Skip to main content

Home/ SoftwareEngineering/ Group items tagged injection

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
kuni katsuya

Enterprise JavaBeans 3.1 with Contexts and Dependency Injection: The Perfect Synergy - 0 views

www.oracle.com/...ejb-3-1-175064.html

javaee6 ejb3.1 cdi

shared by kuni katsuya on 12 Jul 12 - No Cached
  • stateless EJB 3.1 bean as boundary (Facade)
  • injected managed beans (controls)
  • @Inject
  • ...22 more annotations...
  • @Inject
  • CDI managed beans. The @EJB annotation is removed and @Inject is used instead
  • Annotating the boundary (Cart) with the @Named annotation makes the Cart immediately visible for expression language (EL) expressions in JSP and JSF
  • @Named annotation takes the simple name of the annotated class, puts the first character in lowercase, and exposes it directly to the JSF pages (or JSP). The Cart bean can be accessed directly, without any backed or managed beans, by the JSF pages: <h:commandButton value="Check out!" action="#{cart.checkout}" />
  • If there is a need for abstraction, the class can be turned into an interface (or abstract class)
  • local implementation (with CDI events
  • @Inject Event<String> event;
  • event.fire("Order proceeded!");
  • remote implementation:
  • javax.enterprise.event.Event belongs to the CDI-implementation
  • class Event can be considered to be a lightweight alternative to the java.beans.PropertyChangeSupport class
  • @Inject Event<String> event;
  • event.fire("Order proceeded!");
  • event can be received by any managed bean and also by EJB beans
  • provide a method with a single @Observes annotated parameter
  • @Observes String event
  • there is no real event, just the payload:
  • The during attribute in the @Observes annotation allows you to select in which transactional phase the event gets delivered. The default setting is IN_PROGRESS, which causes an immediate event delivery regardless of the transaction outcome. The AFTER_SUCCESS configuration causes the delivery to occur only after successful transaction completion
  • Although CDI events work only inside a single process (in the default case, CDI is extensible), they are perfectly suitable for decoupling packages from modules
  • The method checkout() starts a transaction that gets "reused" by the OrderSystem and CustomerNotification session beans
  • ordering.placeOrder(); notifier.sendNotification();
    • kuni katsuya
      kuni katsuya on 18 Jul 12
       
      both run within same transaction
  • EJB beans cannot be directly exposed to JSF or JSP without a little help from CDI
kuni katsuya

Preventing SQL Injection in Java - OWASP - 0 views

www.owasp.org/...eventing_SQL_Injection_in_Java

security SqlInjection prevention Java DefensiveCoding

shared by kuni katsuya on 21 Sep 12 - No Cached
  • Preventing SQL Injection in Java
  • inject (or execute) SQL commands within an application
  • Defense Strategy
  • ...19 more annotations...
  • To prevent SQL injection:
  • All queries should be
  • parametrized
  • All dynamic data
  • should be
  • explicitly bound to parametrized queries
  • String concatenation
  • should never be used
  • to create dynamic SQL
  • OWASP SQL Injection Prevention Cheat Sheet.
  • Parameterized Queries
  • Prepared Statements
  • automatically be escaped by the JDBC driver
  • userId = ?
  • PreparedStatement
  • setString
  • Dynamic Queries via String Concatenation
  • never construct SQL statements using string concatenation of unchecked input values
  • dynamic queries via the java.sql.Statement class leads to SQL Injection
kuni katsuya

Dependency Injection in Java EE 6 - Part 1 - 0 views

www.theserverside.com/...-Injection-in-Java-EE-6-Part-1

javaee6 DependencyInjection DI

shared by kuni katsuya on 13 Sep 12 - Cached
  • Dependency Injection in Java EE 6 - Part 1
  • high-level look at CDI, see how it fits with Java EE overall and discuss basic dependency management as well as scoping.
  • CDI is designed to solve
  • ...21 more annotations...
  • highly type-safe
  • consistent
  • portable
  • CDI enhances the Java EE programming model in two more important ways
  • allows you to use EJBs directly as JSF backing beans
  • CDI allows you to manage the scope, state, life-cycle and context for objects in a much more declarative fashion, rather than the programmatic way
  • CDI has no component model of its own
  • set of services that are consumed by Java EE components such as managed beans, Servlets and EJBs.
  • well-defined create/destroy life-cycle that you can get callbacks for via the @PostConstruct and @PreDestroy annotations.
  • Managed beans
  • @ManagedBean
  • annotation
  • CDI also integrates with JSF via EL bean name resolution
  • CDI does not directly support business component services such as transactions, security, remoting, messaging
  • Dependency Injection for Java
  • JSR 330
  • JSR 330 defines a minimalistic API for dependency injection solutions and is primarily geared towards non-Java EE environments.
  • Figure 1 shows how CDI fits with the major APIs in the Java EE platform.
  • none of this uses string names that can be mistyped and all the code is in Java and so is checked at compile time
  • Qualifiers
  • are additional pieces of meta-data that narrow down a particular class when more than one candidate for injection exists
kuni katsuya

Comparing JSF Beans, CDI Beans and EJBs | Andy Gibson - 0 views

www.andygibson.net/...g-jsf-beans-cdi-beans-and-ejbs

javaee6 ejb3.1 cdi JsfBackingBean

shared by kuni katsuya on 30 Jul 12 - No Cached
  • differences between CDI beans and EJBs is that EJBs are : Transactional Remote or local Able to passivate stateful beans freeing up resources Able to make use of timers Can be asynchronous
  • Stateless EJBs can be thought of as thread safe single-use beans that don’t maintain any state between two web requests
  • Stateful EJBs do hold state and can be created and sit around for as long as they are needed until they are disposed of
  • ...15 more annotations...
  • Stateless beans must have a dependent scope while a stateful session bean can have any scope. By default they are transactional, but you can use the transaction attribute annotation.
  • CDI beans can be injected into EJBs and EJBs can be injected into CDI beans
  • When to use which bean How do you know when to use which bean? Simple.
  • In general, you should use CDI beans unless you need the advanced functionality available in the EJBs such as transactional functions. You can write your own interceptor to make CDI beans transactional, but for now, its simpler to use an EJB until CDI gets transactional CDI beans which is just around the corner
  • Comparing JSF Beans, CDI Beans and EJBs
  • JSF Managed Beans
  • In short, don’t use them if you are developing for Java EE 6 and using CDI. They provide a simple mechanism for dependency injection and defining backing beans for web pages, but they are far less powerful than CDI beans.
  • JSF beans cannot be mixed with other kinds of beans without some kind of manual coding.
  • CDI Beans
  • includes a complete, comprehensive managed bean facility
  • interceptors, conversation scope, Events, type safe injection, decorators, stereotypes and producer methods
  • JSF-like features, you can define the scope of the CDI bean using one of the scopes defined in the javax.enterprise.context package (namely, request, conversation, session and application scopes). If you want to use the CDI bean from a JSF page, you can give it a name using the javax.inject.Named annotation
  • Comparing JSF Beans, CDI Beans and EJBs
  • Comparing JSF Beans, CDI Beans and EJBs
  • JSF Managed Beans
kuni katsuya

Dependency Injection in Java EE 6 (Part 6) - 0 views

www.theserverside.com/...-Injection-in-Java-EE-6-Part-6

injection tutorial javaee6 CDI examples

shared by kuni katsuya on 30 Jul 12 - No Cached
  • one of the most important value propositions for frameworks like Spring has been the ability to easily extend the framework or integrate third-party solutions
  • SPI allows you to register your own beans, custom scopes, stereotypes, interceptors and decorators with CDI even if is it not included in the automatic scanning process (such as perhaps registering Spring beans as CDI beans), programmatically looking up CDI beans and injecting them into your own objects (such as injecting CDI beans into Spring beans) and adding/overriding annotation-metadata from other sources (such as from a database or property file)
  • SPI can be segmented into three parts. Interfaces like Bean, Interceptor and Decorator model container meta-data (there are a few other meta-data interfaces such as ObserverMethod, Producer, InjectionTarget, InjectionPoint, AnnotatedType, AnnotatedMethod, etc). Each meta-data object encapsulates everything that the CDI container needs to know about the meta-data type
kuni katsuya

Guide to SQL Injection - OWASP - 0 views

www.owasp.org/...Guide_to_SQL_Injection

security SqlInjection background overview

shared by kuni katsuya on 21 Sep 12 - No Cached
  • Least privilege connections
  • Always use accounts with the
  • minimum privilege necessary
    • kuni katsuya
      kuni katsuya on 21 Sep 12
       
      yet another reason why shared db logins (eg. etl_update) are a *BAD IDEA* ie. a set of apps using the same db login are effectively granted the 'highest common denominator' of db privileges, so have more access than they should (eg. update/delete privilege on tables unrelated to app)
  • ...9 more annotations...
  • for the application
  • Parameterized Queries with Bound Parameters
  • keep the
  • query
  • d data
  • separate through the use of placeholders known as "bound" parameters
  • how to Review Code for SQL Injection Vulnerabilities.
  • Guide to SQL Injection
  • "injection" of a SQL query via the input data from the client to the application
  • kuni katsuya on 21 Sep 12
     
    "Least privilege connections"
kuni katsuya

Dependency injection discourages object-oriented programming? @ Blog of Adam Warski - 0 views

www.warski.org/...es-object-oriented-programming

java javaee6 CDI CdiDependencyInjection OO Object-Oriented procedural DI DependencyInjection

shared by kuni katsuya on 12 Dec 12 - No Cached
  • Dependency injection discourages object-oriented programming?
  • if you’re using DI, and you have an X entity, do you have an XService or XManager with lots of method where X is the first argument?
    • kuni katsuya
      kuni katsuya on 12 Dec 12
       
      evidence of the anti-pattern of procedural design in a java ee6 cdi application
  • previous way is more procedural
    • kuni katsuya
      kuni katsuya on 12 Dec 12
       
      ie. ProductService.ship(Product,Customer)
  • ...12 more annotations...
  • service/manager is a set of procedures you can run, where the execution takes a product and a customer as arguments
  • better
  • OO approach
  • not saying that achieving the above is not possible with a DI framework
  • only that DI
  • encourages the ProductService approach
    • kuni katsuya
      kuni katsuya on 12 Dec 12
       
      well, dependency injection, but moreover, the soa approach to service design tends to force otherwise intelligent software engineers into doing procedural design the services just end up being bags of method calls that implement any type of behavior, with the domain objects or entity beans being reduced to mere data structures with little responsibility or behavior beyond persistence. (which, in this anti-pattern, is typically mostly provided by the repository or dao class! ie. domain object crud)
  • it’s just easier
    • kuni katsuya
      kuni katsuya on 12 Dec 12
       
      ... if you just blindly follow the anti-pattern, of course  ;)
  • many benefits
    • kuni katsuya
      kuni katsuya on 12 Dec 12
       
      with the procedural approach, you also cannot implement polymorphic behavior, for instance
  • builder
  • fluent interface
  • it’s not for small projects
    • kuni katsuya
      kuni katsuya on 12 Dec 12
       
      fuckwhat? small or big matters not. if di is applied poorly, regardless of project size, it's an anti-pattern! disregard these comments!
  • problems with DI frameworks:
    • kuni katsuya
      kuni katsuya on 12 Dec 12
       
      not sure i agree with these points, but will refuse in a later sticky note
kuni katsuya

JBoss Developer Framework - 0 views

www.jboss.org/...get-started

javaee6 examples

shared by kuni katsuya on 24 Jul 12 - No Cached
  • jta-crash-rec Crash Recovery, JTA Uses Java Transaction API and JBoss Transactions to demonstrate recovery of a crashed transaction
  • jts-distributed-crash-rec JTS Demonstrates recovery of distributed crashed components
  • cdi-injection CDI Demonstrates the use of CDI 1.0 Injection and Qualifiers with JSF as the front-end client.
  • ...13 more annotations...
  • bean-validation JPA, Bean Validation Shows how to use Arquillian to test Bean Validation
  • ejb-security Security, EJB Shows how to use Java EE Declarative Security to Control Access to EJB 3
  • payment-cdi-event CDI Demonstrates how to use CDI 1.0 Events
  • richfaces-validation RichFaces Demonstrates RichFaces and bean validation
  • ejb-in-war JSF, WAR, EJB Packages an EJB JAR in a WAR
  • greeter EJB, JPA, JSF, JTA, CDI Demonstrates the use of CDI 1.0, JPA 2.0, JTA 1.1, EJB 3.1 and JSF 2.0
  • helloworld-mdb EJB, MDB, JMS Demonstrates the use of JMS 1.1 and EJB 3.1 Message-Driven Bean
  • helloworld-rs JAX-RS, CDI Demonstrates the use of CDI 1.0 and JAX-RS
  • kitchensink BV, EJB, JAX-RS, JPA, JPA, JSF, CDI
  • servlet-async CDI, EJB, Servlet Demonstrates CDI, plus asynchronous Servlets and EJBs
  • servlet-security Security, Servlet Demonstrates how to use Java EE declarative security to control access to Servlet 3
  • shopping-cart EJB Demonstrates a stateful session bean
  • tasks Arquillian, JPA Demonstrates testing JPA using Arquillian
kuni katsuya

Article Series: Migrating Spring Applications to Java EE 6 - Part 1 | How to JBoss - 1 views

howtojboss.com/...plications-to-java-ee-6-part-1

spring javaee6 migration

shared by kuni katsuya on 06 Jun 12 - No Cached
  • In fact people still love those books without realizing that the world has changed dramatically ever since
  • The reality check here is to wonder whether the rhetorics set forth by Rod Johnson in his 2003/2004 books are still actual today
  • So if you still care about those books, the best way to show your appreciation is probably to use them as your monitor stand
  • ...21 more annotations...
  • The discussion whether or not to use Spring vs. Java EE for new enterprise Java applications is a no-brainer
  • Why migrate?
  • since then fallen a prey to the hungry minds of Venture Capitalists and finally into the hands of a virtualization company called VMware
  • While the different companies and individuals behind the Spring framework have been doing some work in the JCP their voting behavior on important JSRs is peculiar to say the least
  • outdated ORM solution like JDBC templates
  • some developers completely stopped looking at new developments in the Java EE space and might have lost track of the current state of technology
  • size of the deployment archive
  • fairly standard Java EE 6 application will take up about 100 kilobytes
  • comparable Spring application weighs in at a whopping 30 Megabytes!
  • Lightweight
  • Firing up the latest JBoss AS 7 Application Server from scratch and deploying a full blown Java EE 6 application into the server takes somewhere between two and five seconds on a standard machine. This is in the same league as a Tomcat / Spring combo
  • Dependency injection
  • Java EE 6, the Context and Dependency Injection (CDI) specification was introduced to the Java platform, which has a very powerful contextual DI model adding extensibility of injectable enterprise services
  • Aspect Oriented Programming
  • “AOP Light” and this is exactly what Java EE Interceptors do
  • common pitfall when taking AOP too far is that your code might end up all asymmetric and unreadable. This is due to the fact that the aspect and its implementation are not in the same place. Determining what a piece of code will do at runtime at a glance will be really hard
  • Testing
  • With Arquillian we can get rid of mocking frameworks and test Java EE components in their natural environment
  • Tooling
  • capabilities comparison matrix below to map Spring’s technology to that of Java EE
  • Capability Spring JavaEE Dependency Injection Spring Container CDI Transactions AOP / annotations EJB Web framework Spring Web MVC JSF AOP AspectJ (limited to Spring beans) Interceptors Messaging JMS JMS / CDI Data Access JDBC templates / other ORM / JPA JPA RESTful Web Services Spring Web MVC (3.0) JAX-RS Integration testing Spring Test framework Arquillian *
kuni katsuya

Contexts and Dependency Injection for the Java EE Platform - The Java EE 6 Tutorial - 0 views

docs.oracle.com/...gjbnr.html

javaee6 cdi tutorial

shared by kuni katsuya on 16 May 12 - No Cached
  • Contexts and Dependency Injection for the Java EE Platform
  • Contexts and Dependency Injection for the Java EE Platform
  • Contexts and Dependency Injection for the Java EE Platform
kuni katsuya

SQL Injection - OWASP - 0 views

www.owasp.org/...SQL_injection

security SqlInjection background overview

shared by kuni katsuya on 21 Sep 12 - No Cached
  • SQL Injection
  • "injection" of a SQL query via the input data from the client to the application
  • exploit can
  • ...18 more annotations...
  • read sensitive data
  • modify database data
  • execute administration operations
  • SQL injection errors occur when:
  • Data enters a program from an
  • untrusted source
  • The data used to
  • dynamically construct a SQL query
  • consequences are:
  • Confidentiality:
  • sensitive data
  • Authentication
  • user names and passwords
  • Authorization
  • change this information
  • Integrity
  • read sensitive information
  • changes or even delete this information
kuni katsuya

Niklas' Blog: CDI 1.0 vs. Spring 3.1 feature comparsion: bean definition & dependency i... - 0 views

niklasschlimm.blogspot.ca/...ing-31-feature-comparsion.html

cdi spring comparison

shared by kuni katsuya on 11 May 12 - No Cached
  • CDI 1.0 vs. Spring 3.1 feature comparsion: bean definition & dependency injection
  • Spring offers three different approaches to do dependency injection: XML-based, annotation-based and pure Java-based (programmatic)
  • CDI on the other hand is strictly annotation-based
  • ...2 more annotations...
  • pure feature oriented-perspective
  • only little critical difference in the two technologies
kuni katsuya

Why Not Private Visibility For Injected Fields [Screencast] : Adam Bien's Weblog - 0 views

www.adam-bien.com/...why_not_private_visibility_for

package visibility javaee6

shared by kuni katsuya on 03 Jul 12 - No Cached
  • Why Not Private Visibility For Injected Fields
  • Package visibility for injected fields encapsulates way better than public accessors and makes unit testing more convenient at the same time
kuni katsuya

Dependency Injection in Java EE 6: Conversations (Part 4) - 0 views

www.theserverside.com/...Java-EE-6-Conversations-Part-4

javaee6 DependencyInjection DI

shared by kuni katsuya on 13 Sep 12 - Cached
1 - 20 of 54 Next › Last »
Showing 20 items per page