Group items tagged

How To Install and Test Sample Applications

build.xml

How To Install and Test Sample Applications

run the "deploy" target.

Log date and time

Event date and time

Application identifier

Application address

User identity

Type of event

Severity of event

Description

Action

original intended purpose of the request

Object

affected component

Result status

Reason

Extended details

Data to exclude

Access tokens

Session identification values

Sensitive personal data

passwords

Database connection strings

Encryption keys

payment

Information a user has opted out of collection

Synchronize time across all servers and devices

Input validation failures

Which events to log

proportional to the information security risks

Always log:

Authentication successes and failures

Authorization failures

Session management failures

Application errors and system events

Application and related systems start-ups and shut-downs

Use of higher-risk functionality

implementation or a description of what we did

No more “Just a fix“, “Improvements” or “I made this, this, this and also this” comments.

not what you did

(not what you did)

Some of the useful patterns

%h - Remote host name (or IP address if resolveHosts is false)

%a - Remote IP address

%u - Remote user that was authenticated (if any), else '-'

%r - First line of the request (method and request URI)

%s - HTTP status code of the response

%b - Bytes sent, excluding HTTP headers, or '-' if zero

%S - User session ID

%t - Date and time, in Common Log Format

%m - Request method (GET, POST, etc.)

Baseline Diagram Comparison Conduct a visual diagram comparison between your current diagram and a previous baseline .

Personal Information Window See how the Personal Information Window in Enterprise Architect can help you organize your daily tasks and workflow.

Working Sets As you perform work on your model, you open various windows, diagrams and views. Working Sets allow you to return to these same views in a later work session.

Business Rules A car rental system is used to illustrate how to generate executable business rules using Enterprise Architect.

EJB MDG Technology for Enterprise Java Beans allows the user to model EJB entities and EJB sessions, complete with UML profiles for modeling EJB, EJB patterns and Code Management. (requires Enterprise Architect 4.1 or later)

ICONIX AGILE DDT ICONIX Agile Developer - Design-Driven Testing (DDT) streamlines the ICONIX modeling process, providing: Convenient modeling of robustness diagrams Automatic generation of sequence diagram structures from robustness diagrams Transformation of robustness control elements to test diagrams Transformation of sequence diagram elements to test diagrams Transformation of requirement diagrams to test diagrams Transformation between test cases and test classes. (JUnit & NUnit) Built-in model validation rules for ICONIX robustness diagrams (requires Enterprise Architect 7.5 or later)

Testing MDG Technology for Testing helps users to rapidly model a wide range of testing procedures including component testing, SUT, Test Cases and more. (requires Enterprise Architect 4.1 or later)

Instructions for loading an MDG Technology EXE file: Download and run the .exe file to install the MDG technology. Open Enterprise Architect. Select from the Main Menu Add-Ins | XYZ Technology | Load.

Built-in MDG Technologies: Most of the MDG Technologies provided by Sparx Systems are built into Enterprise Architect directly. Depending on your edition of Enterprise Architect, some or all of the following MDG Technologies will be available:

Gang of Four Patterns

Mind Mapping

Web Modeling

Data Flow (DFD)

Entity-Relationship (ERD)

Business Rule Model

BPMN™

@Inject

CDI managed beans. The @EJB annotation is removed and @Inject is used instead

Annotating the boundary (Cart) with the @Named annotation makes the Cart immediately visible for expression language (EL) expressions in JSP and JSF

@Named annotation takes the simple name of the annotated class, puts the first character in lowercase, and exposes it directly to the JSF pages (or JSP). The Cart bean can be accessed directly, without any backed or managed beans, by the JSF pages: <h:commandButton value="Check out!" action="#{cart.checkout}" />

If there is a need for abstraction, the class can be turned into an interface (or abstract class)

local implementation (with CDI events

@Inject Event<String> event;

event.fire("Order proceeded!");

remote implementation:

javax.enterprise.event.Event belongs to the CDI-implementation

class Event can be considered to be a lightweight alternative to the java.beans.PropertyChangeSupport class

@Inject Event<String> event;

event.fire("Order proceeded!");

event can be received by any managed bean and also by EJB beans

provide a method with a single @Observes annotated parameter

@Observes String event

there is no real event, just the payload:

The during attribute in the @Observes annotation allows you to select in which transactional phase the event gets delivered. The default setting is IN_PROGRESS, which causes an immediate event delivery regardless of the transaction outcome. The AFTER_SUCCESS configuration causes the delivery to occur only after successful transaction completion

Although CDI events work only inside a single process (in the default case, CDI is extensible), they are perfectly suitable for decoupling packages from modules

The method checkout() starts a transaction that gets "reused" by the OrderSystem and CustomerNotification session beans

ordering.placeOrder(); notifier.sendNotification();

EJB beans cannot be directly exposed to JSF or JSP without a little help from CDI

bean-validation JPA, Bean Validation Shows how to use Arquillian to test Bean Validation

ejb-security Security, EJB Shows how to use Java EE Declarative Security to Control Access to EJB 3

payment-cdi-event CDI Demonstrates how to use CDI 1.0 Events

richfaces-validation RichFaces Demonstrates RichFaces and bean validation

ejb-in-war JSF, WAR, EJB Packages an EJB JAR in a WAR

greeter EJB, JPA, JSF, JTA, CDI Demonstrates the use of CDI 1.0, JPA 2.0, JTA 1.1, EJB 3.1 and JSF 2.0

helloworld-mdb EJB, MDB, JMS Demonstrates the use of JMS 1.1 and EJB 3.1 Message-Driven Bean

helloworld-rs JAX-RS, CDI Demonstrates the use of CDI 1.0 and JAX-RS

kitchensink BV, EJB, JAX-RS, JPA, JPA, JSF, CDI

servlet-async CDI, EJB, Servlet Demonstrates CDI, plus asynchronous Servlets and EJBs

servlet-security Security, Servlet Demonstrates how to use Java EE declarative security to control access to Servlet 3

shopping-cart EJB Demonstrates a stateful session bean

tasks Arquillian, JPA Demonstrates testing JPA using Arquillian

Extract/replace AMF data during the test in order to variabilize the calls

Automatically handle the session IDs used by AMF

Profiling is enabled by setting profiling to 1 or ON: mysql> SET profiling = 1;

asks the user for multiple pieces of hard data that should have been

send the password reset information to some

such as a (possibly different) email address or an SMS text number, etc. to be used in Step 3.

Step 2) Verify Security Questions

application verifies that each piece of data is correct for the given username

If anything is incorrect, or if the username is not recognized, the second page displays a generic error message such as “Sorry, invalid data”. If all submitted data is correct, Step 2 should display at least two of the user’s pre-established personal security questions, along with input fields for the answers.

Avoid sending the username as a parameter

Do not provide a drop-down list

server-side session

user's email account may have already been compromised

However, those locks limit concurrency and scalability when multiple transactions are executing insert statements at the same time

Backward compatibility.

not safe

when using

Auto-increment values are not ensured to be the same on the slaves as on the master if you use innodb_autoinc_lock_mode = 2 (“interleaved”) or configurations where the master and slaves do not use the same lock mode