Skip to main content

Home/ SoftwareEngineering/ Group items tagged management

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
kuni katsuya

Introduction to Robustness Diagrams - 0 views

www.agilemodeling.com/...robustnessDiagram.htm

RobustnessDiagram UML documentation

shared by kuni katsuya on 30 Jul 12 - Cached
  • Boundary
  • Control
  • Entity
  • ...7 more annotations...
  • What is next after robustness diagrams? Robustness diagrams often act as bridge from use cases to other models.  For example, it is quite common to create sequence diagrams which represent the detailed design logic required to support the use case
  • Add an entity for each business concept
  • Add a use case whenever one is included in the scenario
  • Add a controller for activities that involve several other elements
  • Add a controller for each business rule
  • Add a controller to manage the overall process of the scenario being modeled
  • Add a boundary element for each major user interface element such as a screen or a report.
kuni katsuya

Installing JBoss 7.1. on CentOS 6.x | |opensourcearchitect| - 0 views

www.opensourcearchitect.com/...stalling-jboss-7-1-on-centos-6

jbossas7 centos installation

shared by kuni katsuya on 28 Jul 12 - No Cached
  • Shutdown a JBoss 7 instance: To shutdown your JBoss 7 server, execute the following command: $ ./jboss-cli.sh --connect command=:shutdown
  • Startup a JBoss 7, standalone instance: A standalone instance of JBoss 7 can be starting by executing: $ ./standalone.sh -Djboss.bind.address=0.0.0.0 -Djboss.bind.address.management=0.0.0.0&
kuni katsuya

InfoQ: Dan Allen on Arquillian Testing Framework - 0 views

www.infoq.com/...dan-allen-arquillian-framework

arquillian testing framework

shared by kuni katsuya on 26 Jul 12 - No Cached
  • Arquillian Testing Framework
  • Arquillian is an integration and functional testing platform that can be used for Java middleware testing. With the main goal of making integration (and functional) tests as simple to write as unit tests, it brings the tests to the runtime environment, freeing developers from managing the runtime from within the test.
kuni katsuya

Graphical Eclipse FAQs - Eclipsepedia - 0 views

wiki.eclipse.org/Graphical_Eclipse_FAQs

eclipse package explorer hierarchical

shared by kuni katsuya on 17 Jul 12 - No Cached
  • How do I alter my package representation so that parent packages are housing child packages? 1. Click on the dropdown menu on the Package Explorer view. Go to the 'Package Representation' submenu and then click on 'Hierarchical'.
  • PDE I get an unhandled event loop exception in my console. What gives? 1. Open up the run dialog via the dropdown toolbar item.
  • 2. Select your Eclipse Application launch configuration. Go into the 'Arguments' tab and then append '-consoleLog' as an argument and then try running your application again.
  • ...3 more annotations...
  • 2. You should now see your packages presented in a tree like structure.
  • How do I not install a plug-in's extraneous dependency when I'm in the Update Manager? 1. Are you seeing a screen similar to the one where the plug-in you are installing is asking for some other plug-in? 2. Expand the section by clicking on the arrow. Keep expanding until you see everything and then tick off the "additional dependencies" that you don't want. 3. Now you can install the plug-in without installing other things.
  • I have just installed a plug-in but I do not see any indication of it in my workspace. What do I do? 1. Did you try restarting Eclipse with the -clean argument?
  • kuni katsuya on 17 Jul 12
     
    How do I alter my package representation so that parent packages are housing child packages? 1. Click on the dropdown menu on the Package Explorer view. Go to the 'Package Representation' submenu and then click on 'Hierarchical'.
kuni katsuya

Java Persistence/Runtime - Wikibooks, open books for an open world - 0 views

en.wikibooks.org/...Runtime

jpa runtime javaee javaee6 SessionBean injection EntityManager

shared by kuni katsuya on 17 Jul 12 - No Cached
  • In JEE the EntityManager or EntityManagerFactory can
  • injected into a SessionBean
  • A managed EntityManager should never be closed, and integrates with JTA transactions
  • ...3 more annotations...
  • Example of injecting an EntityManager and EntityManagerFactory in a SessionBean
  • @Stateless
  • @PersistenceContext(unitName="acme") private EntityManager entityManager;
kuni katsuya

Spring Security - Features - 0 views

static.springsource.org/...features.html

Java security SpringSecurity

shared by kuni katsuya on 09 Aug 12 - Cached
  • Domain object instance security: In many applications it's desirable to define Access Control Lists (ACLs) for individual domain object instances. We provide a comprehensive ACL package with features including integer bit masking, permission inheritance (including blocking), an optimized JDBC-backed ACL repository, caching and a pluggable, interface-driven design.
  • OpenID Support: the web's emerging single sign-on standard (supported by Google, IBM, Sun, Yahoo and others) is also supported in Spring Security
  • Easy integration with existing databases: Our implementations have been designed to make it easy to use your existing authentication schema and data (without modification). Of course, you can also provide your own Data Access Object if you wish. Password encoding: Of course, passwords in your authentication repository need not be in plain text. We support both SHA and MD5 encoding, and also pluggable "salt" providers to maximise password security.
  • ...5 more annotations...
  • Caching: Spring Security optionally integrates with Spring's Ehcache factory. This flexibility means your database (or other authentication repository) is not repeatedly queried for authentication information when using Spring Security with stateless applications.
  • Run-as replacement: The system fully supports temporarily replacing the authenticated principal for the duration of the web request or bean invocation. This enables you to build public-facing object tiers with different security configurations than your backend objects.
  • Tag library support: Your JSP files can use our taglib to ensure that protected content like links and messages are only displayed to users holding the appropriate granted authorities. The taglib also fully integrates with Spring Security's ACL services, and obtaining extra information about the logged-in principal.
  • User Provisioning APIs: Support for groups, hierarchical roles and a user management API, which all combine to reduce development time and significantly improve system administration.
  • Enterprise-wide single sign on using CAS 3: Spring Security integrates with JA-SIG's open source Central Authentication Service (CAS)
kuni katsuya

The New RBAC: Resource-Based Access Control | Stormpath - 0 views

www.stormpath.com/...-resource-based-access-control

RBAC Shiro authorization

shared by kuni katsuya on 07 Aug 12 - No Cached
kuni katsuya

Enterprise JavaBeans 3.1 with Contexts and Dependency Injection: The Perfect Synergy - 0 views

www.oracle.com/...ejb-3-1-175064.html

javaee6 ejb3.1

shared by kuni katsuya on 09 Aug 12 - No Cached
  • EJB beans cannot be directly exposed to JSF or JSP without a little help from CDI
  • CDI doesn't provide any transactional, monitoring, or concurrency aspect out of the box
  • stateless EJB 3.1 bean as boundary (Facade)
  • ...1 more annotation...
  • injected managed beans (controls) results in the simplest possible architecture
kuni katsuya

Application Security With Apache Shiro - 0 views

www.infoq.com/...apache-shiro

security ApacheShiro

shared by kuni katsuya on 08 Aug 12 - No Cached
  • previously known as the JSecurity project
  • The word Subject is a security term that basically means "the currently executing user"
  • Core Concepts: Subject, SecurityManager, and Realms
  • ...12 more annotations...
  • Subject
  • 'Subject' can mean a human being, but also a 3rd party process, daemon account, or anything similar. It simply means 'the thing that is currently interacting with the software'
  • Subject currentUser = SecurityUtils.getSubject();
  • SecurityManager
  • SecurityManager manages security operations for all users
  • Realms
  • Realm acts as the ‘bridge’ or ‘connector’ between Shiro and your application’s security data. That is, when it comes time to actually interact with security-related data like user accounts to perform authentication (login) and authorization (access control), Shiro looks up many of these things from one or more Realms configured for an application.
  • Realm is essentially a security-specific DAO
  • Shiro provides out-of-the-box Realms to connect to a number of security data sources (aka directories) such as LDAP, relational databases (JDBC), text configuration sources like INI and properties files, and more
  • Authorization
  • A permission is a raw statement of functionality, for example ‘open a door’, ‘create a blog entry’, ‘delete the ‘jsmith’ user’, etc. By having permissions reflect your application’s raw functionality, you only need to change permission checks when you change your application’s functionality. In turn, you can assign permissions to roles or to users as necessary at runtime.
  • “Run As” support for assuming the identity of another Subject
kuni katsuya

Authentication Cheat Sheet - OWASP - 0 views

www.owasp.org/...Authentication_Cheat_Sheet

security authentication CheatSheet

shared by kuni katsuya on 09 Aug 12 - No Cached
  • Authentication Cheat Sheet
  • Sessions should be
  • unique per user
  • ...26 more annotations...
  • computationally very difficult to predict
  • "strong" password policy
  • Secure Password Recovery Mechanism
  • Require re-authentication for Sensitive Features
  • Authentication and Error Messages
  • can be used for the purposes of user ID and password enumeration
  • Incorrectly implemented error messages
  • generic manner
  • respond with a generic error message regardless if the user ID or password was incorrect
  • give no indication to the status of an existing account
  • Authentication responses
  • Invalid user ID or password"
  • does not indicate if the user ID or password is the incorrect parameter
  • Transmit Passwords Only Over TLS
  • login page
  • all subsequent authenticated pages
  • must be exclusively accessed over TLS
  • unencrypted session ID
  • credentials
  • Implement Account Lockout
  • lock out an account if more than a preset number of unsuccessful login attempts are made
  • can produce a result that locks out entire blocks of application users accounts
    • kuni katsuya
      kuni katsuya on 21 Sep 12
       
      somewhat of a denial-of-service attack, since legitimate users can no longer access their accounts/services
  • sensible strategy
  • is to lockout accounts for a number of hours
  • Password lockout mechanisms have a logical weakness
  • Session Management General Guidelines
kuni katsuya

Web | Apache Shiro - 0 views

shiro.apache.org/web.html

security ApacheShiro SessionManagement session

shared by kuni katsuya on 19 Sep 12 - No Cached
  • Session Management
  • Servlet Container Sessions
  • kuni katsuya on 19 Sep 12
     
    "t"
kuni katsuya

Selling Weld and EE6 | Weld | JBoss Community - 0 views

community.jboss.org/...656586

javaee6 weld Spring GavinKing

shared by kuni katsuya on 28 Sep 12 - No Cached
  • regarding the issue of selling Weld and EE6 to developers/shops....
  • How bout a JdbcTemplate Spring equivalent in the case of projects using legacy db schemas
  • portable extension to Weld
  • ...32 more annotations...
  • William Drai
  • Honestly I don't see any value in switching to CDI if it is
  • to reproduce the same awful patterns
  • please not this Dao/Template mess
  • Gavin King
  • Their template pattern is a solution in search of a problem
    • kuni katsuya
      kuni katsuya on 28 Sep 12
       
      gold! :)
  • to reproduce the same awful patterns
  • please not this Dao/Template mess
  • Because, of course, there are no other well-known patterns for dealing with boiler-plate cleanup code and connection leaks.
  • This is exactly the kind of
  • brain-damage that Spring does to people!
    • kuni katsuya
      kuni katsuya on 28 Sep 12
       
      platinum!!!
  • It gives people a
  • half-assed solution
  • and somehow shuts down their brains so they
  • stop asking themselves how this solution could be improved upon
  • It's a very impressive magic trick, and I wish I knew how to do it myself. But then, I'm just not like that. I'm always trying to poke holes in things - whether they were Invented Here or Not.
  • but that might be too high-level for your taste. Their are other, less-abstract options.
  • exception handling, this is one area where Spring does a good job: "The Spring Framework's handling of SQLException is one of its most useful features in terms of enabling easier JDBC development and maintenance. The Spring Framework provides JDBC support that abstracts SQLException and provides a DAO-friendly, unchecked exception hierarchy."
  • Utter nonsense and dishonest false advertising
  • Automatic connection closing (and other boiler-plate code) is obviously a hard requirement to be handled by the fwk.
  • Pffffff. It's a trivial requirement which I can solve in my framework with two lines of code in a @Disposes method. Did you see any connection handling in the code above?
  • I mean, seriously guys. The Spring stuff is trivial and not even very elegant. I guess it's easier for me to see that, since I spent half my career thinking about data access and designing data access APIs. But even so...
  • I don't understand. You hate the ability to write typesafw SQL that much?
  • Gavin King
  • Methods with long argument lists are a code smell.
  • It's something Spring copied from Hibernate 1.x, back in the days before varargs
  • It's something we removed in Hibernate2 and JPA.
  • there are a bunch of people
  • who don't want to use JPA.
  • They don't understand, or see the value of, using managed objects to represent their persistent data.
  • Um. Why? Why would that be a bad thing? I imagine that any app with 1000 queries has tens of thousands of classes already. What's the problem? Why is defining a class worse than writing a method?
  • Are you working from some totally bizarre metric where you measure code quality by number of classes?
« First ‹ Previous 81 - 95 of 95
Showing 20 items per page