Skip to main content

Home/ SoftwareEngineering/ Group items tagged application

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
kuni katsuya

Spring Security - Features - 0 views

static.springsource.org/...features.html

Java security SpringSecurity

shared by kuni katsuya on 09 Aug 12 - Cached
  • Domain object instance security: In many applications it's desirable to define Access Control Lists (ACLs) for individual domain object instances. We provide a comprehensive ACL package with features including integer bit masking, permission inheritance (including blocking), an optimized JDBC-backed ACL repository, caching and a pluggable, interface-driven design.
  • OpenID Support: the web's emerging single sign-on standard (supported by Google, IBM, Sun, Yahoo and others) is also supported in Spring Security
  • Easy integration with existing databases: Our implementations have been designed to make it easy to use your existing authentication schema and data (without modification). Of course, you can also provide your own Data Access Object if you wish. Password encoding: Of course, passwords in your authentication repository need not be in plain text. We support both SHA and MD5 encoding, and also pluggable "salt" providers to maximise password security.
  • ...5 more annotations...
  • Caching: Spring Security optionally integrates with Spring's Ehcache factory. This flexibility means your database (or other authentication repository) is not repeatedly queried for authentication information when using Spring Security with stateless applications.
  • Run-as replacement: The system fully supports temporarily replacing the authenticated principal for the duration of the web request or bean invocation. This enables you to build public-facing object tiers with different security configurations than your backend objects.
  • Tag library support: Your JSP files can use our taglib to ensure that protected content like links and messages are only displayed to users holding the appropriate granted authorities. The taglib also fully integrates with Spring Security's ACL services, and obtaining extra information about the logged-in principal.
  • User Provisioning APIs: Support for groups, hierarchical roles and a user management API, which all combine to reduce development time and significantly improve system administration.
  • Enterprise-wide single sign on using CAS 3: Spring Security integrates with JA-SIG's open source Central Authentication Service (CAS)
kuni katsuya

Permissions | Apache Shiro - 0 views

shiro.apache.org/permissions.html

security Shiro permissions authorization

shared by kuni katsuya on 07 Aug 12 - No Cached
  • Permission as a statement that defines an explicit behavior or action
  • lowest-level constructs in security polices
  • explicitly define only "what" the application can do
  • ...69 more annotations...
  • do not at all describe "who" is able to perform the action(s)
  • Multiple Parts
  • Wildcard Permissions support the concept of multiple levels or parts. For example, you could restructure the previous simple example by granting a user the permission printer:query
  • Multiple Values Each part can contain multiple values. So instead of granting the user both the "printer:print" and "printer:query" permissions, you could simply grant them one: printer:print,query
  • All Values What if you wanted to grant a user all values in a particular part? It would be more convenient to do this than to have to manually list every value. Again, based on the wildcard character, we can do this. If the printer domain had 3 possible actions (query, print, and manage), this: printer:query,print,manage
  • simply becomes this: printer:*
  • Using the wildcard in this way scales better than explicitly listing actions since, if you added a new action to the application later, you don't need to update the permissions that use the wildcard character in that part.
  • Finally, it is also possible to use the wildcard token in any part of a wildcard permission string. For example, if you wanted to grant a user the "view" action across all domains (not just printers), you could grant this: *:view Then any permission check for "foo:view" would return true
  • Instance-Level Access Control
  • instance-level Access Control Lists
  • Checking Permissions
  • SecurityUtils.getSubject().isPermitted("printer:print:lp7200")
  • printer:*:*
  • all actions on a single printer
  • printer:*:lp7200
    • kuni katsuya
      kuni katsuya on 03 Sep 12
       
      note: wildcard * usage for 'actions' part
  • missing parts imply that the user has access to all values corresponding to that part
  • printer:print is equivalent to printer:print:*
  • Missing Parts
  • rule of thumb is to
  • use the most specific permission string possible
  • when performing permission checks
  • first part is the
  • domain
    • kuni katsuya
      kuni katsuya on 03 Sep 12
       
      aka 'resource'
  • that is being operated on (printer)
  • second part is the
  • action
  • (query) being performed
  • There is no limit to the number of parts that can be used
  • three parts - the first is the
  • domain
  • the second is the
  • action(s)
  • third is the
  • instance(s)
  • allow access to
  • all actions
  • all printers
  • can only leave off parts from the end of the string
  • Performance Considerations
  • runtime implication logic must execute for
  • each assigned Permission
  • implicitly using Shiro's default
  • WildcardPermission
  • which executes the necessary implication logic
  • When using permission strings like the ones shown above, you're
  • Shiro's default behavior for Realm
  • for every permission check
  • all of the permissions assigned to that user
  • need to be checked individually for implication
  • as the number of permissions assigned to a user or their roles or groups increase, the time to perform the check will necessarily increase
  • If a Realm implementor has a
  • more efficient way of checking permissions and performing this implication logic
  • Realm isPermitted* method implementations
  • should implement that as part of their
  • implies
  • user:*:12345
  • user:update:12345
  • printer
  • implies
  • printer:print
  • Implication, not Equality
  • permission
  • checks
  • are evaluated by
  • implication
  • logic - not equality checks
  • the former implies the latter
  • superset of functionality
  • implication logic can be executed at runtime
kuni katsuya

Application Security With Apache Shiro - 0 views

www.infoq.com/...apache-shiro

security ApacheShiro

shared by kuni katsuya on 08 Aug 12 - No Cached
  • previously known as the JSecurity project
  • The word Subject is a security term that basically means "the currently executing user"
  • Core Concepts: Subject, SecurityManager, and Realms
  • ...12 more annotations...
  • Subject
  • 'Subject' can mean a human being, but also a 3rd party process, daemon account, or anything similar. It simply means 'the thing that is currently interacting with the software'
  • Subject currentUser = SecurityUtils.getSubject();
  • SecurityManager
  • SecurityManager manages security operations for all users
  • Realms
  • Realm acts as the ‘bridge’ or ‘connector’ between Shiro and your application’s security data. That is, when it comes time to actually interact with security-related data like user accounts to perform authentication (login) and authorization (access control), Shiro looks up many of these things from one or more Realms configured for an application.
  • Realm is essentially a security-specific DAO
  • Shiro provides out-of-the-box Realms to connect to a number of security data sources (aka directories) such as LDAP, relational databases (JDBC), text configuration sources like INI and properties files, and more
  • Authorization
  • A permission is a raw statement of functionality, for example ‘open a door’, ‘create a blog entry’, ‘delete the ‘jsmith’ user’, etc. By having permissions reflect your application’s raw functionality, you only need to change permission checks when you change your application’s functionality. In turn, you can assign permissions to roles or to users as necessary at runtime.
  • “Run As” support for assuming the identity of another Subject
kuni katsuya

Performance, Load and Stress testing of Flex applications - 0 views

www.neotys.com/...-flex-performance-testing.html

flex performancetesting testing testframeworks

shared by kuni katsuya on 06 Jun 12 - No Cached
  • NeoLoad
  • can create scenarios to test your Flex applications' behavior under stress and validate their performances, while pinpointing any weaknesses
  • Record the AMF traffic to be played back
  • ...2 more annotations...
  • Extract/replace AMF data during the test in order to variabilize the calls
  • Automatically handle the session IDs used by AMF
kuni katsuya

2. Sample Projects - Confluence - 0 views

www.graniteds.org/...2.+Sample+Projects

graniteds samples tutorial sample projects

shared by kuni katsuya on 12 Jun 12 - No Cached
  • kuni katsuya on 12 Jun 12
     
    EJB 3 Session Services
kuni katsuya

JBoss Application Server 4.2.2 - 0 views

docs.jboss.org/...index.html

jbossas4 documentation

shared by kuni katsuya on 12 Jun 12 - No Cached
  • Administration And Development Guide
  • JBoss Application Server 4.2.2
kuni katsuya

JBoss Application Server - 0 views

docs.jboss.org/...index.html

jbossas4 documentation

shared by kuni katsuya on 12 Jun 12 - No Cached
  • Getting Started Guide
  • JBoss Application Server
kuni katsuya

JBoss Application Server - 0 views

docs.jboss.org/...index.html

jbossas4 documentation

shared by kuni katsuya on 12 Jun 12 - No Cached
  • Installation Guide
  • JBoss Application Server
kuni katsuya

Compare GraniteDS for Rich Internet Applications (RIA) | Granite Data Services - 0 views

granitedataservices.com/compare-graniteds

graniteds lcds blazeds comparison

shared by kuni katsuya on 15 May 12 - No Cached
  • comparison of GraniteDS to other common integration frameworks for Flex / JaveEE RIA applications
kuni katsuya

Plummer's Mind: GraniteDS Tutorial: Intro to The Tide Client Framework - 0 views

plummersmind.blogspot.ca/...rial-intro-to-tide-client.html

graniteds tide client framework tutorial

shared by kuni katsuya on 15 May 12 - No Cached
  • GraniteDS Tutorial: Intro to The Tide Client Framework
  • only one per Application
  • Tide Context
  • ...2 more annotations...
  • Tide will automatically inject shared data and correctly route events without requiring the application developer to write their own mechanism for sharing information or explicitly registering event listeners
  • Tide events are a simplification on the already existing Flex event framework
kuni katsuya

Plugins - Jenkins - Jenkins Wiki - 0 views

wiki.jenkins-ci.org/...Plugins

jenkins continuousintegration ci plugin hudson

shared by kuni katsuya on 07 Jun 12 - No Cached
  • Git Plugin — This plugin allows use of Git as a build SCM
  • Subversion Plugin — This plugin adds the Subversion support (via SVNKit) to Jenkins
  • Subversion Release Manager — This plugin allows you to set up a job in Hudson for building specific revisions of a project.
  • ...77 more annotations...
  • Subversion Tagging Plugin — This plugin automatically performs subversion tagging (technically speaking svn copy) on successful build.
  • ViewVC Plugin — This plugin integrates ViewVC browser interface for CVS and Subversion with Hudson.
  • Source code management
  • Build Pipeline Plugin — This plugin creates a pipeline of Hudson\Jenkins jobs and gives a view so that you can visualise it.
  • Build tools
  • JBoss Management Plugin — This plugin allows to manage a JBoss Application Server during build procedure
  • Maven 2 Project Plugin — Jenkin's Maven 2 project type
  • Phing Plugin — This plugin allows you to use Phing to build PHP projects.
  • Post build task — This plugin allows the user to execute a shell/batch task depending on the build log output. Java regular expression are allowed.
  • Promoted Builds Plugin — This plugin allows you to distinguish good builds from bad builds by introducing the notion of 'promotion'.
  • Publish Over SSH Plugin — Publish files and/or execute commands over SSH (SCP using SFTP)
  • Selenium AES Plugin — This plugin is for continuous regression test by Selenium Auto Exec Server (AES).
  • Vagrant Plugin — This plugin allows booting of Vagrant virtual machines, provisioning them and also executing scripts inside of them
  • Unicorn Validation Plugin — This plugin uses W3C's Unified Validator, which helps improve the quality of Web pages by performing a variety of checks.
  • Build wrappers
  • Android Emulator Plugin — Lets you automatically generate, launch and interact with an Android emulator during a build, with the emulator logs being captured as artifacts.
  • Artifactory Plugin — This plugin allows deploying Maven 2, Maven 3, Ivy and Gradle artifacts and build info to the Artifactory artifacts manager.
  • AWS Cloudformation Plugin — A plugin that allows for the creation of cloud formation stacks before running the build and the deletion of them after the build is completed.
  • Build Keeper Plugin — Select a policy for automatically marking builds as "keep forever" to enable long term analysis trending when discarding old builds - or use to protect logs and artifacts from certain builds
  • Build Name Setter Plugin — This plugin sets the display name of a build to something other than #1, #2, #3, ...
  • SSH plugin — You can use the SSH Plugin to run shell commands on a remote machine via ssh.
  • SeleniumRC Plugin — This plugin allows you to create Selenium server instance for each project build.
  • Vagrant Plugin — This plugin allows booting of Vagrant virtual machines, provisioning them and also executing scripts inside of them
  • Timestamper — Adds timestamps to the Console Output.
  • VirtualBox Plugin — This plugin integrates Jenkins with VirtualBox (version 3, 4.0 and 4.1) virtual machine.
  • Version Number Plugin — This plugin creates a new version number and stores it in the environment variable whose name you specify in the configuration.
  • VMware plugin — This plugin allows you to start a VMware Virtual Machine before a build and stop it again after the build completes.
  • AWS Cloudformation Plugin — A plugin that allows for the creation of cloud formation stacks before running the build and the deletion of them after the build is completed.
  • Desktop Notifier for Jenkins — This is useful for those who are looking for a Desktop Notifier for Jenkins builds to automatically notify you about failed builds directly from their desktops.
  • Email-ext plugin — This plugin allows you to configure every aspect of email notifications. You can customize when an email is sent, who should receive it, and what the email says.
  • Google Calendar Plugin — This plugin publishes build records over to Google Calendar
  • HTML5 Notifier Plugin — Provides W3C Web Notifications support for builds.
  • Jabber Plugin — Integrates Jenkins with the Jabber/XMPP instant messaging protocol. Note that you also need to install the instant-messaging plugin.
  • Build reports
  • Checkstyle Plugin — This plugin generates the trend report for Checkstyle, an open source static code analysis program. 
  • Clover PHP Plugin — This plugin allows you to capture code coverage reports from PHPUnit. For more information on how to set up PHP projects with Jenkins have a look at the Template for Jenkins Jobs for PHP Projects.
  • Crap4J Plugin — This plugin reads the "crappy methods" report from Crap4J. Hudson will generate the trend report of crap percentage and provide detailed information about changes.
  • Dependency Analyzer Plugin — This plugin parses dependency:analyze goal from maven build logs and generates a dependency report
  • Dependency Graph View Plugin — Shows a dependency graph of the projects using graphviz. Requires a graphviz installation on the server.
  • FindBugs Plugin — This plugin generates the trend report for FindBugs, an open source program which uses static analysis to look for bugs in Java code. 
  • Grinder Plugin — This plugin reads output result files from Grinder performance tests, and will generate reports showing test results for every build and trend reports showing performance results across builds.
  • JSUnit plugin — This plugin allows you publish JSUnit test results
  • Performance Plugin — This plugin allows you to capture reports from JMeter and JUnit . Hudson will generate graphic charts with the trend report of performance and robustness.
  • PerfPublisher Plugin — This plugin generates global and trend reports for tests results analysis. Based on an open XML tests results format, the plugin parses the generated files and publish statistics, reports and analysis on the current health of the project.
  • PMD Plugin — This plugin generates the trend report for PMD, an open source static code analysis program. 
  • Sonar plugin — Quickly benefit from Sonar, an open-source dashboard based on many analysis tools like Checkstyle, PMD and Cobertura.
  • testng-plugin — This plugin allows you to publish TestNG results.
  • Violations — This plug-in generates reports static code violation detectors such as checkstyle, pmd, cpd, findbugs, codenarc, fxcop, stylecop and simian.
  • xUnit Plugin — This plugin makes it possible to publish the test results of an execution of a testing tool in Jenkins.
  • Artifact uploaders
  • ArtifactDeployer Plugin — This plugin makes it possible to copy artifacts to remote locations.
  • Artifactory Plugin — This plugin allows deploying Maven 2, Maven 3, Ivy and Gradle artifacts and build info to the Artifactory artifacts manager.
  • Confluence Publisher Plugin — This plugin allows you to publish build artifacts as attachments to an Atlassian Confluence wiki page.
  • Deploy Plugin — This plugin takes a war/ear file and deploys that to a running remote application server at the end of a build
  • FTP-Publisher Plugin — This plugin can be used to upload project artifacts and whole directories to an ftp server.
  • HTML Publisher Plugin
  • Publish Over FTP Plugin — Publish files over FTP
  • Publish Over SSH Plugin — Publish files and/or execute commands over SSH (SCP using SFTP)
  • S3 Plugin — Upload build artifacts to Amazon S3
  • SCP plugin — This plugin uploads build artifacts to repository sites using SCP (SSH) protocol.
  • Hudson Helper for Android — Monitor your CI builds right from your Android device.
  • Hudson Mobi, the iPhone, iPod and Android client for Hudson CI — The iPhone, iPod and iPad client for Hudson CI monitoring on the road.
  • Hudson Monitor for Android — Monitor and display the status of your builds on your Android™ phone.
  • External site/tool integrations
  • Jira Issue Updater Plugin — This is a Jenkins plugin which updates issues in Atlassian Jira (by changing their status and adding a comment) as part of a Jenkins job.
  • JIRA Plugin — This plugin integrates Atlassian JIRA to Jenkins.
  • ChuckNorris Plugin — Displays a picture of Chuck Norris (instead of Jenkins the butler) and a random Chuck Norris 'The Programmer' fact on each build page.
  • UI plugins
  • Active Directory plugin — With this plugin, you can configure Jenkins to authenticate the username and the password through Active Directory.
  • Audit Trail Plugin — Keep a log of who performed particular Jenkins operations, such as configuring jobs.
  • JClouds Plugin — This plugin uses JClouds to provide slave launching on most of the currently usable Cloud infrastructures.
  • Checkstyle Plugin — This plugin generates the trend report for Checkstyle, an open source static code analysis program. 
  • FindBugs Plugin — This plugin generates the trend report for FindBugs, an open source program which uses static analysis to look for bugs in Java code. 
  • JIRA Plugin — This plugin integrates Atlassian JIRA to Jenkins.
  • M2 Release Plugin — This plugin allows you to perform a release build using the maven-release-plugin from within Jenkins.
  • PMD Plugin — This plugin generates the trend report for PMD, an open source static code analysis program. 
  • Meme Generator Plugin — Generate Meme images when a build fails (and returns to stable), and post them on the project page.
kuni katsuya

JBoss AS 7 | Granite Data Services - 0 views

granitedataservices.com/...jboss-as-7

graniteds jbossas7

shared by kuni katsuya on 08 Jun 12 - No Cached
  • JBoss AS 7 with GDS 2.3
  • JBoss AS 7 is its deep integration with Hibernate 4 which makes very painful to deploy Hibernate 3.x applications
  • recommended to upgrade to H4
  • ...6 more annotations...
  • GraniteDS now fully supports Hibernate 4
  • use the granite-hibernate4.jar instead of granite-hibernate.jar
  • Flex 4.5 broke a few APIs and there were two main issues with Tide : The client libraries crashed when run in a mobile application The PagedQuery was unusable
  • These two issues are now fixed
  • granite-flex45.swc
  • Flex SDK 4.5 here
« First ‹ Previous 61 - 80 of 155 Next › Last »
Showing 20 items per page