Group items tagged

GraniteDS validation framework provides a set of standard constraints

Constraint Description AssertFalse The annotated element must be false AssertTrue The annotated element must be true DecimalMax The annotated element must be a number whose value must be lower or equal to the specified maximum DecimalMin The annotated element must be a number whose value must be greater or equal to the specified minimum Digits The annotated element must be a number whithin accepted range Future The annotated element must be a date in the future Max The annotated element must be a number whose value must be lower or equal to the specified maximum Min The annotated element must be a number whose value must be greater or equal to the specified minimum NotNull The annotated element must not be null Null The annotated element must be null Past The annotated element must be a date in the past Pattern The annotated String must match the supplied regular expression Size The annotated element size must be between the specified boundaries (included)

must use

Note that the bundle name must always be set to "ValidationMessages".

Interceptor classes and methods are defined using metadata annotations, or in the deployment descriptor of the application containing the interceptors and target classes

Interceptor Metadata Annotations

Interceptor classes must have a public, no-argument constructor

Some of the useful patterns

%h - Remote host name (or IP address if resolveHosts is false)

%a - Remote IP address

%u - Remote user that was authenticated (if any), else '-'

%r - First line of the request (method and request URI)

%s - HTTP status code of the response

%b - Bytes sent, excluding HTTP headers, or '-' if zero

%S - User session ID

%t - Date and time, in Common Log Format

%m - Request method (GET, POST, etc.)

eing performed

boolean implies(Permission p)

Returns true if this current instance

false otherwise

current instance must be exactly equal to or a superset of the functionalty and/or resource access described by the given Permission argument

role name to resolve

Collection of Permissions

of the JOINED mapping strategy which require a discriminator

must declare your classes in separated source files if you want them to be correctly handled by the generator

copy and paste job

instead of returning null, an

Corporate - central Wiki

Build Server (Continuous Integration)

Testing (tools and practices)

Code Coverage

Services, practices & tools that should exist in any software development house, part 1

Individuals: instances or objects

Attributes: aspects, properties, features, characteristics, or parameters

Relations: ways in which classes and individuals can be related to one another

Function terms:

Restrictions: formally stated descriptions of what must be true in order for some assertion to be accepted as input

Rules: statements in the form of an if-then (antecedent-consequent) sentence that describe the logical inferences that can be drawn from an assertion in a particular form

Axioms: assertions (including rules) in a logical form

Events: the changing of attributes or relations

 @UsingDataSet("datasets/users.yml")

   @ShouldMatchDataSet("datasets/expected-users.yml")

Unrestricted crossdomain.xml

Permission

A Permission is only a statement of behavior, nothing more.

a statement that describes raw functionality in an application and nothing more

define only "What" the application can do

which assumes Shiro's

String format.

Authorization Sequence

what happens inside Shiro whenever an authorization call is made.

invokes any of the Subject hasRole*, checkRole*, isPermitted*, or checkPermission*

securityManager implements the org.apache.shiro.authz.Authorizer interface

delegates to the application's SecurityManager by calling the securityManager's nearly identical respective hasRole*, checkRole*, isPermitted*, or checkPermission* method variants

relays/delegates to its internal org.apache.shiro.authz.Authorizer instance by calling the authorizer's respective hasRole*, checkRole*, isPermitted*, or checkPermission* method

Realm's own respective hasRole*, checkRole*, isPermitted*, or checkPermission* method is called

Authorization Sequence

implies a set of behaviors (i.e. permissions) based on a role name only

named collection of actual permission statements

your realm is what will tell Shiro whether or not roles or permissions exist

Each Realm interaction functions as follows:

key difference with a RolePermissionResolver however is that the input String is a role name, and not a permission string.

Configuring a global RolePermissionResolver

RolePermissionResolver has the ability to represent Permission instances needed by a Realm to perform permission checks.

translate a role name into a concrete set of Permission instances

globalRolePermissionResolver = com.foo.bar.authz.MyPermissionResolver ... securityManager.authorizer.rolePermissionResolver = $globalRolePermissionResolver

shiro.ini

Entity Beans in combination with an EntityManager

use CDI to inject the EntityManager into my JpaRealm

JpaRealm is not container managed but is instantiated by Shiro

delegate your JpaRealm into @Stateless EJB, which can @Inject EntityManager

JpaRealm

@PersistenceContext   private EntityManager entityManager;

EnvironmentLoaderListener

found the cause

Instead of configuring the ShiroFilter in my web.xml I had the IniShiroFilter configured. The IniShiroFilter creates a new SecurityManager from the ini file. This new SecurityManager didn't know about the realm I've added in my EnvironmentLoader, so it didn't have any realms.

I replaced it with the ShiroFilter in my web.xml and all seems to be working now with my CdiEnvironmentLoaderListener.