Skip to main content

Home/ SoftwareEngineering/ Group items tagged auditing

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
kuni katsuya

Java Persistence/Auditing and Security - Wikibooks, open books for an open world - 0 views

en.wikibooks.org/...Auditing_and_Security

jpa auditing security

shared by kuni katsuya on 25 Jul 12 - No Cached
  • Use a common database user id, and manage auditing and security in the application
  • managed in the application by having an application user, and a single shared database user
  • adding a AUDIT_USER and AUDIT_TIMESTAMP column to all of the audited tables and auditUser and auditTimestamp field to all of the audited objects
  • ...5 more annotations...
  • When the application inserts or updates an object, it will set these fields and they will be stored in the database. JPA events could also be used to record the audit information, or to write to a separate audit table.
  • Example AuditedObject class
  • @MappedSuperclass public Class AuditedObject {
  • @Column("AUDIT_USER"); protected String auditUser; @Column("AUDIT_TIMESTAMP"); protected Calendar auditTimestamp;
  • @PrePersist @PreUpdate public void updateAuditInfo() { setAuditUser((String)AuditedObject.currentUser.get()); setAuditTimestamp(Calendar.getInstance()); }
  • kuni katsuya on 25 Jul 12
     
    Use a common database user id, and manage auditing and security in the application
kuni katsuya

Auditing Entities With JPA Events | Andy Gibson - 0 views

www.andygibson.net/...iting-entities-with-jpa-events

jpa events auditing

shared by kuni katsuya on 23 May 12 - No Cached
  • Auditing Entities With JPA Events
  • An alternative is if you are using a generic DAO class to handle entity persistence is to put the enhanced populateTimestamp method on there and call it prior to inserting or updating the entity in the DAO
kuni katsuya

Introduction to Enterprise Architect, UML Modeling Tool [EA User Guide] - 0 views

www.sparxsystems.com/...9.3

enterprisearchitect user guide documentation

shared by kuni katsuya on 27 Jun 12 - No Cached
  • Introduction to Enterprise Architect
  • Enterprise Architect User Guide provides tutorials, guidance and reference material to help you use Enterprise Architect in: Modeling With Enterprise Architect Model Management Project Management Model Auditing Model Baselining and Differencing Model User Security Model Version Control Code Engineering Visualization and Analysis of Code Execution RTF and HTML Document Creation (Reports)
  • Introduction to Enterprise Architect
  • ...2 more annotations...
  • Enterprise Architect User Guide provides tutorials, guidance and reference material to help you use Enterprise Architect in: Modeling With Enterprise Architect Model Management Project Management Model Auditing Model Baselining and Differencing Model User Security Model Version Control Code Engineering Visualization and Analysis of Code Execution RTF and HTML Document Creation (Reports)
  • If you are new to modeling and UML as well as Enterprise Architect, or otherwise want a rapid review of the process of modeling with Enterprise Architect, go to the Quickstart Tutorial.
kuni katsuya

Access control - Wikipedia, the free encyclopedia - 0 views

en.wikipedia.org/...Access_control

security models authentication authorization

shared by kuni katsuya on 31 Aug 12 - No Cached
  • Computer security
  • authentication, authorization and audit
  • In any access control model, the entities that can perform actions in the system are called subjects, and the entities representing resources to which access may need to be controlled are called objects
  • ...39 more annotations...
  • Principle of least privilege
  • object-capability model, any software entity can potentially act as both a subject and object
  • Access control models used by current systems tend to fall into one of two classes:
  • those based on capabilities
  • those based on access control lists (ACLs)
  • Both capability-based and ACL-based models have mechanisms to allow access rights to be granted to all members of a group of subjects (often the group is itself modeled as a subject)
  • identification and authentication determine who can log on to a system, and the association of users with the software subjects that they are able to control as a result of logging in; authorization determines what a subject can do; accountability identifies what a subject (or all subjects associated with a user) did.
  • Authorization determines what a subject can do on the system
  • Authorization
  • Access control models
  • categorized as either discretionary or non-discretionary
  • three most widely recognized models are
  • Discretionary Access Control (DAC)
  • Mandatory Access Control (MAC)
  • Role Based Access Control (RBAC)
  • Attribute-based access control
  • Discretionary access control
  • Discretionary access control (DAC) is a policy determined by the owner of an object. The owner decides who is allowed to access the object and what privileges they have.
  • Every object in the system has an owner
  • access policy for an object is determined by its owner
  • DAC systems, each object's initial owner is the subject that caused it to be created
  • Mandatory access control
  • Mandatory access control refers to allowing access to a resource
  • if and only if rules exist
  • that allow a given user to access the resource
  • Management is often simplified (over what can be required) if the information can be protected using
  • hierarchical access control
  • or by implementing sensitivity labels.
  • Sensitivity labels
  • A subject's sensitivity label specifies its
  • level of trust
  • level of trust required for access
  • subject must have a sensitivity level equal to or higher than the requested object
  • Role-based access control
  • Role-based access control (RBAC) is an
  • access policy
  • determined by the system
  • not the owner
  • Access control
kuni katsuya

Plugins - Jenkins - Jenkins Wiki - 0 views

wiki.jenkins-ci.org/...Plugins

jenkins continuousintegration ci plugin hudson

shared by kuni katsuya on 07 Jun 12 - No Cached
  • Git Plugin — This plugin allows use of Git as a build SCM
  • Subversion Plugin — This plugin adds the Subversion support (via SVNKit) to Jenkins
  • Subversion Release Manager — This plugin allows you to set up a job in Hudson for building specific revisions of a project.
  • ...77 more annotations...
  • Subversion Tagging Plugin — This plugin automatically performs subversion tagging (technically speaking svn copy) on successful build.
  • ViewVC Plugin — This plugin integrates ViewVC browser interface for CVS and Subversion with Hudson.
  • Source code management
  • Build Pipeline Plugin — This plugin creates a pipeline of Hudson\Jenkins jobs and gives a view so that you can visualise it.
  • Build tools
  • JBoss Management Plugin — This plugin allows to manage a JBoss Application Server during build procedure
  • Maven 2 Project Plugin — Jenkin's Maven 2 project type
  • Phing Plugin — This plugin allows you to use Phing to build PHP projects.
  • Post build task — This plugin allows the user to execute a shell/batch task depending on the build log output. Java regular expression are allowed.
  • Promoted Builds Plugin — This plugin allows you to distinguish good builds from bad builds by introducing the notion of 'promotion'.
  • Publish Over SSH Plugin — Publish files and/or execute commands over SSH (SCP using SFTP)
  • Selenium AES Plugin — This plugin is for continuous regression test by Selenium Auto Exec Server (AES).
  • Vagrant Plugin — This plugin allows booting of Vagrant virtual machines, provisioning them and also executing scripts inside of them
  • Unicorn Validation Plugin — This plugin uses W3C's Unified Validator, which helps improve the quality of Web pages by performing a variety of checks.
  • Build wrappers
  • Android Emulator Plugin — Lets you automatically generate, launch and interact with an Android emulator during a build, with the emulator logs being captured as artifacts.
  • Artifactory Plugin — This plugin allows deploying Maven 2, Maven 3, Ivy and Gradle artifacts and build info to the Artifactory artifacts manager.
  • AWS Cloudformation Plugin — A plugin that allows for the creation of cloud formation stacks before running the build and the deletion of them after the build is completed.
  • Build Keeper Plugin — Select a policy for automatically marking builds as "keep forever" to enable long term analysis trending when discarding old builds - or use to protect logs and artifacts from certain builds
  • Build Name Setter Plugin — This plugin sets the display name of a build to something other than #1, #2, #3, ...
  • SSH plugin — You can use the SSH Plugin to run shell commands on a remote machine via ssh.
  • SeleniumRC Plugin — This plugin allows you to create Selenium server instance for each project build.
  • Vagrant Plugin — This plugin allows booting of Vagrant virtual machines, provisioning them and also executing scripts inside of them
  • Timestamper — Adds timestamps to the Console Output.
  • VirtualBox Plugin — This plugin integrates Jenkins with VirtualBox (version 3, 4.0 and 4.1) virtual machine.
  • Version Number Plugin — This plugin creates a new version number and stores it in the environment variable whose name you specify in the configuration.
  • VMware plugin — This plugin allows you to start a VMware Virtual Machine before a build and stop it again after the build completes.
  • AWS Cloudformation Plugin — A plugin that allows for the creation of cloud formation stacks before running the build and the deletion of them after the build is completed.
  • Desktop Notifier for Jenkins — This is useful for those who are looking for a Desktop Notifier for Jenkins builds to automatically notify you about failed builds directly from their desktops.
  • Email-ext plugin — This plugin allows you to configure every aspect of email notifications. You can customize when an email is sent, who should receive it, and what the email says.
  • Google Calendar Plugin — This plugin publishes build records over to Google Calendar
  • HTML5 Notifier Plugin — Provides W3C Web Notifications support for builds.
  • Jabber Plugin — Integrates Jenkins with the Jabber/XMPP instant messaging protocol. Note that you also need to install the instant-messaging plugin.
  • Build reports
  • Checkstyle Plugin — This plugin generates the trend report for Checkstyle, an open source static code analysis program. 
  • Clover PHP Plugin — This plugin allows you to capture code coverage reports from PHPUnit. For more information on how to set up PHP projects with Jenkins have a look at the Template for Jenkins Jobs for PHP Projects.
  • Crap4J Plugin — This plugin reads the "crappy methods" report from Crap4J. Hudson will generate the trend report of crap percentage and provide detailed information about changes.
  • Dependency Analyzer Plugin — This plugin parses dependency:analyze goal from maven build logs and generates a dependency report
  • Dependency Graph View Plugin — Shows a dependency graph of the projects using graphviz. Requires a graphviz installation on the server.
  • FindBugs Plugin — This plugin generates the trend report for FindBugs, an open source program which uses static analysis to look for bugs in Java code. 
  • Grinder Plugin — This plugin reads output result files from Grinder performance tests, and will generate reports showing test results for every build and trend reports showing performance results across builds.
  • JSUnit plugin — This plugin allows you publish JSUnit test results
  • Performance Plugin — This plugin allows you to capture reports from JMeter and JUnit . Hudson will generate graphic charts with the trend report of performance and robustness.
  • PerfPublisher Plugin — This plugin generates global and trend reports for tests results analysis. Based on an open XML tests results format, the plugin parses the generated files and publish statistics, reports and analysis on the current health of the project.
  • PMD Plugin — This plugin generates the trend report for PMD, an open source static code analysis program. 
  • Sonar plugin — Quickly benefit from Sonar, an open-source dashboard based on many analysis tools like Checkstyle, PMD and Cobertura.
  • testng-plugin — This plugin allows you to publish TestNG results.
  • Violations — This plug-in generates reports static code violation detectors such as checkstyle, pmd, cpd, findbugs, codenarc, fxcop, stylecop and simian.
  • xUnit Plugin — This plugin makes it possible to publish the test results of an execution of a testing tool in Jenkins.
  • Artifact uploaders
  • ArtifactDeployer Plugin — This plugin makes it possible to copy artifacts to remote locations.
  • Artifactory Plugin — This plugin allows deploying Maven 2, Maven 3, Ivy and Gradle artifacts and build info to the Artifactory artifacts manager.
  • Confluence Publisher Plugin — This plugin allows you to publish build artifacts as attachments to an Atlassian Confluence wiki page.
  • Deploy Plugin — This plugin takes a war/ear file and deploys that to a running remote application server at the end of a build
  • FTP-Publisher Plugin — This plugin can be used to upload project artifacts and whole directories to an ftp server.
  • HTML Publisher Plugin
  • Publish Over FTP Plugin — Publish files over FTP
  • Publish Over SSH Plugin — Publish files and/or execute commands over SSH (SCP using SFTP)
  • S3 Plugin — Upload build artifacts to Amazon S3
  • SCP plugin — This plugin uploads build artifacts to repository sites using SCP (SSH) protocol.
  • Hudson Helper for Android — Monitor your CI builds right from your Android device.
  • Hudson Mobi, the iPhone, iPod and Android client for Hudson CI — The iPhone, iPod and iPad client for Hudson CI monitoring on the road.
  • Hudson Monitor for Android — Monitor and display the status of your builds on your Android™ phone.
  • External site/tool integrations
  • Jira Issue Updater Plugin — This is a Jenkins plugin which updates issues in Atlassian Jira (by changing their status and adding a comment) as part of a Jenkins job.
  • JIRA Plugin — This plugin integrates Atlassian JIRA to Jenkins.
  • ChuckNorris Plugin — Displays a picture of Chuck Norris (instead of Jenkins the butler) and a random Chuck Norris 'The Programmer' fact on each build page.
  • UI plugins
  • Active Directory plugin — With this plugin, you can configure Jenkins to authenticate the username and the password through Active Directory.
  • Audit Trail Plugin — Keep a log of who performed particular Jenkins operations, such as configuring jobs.
  • JClouds Plugin — This plugin uses JClouds to provide slave launching on most of the currently usable Cloud infrastructures.
  • Checkstyle Plugin — This plugin generates the trend report for Checkstyle, an open source static code analysis program. 
  • FindBugs Plugin — This plugin generates the trend report for FindBugs, an open source program which uses static analysis to look for bugs in Java code. 
  • JIRA Plugin — This plugin integrates Atlassian JIRA to Jenkins.
  • M2 Release Plugin — This plugin allows you to perform a release build using the maven-release-plugin from within Jenkins.
  • PMD Plugin — This plugin generates the trend report for PMD, an open source static code analysis program. 
  • Meme Generator Plugin — Generate Meme images when a build fails (and returns to stable), and post them on the project page.
kuni katsuya

log4jdbc - JDBC proxy driver for logging SQL and other interesting information. - Googl... - 0 views

code.google.com/log4jdbc

database jdbc logging log4jdbc java

shared by kuni katsuya on 06 Oct 12 - No Cached
  • for prepared statements, the bind arguments are automatically inserted into the SQL output
  • SQL timing information can be generated to help identify how long SQL statements take to run
  • included tool to produce profiling report data for quickly identifying slow SQL in your application
  • ...16 more annotations...
  • SQL connection number information is generated
  • change the driver class name to net.sf.log4jdbc.DriverSpy
  • "jdbc:log4"
  • jdbc.sqlonly
  • jdbc.sqltiming
  • jdbc.audit
  • jdbc.resultset
  • jdbc.connection
  • only SQL
  • the SQL
  • timing statistics
  • ALL JDBC calls
  • very voluminous output
  • all calls to ResultSet objects
  • connection open and close events
  • useful for hunting down connection leak problems
kuni katsuya

Enterprise Architect - Product Demonstrations - 0 views

www.sparxsystems.com/...index.html

enterprisearchitect overview video

shared by kuni katsuya on 27 Jun 12 - Cached
  • Part 2 Subversion Setting up a Subversion repository for use with Enterprise Architect models.
  • Part 4 Configure & Connect Configuring Enterprise Architect and connecting to your Version Control system.
  • Part 5 Controlled Packages Working with version controlled UML packages in Enterprise Architect.
  • ...19 more annotations...
  • Eclipse A tour of MDG Integration for Eclipse.
  • Baseline Diagram Comparison Conduct a visual diagram comparison between your current diagram and a previous baseline .
  • Personal Information Window See how the Personal Information Window in Enterprise Architect can help you organize your daily tasks and workflow.
  • Working Sets As you perform work on your model, you open various windows, diagrams and views. Working Sets allow you to return to these same views in a later work session.
  • Business Rules A car rental system is used to illustrate how to generate executable business rules using Enterprise Architect.
  • Menu Customization Quickly and easily suppress individual menu items or entire categories of commands to create custom menu layouts.
  • Floating and Dockable Windows Save the position and layout of Floating and Dockable Windows using a Working Set in the Personal Information Window.
  • Build and Debug a Java Application Set up Enterprise Architect to build and debug a Java Application, using a VEA sample project.
  • Sequence Diagrams Learn how to create a simple Sequence diagram. The video also illustrates how to bring your Sequence diagram to life using model simulation.
  • HTML Report Generation This brief introduction illustrates how to automatically generate a HTML Report using Enterprise Architect.
  • Basic Use Case Demonstration A guide to constructing a Use Case model in under 30 seconds, including use cases, notes and issues.
  • Traceability within Enterprise Architect This video examines Traceability and discusses how to use Enterprise Architect to conduct an Impact Analysis.
  • Requirements Reporting A brief overview of requirements reporting in Enterprise Architect. Topics include document generation in web and RTF formats, report customization and virtual documents, including Model and Master documents.
  • Requirements Traceability An examination of requirements traceability in Enterprise Architect. Topics include traceability views, tracing to external artifacts, conducting an impact analysis, viewing the Relationship Matrix and using Enterprise Architect's Auditing capabilities.
  • Requirements Modeling A brief overview of requirements modeling in Enterprise Architect. Topics include requirements capture and definition, custom properties, tabular editing, auto-naming and screen prototypes.
  • Installing EA An introductory walk through and discussion of Enterprise Architect in the Software Development Lifecycle.
  • Enterprise Architect 7.5 Overview An overview of Enterprise Architect features released with version 7.5.
  • Introduction to Enterprise Architect An introductory walk through and discussion of Enterprise Architect in the Software Development Lifecycle.
  • Brief Overview The 10 minute guide to Enterprise Architect, from Requirements Management and Business Process Modeling to MDA and Code Engineering.
kuni katsuya

Entity-attribute-value model - Wikipedia, the free encyclopedia - 0 views

en.wikipedia.org/...Entity-attribute-value_model

eav sparse open schema

shared by kuni katsuya on 01 Jul 12 - Cached
  • Entity–attribute–value model
  • Entity–attribute–value model (EAV) is a data model to describe entities where the number of attributes (properties, parameters) that can be used to describe them is potentially vast, but the number that will actually apply to a given entity is relatively modest
  • also known as object–attribute–value model, vertical database model and open schema
  • ...21 more annotations...
  • In an EAV data model, each attribute-value pair is a fact describing an entity, and a row in an EAV table stores a single fact
  • EAV tables are often described as "long and skinny": "long" refers to the number of rows, "skinny" to the few columns
  • Data is recorded as three columns: The entity: the item being described. The attribute or parameter: a foreign key into a table of attribute definitions. At the very least, the attribute definitions table would contain the following columns: an attribute ID, attribute name, description, data type, and columns assisting input validation
  • The value of the attribute
  • Row modeling, where facts about something (in this case, a sales transaction) are recorded as multiple rows rather than multiple columns
  • differences between row modeling and EAV (which may be considered a generalization of row-modeling) are:
  • A row-modeled table is homogeneous in the facts that it describes
  • The data type of the value column/s in a row-modeled table is pre-determined by the nature of the facts it records. By contrast, in an EAV table, the conceptual data type of a value in a particular row depend on the attribute in that row
  • In the EAV table itself, this is just an attribute ID, a foreign key into an Attribute Definitions table
  • The Attribute
  • The Value
  • Coercing all values into strings
  • larger systems use separate EAV tables for each data type (including binary large objects, "BLOBS"), with the metadata for a given attribute identifying the EAV table in which its data will be stored
  • Where an EAV system is implemented through RDF, the RDF Schema language may conveniently be used to express such metadata
  • access to metadata must be restricted, and an audit trail of accesses and changes put into place to deal with situations where multiple individuals have metadata access
  • quality of the annotation and documentation within the metadata (i.e., the narrative/explanatory text in the descriptive columns of the metadata sub-schema) must be much higher, in order to facilitate understanding by various members of the development team.
  • Attribute metadata
  • Validation metadata include data type, range of permissible values or membership in a set of values, regular expression match, default value, and whether the value is permitted to be null
    • kuni katsuya
      kuni katsuya on 01 Jul 12
       
      jsr-299 bean validation anyone?  :)
  • Presentation metadata: how the attribute is to be displayed to the user
  • Grouping metadata: Attributes are typically presented as part of a higher-order group, e.g., a specialty-specific form. Grouping metadata includes information such as the order in which attributes are presented
  • Advanced validation metadata Dependency metadata:
kuni katsuya

Security Module Drafts - Apache DeltaSpike - Apache Software Foundation - 0 views

cwiki.apache.org/...Security+Module+Drafts

ApacheDeltaSpike

shared by kuni katsuya on 16 Aug 12 - No Cached
  • Authorization
  • Impersonalization
    • kuni katsuya
      kuni katsuya on 16 Aug 12
       
      impersonation
  • authenticates “as a user” or access application imitating his identity - without knowing his password
  • ...36 more annotations...
  • elements of the user interface are displayed to the user based on the user's privilege level
  • assign permissions to individual objects within the application’s business domain
    • kuni katsuya
      kuni katsuya on 16 Aug 12
       
      individual objects == instances
  • Permissions
  • Permissions assigned to user for a given resource in the tree are inherited by other resources
  • Permissions are inherited
  • persist user, group and role information in database. JPA implementation is his dream
  • Security Module Drafts
  • Identity
  • interface Identity
  • login()
  • logout()
  • getUser()
  • Events LoggedInEvent LoginFailedEvent AlreadyLoggedInEvent PreLoggedOutEvent PostLoggedOutEvent PreAuthenticateEvent PostAuthenticateEvent
  • Object level permission
  • Grant or revoke permissions
  • Group management
  • User/Identity management
  • identity.hasRole
  • identity.hasPermission
  • Permissions model
  • Identity Management (IDM)
  • User, Group and Role
  • Events
  • hooks for common IDM or Security operations
  • Audit and logging for permission and IDM related changes
  • Event API.
  • Impersonalization
  • Impersonalization
  • control which elements of the user interface are displayed to the user based on their assigned permissions
  • ask for permission
  • without need to obtain object from DB
  • String resourceId
  • structure of resources
  • more advanced security resolution mechanisms
  • Rules based engine
  • external services - XACML
kuni katsuya

Overview of Interceptors - The Java EE 6 Tutorial - 0 views

docs.oracle.com/...gkigq.html

javaee6 interceptors tutorial overview

shared by kuni katsuya on 16 May 12 - No Cached
  • Overview of Interceptors
  • allow developers to invoke interceptor methods in conjunction with method invocations or lifecycle events on an associated target class
  • logging, auditing, or profiling
  • ...7 more annotations...
  • Interceptor classes and methods are defined using metadata annotations, or in the deployment descriptor of the application containing the interceptors and target classes
  • Interceptor Metadata Annotations
  • AroundInvoke
  • AroundTimeout
  • PostConstruct
  • PreDestroy
  • Interceptor classes must have a public, no-argument constructor
kuni katsuya

Enterprise Architect - UML Design Tools and UML CASE tools for software development - 0 views

www.sparxsystems.com/...index.html

enterprise architect uml design tools

shared by kuni katsuya on 16 May 12 - Cached
  • Code Engineering Database Engineering Debug & Visualize Applications MDG Technologies (Create & Use)* Model Driven Architecture (MDA) Project Discussion Forum Replicate .EAP Projects Reverse Engineer Binaries (Java, .NET) Shared Models WSDL Engineering XML Schema (XSD) Engineering
  • Audit Model Changes Baseline Diff/Merge DBMS Repository** Floating Edition Available Lazy Load Scripting with JScript, VBScript and Javascript Security (Role-based) WAN Optimizer
  • BPEL Generation from BPMN diagrams Business Rules Composer Executable Code Generation from Behavioral Models Math Support built into Script Engines
  • ...5 more annotations...
  • Allocated Work Execution Analyzer Menu Test Points Win 32 User Interface Designs Business Process Simulation ***
  • Gap Analysis Model Mail Project Calendar Task Allocations TOGAF Gap Analysis
  • BPEL 2.0 Generation BPMN Simulation SysML 1.2
  • Eclipse Integration
  • Eclipse Link
  • kuni katsuya on 16 May 12
     
    Code Engineering Database Engineering Debug & Visualize Applications MDG Technologies (Create & Use)*
1 - 12 of 12
Showing 20 items per page