Group items tagged

can be handled on the

by defining a

possible to define common handlers for particular fault codes on the client-side, and exception converters on the server-side, to convert server exceptions to common fault codes

define an

class

Converter

ExceptionConverter

t.getMessage(), detail, t

ENTITY_NOT_FOUND

This class will

all EntityNotFound exceptions on the server-side, and convert it to a proper ENTITY_NOT_FOUND fault event.

exception converter has to be

scan="true" in granite-config.xml

in the jar containing the exception converter class

granite-config.xml

<exception-converters> <exception-converter type="com.package.SomeExceptionConverter"/> </exception-converters>

Handler

register it as an exception handler for the

in a static initializer block to be sure it is

ExceptionConverter

5. Exception Handling

5. Exception Handling

new entity has no id until it has been persisted to the database

take care that you have added the [Lazy] annotation to your Flex metadata compilation configuration

always have to include this library in either WEB-INF/lib

support for CDI is included in the library granite-cdi.jar

10.1. Configuration with Servlet 3 On Servlet 3 compliant containers, GraniteDS can use the new APIs to automatically register its own servlets and filters and thus does not need any particular configuration in web.xml. This automatic setup is triggered when GraniteDS finds a class annotated with @FlexFilter in one of the application archives:

@FlexFilter(configProvider=CDIConfigProvider.class) public class GraniteConfig { }  

list of annotation names that enable remote access to CDI beans

@FlexFilter declaration will setup an AMF processor for the specified url pattern

@TideEnabled

@RemoteDestination

always declared by default

10.3.2. Typesafe Remoting with Dependency Injection

It is possible to benefit from even more type safety by using the annotation [Inject] instead of In. When using this annotation, the full class name is used to find the target bean in the CDI context instead of the bean name.

Security

integration between the client RemoteObject credentials and the server-side container security

client-side component named

API to define runtime authorization checks on the Flex UI

bindable property

represents the current authentication state

integrated with server-side role-based security

clear the security cache manually with

 enabled="{identity.hasRole('admin')}"

button labeled Delete will be enabled only if the user has the role admin

All entities marked as [Managed] are considered as corresponding to Hibernate/JPA managed entities on the server

It is highly recommended to use JPA optimistic locking in a multi-tier environment (@Version annotation

In conclusion, the recommended approach to avoid any kind of subtle problems is to have a real uid property which will be persisted in the database

Here all loaded collections of the Person object will be uninitialized so uperson contains only the minimum of data to correctly merge your changes in the server persistence context

Tide uses the client data tracking (the same used for dirty checking, see below) to determine which parts of the graph need to be sent.

Dirty Checking and Conflict Handling

Data Validation

Tide integrates with Hibernate Validator 3.x and the Bean Validation API (JSR 303) implementations, and propagate the server validation errors to the client UI components

Data Paging

Event Bus

Contextual Components and Conversations

Contexts and Components

two main kinds of contexts:

unique context that exists during the whole lifetime of the Flex application

compared to to the server-side session

temporary contexts that can be created and destroyed at any time during the lifetime of the application

can exist simultaneously

isolated from each other

Components are stateful objects that can be of any ActionScript 3 class with a default constructor

have a name

A context is mostly a container for component instances

three available scopes:

length must be at least 128 bits (16 bytes)

Session ID Length

Session ID Name Fingerprinting

Session ID Properties

Session ID Entropy

must be unpredictable (random enough) to prevent guessing attacks

good PRNG (Pseudo Random Number Generator) must be used

must provide at least 64 bits of entropy

Session ID Content (or Value)

content (or value) must be meaningless

identifier on the client side

meaning and business or application logic associated to the session ID must be stored on the server side

session objects or in a session management database or repository

create cryptographically strong session IDs through the usage of cryptographic hash functions such as SHA1 (160 bits).

Session Management Implementation

defines the exchange mechanism that will be used between the user and the web application to share and continuously exchange the session ID

token expiration date and time

This is one of the reasons why cookies (RFCs 2109 & 2965 & 6265 [1]) are one of the most extensively used session ID exchange mechanisms, offering advanced capabilities not available in other methods

Transport Layer Security

use an encrypted HTTPS (SSL/TLS) connection for the entire web session

process where the user credentials are exchanged.

“Secure” cookie attribute

must be used to ensure the session ID is only exchanged through an encrypted channel

never switch a given session from HTTP to HTTPS, or viceversa

should not mix encrypted and unencrypted contents (HTML pages, images, CSS, Javascript files, etc) on the same host (or even domain - see the “domain” cookie attribute)

should not offer public unencrypted contents and private encrypted contents from the same host

www.example.com over HTTP (unencrypted) for the public contents

secure.example.com over HTTPS (encrypted) for the private and sensitive contents (where sessions exist)

only has port TCP/80 open

only has port TCP/443 open

“HTTP Strict Transport Security (HSTS)” (previously called STS) to enforce HTTPS connections.

Secure Attribute

instructs web browsers to only send the cookie through an encrypted HTTPS (SSL/TLS) connection

HttpOnly Attribute

instructs web browsers not to allow scripts (e.g. JavaScript or VBscript) an ability to access the cookies via the DOM document.cookie object

Domain and Path Attributes

instructs web browsers to only send the cookie to the specified domain and all subdomains

instructs web browsers to only send the cookie to the specified directory or subdirectories (or paths or resources) within the web application

vulnerabilities in www.example.com might allow an attacker to get access to the session IDs from secure.example.com

Expire and Max-Age Attributes

it will be considered a

and will be stored on disk by the web browser based until the expiration time

use non-persistent cookies for session management purposes, so that the session ID does not remain on the web client cache for long periods of time, from where an attacker can obtain it.

Session ID Life Cycle

highly recommended to use JPA optimistic locking in a multi-tier environment (@Version annotation)

Tip The easiest and recommended way for getting Tide enabled managed entities is to generate them from Java classes with Gas3 or the GDS Eclipse builder using the tide="true" option.

In a typical Flex/app server/database application, an entity lives in three layers: the Flex client the Hibernate/JPA persistence context the database

only invariant is the id.

id reliably links the different existing versions of the entity in the three layers

GraniteDS validation framework provides a set of standard constraints

Constraint Description AssertFalse The annotated element must be false AssertTrue The annotated element must be true DecimalMax The annotated element must be a number whose value must be lower or equal to the specified maximum DecimalMin The annotated element must be a number whose value must be greater or equal to the specified minimum Digits The annotated element must be a number whithin accepted range Future The annotated element must be a date in the future Max The annotated element must be a number whose value must be lower or equal to the specified maximum Min The annotated element must be a number whose value must be greater or equal to the specified minimum NotNull The annotated element must not be null Null The annotated element must be null Past The annotated element must be a date in the past Pattern The annotated String must match the supplied regular expression Size The annotated element size must be between the specified boundaries (included)

must use

Note that the bundle name must always be set to "ValidationMessages".

Spring, Seam, Ejb, Cdi

Client-side setup for remoting

initialize manually the Flex remoting channels that will be used by Tide

use the DefaultServiceInitializer component

character encoding

could either be automatically detected from the server configuration, or could be configured by the user through the useUnicode and characterEncoding properties

character encoding between client and server is automatically detected upon connection

character_set_server for server versions 4.1.0 and newer

To override the automatically detected encoding on the client side, use the characterEncoding property in the URL used to connect to the server.