contains only a subset of the features supported by many database vendors
  • features not supported in JP QL.
  • performance required by an application is to replace the JP QL query with a hand-optimized SQL version. This may be a simple restructuring of the query that the persistence provider was generating, or it may be a vendor-specific version that leverages query hints and features specific to a particular database.
  • recommend avoiding SQL initially if possible and then introducing it only when necessary
  • benefits of SQL query support is that it uses the same Query interface used for JP QL queries. With some small exceptions that will be described later, all the Query interface operations discussed in previous chapters apply equally to both JP QL and SQL queries.
  • keep application code consistent because it needs to concern itself only with the EntityManager and Query interfaces.
  • An unfortunate result of adding the TypedQuery interface in JPA 2.0 is that the createNativeQuery() method was already defined in JPA 1.0 to accept a SQL string and a result class and return an untyped Query interface
  • consequence is that when the createNativeQuery() method is called with a result class argument one might mistakenly think it will produce a TypedQuery, like createQuery() and createNamedQuery() do when a result class is passed in.
  • @NamedNativeQuery
  • resultClass=Employee.class
  • The fact that the named query was defined using SQL instead of JP QL is not important to the caller
  • SQL Result Set Mapping
  • JPA provides SQL result set mappings to handle these scenarios
  • A SQL result set mapping is defined using the @SqlResultSetMapping annotation. It may be placed on an entity class and consists of a name (unique within the persistence unit) and one or more entity and column mappings.
  • entities=@EntityResult(entityClass=Employee.class)
  • @SqlResultSetMapping
  • Multiple Result Mappings
  • A query may return more than one entity at a time
  • The SQL result set mapping to return both the Employee and Address entities out of this query
  • emp_id, name, salary, manager_id, dept_id
  • address_id, id, street, city, state, zip
  • order in which the entities are listed is not important
  • ntities={@EntityResult(entityClass=Employee.class), @EntityResult(entityClass=Address.class)}
  • expected result type and therefore received an instance of TypedQuery that is bound to the expected type. By qualifying the result type in this way, the getResultList() and getSingleResult() methods return the correct types without the need for casting.
  • Defining a Class for Use in a Constructor Expression
  • public EmpMenu(String employeeName, String departmentName)
  • List<EmpMenu>
  • NEW example.EmpMenu(" + "e.name, e.department.name)
  • EmpMenu.class
  • createNamedQuery() can return a TypedQuery whereas the createNativeQuery() method returns an untyped Query
  • List<Employee>
  • createNamedQuery("orgStructureReportingTo", Employee.class)
kuni katsuya

Realm | Apache Shiro - 0 views

shiro.apache.org/realm.html

Shiro Realm

shared by kuni katsuya on 09 Aug 12 - No Cached
  • A Realm is a component that can access application-specific security data such as users, roles, and permissions. The Realm translates this application-specific data into a format that Shiro understands so Shiro can in turn provide a single easy-to-understand Subject programming API no matter how many data sources exist or how application-specific your data might be.
  • A Realm is essentially a security-specific DAO
kuni katsuya

Chapter 6. Messaging (Gravity) - 0 views

www.graniteds.org/...graniteds.messaging.html

graniteds messaging Gravity JMS ProducerConsumer

shared by kuni katsuya on 09 Aug 12 - No Cached
  • Granite Data Services provides a messaging feature, code name Gravity, implemented as a Comet-like service with AMF3 data polling over HTTP (producer/consumer based architecture)
  • GraniteDS messaging relies on two main AS3 components on the Flex side: org.granite.gravity.Consumer and org.granite.gravity.Producer
  • 6.3. Common Configuration There are three main steps to configure Gravity in an application: Declare the Gravity servlet implementation for your target server in web.xml Declare a messaging service and destination in services-config.xml, mapped to a specific channel definition of type GravityChannel
  • ...10 more annotations...
  • org.granite.gravity.tomcat.GravityTomcatServlet
  • /gravityamf/*
  • 6.3.1. Supported Application Servers
  • GraniteDS provides a generic servlet implementation that can work in any compliant servlet container
  • blocking IO and thus will provide relatively limited scalability
  • GraniteDS thus provides implementations of non blocking messaging for the most popular application servers.
  • asynchronous non blocking servlets
  • JBoss 5+org.granite.gravity.jbossweb.GravityJBossWebServletOnly with APR/NIO enabled (APR highly recommended)
  • GlassFish 3.xorg.granite.gravity.async.GravityAsyncServletUsing Servlet 3.0
  • Tomcat 7.x / Jetty 8.xorg.granite.gravity.async.GravityAsyncServletUsing Servlet 3.0
kuni katsuya

Seam - Contextual Components - 0 views

docs.jboss.org/...html_single

java security framework SeamSecurity authorization

shared by kuni katsuya on 09 Aug 12 - No Cached
  • 15.6. Authorization
  • Seam Security is built around the premise of users being granted roles and/or permissions, allowing them to perform operations that may not otherwise be permissible for users without the necessary security privileges
  • 15.6.1. Core concepts
  • ...15 more annotations...
  • 15.6.1.1. What is a role? A role is a group, or type, of user that may have been granted certain privileges for performing one or more specific actions within an application
  • used to create logical groups of users for the convenient assignment of specific application privileges
  • 15.6.1.2. What is a permission? A permission is a privilege (sometimes once-off) for performing a single, specific action. It is entirely possible to build an application using nothing but permissions, however roles offer a higher level of convenience when granting privileges to groups of users
  • consisting of three "aspects";
  • a target
  • an action
  • a recipient
  • An empty @Restrict implies a permission check of componentName:methodName
  • implied permission required to call the delete() method is account:delete
  • equivalent of this would be to write @Restrict("#{s:hasPermission('account','delete')}")
  • @Restrict annotation may reference any objects that exist within a Seam context. This is extremely useful when performing permission checks for a specific object instance.
  • selectedAccount
  • selectedAccount
  •  Identity.instance().checkRestriction
  • If the expression specified doesn't evaluate to true, either if the user is not logged in, a NotLoggedInException exception is thrown or if the user is logged in, an AuthorizationException exception is thrown.
kuni katsuya

Architecture | Apache Shiro - 0 views

shiro.apache.org/architecture.html

apache shiro architecture

shared by kuni katsuya on 15 Aug 12 - No Cached
  • Realm is essentially a security-specific DAO
  • 3 primary concepts:
  • Subject
  • ...51 more annotations...
  • SecurityManager
  • Realms
  • High-Level Overview
  • Subject
  • essentially a security specific 'view' of the the currently executing user
  • Subject
  • instances are all bound to (and require) a
  • SecurityManager
  • When you interact with a Subject, those interactions translate to subject-specific interactions with the SecurityManager
  • SecurityManager
  • 'umbrella’ object that coordinates its internal security components that together form an object graph
  • Realms
  • ‘connector’ between Shiro and your
  • application’s security data
  • Shiro looks up many of these things from one or more Realms configured for an application
  • Subject
  • SecurityManager
  • Authenticator
  • Authorizer
  • component responsible determining users' access control in the application
  • if a user is allowed to do something or not
  • SessionManager
  • knows how to create and manage user
  • Session
  • lifecycles
  • Shiro has the ability to natively manage user Sessions in any environment, even if there is no Web/Servlet or EJB container available
  • Shiro will use
  • an existing session mechanism
  • if available, (e.g. Servlet Container)
  • if there isn't one, such as in a standalone application or non-web environment, it will use its
  • built-in enterprise session management
  • SessionDAO
  • exists to allow any datasource to be used to
  • persist sessions
  • SessionDAO
  • performs Session persistence (CRUD) operations on behalf of the SessionManager
  • allows any data store to be plugged in to the Session Management infrastructure
  • CacheManager
  • creates and manages Cache instance lifecycles used by other Shiro components
  • improve performance while using these data source
  • Cryptography
  • Realms
  • ‘connector’ between Shiro and your application’s security data
  • Realms
  • Realms
  • Realms
  • ‘connector’ between Shiro and your application’s security data
  • ‘connector’ between Shiro and your application’s security data
  • ‘connector’ between Shiro and your application’s security data
  • ‘connector’ between Shiro and your application’s security data
  • ‘connector’ between Shiro and your application’s security data
kuni katsuya

JBoss Developer Framework - 0 views

www.jboss.org/...spring

spring javaee6 migration

shared by kuni katsuya on 06 Jun 12 - No Cached
  • migrating Spring Applications to Java EE 6 technology
  • rationale for migrating your applications from Spring to Java EE 6
  • examples of upgrading the web UI, replacing the data access layer, migrating AOP to CDI interceptors, migrating JMX, how to deal with JDBC templates
  • ...1 more annotation...
  • how to perform integration tests of you Java EE 6 application using Arquillian
kuni katsuya

Getting Started Developing Applications Guide - JBoss AS 7.0 - Project Documentation Ed... - 0 views

docs.jboss.org/...+Developing+Applications+Guide

jboss jbossas7 documentation

shared by kuni katsuya on 15 Jun 12 - No Cached
  • Getting Started Developing Applications Guide
  • Installing and starting JBoss AS on Windows
  • Starting JBoss AS from Eclipse with JBoss Tools
  • ...1 more annotation...
  • CDI + JSF + EJB + JTA + Bean Validation + JAX-RS + Arquillian: Kitchensink quickstart
kuni katsuya

Enterprise Architect - UML Design Tools and UML CASE tools for software development - 0 views

www.sparxsystems.com/...index.html

enterprise architect uml design tools

shared by kuni katsuya on 16 May 12 - Cached
  • Code Engineering Database Engineering Debug & Visualize Applications MDG Technologies (Create & Use)* Model Driven Architecture (MDA) Project Discussion Forum Replicate .EAP Projects Reverse Engineer Binaries (Java, .NET) Shared Models WSDL Engineering XML Schema (XSD) Engineering
  • Audit Model Changes Baseline Diff/Merge DBMS Repository** Floating Edition Available Lazy Load Scripting with JScript, VBScript and Javascript Security (Role-based) WAN Optimizer
  • BPEL Generation from BPMN diagrams Business Rules Composer Executable Code Generation from Behavioral Models Math Support built into Script Engines
  • ...5 more annotations...
  • Allocated Work Execution Analyzer Menu Test Points Win 32 User Interface Designs Business Process Simulation ***
  • Gap Analysis Model Mail Project Calendar Task Allocations TOGAF Gap Analysis
  • BPEL 2.0 Generation BPMN Simulation SysML 1.2
  • Eclipse Integration
  • Eclipse Link
  • kuni katsuya on 16 May 12
     
    Code Engineering Database Engineering Debug & Visualize Applications MDG Technologies (Create & Use)*
kuni katsuya

MavenAndNetBeansForGlassFish - NetBeans Wiki - 0 views

wiki.netbeans.org/MavenAndNetBeansForGlassFish

maven netbeans

shared by kuni katsuya on 15 Jun 12 - Cached
  • Developing Enterprise Applications for GlassFish using Maven and NetBeans
  • how to setup Maven-enabled Enterprise Applications in NetBeans and how to deploy them to GlassFish
  • To enable Maven in NetBeans
  • ...16 more annotations...
  • install the MevenIDE plugin
  • select all 7 plugins from the Maven category
  • Creating the Parent POM Project
  • create a parent pom project and then create ear, ejb and war child projects
  • create the EJB Project
  • make sure the Project Location is the root directory of the Parent POM Project
  • Maven recognise it as a sub-module
  • The WAR Project
  • The EAR Project
  • Deploying to GlassFish
  • There are a few ways of deploying applications to GlassFish
  • GlassFish command line utility to deploy to both local and remote servers is asadmin
  • Maven for the deployment
  • glassfish-v2/bin/asadmin
  • exec-maven-plugin
  • deploy
kuni katsuya

Session Management Cheat Sheet - OWASP - 0 views

www.owasp.org/...Session_Management_Cheat_Sheet

OWASP BestPractices CheatSheet SessionManagement

shared by kuni katsuya on 21 Sep 12 - No Cached
  • Session Management Cheat Sheet
  • should not be extremely descriptive nor offer unnecessary details
  • change the default session ID name of the web development framework to a generic name
  • ...50 more annotations...
  • length must be at least 128 bits (16 bytes)
  • Session ID Length
  • Session ID Name Fingerprinting
  • Session ID Properties
  • Session ID Entropy
  • must be unpredictable (random enough) to prevent guessing attacks
  • good PRNG (Pseudo Random Number Generator) must be used
  • must provide at least 64 bits of entropy
  • Session ID Content (or Value)
  • content (or value) must be meaningless
  • identifier on the client side
  • meaning and business or application logic associated to the session ID must be stored on the server side
  • session objects or in a session management database or repository
  • create cryptographically strong session IDs through the usage of cryptographic hash functions such as SHA1 (160 bits).
  • Session Management Implementation
  • defines the exchange mechanism that will be used between the user and the web application to share and continuously exchange the session ID
  • token expiration date and time
  • This is one of the reasons why cookies (RFCs 2109 & 2965 & 6265 [1]) are one of the most extensively used session ID exchange mechanisms, offering advanced capabilities not available in other methods
  • Transport Layer Security
  • use an encrypted HTTPS (SSL/TLS) connection for the entire web session
  • not only for the authentication
  • process where the user credentials are exchanged.
  • “Secure” cookie attribute
  • must be used to ensure the session ID is only exchanged through an encrypted channel
  • never switch a given session from HTTP to HTTPS, or viceversa
  • should not mix encrypted and unencrypted contents (HTML pages, images, CSS, Javascript files, etc) on the same host (or even domain - see the “domain” cookie attribute)
  • should not offer public unencrypted contents and private encrypted contents from the same host
  • www.example.com over HTTP (unencrypted) for the public contents
  • secure.example.com over HTTPS (encrypted) for the private and sensitive contents (where sessions exist)
  • only has port TCP/80 open
  • only has port TCP/443 open
  • “HTTP Strict Transport Security (HSTS)” (previously called STS) to enforce HTTPS connections.
  • Secure Attribute
  • instructs web browsers to only send the cookie through an encrypted HTTPS (SSL/TLS) connection
  • HttpOnly Attribute
  • instructs web browsers not to allow scripts (e.g. JavaScript or VBscript) an ability to access the cookies via the DOM document.cookie object
  • Domain and Path Attributes
  • instructs web browsers to only send the cookie to the specified domain and all subdomains
  • “Domain” cookie attribute
  • “Path” cookie attribute
  • instructs web browsers to only send the cookie to the specified directory or subdirectories (or paths or resources) within the web application
  • vulnerabilities in www.example.com might allow an attacker to get access to the session IDs from secure.example.com
  • Expire and Max-Age Attributes
  • “Max-Age”
  • “Expires” attributes
  • it will be considered a
  • persistent cookie
  • and will be stored on disk by the web browser based until the expiration time
  • use non-persistent cookies for session management purposes, so that the session ID does not remain on the web client cache for long periods of time, from where an attacker can obtain it.
  • Session ID Life Cycle
kuni katsuya

Subject | Apache Shiro - 0 views

shiro.apache.org/subject.html

security ApacheShiro subject documentation

shared by kuni katsuya on 23 Sep 12 - No Cached
  • Understanding Subjects in Apache Shiro
  • 'Subject'
  • is just a security term that means a
  • ...8 more annotations...
  • security-specific 'view'
  • of an application user
  • Subject instance represents both security state and operations for
  • a single application user
  • in the security world, the term 'Subject' is actually the recognized nomenclature
  • Subject currentUser = SecurityUtils.getSubject();
  • obtain the currently executing Subject by using org.apache.shiro.SecurityUtils:
  • Subject based on user data associated with current thread or incoming request.
kuni katsuya

AnemicDomainModel - 0 views

www.martinfowler.com/...AnemicDomainModel.html

java javaee6 anti-patterns DesignPatterns

shared by kuni katsuya on 12 Dec 12 - Cached
  • AnemicDomainModel
  • Eric Evans
  • basic symptom of an Anemic Domain Model
  • ...40 more annotations...
  • The catch comes when you look at the
  • behavior
  • there is hardly any behavior on these objects, making them little more than bags of getters and setters
  • I was chatting with
    • kuni katsuya
      kuni katsuya on 12 Dec 12
       
      note, the 'i' here, is mr. MARTIN FOWLER!! and of course, eric evans hails from domain driven design fame
  • fundamental horror
  • it's so contrary to the basic idea of object-oriented design
  • combine
  • data and process together
  • procedural style design
  • completely miss the point of what object-oriented design is all about
  • It's also worth emphasizing that putting behavior into the domain objects
  • should not contradict the solid approach of using layering to separate domain logic from such things as persistence and presentation responsibilities
  • logic that should be in a domain object is domain logic
  • validations
  • calculations
  • business rules
  • One source of confusion in all this is that many OO experts do recommend putting a layer of procedural services on top of a domain model, to form a Service Layer
  • this isn't an argument to make the domain model
  • void of behavior
  • service layer advocates use a service layer in conjunction with a behaviorally rich domain model.
  • does not contain business rules or knowledge, but
  • only coordinates
  • tasks and delegates work to
  • collaborations of domain objects
  • in the next layer down
  • can have state that reflects the
  • progress of a task
  • for the user or the program
  • Domain Layer
  • Application Layer
  • Service Layer
  • Responsible for
  • representing concepts of the business
  • business rules
  • This layer is the heart of business software
    • kuni katsuya
      kuni katsuya on 12 Dec 12
       
      ... and has the *most value* to an organization investing in writing their own software infrastructure software (eg. user interface, orm, application server-related frameworks) or plumbing code should be treated as commodities where possible, unless, the business consciously decides that a custom, home-grown implementation is absolutely required for patenting or other differentiation reasons and/or that no existing off-the-shelf solution can be used but these cases should be rare! do not blindly fall for the not-invented-here syndrome
  • all the key logic lies in the domain layer
  • I don't know why this anti-pattern is so common
  • if they come from a
  • data background
    • kuni katsuya
      kuni katsuya on 12 Dec 12
       
      this is why during every sprint, i reiterate that the data model up approach to designing the system is OH SO WRONG but nobody listens
  • J2EE's Entity Beans
    • kuni katsuya
      kuni katsuya on 12 Dec 12
       
      damn baggage from  eons ago!!!
kuni katsuya

How To Configure Java EE 6+ Applications ...Without XML : Adam Bien's Weblog - 0 views

www.adam-bien.com/...how_to_configure_java_ee

java javaee6 CDI configuration injection

shared by kuni katsuya on 12 Dec 12 - No Cached
  • How To Configure Java EE 6+ Applications ...Without XML
  • with @Inject:
  • See also page 98 "Configuration Over Convention with Inversion of Control" in Real World Java EE Night Hacks--Dissecting the Business Tier.]
kuni katsuya

Quick Start · SpringSource/spring-social Wiki - 0 views

github.com/...Quick-Start

SocialNetwork SpringSocial tutorial

shared by kuni katsuya on 27 Mar 13 - No Cached
kuni katsuya

EP1 - DMM - US9 - DMS application (shell) similar to ECM - Projects - Confluence - 0 views

confluence.visualfrenzy.com/...ion+%28shell%29+similar+to+ECM

work vfml FacebookCMS

shared by kuni katsuya on 09 Jan 13 - No Cached
  • full-screen
    • kuni katsuya
      kuni katsuya on 09 Jan 13
       
      why full screen?
    • kuni katsuya
      kuni katsuya on 09 Jan 13
       
      should at least consider displaying something sensible if either/both dimensions of browser window used is too small ideally, use responsive design approach to ux
  • path + "DMM_APPLICATION.html"
    • kuni katsuya
      kuni katsuya on 09 Jan 13
       
      need to establish sensible (ie. short, but meaningful) conventions used for externally facing urls
    • kuni katsuya
      kuni katsuya on 09 Jan 13
       
      also including my long-standing desire to keep internal things opaque to the outside world (eg. minimize exposure of directory structure, internal oids, host names, port numbers, etc)
kuni katsuya

Java Persistence/Mapping - Wikibooks, open books for an open world - 0 views

en.wikibooks.org/...Mapping

shared by kuni katsuya on 11 Oct 12 - Cached
  • Access Type
  • field
  • get method
  • ...21 more annotations...
  • FIELD
  • PROPERTY
  • Either all annotations must be on the fields, or all annotations on the get methods, but not both (unless the @AccessType annotation is used)
  • if placed on a get method, then the class is using PROPERTY access
  • For FIELD access the class field value will be accessed directly to store and load the value from the database
  • field can be private or any other access type
  • FIELD is normally safer, as it avoids any unwanted side-affect code that may occur in the application get/set methods
  • For PROPERTY access the class get and set methods will be used to store and load the value from the database
  • PROPERTY has the advantage of allowing the application to perform conversion of the database value when storing it in the object
  • be careful to not put any side-affects in the get/set methods that could interfere with persistence
  • Common Problems
  • Odd behavior
  • One common issue that can cause odd behavior is
  • using property access and putting side effects in your get or set methods
  • For this reason it is generally recommended to
  • use field access in mapping, i.e. putting your annotations on your variables not your get methods
  • causing duplicate inserts, missed updates, or a corrupt object model
  • if you are going to use property access, ensure your property methods are free of side effects
  • Access Type
  • Access Type
  • Access Type
  • kuni katsuya on 11 Oct 12
     
    "Access Type"
kuni katsuya

Building the Agile Database: How to Build a Successful Application Using Agile Without ... - 0 views

my.safaribooksonline.com/...9781935504153

agile database books safari books online

shared by kuni katsuya on 01 Nov 12 - No Cached
  • Building the Agile Database: How to Build a Successful Application Using Agile Without Sacrificing Data Management
‹ Previous 21 - 40 of 155 Next › Last »
Showing 20 items per page