Skip to main content

Home/ SoftwareEngineering/ Group items matching "client" in title, tags, annotations or url

Group items matching
in title, tags, annotations or url

Sort By: Relevance | Date Filter: All | Bookmarks | Topics Simple Middle
kuni katsuya

Fetching Client IP Address and Header information in JBoss AS7 access log « JBoss - 0 views

middlewaremagic.com/jboss

jbossas7 AccessLog

shared by kuni katsuya on 11 Oct 12 - No Cached
  • Fetching Client IP Address and Header information in JBoss AS7 access log
  • “org.apache.catalina.valves.AccessLogValve”
  • More informations about this Valve can be found in the following link: http://tomcat.apache.org/tomcat-5.5-doc/config/valve.html#Access_Log_Valve
  • ...10 more annotations...
  • Some of the useful patterns
  • %h - Remote host name (or IP address if resolveHosts is false)
  • %a - Remote IP address
  • %u - Remote user that was authenticated (if any), else '-'
  • %r - First line of the request (method and request URI)
  • %s - HTTP status code of the response
  • %b - Bytes sent, excluding HTTP headers, or '-' if zero
  • %S - User session ID
  • %t - Date and time, in Common Log Format
  • %m - Request method (GET, POST, etc.)
  • kuni katsuya on 11 Oct 12
     
    "/subsystem=web/virtual-server=default-host/access-log=configuration:add(pattern="%h %l %u %t "%r" %s %b %{User-Agent}i %{JSESSIONID}c")"
kuni katsuya

Session Management | Apache Shiro - 0 views

shiro.apache.org/session-management.html

java security authentication authorization ApacheShiro SessionManagement session

shared by kuni katsuya on 04 Oct 12 - No Cached
  • available in any application,
  • regardless of container.
  • even if you deploy your application in a Servlet or EJB container, there are still compelling reasons to use Shiro's Session support instead of the container's
  • ...40 more annotations...
  • Easy Custom Session Storage
  • POJO/J2SE based (IoC friendly)
  • Container-Independent Clustering!
  • Heterogeneous Client Access
  • Event Listeners
  • listen to lifecycle events during a session's lifetime
  • Host Address Retention
  • retain the IP address or host name of the host from where the session was initiated
  • Inactivity/Expiration Support
  • can be prolonged via a touch() method to keep them 'alive' if desired
  • Transparent Web Use
  • can use Shiro sessions in existing web applications and you
  • don't need to change any of your existing web cod
  • Can be used for SSO
  • easily stored in any data source
  • can be
  • 'shared'
  • across applications if needed
  • 'poor man's SSO'
  • simple sign-on experience since the shared session can retain authentication state
  • interface-based and implemented with POJOs
  • allows you to easily configure all session components with any JavaBeans-compatible configuration format, like JSON, YAML
  • easily extend
  • customize session management functionality
  • session data can be easily stored in any number of data sources
  • easily clustered using any of the readily-available networked caching products
  • no matter what container you deploy to, your sessions will be clustered the same way
  • No need for container-specific configuration!
  • Shiro sessions can be 'shared' across various client technologies
  • listen for these events and react to them for custom application behavior
  • SecurityUtils.getSubject()
  • currentUser.getSession()
  • If the Subject already has a Session, the boolean argument is ignored and the Session is returned immediately
  • If the Subject does not yet have a Session and the create boolean argument is true,
  • a new session will be created
  • and returned.
  • If the Subject does not yet have a Session and the create boolean argument is false, a new session will not be created and null is returned.
  • Suject.getSession(boolean create)
  • method functions the same way as the
  • HttpServletRequest.getSession(boolean create) method:
    • kuni katsuya
      kuni katsuya on 04 Oct 12
kuni katsuya

MySQL :: MySQL 5.1 Reference Manual :: 5.1.7 Server SQL Modes - 0 views

dev.mysql.com/...server-sql-mode.html

shared by kuni katsuya on 23 Oct 12 - No Cached
  • Modes define what SQL syntax MySQL should support and what kind of data validation checks it should perform
  • Server SQL Modes
  • When working with InnoDB tables using the InnoDB Plugin, consider also the innodb_strict_mode configuration option. It enables additional error checks for InnoDB tables, as listed in InnoDB Strict Mode
  • ...7 more annotations...
  • Setting the SESSION variable affects only the current client. Any client can change its own session sql_mode value at any time
  • To avoid this, it is best to use single-row statements because these can be aborted without changing the table
    • kuni katsuya
      kuni katsuya on 21 May 13
       
      ie. the cheezy and hugely time consuming workaround for avoiding the partial update failure issue with slaves (ie. master-slave data skew)
  • STRICT_TRANS_TABLES
  • Strict mode does not affect whether foreign key constraints are checked
  • POSTGRESQL
  • ORACLE
  • TRADITIONAL
kuni katsuya

entity-pruner - prune JPA entities so they can be serialized for client service calls - Google Project Hosting - 1 views

code.google.com/entity-pruner

flex blazeds jpa entity prune

shared by kuni katsuya on 15 May 12 - No Cached
  • entity-pruner prune JPA entities so they can be serialized for client service calls
kuni katsuya

2. Flex application initialization - Confluence - 0 views

www.graniteds.org/...lex+application+initialization

graniteds graniteds-tide-cdi-jpa flex client remoting initialization configuration

shared by kuni katsuya on 20 Aug 12 - No Cached
  • Application initialization
  • correct integration singleton for your application
  • depends on the server framework
  • ...7 more annotations...
  • Spring, Seam, Ejb, Cdi
  • It's even possible to use the Tide framework if you don't use GraniteDS as the AMF remoting provider by initializing the application with the singleton Tide.
  • Client-side setup for remoting
  • initialize manually the Flex remoting channels that will be used by Tide
  • use the DefaultServiceInitializer component
  • of course don't forget to change the context root to your web app path
  • { contextRoot: "/my-app" }
kuni katsuya

Properties - 0 views

svnbook.red-bean.com/...svn.advanced.props.html

subversion properties auto-props

shared by kuni katsuya on 29 Aug 12 - No Cached
  • Automatic Property Setting
  • Subversion administrators commonly ask if it is possible to configure, on the server side, a set of property definitions which all connecting clients will automatically consider when operating on working copies checked out from that server. Unfortunately, Subversion doesn't offer this feature. Administrators can use hook scripts to validate that the properties added to and modified on files and directories match the administrator's preferred policies, rejecting commits which are non-compliant in this fashion. (See the section called “Implementing Repository Hooks” for more about hook scripts.) But there's no way to automatically dictate those preferences to Subversion clients beforehand.
kuni katsuya

Chapter 10. Integration with CDI - 0 views

www.graniteds.org/...graniteds.ee6cdi.html

graniteds javaee6 cdi remoting Flex security

shared by kuni katsuya on 12 Sep 12 - No Cached
  • Chapter 10. Integration with CDI
  • GraniteDS provides out-of-the-box integration with CDI via the Tide API
  • GraniteDS also integrates with container security for authentication and role-based authorization
  • ...37 more annotations...
  • always have to include this library in either WEB-INF/lib
  • support for CDI is included in the library granite-cdi.jar
  • 10.1. Configuration with Servlet 3 On Servlet 3 compliant containers, GraniteDS can use the new APIs to automatically register its own servlets and filters and thus does not need any particular configuration in web.xml. This automatic setup is triggered when GraniteDS finds a class annotated with @FlexFilter in one of the application archives:
  • @FlexFilter(configProvider=CDIConfigProvider.class) public class GraniteConfig { }  
  • list of annotation names that enable remote access to CDI beans
  • ConfigProvider
  • override these values by setting them in the annotation properties
  • tide=true,         type="cdi",         factoryClass=CDIServiceFactory.class,         tideInterfaces={Identity.class}
  • @FlexFilter declaration will setup an AMF processor for the specified url pattern
  • tideAnnotations
  • defines suitable default values
  • @TideEnabled
  • @RemoteDestination
  • always declared by default
  • tideInterfaces
  • tideRoles
  • exceptionConverters
  • amf3MessageInterceptor
  • 10.3.2. Typesafe Remoting with Dependency Injection
  • It is possible to benefit from even more type safety by using the annotation [Inject] instead of In. When using this annotation, the full class name is used to find the target bean in the CDI context instead of the bean name.
  • Security
  • integration between the client RemoteObject credentials and the server-side container security
  • client-side component named
  • identity
  • API to define runtime authorization checks on the Flex UI
  • login()
  • logout()
  • login(username, password, loginResult, loginFault)
  • logout()
  • bindable property
  • represents the current authentication state
  • loggedIn
  • identity.loggedIn 
  • integrated with server-side role-based security
  • identity.hasRole('admin')
  • clear the security cache manually with
  • identity.clearSecurityCache()
kuni katsuya

7. Tide Framework - Confluence - 0 views

www.graniteds.org/...7.+Tide+Framework

graniteds Tide documentation

shared by kuni katsuya on 09 Aug 12 - No Cached
  • GDS/Tide project represents the Data Services part of GDS
  • comparable to LiveCycle Data Services, which is neither open source nor free, as it provides similar features such as client container of managed entities, data paging, and integration with server components, but it is based on completely different principles:
  • strongly typed Hibernate/JPA detached objects
  • ...5 more annotations...
  • All managed entity instances are unique in a Tide context
  • Tide keeps the classic three layers web architecture, when LCDS removes the service layer, and is some kind of remote JPA provider for Flex applications
  • Tide approach is to minimize the amount of code needed to make things work between the client and the server
  • principles are very similar to the ones of JBoss Seam, which is the main reason why the first integration of Tide has been done with this framework. Integrations with Spring, EJB 3 and CDI are also available
  • need to compile your MXML/AS sources with the granite-essentials.swc and granite.swc libraries
kuni katsuya

Chapter 10. Integration with CDI - 0 views

www.graniteds.org/...graniteds.ee6cdi.html

java security graniteds CDI

shared by kuni katsuya on 09 Aug 12 - No Cached
  • 10.3.5. Security GraniteDS provides a client-side component named identity that ensures the integration between the client RemoteObject credentials and the server-side container security. It additionally includes an easy-to-use API to define runtime authorization checks on the Flex UI.
  • CDI identity component (of class org.granite.tide.cdi.Identity) predictably provides two methods login() and logout()
  • identity component is integrated with server-side role-based security and can be used to get information or show/hide UI depending on the user access rights:
  • ...2 more annotations...
  •  enabled="{identity.hasRole('admin')}"
  • button labeled Delete will be enabled only if the user has the role admin
kuni katsuya

MySQL :: MySQL 3.23, 4.0, 4.1 Reference Manual :: 17.3.4.4 Using Character Sets and Unicode - 0 views

dev.mysql.com/...ctor-j-reference-charsets.html

mysql4 character sets unicode encodings

shared by kuni katsuya on 13 Jun 12 - No Cached
  • 17.3.4.4. Using Character Sets and Unicode
  • MySQL 3.23/4.0/4.1 Manual
  • MySQL 3.23, 4.0, 4.1 Reference Manual
  • ...5 more annotations...
  • character encoding
  • could either be automatically detected from the server configuration, or could be configured by the user through the useUnicode and characterEncoding properties
  • character encoding between client and server is automatically detected upon connection
  • character_set_server for server versions 4.1.0 and newer
  • To override the automatically detected encoding on the client side, use the characterEncoding property in the URL used to connect to the server.
kuni katsuya

Session Management Cheat Sheet - OWASP - 0 views

www.owasp.org/...Session_Management_Cheat_Sheet

OWASP BestPractices CheatSheet SessionManagement

shared by kuni katsuya on 21 Sep 12 - No Cached
  • Session Management Cheat Sheet
  • should not be extremely descriptive nor offer unnecessary details
  • change the default session ID name of the web development framework to a generic name
  • ...50 more annotations...
  • length must be at least 128 bits (16 bytes)
  • Session ID Length
  • Session ID Name Fingerprinting
  • Session ID Properties
  • Session ID Entropy
  • must be unpredictable (random enough) to prevent guessing attacks
  • good PRNG (Pseudo Random Number Generator) must be used
  • must provide at least 64 bits of entropy
  • Session ID Content (or Value)
  • content (or value) must be meaningless
  • identifier on the client side
  • meaning and business or application logic associated to the session ID must be stored on the server side
  • session objects or in a session management database or repository
  • create cryptographically strong session IDs through the usage of cryptographic hash functions such as SHA1 (160 bits).
  • Session Management Implementation
  • defines the exchange mechanism that will be used between the user and the web application to share and continuously exchange the session ID
  • token expiration date and time
  • This is one of the reasons why cookies (RFCs 2109 & 2965 & 6265 [1]) are one of the most extensively used session ID exchange mechanisms, offering advanced capabilities not available in other methods
  • Transport Layer Security
  • use an encrypted HTTPS (SSL/TLS) connection for the entire web session
  • not only for the authentication
  • process where the user credentials are exchanged.
  • “Secure” cookie attribute
  • must be used to ensure the session ID is only exchanged through an encrypted channel
  • never switch a given session from HTTP to HTTPS, or viceversa
  • should not mix encrypted and unencrypted contents (HTML pages, images, CSS, Javascript files, etc) on the same host (or even domain - see the “domain” cookie attribute)
  • should not offer public unencrypted contents and private encrypted contents from the same host
  • www.example.com over HTTP (unencrypted) for the public contents
  • secure.example.com over HTTPS (encrypted) for the private and sensitive contents (where sessions exist)
  • only has port TCP/80 open
  • only has port TCP/443 open
  • “HTTP Strict Transport Security (HSTS)” (previously called STS) to enforce HTTPS connections.
  • Secure Attribute
  • instructs web browsers to only send the cookie through an encrypted HTTPS (SSL/TLS) connection
  • HttpOnly Attribute
  • instructs web browsers not to allow scripts (e.g. JavaScript or VBscript) an ability to access the cookies via the DOM document.cookie object
  • Domain and Path Attributes
  • instructs web browsers to only send the cookie to the specified domain and all subdomains
  • “Domain” cookie attribute
  • “Path” cookie attribute
  • instructs web browsers to only send the cookie to the specified directory or subdirectories (or paths or resources) within the web application
  • vulnerabilities in www.example.com might allow an attacker to get access to the session IDs from secure.example.com
  • Expire and Max-Age Attributes
  • “Max-Age”
  • “Expires” attributes
  • it will be considered a
  • persistent cookie
  • and will be stored on disk by the web browser based until the expiration time
  • use non-persistent cookies for session management purposes, so that the session ID does not remain on the web client cache for long periods of time, from where an attacker can obtain it.
  • Session ID Life Cycle
kuni katsuya

Java API Design Checklist « The Amiable API - 0 views

theamiableapi.com/...java-api-design-checklist

java BestPractices ApiDesign

shared by kuni katsuya on 17 Nov 12 - No Cached
  • Java API Design Checklist
  • Do not use
  • marketing
  • ...18 more annotations...
  • project
  • organizational
  • names
  • Do not move or rename the package of an
  • already released public API
  • Begin with a short, one sentence summary of the API
  • Provide enough details
  • Include the API version number
  • Ensure each type has a single, well-defined purpose
  • Type Design Checklist
  • Ensure types represent domain concepts, not design abstractions
  • Follow consistent design patterns when designing related types
  • Favor enumeration types over constants
  • Consider generic types
  • Avoid deep inheritance hierarchies
  • Do not use public nested types
  • Do not declare public or protected fields
  • Do not expose implementation inheritance to the client
kuni katsuya

TH02-EP02-US003 - VFML Admin, Org Mgmt, Create Organization - Projects - Confluence - 0 views

confluence.visualfrenzy.com/...viewpage.action

shared by kuni katsuya on 06 Dec 12 - No Cached
  • Org Mgmt
  • create a new organization
  • onboard a new client
    • kuni katsuya
      kuni katsuya on 06 Dec 12
       
      ie. create customer's root authorization context under vfml
  • ...1 more annotation...
  • VFML user
    • kuni katsuya
      kuni katsuya on 06 Dec 12
       
      authorization
  • kuni katsuya on 06 Dec 12
     
    " create a new organization"
kuni katsuya

Extending Access Tokens - Facebook Developers - 0 views

developers.facebook.com/...extending-tokens

Facebook login authentication AccessToken FacebookAPI

shared by kuni katsuya on 27 Mar 13 - No Cached
  • Extending Access Tokens
  • validity period of about 1 to 2 hours
  • server-side login flow
  • ...14 more annotations...
  • automatically get long-lived user access tokens
  • refreshes and extends each time the user triggers the login flow
  • Extending
  • client-side
  • user access tokens
  • response from this endpoint will include the
  • exchange this token for a longer-lived one
  • passing it to the /oauth endpoint from your server
  • grant_type parameter of fb_exchange_token
  • /oauth/access_token
  • grant_type=fb_exchange_token
  • fb_exchange_token=SHORT_LIVED_ACCESS_TOKEN
  • by default you'll receive a short-lived token that is only valid for 1-2 hours
  • long-lived access token
kuni katsuya

Chris Kelly: Programming Retrospective - 0 views

www.chrisjasonkelly.com/...programming-retrospective.html

BestPractices anti-patterns

shared by kuni katsuya on 27 Mar 13 - No Cached
  • Programming Retrospective
  • anti-patterns
  • Final classes without interfaces
  • ...18 more annotations...
  • Lack of Defensive Programming
  • Exposure of super state to child classes
  • Printing out error messages to console instead of logging
  • Classes with unclear focus
  • Unwieldy or unneeded comments
  • Use of exceptions to control program flow
  • Throwing of ambiguous exceptions
  • Use parameter objects instead of long method signatures
  • Never Duplicate Code
  • copy and paste job
  • Return nulls from methods
  • Null Object pattern
  • onus is then on the callee to check the result is not null before using the result
  • client then doesn't have to check for nulls
  • empty map should be returned
  • instead of returning null, an
  • Refactoring: Improving the Design of Existing Code
  •  Working Effectively with Legacy Code
kuni katsuya

Interface naming in Java - Stack Overflow - 0 views

stackoverflow.com/...interface-naming-in-java

java Interface NamingConvention BestPractices

shared by kuni katsuya on 19 Dec 12 - No Cached
  • interfaces define
  • capabilities
    • kuni katsuya
      kuni katsuya on 19 Dec 12
       
      this is one sensible interface naming option, if the interface encapsulates a cohesive set of behaviors and yes, compared to blindly following the meaningless I+ convention, it requires some thought, but thinking of an appropriate name also forces you to (re)consider the interface's primary responsibility and how it fits into the overall design imho, a class diagram for a domain model should be almost fluently readable english
  • not types
  • ...16 more annotations...
  • Comparable
  • Runnable
  • Serializable
  • Sometimes an Adjective doesn't make sense, but I'd still generally be using interfaces to model behavior, actions, capabilities, properties, etc,... not types.
  • Also, If you were really only going to make one User and call it User then what's the point of also having an IUser interface?
    • kuni katsuya
      kuni katsuya on 19 Dec 12
       
      another anti-pattern... blindly create an interface for every class, even if there's only one implementation!! arrgghhhh! consider introducing an interface when there are 2-3 well-distinguished, concrete implementations required
  • if you are going to have a few different types of users that need to implement a common interface, what does appending an "I" to the interface save you in choosing names of the implementations?
  • prefer not to use a prefix on interfaces:
  • hurts readability.
  • interfaces names should be as short and pleasant as possible
  • Implementing classes should be uglier to discourage their use.
    • kuni katsuya
      kuni katsuya on 19 Dec 12
       
      but they don't *have* to be ugly, like BlahImpl for specialized implementations, use descriptive adjective-noun combos
  • Code using an instance of some type should never, ever care if that type is an interface or a class
  • exposing such a detail in the name of the type is pointless and harmful to understanding
  • several reasons Java does not generally use the IUser convention.
  • should not have to know whether the client is using an interface or an implementation class
  • Java naming convention prefers longer names with actual meanings to Hungarian-style prefixes
  • Interface naming in Java [closed]
  • kuni katsuya on 19 Dec 12
     
    "have interfaces define"
kuni katsuya

Chapter 14. Tide client framework - 0 views

www.graniteds.org/...graniteds.tideframework.html

graniteds tide context

shared by kuni katsuya on 23 Apr 13 - No Cached
  • 14.3. Contexts and Components
  • core concepts
  • component
  • ...14 more annotations...
  • context
  • unique context that exists during the whole lifetime of the Flex application. It can be compared to to the server-side session
  • Components
  • two main kinds of contexts:
  • stateful objects that can be of any ActionScript 3 class with a default constructor
  • global context
  • temporary contexts that can be created and destroyed at any time during the lifetime of the application
  • conversation contexts
  • conversation context always has an identifier
  • usually tied to a particular use case in the application
  • three available scopes:
  • session scope
  • conversation scope
  • event scope
kuni katsuya

Introduction | Adobe Developer Connection - 0 views

developer.omniture.com/...c-introduction

Adobe Omniture SiteCatalyst documentation

shared by kuni katsuya on 23 Jan 13 - No Cached
kuni katsuya

Implementing the Builder Pattern using the Bean Validation API - Musings of a Programming Addict - 0 views

musingsofaprogrammingaddict.blogspot.ca/...uilder-pattern-using-bean.html

database jpa EntityBeans BuilderPattern BeanValidation

shared by kuni katsuya on 03 Oct 12 - No Cached
  • invariants
  • customer's last name must not be null
  • must be between 3 and 80 characters long
  • ...23 more annotations...
  • @Size(min = 3, max = 80)
  • @NotNull
  • LastName
  • inner class Builder is in charge of creating Customer instances
  • mandatory fields – either primitive (e.g. id) or annotated with @NotNull (e.g. lastName) – are part of the builder's constructor
  • all optional fields setter methods on the builder are provided
  • newly created Customer instance is validated using the Validator#validate() method
  • impossible to retrieve an invalid Customer instance
  • extract the validation routine into a base class:
  • abstract class AbstractBuilder<T>
  • T build() throws ConstraintViolationException
  • protected abstract T buildInternal();
  • private static Validator validator
  • Concrete builder classes have to
  • extend AbstractBuilder
  • must implement the buildInternal() method:
  • Builder extends AbstractBuilder<Customer>
  • @Override protected Customer buildInternal()
  • Implementing the Builder Pattern using the Bean Validation API
  • variation of the Builder design pattern for instantiating objects with multiple optional attributes.
  • this pattern frees you from providing multiple constructors with the different optional attributes as parameters (hard to maintain and hard to read for clients)
  • or providing setter methods for the optional attributes
  • (require objects to be mutable, can leave objects in inconsistent state)
kuni katsuya

Spring Flex | SpringSource.org - 0 views

www.springsource.org/spring-flex

spring flex spring flex adobe blazeds

shared by kuni katsuya on 11 May 12 - Cached
  • Spring Flex
  • purpose is to make it easier to build Spring-powered Rich Internet Applications using Adobe Flex as the front-end client
  • providing first-class support for using the open source Adobe BlazeDS project and its powerful remoting and messaging facilities in combination with the familiar Spring programming model
‹ Previous 21 - 40 of 65 Next › Last »
Showing 20 items per page