Group items matching

in title, tags, annotations or url

this practice was deprecated due to incompatibility problems when the experimental types were standardized

Limitations

may incorrectly classify a content's media type:

coincident lifetimes, and it is very common for the whole to manage the lifecycle of its parts

"project = x and component = TeamB"

parallel sprints labs feature

Unfortunately this will make the velocity chart less usable because velocity is heavily based on the estimations of an individual team

scenario of having multiple JIRA projects containing work items to be picked up by / distributed to multiple scrum teams

Blocks specific requests that your browser is being asked to make

Can block images

Can block JavaScript used for tracking

Uses a block list that blocks some trackers

No effect on images

No effect on JavaScript

Blocks all 3rd party content

names

addresses

checking similar products!

listen to lifecycle events during a session's lifetime

retain the IP address or host name of the host from where the session was initiated

can be prolonged via a touch() method to keep them 'alive' if desired

can use Shiro sessions in existing web applications and you

easily stored in any data source

can be

across applications if needed

'poor man's SSO'

simple sign-on experience since the shared session can retain authentication state

interface-based and implemented with POJOs

allows you to easily configure all session components with any JavaBeans-compatible configuration format, like JSON, YAML

easily extend

customize session management functionality

session data can be easily stored in any number of data sources

easily clustered using any of the readily-available networked caching products

no matter what container you deploy to, your sessions will be clustered the same way

No need for container-specific configuration!

Shiro sessions can be 'shared' across various client technologies

listen for these events and react to them for custom application behavior

SecurityUtils.getSubject()

currentUser.getSession()

If the Subject already has a Session, the boolean argument is ignored and the Session is returned immediately

If the Subject does not yet have a Session and the create boolean argument is true,

and returned.

If the Subject does not yet have a Session and the create boolean argument is false, a new session will not be created and null is returned.

method functions the same way as the

HttpServletRequest.getSession(boolean create) method:

Pros and Cons of JEE and Spring

Advantages of JEE

set of standard specifications, thus it is vendor-independent

testing is possible!

Lightweight application servers and frameworks such as Arquillian arrived

list of reasons why I feel more productive on Java EE 6 than on Spring 3.1

these days there's really no reason for preferring vendor-specific APIs over JPA 2.0

Spring and Java EE applications mostly differ in the following areas only: the web framework (Spring MVC vs. JSF vs. Wicket vs. Vaadin vs. Struts vs.....) Spring Beans vs. EJB Spring Dependency Injection vs. CDI or Java EE 5 @EJB or @Resource injection

Spring MVC feels rather old-school

EJB MDG Technology for Enterprise Java Beans allows the user to model EJB entities and EJB sessions, complete with UML profiles for modeling EJB, EJB patterns and Code Management. (requires Enterprise Architect 4.1 or later)

ICONIX AGILE DDT ICONIX Agile Developer - Design-Driven Testing (DDT) streamlines the ICONIX modeling process, providing: Convenient modeling of robustness diagrams Automatic generation of sequence diagram structures from robustness diagrams Transformation of robustness control elements to test diagrams Transformation of sequence diagram elements to test diagrams Transformation of requirement diagrams to test diagrams Transformation between test cases and test classes. (JUnit & NUnit) Built-in model validation rules for ICONIX robustness diagrams (requires Enterprise Architect 7.5 or later)

Testing MDG Technology for Testing helps users to rapidly model a wide range of testing procedures including component testing, SUT, Test Cases and more. (requires Enterprise Architect 4.1 or later)

Instructions for loading an MDG Technology EXE file: Download and run the .exe file to install the MDG technology. Open Enterprise Architect. Select from the Main Menu Add-Ins | XYZ Technology | Load.

Built-in MDG Technologies: Most of the MDG Technologies provided by Sparx Systems are built into Enterprise Architect directly. Depending on your edition of Enterprise Architect, some or all of the following MDG Technologies will be available:

Gang of Four Patterns

Mind Mapping

Web Modeling

Data Flow (DFD)

Entity-Relationship (ERD)

Business Rule Model

BPMN™

In an EAV data model, each attribute-value pair is a fact describing an entity, and a row in an EAV table stores a single fact

EAV tables are often described as "long and skinny": "long" refers to the number of rows, "skinny" to the few columns

Data is recorded as three columns: The entity: the item being described. The attribute or parameter: a foreign key into a table of attribute definitions. At the very least, the attribute definitions table would contain the following columns: an attribute ID, attribute name, description, data type, and columns assisting input validation

The value of the attribute

Row modeling, where facts about something (in this case, a sales transaction) are recorded as multiple rows rather than multiple columns

differences between row modeling and EAV (which may be considered a generalization of row-modeling) are:

A row-modeled table is homogeneous in the facts that it describes

The data type of the value column/s in a row-modeled table is pre-determined by the nature of the facts it records. By contrast, in an EAV table, the conceptual data type of a value in a particular row depend on the attribute in that row

In the EAV table itself, this is just an attribute ID, a foreign key into an Attribute Definitions table

The Attribute

The Value

Coercing all values into strings

larger systems use separate EAV tables for each data type (including binary large objects, "BLOBS"), with the metadata for a given attribute identifying the EAV table in which its data will be stored

Where an EAV system is implemented through RDF, the RDF Schema language may conveniently be used to express such metadata

access to metadata must be restricted, and an audit trail of accesses and changes put into place to deal with situations where multiple individuals have metadata access

quality of the annotation and documentation within the metadata (i.e., the narrative/explanatory text in the descriptive columns of the metadata sub-schema) must be much higher, in order to facilitate understanding by various members of the development team.

Attribute metadata

Validation metadata include data type, range of permissible values or membership in a set of values, regular expression match, default value, and whether the value is permitted to be null

Presentation metadata: how the attribute is to be displayed to the user

Grouping metadata: Attributes are typically presented as part of a higher-order group, e.g., a specialty-specific form. Grouping metadata includes information such as the order in which attributes are presented

Advanced validation metadata Dependency metadata:

@RunWith(Arquillian.class)

JDBC Templates hardly give any abstraction on top of the database and you’re on your own for Object Relational Mapping. We strongly advise to use JPA wherever possible; it gives portability by abstracting most of the database specific SQL that you would need, and it does all the hard and painful work of object mapping

small part of your application

Changes for Hibernate 3.5 applications

if your application uses Hibernate 3 classes that are not available in Hibernate 4, for example, some of the validator or search classes, you may see ClassNotFoundExceptions when you deploy your application. If you encounter this problem, you can try one of two approaches: You may be able to resolve the issue by copying the specific Hibernate 3 JARs containing those classes into the application "/lib" directory or by adding them to the classpath using some other method. In some cases this may result in ClassCastExceptions or other class loading issues due to the mixed use of the Hibernate versions, so you will need to use the second approach. You need to tell the server to use only the Hibernate 3 libraries and you will need to add exclusions for the Hibernate 4 libraries. Details on how to do this are described here: JPA Reference Guide.

In previous versions of the application server, the JCA data source configuration was defined in a file with a suffix of *-ds.xml. This file was then deployed in the server's deploy directory. The JDBC driver was copied to the server lib/ directory or packaged in the application's WEB-INF/lib/ directory. In AS7, this has all changed. You will no longer package the JDBC driver with the application or in the server/lib directory. The *-ds.xml file is now obsolete and the datasource configuration information is now defined in the standalone/configuration/standalone.xml or in the domain/configuration/domain.xml file. A JDBC 4-compliant driver can be installed as a deployment or as a core module. A driver that is JDBC 4-compliant contains a META-INF/services/java.sql.Driver file that specifies the driver class name. A driver that is not JDBC 4-compliant requires additional steps, as noted below.

DataSource Configuration

domain mode, the configuration file is the domain/configuration/domain.xml

standalone mode, you will configure the datasource in the standalone/configuration/standalone.xml

MySQL datasource element:

        <connection-url>jdbc:mysql://localhost:3306/YourApplicationURL</connection-url>        <driver-class> com.mysql.jdbc.Driver </driver-class>        <driver> mysql-connector-java-5.1.15.jar </driver>

       <security>            <user-name> USERID </user-name>            <password> PASSWORD</password>        </security>

example of the driver element for driver that is not JDBC 4-compliant. The driver-class must be specified since it there is no META-INF/services/java.sql.Driver file that specifies the driver class name.

 <driver-class>com.mysql.jdbc.Driver</driver-class>

JDBC driver can be installed into the container in one of two ways: either as a deployment or as a core module

Install the JDBC driver

Install the JDBC driver as a deployment

In AS7 standalone mode, you simply copy the JDBC 4-compliant JAR into the AS7_HOME/standalone/deployments directory

example of a MySQL JDBC driver installed as a deployment:     AS7_HOME/standalone/deployments/mysql-connector-java-5.1.15.jar

AuthorizationInfo getAuthorizationInfo(PrincipalCollection principals)

Returns an account's authorization-specific information for the specified principals, or null if no account could be found

automatically perform access control checks for the corresponding Subject

If caching is enabled and if any authorization data for an account is changed at runtime, such as adding or removing roles and/or permissions, the subclass implementation should clear the cached AuthorizationInfo for that account via the

getAuthorizationInfo

AuthorizingRealm

AuthorizationInfo getAuthorizationInfo(PrincipalCollection principals)

Returns an account's authorization-specific information for the specified principals, or null if no account could be found

This implementation obtains the actual AuthorizationInfo object

and then caches it for efficient reuse if caching is enabled

clearCachedAuthorizationInfo(PrincipalCollection principals)

Clears out the AuthorizationInfo cache entry for the specified account.

do not at all describe "who" is able to perform the action(s)

Multiple Parts

Wildcard Permissions support the concept of multiple levels or parts. For example, you could restructure the previous simple example by granting a user the permission printer:query

Multiple Values Each part can contain multiple values. So instead of granting the user both the "printer:print" and "printer:query" permissions, you could simply grant them one: printer:print,query

All Values What if you wanted to grant a user all values in a particular part? It would be more convenient to do this than to have to manually list every value. Again, based on the wildcard character, we can do this. If the printer domain had 3 possible actions (query, print, and manage), this: printer:query,print,manage

simply becomes this: printer:*

Using the wildcard in this way scales better than explicitly listing actions since, if you added a new action to the application later, you don't need to update the permissions that use the wildcard character in that part.

Finally, it is also possible to use the wildcard token in any part of a wildcard permission string. For example, if you wanted to grant a user the "view" action across all domains (not just printers), you could grant this: *:view Then any permission check for "foo:view" would return true

Instance-Level Access Control

instance-level Access Control Lists

Checking Permissions

SecurityUtils.getSubject().isPermitted("printer:print:lp7200")

printer:*:*

all actions on a single printer

printer:*:lp7200

missing parts imply that the user has access to all values corresponding to that part

printer:print is equivalent to printer:print:*

Missing Parts

rule of thumb is to

when performing permission checks

first part is the

that is being operated on (printer)

second part is the

(query) being performed

three parts - the first is the

the second is the

third is the

allow access to

can only leave off parts from the end of the string

Performance Considerations

runtime implication logic must execute for

implicitly using Shiro's default

which executes the necessary implication logic

When using permission strings like the ones shown above, you're

Shiro's default behavior for Realm

for every permission check

need to be checked individually for implication

as the number of permissions assigned to a user or their roles or groups increase, the time to perform the check will necessarily increase

If a Realm implementor has a

more efficient way of checking permissions and performing this implication logic

should implement that as part of their

implies

user:*:12345

user:update:12345

printer

implies

printer:print

Implication, not Equality

permission

are evaluated by

logic - not equality checks

the former implies the latter

superset of functionality

implication logic can be executed at runtime