Skip to main content

Home/ SoftwareEngineering/ Group items tagged static

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
kuni katsuya

AuthorizingRealm (Apache Shiro 1.2.1 API) - 0 views

shiro.apache.org/...AuthorizingRealm.html

security ApacheShiro authorization AuthorizingRealm realm

shared by kuni katsuya on 09 Sep 12 - No Cached
  • perform all role and permission checks automatically
  • getAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection) method returns an AuthorizationInfo
  • subclasses do not have to write this logic
  • ...11 more annotations...
  • If caching is enabled and if any authorization data for an account is changed at runtime, such as adding or removing roles and/or permissions, the subclass implementation should clear the cached AuthorizationInfo for that account via the
  • clearCachedAuthorizationInfo method
  • getAuthorizationInfo
  • AuthorizingRealm
  • AuthorizationInfo getAuthorizationInfo(PrincipalCollection principals)
  • Returns an account's authorization-specific information for the specified principals, or null if no account could be found
  • This implementation obtains the actual AuthorizationInfo object
  • from the subclass's implementation of doGetAuthorizationInfo
  • and then caches it for efficient reuse if caching is enabled
  • clearCachedAuthorizationInfo(PrincipalCollection principals)
  • Clears out the AuthorizationInfo cache entry for the specified account.
kuni katsuya

5. Exception Handling - Confluence - 0 views

www.graniteds.org/...5.+Exception+Handling

graniteds ExceptionHandling javaee6 Flex ActionScript actionscript3

shared by kuni katsuya on 13 Sep 12 - No Cached
  • Exception Handling
  • 5. Exception Handling
  • server exceptions
  • ...41 more annotations...
  • can be handled on the
  • client-side
  • by defining a
  • fault callback
  • each remote call
  • very tedious
  • possible to define common handlers for particular fault codes on the client-side, and exception converters on the server-side, to convert server exceptions to common fault codes
  • define an
  • ExceptionConverter
  • class
  • Converter
  • ExceptionConverter
  • accepts(Throwable t, Throwable finalException)
  • convert( Throwable t, String detail, Map<String, Object> extendedData)
  • t.getMessage(), detail, t
    • kuni katsuya
      kuni katsuya on 13 Sep 12
       
      * instead of *wrapping* the server-side exception and rethrowing it to the client, ** extract only details relevant to the client (eg. include: human-friendly error message and any helpful parametrized data, exclude: stack traces), ** "wrap" it in a generic ServiceException, which gets "thrown" remotely to the client * client can check ServiceException.getCode() to implement behavior tailored to server-side exception 'type'
  • ENTITY_NOT_FOUND
    • kuni katsuya
      kuni katsuya on 13 Sep 12
       
      ENTITY_NOT_FOUND - 'fault code' understood by client
  • This class will
  • intercept
  • all EntityNotFound exceptions on the server-side, and convert it to a proper ENTITY_NOT_FOUND fault event.
  • exception converter has to be
  • declared on the GDS server config :
  • scan="true" in granite-config.xml
  • META-INF/granite-config.properties
  • in the jar containing the exception converter class
  • granite-config.xml
  • <exception-converters> <exception-converter type="com.package.SomeExceptionConverter"/> </exception-converters>
  • Flex side
  • Handler
  • Handler
  • IExceptionHandler
    • kuni katsuya
      kuni katsuya on 13 Sep 12
       
      **I**ExceptionHandler??? really?  ;)
  • accepts(emsg:ErrorMessage)
  • handle(context:BaseContext, emsg:ErrorMessage)
  • register it as an exception handler for the
  • Tide context
  • in a static initializer block to be sure it is
  • registered before anything else happens.
  • addExceptionHandler(EntityNotFoundExceptionHandler);
  • ExceptionConverter
  • 5. Exception Handling
  • 5. Exception Handling
  • 5. Exception Handling
kuni katsuya

Frequently Answered Questions (FAQ) - 0 views

static.springsource.org/...faq.html

java security SpringSecurity requirements dependencies

shared by kuni katsuya on 09 Aug 12 - No Cached
  • 1.3.What Java and Spring Framework versions are required?
  • Spring Security 3.0 and 3.1 require at least JDK 1.5
  • and also require Spring 3.0.3 as a minimum
kuni katsuya

Spring Security - Features - 0 views

static.springsource.org/...features.html

Java security SpringSecurity

shared by kuni katsuya on 09 Aug 12 - Cached
  • Domain object instance security: In many applications it's desirable to define Access Control Lists (ACLs) for individual domain object instances. We provide a comprehensive ACL package with features including integer bit masking, permission inheritance (including blocking), an optimized JDBC-backed ACL repository, caching and a pluggable, interface-driven design.
  • OpenID Support: the web's emerging single sign-on standard (supported by Google, IBM, Sun, Yahoo and others) is also supported in Spring Security
  • Easy integration with existing databases: Our implementations have been designed to make it easy to use your existing authentication schema and data (without modification). Of course, you can also provide your own Data Access Object if you wish. Password encoding: Of course, passwords in your authentication repository need not be in plain text. We support both SHA and MD5 encoding, and also pluggable "salt" providers to maximise password security.
  • ...5 more annotations...
  • Caching: Spring Security optionally integrates with Spring's Ehcache factory. This flexibility means your database (or other authentication repository) is not repeatedly queried for authentication information when using Spring Security with stateless applications.
  • Run-as replacement: The system fully supports temporarily replacing the authenticated principal for the duration of the web request or bean invocation. This enables you to build public-facing object tiers with different security configurations than your backend objects.
  • Tag library support: Your JSP files can use our taglib to ensure that protected content like links and messages are only displayed to users holding the appropriate granted authorities. The taglib also fully integrates with Spring Security's ACL services, and obtaining extra information about the logged-in principal.
  • User Provisioning APIs: Support for groups, hierarchical roles and a user management API, which all combine to reduce development time and significantly improve system administration.
  • Enterprise-wide single sign on using CAS 3: Spring Security integrates with JA-SIG's open source Central Authentication Service (CAS)
kuni katsuya

Appendix C. Spring Security Dependencies - 0 views

static.springsource.org/...appendix-dependencies.html

java security SpringSecurity dependencies

shared by kuni katsuya on 09 Aug 12 - No Cached
  • Spring Security Dependencies
  • This appendix provides a reference of the modules in Spring Security and the additional dependencies that they require in order to function in a running application
  • C.1 spring-security-coreThe core module must be included in any project using Spring Security.
  • ...8 more annotations...
  • DependencyVersionDescriptionaopalliance1.0Required for method security implementation.
  • spring-aop Method security is based on Spring AOP
  • spring-beans Required for Spring configuration
  • spring-expression Required for expression-based method security (optional)
  • spring-jdbc Required if using a database to store user data (optional).
  • spring-tx Required if using a database to store user data (optional).
  • C.6 spring-security-aclThe ACL module.
  • spring-jdbc Required if you are using the default JDBC-based AclService (optional if you implement your own).spring-tx Required if you are using the default JDBC-based AclService (optional if you implement your own).
kuni katsuya

4. Configuration for CDI - Confluence - 0 views

www.graniteds.org/...4.+Configuration+for+CDI

graniteds project configuration CDI

shared by kuni katsuya on 08 Aug 12 - No Cached
  • In order to initialize GDS/Tide for CDI and Hibernate, you must add granite.jar, granite-hibernate.jar and granite-cdi.jar to your WEB-INF/lib
  • The easiest way to add GraniteDS support to a CDI project in a Servlet 3 compliant container (currently only GlassFish v3) is by adding a configuration class in your project. This class will be scanned by the servlet 3 container and GraniteDS will use the annotation parameters to determine the application configuration
  • GraniteConfig.java import org.granite.config.servlet3.FlexFilter; import org.granite.gravity.config.AbstractMessagingDestination; import org.granite.gravity.config.servlet3.MessagingDestination; import org.granite.tide.cdi.CDIServiceFactory; import org.granite.tide.cdi.Identity; @FlexFilter( tide=true, type="cdi", factoryClass=CDIServiceFactory.class, tideInterfaces={Identity.class} ) public class GraniteConfig { }
  • ...6 more annotations...
  • services-config.xml
  • define manually the endpoint for remote services
  • service initializer in a static block of the main mxml file
  • Cdi.getInstance().addComponentWithFactory("serviceInitializer", DefaultServiceInitializer, { contextRoot: "/my-cdi-app" } );
  • tideAnnotations
  • list of annotation names that enable remote access to CDI beans
kuni katsuya

Crap4j Home - 0 views

www.crap4j.org

java static code analysis

shared by kuni katsuya on 07 Jun 12 - Cached
kuni katsuya

Testing | Apache Shiro - 0 views

shiro.apache.org/testing.html

security ApacheShiro testing

shared by kuni katsuya on 22 Sep 12 - No Cached
  • Testing with Apache Shiro
  • how to enable Shiro in unit tests.
  • Subject
  • ...14 more annotations...
  • is security-specific view of the
  • 'currently executing' user
  • and that Subject instances are always bound to a thread to ensure we know who is executing logic at any time during the thread's execution
  • Subject instance must be created
  • Subject instance must be bound to the currently executing thread
  • Subject must be unbound to ensure that the thread remains 'clean' in any thread-pooled environment
  • Shiro has architectural components that perform this bind/unbind logic automatically
  • root Shiro Filter performs this logic when filtering a request
  • after creating a Subject instance, it must be bound to thread
  • Test Setup
  • 'setup' and 'teardown'
  • can be used in both unit testing and integration testing
  • AbstractShiroTest
  • abstract class AbstractShiroTest
‹ Previous 21 - 29 of 29
Showing 20 items per page