Group items tagged

Tutorials All Tutorials UML Tutorials UML 2.1 Tutorial UML Tutorial - Part 1 Intro UML Tutorial - Part 2 Intro The Business Process Model The Component Model The Dynamic Model The Logical Model The Physical Model The Use Case Model UML Database Modeling Enterprise Architect Tutorials Creating Strategic Models Diagram Filters BPEL: Step by Step Guide Resource Management Testing Management Traceability RTF Documentation Use Case Metrics Structured Use Case Scenarios

Video Demonstrations All Videos Getting Started Requirements Management Modeling & Productivity Tools Code Engineering and the Debug Workbench Version Control Integration (Eclipse, Visual Studio, TFS)

UML Tutorial - Structure UML Tutorial - Behavior The Business Process Model Deployment of EA MDA Overview Rich-Text (RTF) Reporting Version Control Integration Requirements Management

White Papers & E-Books

Roles Business Analyst Database Administrator Deployment & Rollout Developer Project Manager Software Architects Software Engineer Technology Developer Testers

Solutions

MDG Technologies MDG Technologies EJB Technology.xml Testing Technology.xml

UML Profiles & Patterns UML Patterns UML Patterns Create UML Patterns Import UML Patterns Use UML Patterns UML Profiles UML Profiles: Introduction UML Profile for SPEM XML Schema (XSD) Generation Web Modeling Profile Eriksson-Penker Business Extensions Open Distributed Processing (UML4ODP)

In an EAV data model, each attribute-value pair is a fact describing an entity, and a row in an EAV table stores a single fact

EAV tables are often described as "long and skinny": "long" refers to the number of rows, "skinny" to the few columns

Data is recorded as three columns: The entity: the item being described. The attribute or parameter: a foreign key into a table of attribute definitions. At the very least, the attribute definitions table would contain the following columns: an attribute ID, attribute name, description, data type, and columns assisting input validation

The value of the attribute

Row modeling, where facts about something (in this case, a sales transaction) are recorded as multiple rows rather than multiple columns

differences between row modeling and EAV (which may be considered a generalization of row-modeling) are:

A row-modeled table is homogeneous in the facts that it describes

The data type of the value column/s in a row-modeled table is pre-determined by the nature of the facts it records. By contrast, in an EAV table, the conceptual data type of a value in a particular row depend on the attribute in that row

In the EAV table itself, this is just an attribute ID, a foreign key into an Attribute Definitions table

The Attribute

The Value

Coercing all values into strings

larger systems use separate EAV tables for each data type (including binary large objects, "BLOBS"), with the metadata for a given attribute identifying the EAV table in which its data will be stored

Where an EAV system is implemented through RDF, the RDF Schema language may conveniently be used to express such metadata

access to metadata must be restricted, and an audit trail of accesses and changes put into place to deal with situations where multiple individuals have metadata access

quality of the annotation and documentation within the metadata (i.e., the narrative/explanatory text in the descriptive columns of the metadata sub-schema) must be much higher, in order to facilitate understanding by various members of the development team.

Attribute metadata

Validation metadata include data type, range of permissible values or membership in a set of values, regular expression match, default value, and whether the value is permitted to be null

Presentation metadata: how the attribute is to be displayed to the user

Grouping metadata: Attributes are typically presented as part of a higher-order group, e.g., a specialty-specific form. Grouping metadata includes information such as the order in which attributes are presented

Advanced validation metadata Dependency metadata:

this annotation bypasses the management layer and as such it is recommended only for development and testing purposes

Defining a Managed DataSource

Installing a JDBC driver as a deployment

Installing the JDBC Driver

deployment or as a core module

managed by the application server (and thus take advantage of the management and connection pooling facilities it provides), you must perform two tasks.  First, you must make the JDBC driver available to the application server; then you can configure the data source itself.  Once you have performed these tasks you can use the data source via standard JNDI injection.

recommended way to install a JDBC driver into the application server is to simply deploy it as a regular JAR deployment.  The reason for this is that when you run your application server in domain mode, deployments are automatically propagated to all servers to which the deployment applies; thus distribution of the driver JAR is one less thing for administrators to worry about.

Note on MySQL driver and JDBC Type 4 compliance: while the MySQL driver (at least up to 5.1.18) is designed to be a Type 4 driver, its jdbcCompliant() method always return false. The reason is that the driver does not pass SQL 92 full compliance tests, says MySQL. Thus, you will need to install the MySQL JDBC driver as a module (see below).

Installing a JDBC driver as a module

<module xmlns="urn:jboss:module:1.0" name="com.mysql">  <resources>    <resource-root path="mysql-connector-java-5.1.15.jar"/>  </resources>  <dependencies>    <module name="javax.api"/>  </dependencies></module>

jboss-7.0.0.<release>/modules/com/mysql/main

define your module with a module.xml file, and the actual jar file that contains your database driver

content of the module.xml file

Under the root directory of the application server, is a directory called modules

module name, which in this example is com.mysql

where the implementation is, which is the resource-root tag with the path element

define any dependencies you might have.  In this case, as the case with all JDBC data sources, we would be dependent on the Java JDBC API's, which in this case in defined in another module called javax.api, which you can find under modules/javax/api/main as you would expect.

Defining the DataSource itself

   <datasource jndi-name="java:jboss/datasources/MySqlDS" pool-name="MySqlDS">      <connection-url>jdbc:mysql://localhost:3306/EJB3</connection-url>         <driver>com.mysql</driver>

    <drivers>      <driver name="com.mysql" module="com.mysql">        <xa-datasource-class>com.mysql.jdbc.jdbc2.optional.MysqlXADataSource</xa-datasource-class>      </driver>    </drivers>

jboss-7.0.0.<release>/domain/configuration/domain.xml or jboss-7.0.0.<release>/standalone/configuration/standalone.xml

Principle of least privilege

object-capability model, any software entity can potentially act as both a subject and object

Access control models used by current systems tend to fall into one of two classes:

Both capability-based and ACL-based models have mechanisms to allow access rights to be granted to all members of a group of subjects (often the group is itself modeled as a subject)

identification and authentication determine who can log on to a system, and the association of users with the software subjects that they are able to control as a result of logging in; authorization determines what a subject can do; accountability identifies what a subject (or all subjects associated with a user) did.

Authorization determines what a subject can do on the system

Authorization

Access control models

categorized as either discretionary or non-discretionary

three most widely recognized models are

Attribute-based access control

Discretionary access control

Discretionary access control (DAC) is a policy determined by the owner of an object. The owner decides who is allowed to access the object and what privileges they have.

Every object in the system has an owner

access policy for an object is determined by its owner

DAC systems, each object's initial owner is the subject that caused it to be created

Mandatory access control

Mandatory access control refers to allowing access to a resource

that allow a given user to access the resource

Management is often simplified (over what can be required) if the information can be protected using

or by implementing sensitivity labels.

Sensitivity labels

A subject's sensitivity label specifies its

level of trust required for access

subject must have a sensitivity level equal to or higher than the requested object

Role-based access control

Role-based access control (RBAC) is an

access policy

Access control

Think of JSR-299 as the core of Seam 3 - it's the basic programming model for your application components, and for the built-in components that make up the Seam framework

Seam 3 is implemented as a set of portable extensions, or modules

run in any environment which supports JSR-299 (including any Java EE 6 environment).

BPM integration, Seam Security, Drools integration, RESTeasy integration, PDF and email templates, Excel generation, etc

2.0.0.Final End of 2012 Full specification compliance

Weld 2

simplified and unofficial UML Profile for EJB 3.0 with support for

Enterprise JavaBeans

session beans

Event Bus

Contextual Components and Conversations

Contexts and Components

two main kinds of contexts:

unique context that exists during the whole lifetime of the Flex application

compared to to the server-side session

temporary contexts that can be created and destroyed at any time during the lifetime of the application

can exist simultaneously

isolated from each other

Components are stateful objects that can be of any ActionScript 3 class with a default constructor

have a name

A context is mostly a container for component instances

three available scopes:

always have to include this library in either WEB-INF/lib

support for CDI is included in the library granite-cdi.jar

10.1. Configuration with Servlet 3 On Servlet 3 compliant containers, GraniteDS can use the new APIs to automatically register its own servlets and filters and thus does not need any particular configuration in web.xml. This automatic setup is triggered when GraniteDS finds a class annotated with @FlexFilter in one of the application archives:

@FlexFilter(configProvider=CDIConfigProvider.class) public class GraniteConfig { }  

list of annotation names that enable remote access to CDI beans

@FlexFilter declaration will setup an AMF processor for the specified url pattern

@TideEnabled

@RemoteDestination

always declared by default

10.3.2. Typesafe Remoting with Dependency Injection

It is possible to benefit from even more type safety by using the annotation [Inject] instead of In. When using this annotation, the full class name is used to find the target bean in the CDI context instead of the bean name.

Security

integration between the client RemoteObject credentials and the server-side container security

client-side component named

API to define runtime authorization checks on the Flex UI

bindable property

represents the current authentication state

integrated with server-side role-based security

clear the security cache manually with

describing its parameter object and is therefore not type-safe and its use is subject to many syntax errors.

GraniteDS provides a Java-like reflection API that encapsulates describeType calls and offers a type-safe, object-oriented, set of reflection classes and methods

caches its results for better performance

supports advanced features such as ApplicationDomain and namespaces

In JEE managed mode, such as an EntityManager injected into a SessionBean, the EntityManager reference, represents a new persistence context for each transaction. This means objects read in one transaction become detached after the end of the transaction, and should no longer be used, or need to be merged into the next transaction. In managed mode, you never create or close an EntityManager.

do not support nested transactions

Windows

Oracle Java 7 Update 2

Oracle Java 6 Update 27

x86 32-bit

x86 64-bit