Skip to main content

Home/ SoftwareEngineering/ Group items matching "data" in title, tags, annotations or url

Group items matching
in title, tags, annotations or url

Sort By: Relevance | Date Filter: All | Bookmarks | Topics Simple Middle
kuni katsuya

Session Management | Apache Shiro - 0 views

shiro.apache.org/session-management.html

java security authentication authorization ApacheShiro SessionManagement session

shared by kuni katsuya on 04 Oct 12 - No Cached
  • available in any application,
  • regardless of container.
  • even if you deploy your application in a Servlet or EJB container, there are still compelling reasons to use Shiro's Session support instead of the container's
  • ...40 more annotations...
  • Easy Custom Session Storage
  • POJO/J2SE based (IoC friendly)
  • Container-Independent Clustering!
  • Heterogeneous Client Access
  • Event Listeners
  • listen to lifecycle events during a session's lifetime
  • Host Address Retention
  • retain the IP address or host name of the host from where the session was initiated
  • Inactivity/Expiration Support
  • can be prolonged via a touch() method to keep them 'alive' if desired
  • Transparent Web Use
  • can use Shiro sessions in existing web applications and you
  • don't need to change any of your existing web cod
  • Can be used for SSO
  • easily stored in any data source
  • can be
  • 'shared'
  • across applications if needed
  • 'poor man's SSO'
  • simple sign-on experience since the shared session can retain authentication state
  • interface-based and implemented with POJOs
  • allows you to easily configure all session components with any JavaBeans-compatible configuration format, like JSON, YAML
  • easily extend
  • customize session management functionality
  • session data can be easily stored in any number of data sources
  • easily clustered using any of the readily-available networked caching products
  • no matter what container you deploy to, your sessions will be clustered the same way
  • No need for container-specific configuration!
  • Shiro sessions can be 'shared' across various client technologies
  • listen for these events and react to them for custom application behavior
  • SecurityUtils.getSubject()
  • currentUser.getSession()
  • If the Subject already has a Session, the boolean argument is ignored and the Session is returned immediately
  • If the Subject does not yet have a Session and the create boolean argument is true,
  • a new session will be created
  • and returned.
  • If the Subject does not yet have a Session and the create boolean argument is false, a new session will not be created and null is returned.
  • Suject.getSession(boolean create)
  • method functions the same way as the
  • HttpServletRequest.getSession(boolean create) method:
    • kuni katsuya
      kuni katsuya on 04 Oct 12
kuni katsuya

Chapter 2. Usage Scenarios - 0 views

www.graniteds.org/...graniteds.usagescenarios.html

graniteds usage scenarios javaee6 jboss glassfish jpa2 cdi tide

shared by kuni katsuya on 15 May 12 - No Cached
  • Client Options
  • client there are two main choices
  • standard Flex RemoteObject API
  • ...16 more annotations...
  • GraniteDS does not support the standard Consumer and Producer Flex messaging API
  • its own client implementations of these classes org.granite.gravity.Consumer and org.granite.gravity.Producer that provide very similar functionality
  • Tide remoting API with the GraniteDS/Tide server framework integration
  • most advanced features and greatly simplifies asynchronous handling and client data management
  • preferred for new projects
  • Server Options
  • two options
  • GraniteDS service factory
  • RemoteObject API,
  • GraniteDS support for externalization of lazily loaded JPA entities/collections, and support for scalable messaging though Gravity
  • GraniteDS/Tide service factory
  • Tide API
  • full feature set of Tide data management and further integration with data push through Gravity
  • complete support for Spring and Seam security or integration with CDI events
  • Tide/CDI/JPA2/Java EE 6 on JBoss 6/7 or GlassFish 3
  • If you are on a Java EE 6 compliant application server, it is definitely the best option
kuni katsuya

Lean service architectures with Java EE 6 - JavaWorld - 0 views

www.javaworld.com/...-04-lean-soa-with-javaee6.html

javaee6 lean service architecture DAO

shared by kuni katsuya on 30 Jul 12 - No Cached
  • DAOs aren't dead, but they cannot be considered as a general best practice any more. They should be created in a bottom-up, rather than a top-down, fashion. If you discover data-access code duplication in your service layer, just factor it out to a dedicated DAO and reuse it. Otherwise it is just fine to delegate to an EntityManager from a service. The enforcement of an empty DAO layer is even more harmful, because it requires you to write dumb code for even simple use cases. The more code is produced, the more time you must spend to write tests and to maintain it.
  • With JDK 1.5 and the advent of generics, it is possible to build and deploy a generic, convenient, and typesafe DAO once and reuse it from variety of services
  • kuni katsuya on 30 Jul 12
     
    DAOs aren't dead, but they cannot be considered as a general best practice any more. They should be created in a bottom-up, rather than a top-down, fashion. If you discover data-access code duplication in your service layer, just factor it out to a dedicated DAO and reuse it. Otherwise it is just fine to delegate to an EntityManager from a service. The enforcement of an empty DAO layer is even more harmful, because it requires you to write dumb code for even simple use cases. The more code is produced, the more time you must spend to write tests and to maintain it.
kuni katsuya

7. Tide Framework - Confluence - 0 views

www.graniteds.org/...7.+Tide+Framework

graniteds Tide documentation

shared by kuni katsuya on 09 Aug 12 - No Cached
  • GDS/Tide project represents the Data Services part of GDS
  • comparable to LiveCycle Data Services, which is neither open source nor free, as it provides similar features such as client container of managed entities, Data paging, and integration with server components, but it is based on completely different principles:
  • strongly typed Hibernate/JPA detached objects
  • ...5 more annotations...
  • All managed entity instances are unique in a Tide context
  • Tide keeps the classic three layers web architecture, when LCDS removes the service layer, and is some kind of remote JPA provider for Flex applications
  • Tide approach is to minimize the amount of code needed to make things work between the client and the server
  • principles are very similar to the ones of JBoss Seam, which is the main reason why the first integration of Tide has been done with this framework. Integrations with Spring, EJB 3 and CDI are also available
  • need to compile your MXML/AS sources with the granite-essentials.swc and granite.swc libraries
kuni katsuya

Application Security With Apache Shiro - 0 views

www.infoq.com/...apache-shiro

security ApacheShiro

shared by kuni katsuya on 08 Aug 12 - No Cached
  • previously known as the JSecurity project
  • The word Subject is a security term that basically means "the currently executing user"
  • Core Concepts: Subject, SecurityManager, and Realms
  • ...12 more annotations...
  • Subject
  • 'Subject' can mean a human being, but also a 3rd party process, daemon account, or anything similar. It simply means 'the thing that is currently interacting with the software'
  • Subject currentUser = SecurityUtils.getSubject();
  • SecurityManager
  • SecurityManager manages security operations for all users
  • Realms
  • Realm acts as the ‘bridge’ or ‘connector’ between Shiro and your application’s security data. That is, when it comes time to actually interact with security-related data like user accounts to perform authentication (login) and authorization (access control), Shiro looks up many of these things from one or more Realms configured for an application.
  • Realm is essentially a security-specific DAO
  • Shiro provides out-of-the-box Realms to connect to a number of security data sources (aka directories) such as LDAP, relational databases (JDBC), text configuration sources like INI and properties files, and more
  • Authorization
  • A permission is a raw statement of functionality, for example ‘open a door’, ‘create a blog entry’, ‘delete the ‘jsmith’ user’, etc. By having permissions reflect your application’s raw functionality, you only need to change permission checks when you change your application’s functionality. In turn, you can assign permissions to roles or to users as necessary at runtime.
  • “Run As” support for assuming the identity of another Subject
kuni katsuya

Logging Cheat Sheet - OWASP - 0 views

www.owasp.org/...Logging_Cheat_Sheet

OWASP logging BestPractices CheatSheet

shared by kuni katsuya on 21 Sep 12 - No Cached
  • Legal and other opt-ins
    • kuni katsuya
      kuni katsuya on 21 Sep 12
       
      terms & conditions acceptance, license transfers, etc
  • Data changes
    • kuni katsuya
      kuni katsuya on 21 Sep 12
       
      all changes to domain objects
  • Event attributes
  • ...35 more annotations...
  • Log date and time
  • Event date and time
  • Application identifier
    • kuni katsuya
      kuni katsuya on 21 Sep 12
       
      eg. service type
  • Application address
    • kuni katsuya
      kuni katsuya on 21 Sep 12
       
      eg. service instance
  • User identity
    • kuni katsuya
      kuni katsuya on 21 Sep 12
       
      ie. subject
  • Type of event
  • Severity of event
  • Description
    • kuni katsuya
      kuni katsuya on 21 Sep 12
       
      eg. event message text
  • Action
    • kuni katsuya
      kuni katsuya on 21 Sep 12
       
      eg. action performed on managed resource (eg. 'update' action on resource 'hotel')
  • original intended purpose of the request
  • Object
    • kuni katsuya
      kuni katsuya on 21 Sep 12
       
      eg. managed resource being accessed
  • affected component
  • Result status
    • kuni katsuya
      kuni katsuya on 21 Sep 12
       
      boolean was_successful
  • Reason
    • kuni katsuya
      kuni katsuya on 21 Sep 12
       
      include in event message text
  • Extended details
  • Data to exclude
  • Access tokens
  • Session identification values
  • Sensitive personal data
  • passwords
  • Database connection strings
  • Encryption keys
  • payment
  • Information a user has opted out of collection
  • Synchronize time across all servers and devices
  • Input validation failures
  • Which events to log
  • proportional to the information security risks
  • Always log:
  • Authentication successes and failures
  • Authorization failures
  • Session management failures
  • Application errors and system events
  • Application and related systems start-ups and shut-downs
  • Use of higher-risk functionality
kuni katsuya

Selling Weld and EE6 | Weld | JBoss Community - 0 views

community.jboss.org/...656586

javaee6 weld Spring GavinKing

shared by kuni katsuya on 28 Sep 12 - No Cached
  • regarding the issue of selling Weld and EE6 to developers/shops....
  • How bout a JdbcTemplate Spring equivalent in the case of projects using legacy db schemas
  • portable extension to Weld
  • ...32 more annotations...
  • William Drai
  • Honestly I don't see any value in switching to CDI if it is
  • to reproduce the same awful patterns
  • please not this Dao/Template mess
  • Gavin King
  • Their template pattern is a solution in search of a problem
    • kuni katsuya
      kuni katsuya on 28 Sep 12
       
      gold! :)
  • to reproduce the same awful patterns
  • please not this Dao/Template mess
  • Because, of course, there are no other well-known patterns for dealing with boiler-plate cleanup code and connection leaks.
  • This is exactly the kind of
  • brain-damage that Spring does to people!
    • kuni katsuya
      kuni katsuya on 28 Sep 12
       
      platinum!!!
  • It gives people a
  • half-assed solution
  • and somehow shuts down their brains so they
  • stop asking themselves how this solution could be improved upon
  • It's a very impressive magic trick, and I wish I knew how to do it myself. But then, I'm just not like that. I'm always trying to poke holes in things - whether they were Invented Here or Not.
  • but that might be too high-level for your taste. Their are other, less-abstract options.
  • exception handling, this is one area where Spring does a good job: "The Spring Framework's handling of SQLException is one of its most useful features in terms of enabling easier JDBC development and maintenance. The Spring Framework provides JDBC support that abstracts SQLException and provides a DAO-friendly, unchecked exception hierarchy."
  • Utter nonsense and dishonest false advertising
  • Automatic connection closing (and other boiler-plate code) is obviously a hard requirement to be handled by the fwk.
  • Pffffff. It's a trivial requirement which I can solve in my framework with two lines of code in a @Disposes method. Did you see any connection handling in the code above?
  • I mean, seriously guys. The Spring stuff is trivial and not even very elegant. I guess it's easier for me to see that, since I spent half my career thinking about data access and designing data access APIs. But even so...
  • I don't understand. You hate the ability to write typesafw SQL that much?
  • Gavin King
  • Methods with long argument lists are a code smell.
  • It's something Spring copied from Hibernate 1.x, back in the days before varargs
  • It's something we removed in Hibernate2 and JPA.
  • there are a bunch of people
  • who don't want to use JPA.
  • They don't understand, or see the value of, using managed objects to represent their persistent data.
  • Um. Why? Why would that be a bad thing? I imagine that any app with 1000 queries has tens of thousands of classes already. What's the problem? Why is defining a class worse than writing a method?
  • Are you working from some totally bizarre metric where you measure code quality by number of classes?
kuni katsuya

Java Persistence/Inheritance - Wikibooks, open books for an open world - 0 views

en.wikibooks.org/...Inheritance

java jpa inheritance @Inheritance @MappedSuperclass

shared by kuni katsuya on 24 Sep 12 - No Cached
  • Inheritance
  • hardest part of persisting inheritance is choosing how to represent the inheritance in the database
  • There are three inheritance strategies defined from the InheritanceType enum,
  • ...101 more annotations...
  • SINGLE_TABLE
  • TABLE_PER_CLASS
  • JOINED
  • Single table inheritance is the default
  • @MappedSuperclass
  • @Inheritance
  • mapped superclass is
  • not a persistent class
  • but allow common mappings to be define for its subclasses
  • Single Table Inheritance
    • kuni katsuya
      kuni katsuya on 24 Sep 12
       
      implemented as a sparse table. ie. all attributes from all entities end up as columns in the 'super' table
  • single table is used to store all of the instances of the entire inheritance hierarchy
  • table will have a column for
  • every attribute
  • every class
  • in the hierarchy
  • discriminator column
  • is used to determine which class the particular row belongs to
  • abstract
  • Project
  • extends Project
  • extends Project
  • @DiscriminatorValue("S")
  • @DiscriminatorValue("L")
  • @DiscriminatorColumn(name="PROJ_TYPE")
  • @Inheritance
  • @Table(name="PROJECT")
  • single table inheritance
  • Joined, Multiple Table Inheritance
  • mirrors the object model in the data model
  • table is defined for each class in the inheritance hierarchy to store only the local attributes of that class
  • Each table in the hierarchy must also store the object's id (primary key), which is
  • only defined in the root class
  • share the same id attribute
  • joined inheritance
  • @Inheritance(strategy=
  • InheritanceType.JOINED
  • @DiscriminatorColumn(name="PROJ_TYPE")
  • @Table(name="PROJECT")
  • abstract
  • Project
  • @DiscriminatorValue("L")
  • @Table(name=
  • "LARGEPROJECT"
  • LargeProject
  • Project
  • @DiscriminatorValue("S")
  • @Table(name=
  • "SMALLPROJECT"
  • SmallProject
  • Project
  • Table Per Class Inheritance
  • Advanced
  • table is defined for
  • each concrete class
  • in the inheritance hierarchy to store
  • all the attributes
  • of that class and
  • all of its superclasses
  • table per class inheritance
  • @Inheritance(strategy=
  • InheritanceType.TABLE_PER_CLASS
  • abstract
  • Project
  • @Table(name="LARGEPROJECT")
  • LargeProject
  • Project
  • @Table(name="SMALLPROJECT")
  • SmallProject
  • Project
  • Mapped Superclasses
  • similar to table per class inheritance, but does not allow querying, persisting, or relationships to the superclass
  • mapped superclass
  • @MappedSuperclass
  • abstract
  • Project
  • @Column(name="NAME")
  • @Table(name="LARGEPROJECT")
  • LargeProject
  • Project
  • @AttributeOverride
  • "PROJECT_NAME"
  • "name"
  • @Table("SMALLPROJECT")
  • SmallProject
  • Project
  • cannot have a relationship to a mapped superclass
  • Joined, Multiple Table Inheritance
  • oined, Multiple Table Inheritance
  • abstract
  • abstract c
  • extends Project
  • Mapped Superclasses
  • Mapped Superclasses
  • apped Superclasses
  • allows inheritance to be used in the object model, when it does not exist in the data model
  • @MappedSuperclass
  • MappedSuperclass
  • abstract
  • abstract
  • extends Project
  • extends Project
kuni katsuya

Anemic domain model - Wikipedia, the free encyclopedia - 0 views

en.wikipedia.org/...Anemic_Domain_Model

patterns AnemicDomainModel

shared by kuni katsuya on 12 Dec 12 - Cached
  • objects containing only data
    • kuni katsuya
      kuni katsuya on 12 Dec 12
       
      ie. dumb data structures with little or no behavior
  • objects containing only code
    • kuni katsuya
      kuni katsuya on 12 Dec 12
       
      ie. classes that are just containers for methods that implement the behavior part of the domain objects (aka the procedures)
  • Martin Fowler, who considers the practice an anti-pattern
  • ...14 more annotations...
  • Benefit
    • kuni katsuya
      kuni katsuya on 12 Dec 12
       
      none
  • Liabilities
    • kuni katsuya
      kuni katsuya on 12 Dec 12
       
      lots
  • Logic cannot be implemented in a truly object-oriented way
    • kuni katsuya
      kuni katsuya on 12 Dec 12
       
      for example, polymorphic behavior
    • kuni katsuya
      kuni katsuya on 12 Dec 12
       
      dammit, can't change highlight color if there's also a sticky note attached!!! arrgggghhhh!!! diigo plugin bug!!
  • Violation of the encapsulation
  • domain model's objects cannot guarantee their correctness
  • validation and mutation logic is placed somewhere outside
    • kuni katsuya
      kuni katsuya on 12 Dec 12
       
      instead of, say, attaching validation 'behavior' directly on, but still decoupled from domain classes themselves (eg. validation rule annotations on jpa entity beans)
    • kuni katsuya
      kuni katsuya on 12 Dec 12
       
      dammit, can't change highlight color if there's also a sticky note attached!!! arrgggghhhh!!! diigo plugin bug!!
  • Necessitates a service layer when sharing domain logic across differing consumers of an object model.
  • Makes a model less expressive and harder to understand.
  • Facilitates code duplication among transactional scripts and similar use cases, reduces code reuse.
  • Liabilities
  • Liabilities
  • Liabilities
  • Liabilities
  • Liabilities
kuni katsuya

Agile/Evolutionary Data Modeling: From Domain Modeling to Physical Modeling - 0 views

www.agiledata.org/...agileDataModeling.html

shared by kuni katsuya on 17 Mar 13 - Cached
  • serial approach which risks communication errors
    • kuni katsuya
      kuni katsuya on 17 Mar 13
       
      serial approach, aka 'throw it over the wall' approach
  • parallel approach which risks double work (both of us would have explored the same schema issues, her from an object point of view and me from the data point of view) and incompatible work (we could have easily made different schema design decisions)
kuni katsuya

What is SiteCatalyst? | Adobe Developer Connection - 0 views

developer.omniture.com/...c-what-is-sitecatalyst

Adobe Omniture SiteCatalyst documentation

shared by kuni katsuya on 23 Jan 13 - No Cached
  • What is SiteCatalyst?
  • What is SiteCatalyst?
  • What is SiteCatalyst?
  • ...4 more annotations...
  • software-as-a-service (SaaS) solution that
  • collects web site visitor's online analytics data like page views and visits
  • provides both a data processing and reporting platform.
  • SiteCatalyst User's Guide
kuni katsuya

Page - Facebook Developers - 0 views

developers.facebook.com/...page

shared by kuni katsuya on 25 Feb 13 - No Cached
kuni katsuya

Graph database - Wikipedia, the free encyclopedia - 0 views

en.wikipedia.org/...Graph_database

shared by kuni katsuya on 12 Dec 12 - Cached
  • are pertinent information that relate to nodes
    • kuni katsuya
      kuni katsuya on 12 Dec 12
       
      ie. attributes of the entities (aka nodes)
  • Edges
  • are the lines that connect
  • ...6 more annotations...
  • nodes to nodes
  • nodes to properties
  • they represent the relationship between the two
  • Most of the important information is really stored in the edges
  • depend less on a rigid schema, they are more suitable to manage ad-hoc and changing data with evolving schemas
  • Conversely, relational databases are typically faster at performing the same operation on large numbers of data elements
kuni katsuya

Why you should never use getSingleResult() in JPA | Sysout.be - 0 views

sysout.be/...ver-use-getsingleresult-in-jpa

database JPA EntityManager.getSingleResult() EntityManager.getResultList()

shared by kuni katsuya on 07 Oct 12 - No Cached
  • The only use for getSingleResult() is when we are
  • executing a scalar (count, sum, avg) query
  • query wich will
  • ...8 more annotations...
  • alway
  • return a row
  • 3 ways to do this
  • EntityManger.find()
  • returns a typed instance of the entity when it is found, null when it is not found
  • But what if the row isn’t in the database (anymore)?
  • We get an unchecked exception: NoResultException
  • We never know for sure what we can expect from our database, so throwing an unchecked exception seems the wrong choice for this use-case
    • kuni katsuya
      kuni katsuya on 07 Oct 12
       
      thinking defensively, in a pathological scenario, the data and/or schema of the database could be corrupt eg. using a named query that should return a single entity based on a unique constraint of a table: - what if the unique constraint was implemented incorrectly in the ddl? (too relaxed or too strict) - what if the data became inconsistent as a result of some external process? => should always code defensively, especially at integration points to anything external to the jvm 
kuni katsuya

MySQL :: MySQL 5.1 Reference Manual :: 5.1.7 Server SQL Modes - 0 views

dev.mysql.com/...server-sql-mode.html

shared by kuni katsuya on 23 Oct 12 - No Cached
  • Modes define what SQL syntax MySQL should support and what kind of data validation checks it should perform
  • Server SQL Modes
  • When working with InnoDB tables using the InnoDB Plugin, consider also the innodb_strict_mode configuration option. It enables additional error checks for InnoDB tables, as listed in InnoDB Strict Mode
  • ...7 more annotations...
  • Setting the SESSION variable affects only the current client. Any client can change its own session sql_mode value at any time
  • To avoid this, it is best to use single-row statements because these can be aborted without changing the table
    • kuni katsuya
      kuni katsuya on 21 May 13
       
      ie. the cheezy and hugely time consuming workaround for avoiding the partial update failure issue with slaves (ie. master-slave data skew)
  • STRICT_TRANS_TABLES
  • Strict mode does not affect whether foreign key constraints are checked
  • POSTGRESQL
  • ORACLE
  • TRADITIONAL
‹ Previous 21 - 40 of 138 Next › Last »
Showing 20 items per page