Skip to main content

Home/ SoftwareEngineering/ Group items tagged code

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
kuni katsuya

Chapter 17. Configuration Reference - 0 views

www.graniteds.org/...graniteds.configuration.html

graniteds configuration reference

shared by kuni katsuya on 09 Aug 12 - No Cached
  • <security>
  • custom security service that should implement org.granite.messaging.service.security.SecurityService
  • services-config.xml
  • ...1 more annotation...
  • contains all the remoting and messaging configuration of the application. There are three main sections: channels, factories and services.
kuni katsuya

ICW Developer Network - 0 views

idn.icw-global.com/...saf.html

security frameworks comparison Seam SAF SpringSecurity

shared by kuni katsuya on 08 Aug 12 - No Cached
  • ComparisonThis section provides a brief comparison of SAFs functionality with that of the Acegi Security Framework [11] and JBoss Seam Security [12]
  • Acegi’s Policy Decision functionality is not based on Java security standards but on a proprietary solution
  • ACL defines per domain object who has access permissions
  • ...5 more annotations...
  • Both Acegi as well as SAF use AspectJ and Spring AOP for Policy Enforcement
  • JBoss Seam follows a different process when implementing Policy Decision functionality and sets access rules with the help of JBoss Rules [13] the JBoss rules engine
  • access decision to the domain objects in an application can be based on any number of complex rules
  • @Restrict annotations
  • 07.2007
kuni katsuya

Chapter 9. Integration with Seam 2.2 - 0 views

www.graniteds.org/...graniteds.seam2.html

java security graniteds SeamSecurity

shared by kuni katsuya on 09 Aug 12 - No Cached
  • 9.2.6. Integration with Seam Security
  • When not using the Seam native setup, you have to manually configure the integration of Seam Security in granite-config.xml.
  • <granite-config>    ...    <!--     ! Use Seam 2.1+ based security service.     !-->     <security type="org.granite.seam21.security.Seam21SecurityService"/> </granite-config>
kuni katsuya

SQL Injection Prevention Cheat Sheet - OWASP - 0 views

www.owasp.org/...jection_Prevention_Cheat_Sheet

security SqlInjection prevention CheatSheet

shared by kuni katsuya on 09 Aug 12 - No Cached
  • SQL Injection Prevention Cheat Sheet
  • it is EXTREMELY simple to avoid SQL Injection vulnerabilities in your code.
  • create dynamic database queries that include user supplied input
  • ...19 more annotations...
  • a) stop writing dynamic queries
  • b) prevent user supplied input which contains malicious SQL from affecting the logic of the executed query
  • Primary Defenses:
  • Option #1: Use of Prepared Statements (Parameterized Queries)
  • Option #3: Escaping all User Supplied Input
  • Additional Defenses:
  • Enforce: Least Privilege
    • kuni katsuya
      kuni katsuya on 21 Sep 12
       
      least privilege should be *required*, included as a primary defense
  • Perform: White List Input Validation
  • Primary Defenses
  • Defense Option 1: Prepared Statements (Parameterized Queries)
  • attacker is not able to
  • change the intent
  • of a query, even if SQL commands are inserted by an attacker
  • allows the database to
  • distinguish
  • between
  • data,
  • code a
  • Defense Option 3: Escaping All User Supplied Input
kuni katsuya

ListCollectionView/ArrayCollection tip for using GraniteDS - Ross Henderson - 0 views

blog.rosshenderson.info/...ection-tip-for-using-graniteds

graniteds tip ListCollectionView ArrayCollection

shared by kuni katsuya on 06 Jun 12 - No Cached
  • The reason why GraniteDS generates properties of type ListCollectionView is simple : it internally uses collections implementations that extend ListCollectionView and not ArrayCollection. But as you have described when you manually assign collections, you should use ArrayCollection. It’s exactly the same as in Java when you do List list = new ArrayList().
  • ListCollectionView/ArrayCollection tip for using GraniteDS
  • new ListCollectionView();
  • ...4 more annotations...
  • instead of this:
  • do this:
  • new ArrayCollection();
  • I’m not really sure what the deal is
    • kuni katsuya
      kuni katsuya on 01 Nov 12
       
      see comment from william (wdrai) below (graniteds guy)
kuni katsuya

Article Series: Migrating Spring Applications to Java EE 6 - Part 1 | How to JBoss - 1 views

howtojboss.com/...plications-to-java-ee-6-part-1

spring javaee6 migration

shared by kuni katsuya on 06 Jun 12 - No Cached
  • In fact people still love those books without realizing that the world has changed dramatically ever since
  • The reality check here is to wonder whether the rhetorics set forth by Rod Johnson in his 2003/2004 books are still actual today
  • So if you still care about those books, the best way to show your appreciation is probably to use them as your monitor stand
  • ...21 more annotations...
  • The discussion whether or not to use Spring vs. Java EE for new enterprise Java applications is a no-brainer
  • Why migrate?
  • since then fallen a prey to the hungry minds of Venture Capitalists and finally into the hands of a virtualization company called VMware
  • While the different companies and individuals behind the Spring framework have been doing some work in the JCP their voting behavior on important JSRs is peculiar to say the least
  • outdated ORM solution like JDBC templates
  • some developers completely stopped looking at new developments in the Java EE space and might have lost track of the current state of technology
  • size of the deployment archive
  • fairly standard Java EE 6 application will take up about 100 kilobytes
  • comparable Spring application weighs in at a whopping 30 Megabytes!
  • Lightweight
  • Firing up the latest JBoss AS 7 Application Server from scratch and deploying a full blown Java EE 6 application into the server takes somewhere between two and five seconds on a standard machine. This is in the same league as a Tomcat / Spring combo
  • Dependency injection
  • Java EE 6, the Context and Dependency Injection (CDI) specification was introduced to the Java platform, which has a very powerful contextual DI model adding extensibility of injectable enterprise services
  • Aspect Oriented Programming
  • “AOP Light” and this is exactly what Java EE Interceptors do
  • common pitfall when taking AOP too far is that your code might end up all asymmetric and unreadable. This is due to the fact that the aspect and its implementation are not in the same place. Determining what a piece of code will do at runtime at a glance will be really hard
  • Testing
  • With Arquillian we can get rid of mocking frameworks and test Java EE components in their natural environment
  • Tooling
  • capabilities comparison matrix below to map Spring’s technology to that of Java EE
  • Capability Spring JavaEE Dependency Injection Spring Container CDI Transactions AOP / annotations EJB Web framework Spring Web MVC JSF AOP AspectJ (limited to Spring beans) Interceptors Messaging JMS JMS / CDI Data Access JDBC templates / other ORM / JPA JPA RESTful Web Services Spring Web MVC (3.0) JAX-RS Integration testing Spring Test framework Arquillian *
kuni katsuya

Chapter 9. Integration with Seam 2.2 - 0 views

www.graniteds.org/...graniteds.seam2.html

graniteds seam2 integration

shared by kuni katsuya on 15 May 12 - No Cached
  • Integration with Seam 2.2
  • GraniteDS provides out-of-the-box integration with Seam 2.2 via either the RemoteObject API or the Tide API to remotely call Seam components, and fully supports serialization of JPA entities from and to your Flex application, taking care of lazily loaded associations
kuni katsuya

Guide to SQL Injection - OWASP - 0 views

www.owasp.org/...Guide_to_SQL_Injection

security SqlInjection background overview

shared by kuni katsuya on 21 Sep 12 - No Cached
  • Least privilege connections
  • Always use accounts with the
  • minimum privilege necessary
    • kuni katsuya
      kuni katsuya on 21 Sep 12
       
      yet another reason why shared db logins (eg. etl_update) are a *BAD IDEA* ie. a set of apps using the same db login are effectively granted the 'highest common denominator' of db privileges, so have more access than they should (eg. update/delete privilege on tables unrelated to app)
  • ...9 more annotations...
  • for the application
  • Parameterized Queries with Bound Parameters
  • keep the
  • query
  • d data
  • separate through the use of placeholders known as "bound" parameters
  • how to Review Code for SQL Injection Vulnerabilities.
  • Guide to SQL Injection
  • "injection" of a SQL query via the input data from the client to the application
  • kuni katsuya on 21 Sep 12
     
    "Least privilege connections"
kuni katsuya

MySQL :: MySQL 5.7 Reference Manual :: 5.1.4 Server System Variables - 0 views

dev.mysql.com/...server-system-variables.html

mysql reference

shared by kuni katsuya on 08 Aug 13 - No Cached
kuni katsuya

Generic CRUD Service aka DAO - EJB 3.1/0 Code - Only If You Really Needed : Adam Bien's... - 0 views

www.adam-bien.com/...generic_crud_service_aka_dao

javaee6 patterns GenericCrudService DAO ejb3.1

shared by kuni katsuya on 12 Oct 12 - Cached
  • Generic CRUD Service
  • The term Data Access Object (DAO)
  • is actually wrong
    • kuni katsuya
      kuni katsuya on 12 Oct 12
       
      this is one reason i hate using the term 'dao' in our ee6 project
  • ...7 more annotations...
  • easy with generics
  • create
  • find(
  • update(
  • delete(
  • CrudService
  • @TransactionAttribute(TransactionAttributeType.MANDATORY)
kuni katsuya

log4jdbc - JDBC proxy driver for logging SQL and other interesting information. - Googl... - 0 views

code.google.com/log4jdbc

database jdbc logging log4jdbc java

shared by kuni katsuya on 06 Oct 12 - No Cached
  • for prepared statements, the bind arguments are automatically inserted into the SQL output
  • SQL timing information can be generated to help identify how long SQL statements take to run
  • included tool to produce profiling report data for quickly identifying slow SQL in your application
  • ...16 more annotations...
  • SQL connection number information is generated
  • change the driver class name to net.sf.log4jdbc.DriverSpy
  • "jdbc:log4"
  • jdbc.sqlonly
  • jdbc.sqltiming
  • jdbc.audit
  • jdbc.resultset
  • jdbc.connection
  • only SQL
  • the SQL
  • timing statistics
  • ALL JDBC calls
  • very voluminous output
  • all calls to ResultSet objects
  • connection open and close events
  • useful for hunting down connection leak problems
kuni katsuya

Newegg.ca - Western Digital My Passport 2TB USB 3.0/USB 2.0 Portable Hard Drive WDBY8L0... - 0 views

www.newegg.ca/...Product.aspx

hardware WesternDigital MyPassport 2TB Usb3.0 portable drive

shared by kuni katsuya on 06 Dec 12 - No Cached
kuni katsuya

AnemicDomainModel - 0 views

www.martinfowler.com/...AnemicDomainModel.html

java javaee6 anti-patterns DesignPatterns

shared by kuni katsuya on 12 Dec 12 - Cached
  • AnemicDomainModel
  • Eric Evans
  • basic symptom of an Anemic Domain Model
  • ...40 more annotations...
  • The catch comes when you look at the
  • behavior
  • there is hardly any behavior on these objects, making them little more than bags of getters and setters
  • I was chatting with
    • kuni katsuya
      kuni katsuya on 12 Dec 12
       
      note, the 'i' here, is mr. MARTIN FOWLER!! and of course, eric evans hails from domain driven design fame
  • fundamental horror
  • it's so contrary to the basic idea of object-oriented design
  • combine
  • data and process together
  • procedural style design
  • completely miss the point of what object-oriented design is all about
  • It's also worth emphasizing that putting behavior into the domain objects
  • should not contradict the solid approach of using layering to separate domain logic from such things as persistence and presentation responsibilities
  • logic that should be in a domain object is domain logic
  • validations
  • calculations
  • business rules
  • One source of confusion in all this is that many OO experts do recommend putting a layer of procedural services on top of a domain model, to form a Service Layer
  • this isn't an argument to make the domain model
  • void of behavior
  • service layer advocates use a service layer in conjunction with a behaviorally rich domain model.
  • does not contain business rules or knowledge, but
  • only coordinates
  • tasks and delegates work to
  • collaborations of domain objects
  • in the next layer down
  • can have state that reflects the
  • progress of a task
  • for the user or the program
  • Domain Layer
  • Application Layer
  • Service Layer
  • Responsible for
  • representing concepts of the business
  • business rules
  • This layer is the heart of business software
    • kuni katsuya
      kuni katsuya on 12 Dec 12
       
      ... and has the *most value* to an organization investing in writing their own software infrastructure software (eg. user interface, orm, application server-related frameworks) or plumbing code should be treated as commodities where possible, unless, the business consciously decides that a custom, home-grown implementation is absolutely required for patenting or other differentiation reasons and/or that no existing off-the-shelf solution can be used but these cases should be rare! do not blindly fall for the not-invented-here syndrome
  • all the key logic lies in the domain layer
  • I don't know why this anti-pattern is so common
  • if they come from a
  • data background
    • kuni katsuya
      kuni katsuya on 12 Dec 12
       
      this is why during every sprint, i reiterate that the data model up approach to designing the system is OH SO WRONG but nobody listens
  • J2EE's Entity Beans
    • kuni katsuya
      kuni katsuya on 12 Dec 12
       
      damn baggage from  eons ago!!!
kuni katsuya

Lazy Loading Entities In Views Challenge--Reader's Question And Answer : Adam Bien's We... - 0 views

www.adam-bien.com/...lazy_loading_entities_in_views

java javaee6 anti-patterns DesignPatterns lazy-loading EagerFetch JPA

shared by kuni katsuya on 12 Dec 12 - No Cached
  • Lazy Loading Entities In Views
  • class User
  • Address
  • ...10 more annotations...
  • Friend
  • addresses are lazily loaded
  • detached mode already in the controller
  • eagerly loaded
  • It gets ugly pretty quickly
  • JXPath relations
  • Use Fetch Joins they are designed to prefetch lazy relations
  • Anti-Pattern
    • kuni katsuya
      kuni katsuya on 12 Dec 12
       
      DO NOT USE THE OPEN-SESSION-IN-VIEW *ANTI*-PATTERN
  • Use Stateful Session Beans
    • kuni katsuya
      kuni katsuya on 12 Dec 12
       
      do not penalty: death, or at least a public flogging
  • eager load the relations
    • kuni katsuya
      kuni katsuya on 12 Dec 12
       
      just don't hard-code this eager loading behavior by using jpa's FetchType.EAGER when annotating the entity beans if you do, you force all clients of said entity beans to *always* eager fetch everything, even if the client doesn't want/need the full depth/breadth of the object graph to eager load the relations when needed, try fetch joins (see item 5)
kuni katsuya

JD-GUI | Java Decompiler - 0 views

java.decompiler.free.fr/?q=jdgui

java decompiler

shared by kuni katsuya on 19 Jan 13 - Cached
kuni katsuya

OpenTravel Forum - 0 views

www.opentravelcommunityforum.com/...viewtopic.php

OTA forums RoomType RoomTypeCode

shared by kuni katsuya on 27 Feb 13 - No Cached
  • Standard Hotel Room Types?
  • not been able to find information about standard room types
  • OpenTravel schema allows for a RoomTypeCode to be passed, but it is simply a string length of 1 to 16 characters to be able to accommodate the plethora of room type codes that are in use
kuni katsuya

ddd-cqrs-base-project - DDD-CQRS Base Project Using Spring and Hibernate (Manage Comple... - 0 views

code.google.com/...ddd-cqrs-base-project

DDD CQRS DomainDrivenDesign CommandQueryResponsibilitySegregation

shared by kuni katsuya on 15 Mar 13 - No Cached
  • ddd-cqrs-base-project DDD-CQRS Base Project Using Spring and Hibernate (Manage Complexity Simply)
kuni katsuya

Access Tokens and Types - Facebook Developers - 0 views

developers.facebook.com/...access-tokens-and-types

Facebook login authentication AccessToken FacebookAPI

shared by kuni katsuya on 27 Mar 13 - No Cached
  • Access Tokens and Types
  • Access Tokens
  • random string that provides temporary, secure access to Facebook APIs
  • ...27 more annotations...
  • token identifies a User, App or Page session and provides information about granted permissions
  • Types
  • User Access
  • generated in the login flow when a
  • Facebook Pages
  • on behalf of a user
  • use this token to perform API calls
  • Page Access
  • used to
  • manage
  • user grants permissions to an app
  • user who is the
  • App Secret or an App Access token should never be included in any code that could be accessed by anyone other than a developer of the app
  • must grant an extended permission called
  • manage_pages
  • use this type of token to make API calls
  • on behalf of a page
  • unique to each page, admin and app
  • App Access
  • useful to modify app settings, create and manage test users or read App Insights data
  • use app tokens to publish or delete content
  • on behalf of a user
  • unique to each app
  • Security Best Practices
  • extremely important that an App Secret is not compromised
  • Page admin
  • App Access Tokens should only be used directly from your app's servers in order to provide the best security
« First ‹ Previous 141 - 160 of 248 Next › Last »
Showing 20 items per page