Group items tagged

Principle of least privilege

object-capability model, any software entity can potentially act as both a subject and object

Access control models used by current systems tend to fall into one of two classes:

Both capability-based and ACL-based models have mechanisms to allow access rights to be granted to all members of a group of subjects (often the group is itself modeled as a subject)

identification and authentication determine who can log on to a system, and the association of users with the software subjects that they are able to control as a result of logging in; authorization determines what a subject can do; accountability identifies what a subject (or all subjects associated with a user) did.

Authorization determines what a subject can do on the system

Authorization

Access control models

categorized as either discretionary or non-discretionary

three most widely recognized models are

Attribute-based access control

Discretionary access control

Discretionary access control (DAC) is a policy determined by the owner of an object. The owner decides who is allowed to access the object and what privileges they have.

Every object in the system has an owner

access policy for an object is determined by its owner

DAC systems, each object's initial owner is the subject that caused it to be created

Mandatory access control

Mandatory access control refers to allowing access to a resource

that allow a given user to access the resource

Management is often simplified (over what can be required) if the information can be protected using

or by implementing sensitivity labels.

Sensitivity labels

A subject's sensitivity label specifies its

level of trust required for access

subject must have a sensitivity level equal to or higher than the requested object

Role-based access control

Role-based access control (RBAC) is an

access policy

Access control

Control is a stereotyped class or object that is used to model flow of control or some coordination in behavior

usually describe some "business logic"

«Entity»

Entity is a stereotyped class or object that represents some information or data, usually but not necessarily persistent.

Features of a class are

Static features are underlined

«Boundary»

«Boundary»

«Control»

«Entity»

«Control»

Interface

An interface is a classifier that declares of a set of coherent public features and obligations

specifies a contract.

Data Type

A data type is a classifier - similar to a class - whose instances are

typical use of data types would be to represent value types

«dataType»

Enumeration

An enumeration is a data type whose values are enumerated in the model as user-defined enumeration literals.

«enumeration».

Multiplicity

Multiplicity allows to specify cardinality (allowed number of instances) of described element

Visibility

UML has the following types of visibility: public package protected private

Package visibility is represented by '~' literal.

Protected visibility is represented by '#' literal.

Private visibility is represented by '-' literal.

There is a drawback: not all views are updatable. Whether a view is updatable or not highly depends on the complexity and particular database

jboss.as.jpa.adapterModule

jboss.as.jpa.adapterClass

org.jboss.as.jpa.hibernate3.HibernatePersistenceProviderAdaptor

Working with other persistence providers

A project to build integration for persistence providers like EclipseLink, is here.

Troubleshooting

“org.jboss.as.jpa” logging can be enabled to get the following information: INFO - when persistence.xml has been parsed, starting of persistence unit service (per deployed persistence.xml), stopping of persistence unit service DEBUG - informs about entity managers being injected, creating/reusing transaction scoped entity manager for active transaction TRACE - shows how long each entity manager operation took in milliseconds, application searches for a persistence unit, parsing of persistence.xml

To enable TRACE, open the as/standalone/configuration/standalone.xml (or as/domain/configuration/domain.xml) file. Search for <subsystem xmlns="urn:jboss:domain:logging:1.0"> and add the org.jboss.as.jpa category

Packaging the Hibernate 3.5 or greater 3.x JPA persistence provider with your application

jboss.as.jpa.providerModule needs to be set to hibernate3-bundled.

<property name="jboss.as.jpa.providerModule" value="hibernate3-bundled" />

Sharing the Hibernate 3.5 or greater JPA persistence provider between multiple applications

Applications can share the same Hibernate3 (for Hibernate 3.5 or greater) persistence provider by manually creating an org.hibernate:3 module (in the AS/modules folder). Steps to create the Hibernate3 module:

<property name="jboss.as.jpa.providerModule" value="org.hibernate:3" />

Due to the limited capabilities of the ActionScript 3 reflection API than cannot access private fields, it is necessary to create an externalizable AS3 class (implementing flash.utils.IExternalizable and its corresponding externalizable Java class

In both classes you have to implement two methods

the Gas3 generator can automatically generate the writeExternal and readExternal methods.

With GraniteDS automated externalization and without any modification made to our bean, we may serialize all properties of the Person class, private or not

In order to externalize the Person.java entity bean, we must tell GraniteDS which classes we want to externalize with a

externalize all classes named com.myapp.entity.Person by using the org.granite.hibernate.HibernateExternalizer

you could use this declaration, but note that type in the example above is replaced by

            <include annotated-with="javax.persistence.Entity"/>             <include annotated-with="javax.persistence.MappedSuperclass"/>             <include annotated-with="javax.persistence.Embeddable"/>

: type

annotated-with

Instead of configuring externalizers with the above method, you may use the

feature:

precedence rules for these three configuration options:

encourages the ProductService approach

it’s not for small projects

return a row

3 ways to do this

EntityManger.find()

returns a typed instance of the entity when it is found, null when it is not found

But what if the row isn’t in the database (anymore)?

We get an unchecked exception: NoResultException

We never know for sure what we can expect from our database, so throwing an unchecked exception seems the wrong choice for this use-case

EJB MDG Technology for Enterprise Java Beans allows the user to model EJB entities and EJB sessions, complete with UML profiles for modeling EJB, EJB patterns and Code Management. (requires Enterprise Architect 4.1 or later)

ICONIX AGILE DDT ICONIX Agile Developer - Design-Driven Testing (DDT) streamlines the ICONIX modeling process, providing: Convenient modeling of robustness diagrams Automatic generation of sequence diagram structures from robustness diagrams Transformation of robustness control elements to test diagrams Transformation of sequence diagram elements to test diagrams Transformation of requirement diagrams to test diagrams Transformation between test cases and test classes. (JUnit & NUnit) Built-in model validation rules for ICONIX robustness diagrams (requires Enterprise Architect 7.5 or later)

Testing MDG Technology for Testing helps users to rapidly model a wide range of testing procedures including component testing, SUT, Test Cases and more. (requires Enterprise Architect 4.1 or later)

Instructions for loading an MDG Technology EXE file: Download and run the .exe file to install the MDG technology. Open Enterprise Architect. Select from the Main Menu Add-Ins | XYZ Technology | Load.

Built-in MDG Technologies: Most of the MDG Technologies provided by Sparx Systems are built into Enterprise Architect directly. Depending on your edition of Enterprise Architect, some or all of the following MDG Technologies will be available:

Gang of Four Patterns

Mind Mapping

Web Modeling

Data Flow (DFD)

Entity-Relationship (ERD)

Business Rule Model

BPMN™

What is next after robustness diagrams? Robustness diagrams often act as bridge from use cases to other models.  For example, it is quite common to create sequence diagrams which represent the detailed design logic required to support the use case

Add an entity for each business concept

Add a use case whenever one is included in the scenario

Add a controller for activities that involve several other elements

Add a controller for each business rule

Add a controller to manage the overall process of the scenario being modeled

Add a boundary element for each major user interface element such as a screen or a report.

All managed entity instances are unique in a Tide context

Tide keeps the classic three layers web architecture, when LCDS removes the service layer, and is some kind of remote JPA provider for Flex applications

Tide approach is to minimize the amount of code needed to make things work between the client and the server

principles are very similar to the ones of JBoss Seam, which is the main reason why the first integration of Tide has been done with this framework. Integrations with Spring, EJB 3 and CDI are also available

need to compile your MXML/AS sources with the granite-essentials.swc and granite.swc libraries

Single table inheritance is the default

mapped superclass is

but allow common mappings to be define for its subclasses

Single Table Inheritance

single table is used to store all of the instances of the entire inheritance hierarchy

table will have a column for

in the hierarchy

is used to determine which class the particular row belongs to

abstract

Project

extends Project

extends Project

@DiscriminatorValue("S")

@DiscriminatorValue("L")

@DiscriminatorColumn(name="PROJ_TYPE")

@Inheritance

@Table(name="PROJECT")

single table inheritance

Joined, Multiple Table Inheritance

mirrors the object model in the data model

table is defined for each class in the inheritance hierarchy to store only the local attributes of that class

Each table in the hierarchy must also store the object's id (primary key), which is

share the same id attribute

joined inheritance

@Inheritance(strategy=

@DiscriminatorColumn(name="PROJ_TYPE")

@Table(name="PROJECT")

abstract

Project

@DiscriminatorValue("L")

@Table(name=

Project

@DiscriminatorValue("S")

@Table(name=

Project

Table Per Class Inheritance

Advanced

table is defined for

in the inheritance hierarchy to store

of that class and

table per class inheritance

@Inheritance(strategy=

abstract

Project

@Table(name="LARGEPROJECT")

LargeProject

Project

@Table(name="SMALLPROJECT")

SmallProject

Project

Mapped Superclasses

similar to table per class inheritance, but does not allow querying, persisting, or relationships to the superclass

mapped superclass

@MappedSuperclass

abstract

Project

@Column(name="NAME")

@Table(name="LARGEPROJECT")

LargeProject

Project

@AttributeOverride

"PROJECT_NAME"

"name"

@Table("SMALLPROJECT")

SmallProject

Project

cannot have a relationship to a mapped superclass

If it is not already loaded in the EntityManager, it is retrieved from the database

is allowed to return a proxy instread of an initialized instance, if the entity has not been loaded in the EntityManager before

In this proxy,

"JOINED" strategy

each entity in the inheritance hierarchy has its own table and that the table of each class only contains columns for that class