Events
Group items matching
in title, tags, annotations or url
3More
40More
Java Persistence/Advanced Topics - Wikibooks, open books for an open world - 0 views
-
-
hook into a system that allows the execution of some code when the event occurs
-
JPA defines several events for the persistent
- ...37 more annotations...
-
life-cycle
-
of Entity objects
-
JPA defines the following events:
-
PostLoad
-
PrePersist
-
PostPersist
-
PreUpdate
-
PostUpdate
-
PreRemove
-
PostRemove
-
after an Entity is loaded into the
-
persistence context
-
before the persist operation is invoked on an Entity
-
after a refresh operation.
-
before the remove operation is invoked on an Entity
-
cascade of a remove operation
-
during a flush or commit for orphanRemoval in JPA 2.0
-
after an instance is deleted from the database
-
occurs during a flush or commit operation
-
after the database DELETE has occurred
-
before the transaction is committed
-
after an instance is updated in the database
-
occurs during a flush or commit operation
-
after the database UPDATE has occurred
-
before the transaction is committed
-
before an instance is updated in the database
-
occurs during a flush or commit operation
-
after the database UPDATE has occurred
-
before the transaction is committed
-
after a new instance is persisted to the database
-
occurs during a flush or commit operation
-
after the database INSERT has occurred
-
before the transaction is committed
-
Id of the object should be assigned
-
merge for new instances
-
cascade of a persist operation
-
Id of the object may not have been assigned, and code be assigned by the event
How do I assign issues to multiple users - JIRA Latest - Atlassian Documentation - Conf... - 0 views
74More
Permissions | Apache Shiro - 0 views
-
Permission as a statement that defines an explicit behavior or action
-
lowest-level constructs in security polices
-
explicitly define only "what" the application can do
- ...69 more annotations...
-
do not at all describe "who" is able to perform the action(s)
-
Multiple Parts
-
Wildcard Permissions support the concept of multiple levels or parts. For example, you could restructure the previous simple example by granting a user the permission printer:query
-
Multiple Values Each part can contain multiple values. So instead of granting the user both the "printer:print" and "printer:query" permissions, you could simply grant them one: printer:print,query
-
All Values What if you wanted to grant a user all values in a particular part? It would be more convenient to do this than to have to manually list every value. Again, based on the wildcard character, we can do this. If the printer domain had 3 possible actions (query, print, and manage), this: printer:query,print,manage
-
simply becomes this: printer:*
-
Using the wildcard in this way scales better than explicitly listing actions since, if you added a new action to the application later, you don't need to update the permissions that use the wildcard character in that part.
-
Finally, it is also possible to use the wildcard token in any part of a wildcard permission string. For example, if you wanted to grant a user the "view" action across all domains (not just printers), you could grant this: *:view Then any permission check for "foo:view" would return true
-
Instance-Level Access Control
-
instance-level Access Control Lists
-
Checking Permissions
-
SecurityUtils.getSubject().isPermitted("printer:print:lp7200")
-
printer:*:*
-
all actions on a single printer
-
printer:*:lp7200
-
-
missing parts imply that the user has access to all values corresponding to that part
-
printer:print is equivalent to printer:print:*
-
Missing Parts
-
rule of thumb is to
-
use the most specific permission string possible
-
when performing permission checks
-
first part is the
-
domain
-
-
that is being operated on (printer)
-
second part is the
-
action
-
(query) being performed
-
There is no limit to the number of parts that can be used
-
three parts - the first is the
-
domain
-
the second is the
-
action(s)
-
third is the
-
instance(s)
-
allow access to
-
all actions
-
all printers
-
can only leave off parts from the end of the string
-
Performance Considerations
-
runtime implication logic must execute for
-
each assigned Permission
-
implicitly using Shiro's default
-
WildcardPermission
-
which executes the necessary implication logic
-
When using permission strings like the ones shown above, you're
-
Shiro's default behavior for Realm
-
for every permission check
-
all of the permissions assigned to that user
-
need to be checked individually for implication
-
as the number of permissions assigned to a user or their roles or groups increase, the time to perform the check will necessarily increase
-
If a Realm implementor has a
-
more efficient way of checking permissions and performing this implication logic
-
Realm isPermitted* method implementations
-
should implement that as part of their
-
implies
-
user:*:12345
-
user:update:12345
-
printer
-
implies
-
printer:print
-
Implication, not Equality
-
permission
-
checks
-
are evaluated by
-
implication
-
logic - not equality checks
-
the former implies the latter
-
superset of functionality
-
implication logic can be executed at runtime
41More
Security Module Drafts - Apache DeltaSpike - Apache Software Foundation - 0 views
-
Authorization
-
Impersonalization
-
-
authenticates “as a user” or access application imitating his identity - without knowing his password
- ...36 more annotations...
-
elements of the user interface are displayed to the user based on the user's privilege level
-
assign permissions to individual objects within the application’s business domain
-
-
Permissions
-
Permissions assigned to user for a given resource in the tree are inherited by other resources
-
Permissions are inherited
-
persist user, group and role information in database. JPA implementation is his dream
-
Security Module Drafts
-
Identity
-
interface Identity
-
login()
-
logout()
-
getUser()
-
Events LoggedInEvent LoginFailedEvent AlreadyLoggedInEvent PreLoggedOutEvent PostLoggedOutEvent PreAuthenticateEvent PostAuthenticateEvent
-
Object level permission
-
Grant or revoke permissions
-
Group management
-
User/Identity management
-
identity.hasRole
-
identity.hasPermission
-
Permissions model
-
Identity Management (IDM)
-
User, Group and Role
-
Events
-
hooks for common IDM or Security operations
-
Audit and logging for permission and IDM related changes
-
Event API.
-
Impersonalization
-
Impersonalization
-
control which elements of the user interface are displayed to the user based on their assigned permissions
-
ask for permission
-
without need to obtain object from DB
-
String resourceId
-
structure of resources
-
more advanced security resolution mechanisms
-
Rules based engine
-
external services - XACML
3More
Fiddler Web Debugger - Configuring clients - 0 views
-
Debug traffic from another machine (even a device or Unix box)
-
Allow remote clients to connect
-
"HTTP application to use Fiddler? You can either directly configure the WinHTTP application to point to Fiddler, in code, or you can use the following command at the command prompt to tell WinHTTP to use Fiddler: On XP or below: proxycfg -p http=127.0.0.1:8888;https=127.0.0.1:8888 ...or this one to force WinHTTP to use WinINET's proxy settings: proxycfg -u On Vista or above, use an Elevated (admin) command prompt: netsh winhttp set proxy 127.0.0.1:8888 Note: On Windows 7 and earlier, netsh is bitness specific, so you may want to run the above command twice: first using the 32bit NETSH and then using the 64bit NETSH. This blog has more information. This issue was fixed in Windows 8; you can call either NetSh just once to set the proxy for both 32bit and 64bit WinHTTP hosts. Capture traffic from a different account, like ASP.NET on IIS or from a Windows Service? Trying to capture SOAP calls coming from ASP.NET or some background service process? By default, Fiddler registers as the proxy only for the current user account (ASP.NET runs in a different user account). To get a background process (like the ASP.NET or IIS process) to use Fiddler, you must configure that process to use Fiddler. Typically, this is done by editing web.config or machine.config for the ASP.NET installation, or the configuration for the code running within the Windows Service. Please see http://msdn.microsoft.com/en-us/magazine/cc300743.aspx#S4 or the section on .NET or WinHTTP, depending on which network stack the service is using. Configure Windows Phone 7 to use Fiddler? Please see http://blogs.msdn.com/b/fiddler/archive/2011/01/09/debugging-windows-phone-7-device-traffic-with-fiddler.aspx for actual device hardware, or http://blogs.msdn.com/b/fiddler/archive/2010/10/15/fiddler-and-the-windows-phone-emulator.aspx for the emulator. Configure Google Nexus 7 (Andoid 4.1 Jellybean) to use Fiddler? Please see this page. Configure Android Emulator to use Fiddler? Please see http://au
5More
OpenTravel Forum - 0 views
-
OpenTravel Codes in Schema
-
If you are an inventory supplier, you would reference a rate plan code known to your system, such as “DELUXE” or “Deluxe Room”
-
RoomTypeCode
- ...2 more annotations...
-
assigned by the inventory supplier
-
If you are not a supplier, you need to work with your supplier trading partners to get a list of room types supported by their CRS (central reservation system) or PMS (property management system.)
14More
Ending a Sprint - GreenHopper 6.1 - Atlassian Documentation - Confluence - 0 views
-
Ending a Sprint
-
need to have the JIRA 'Project Administrator' permission in the project(s) whose issues are included in the sprint.
-
Once a sprint is closed, you cannot re-open it
- ...11 more annotations...
-
You can release the sprint as a version if you wish
-
In the Completed Issues section of the Sprint Report, just click View in Issue Navigator
-
use JIRA's Bulk Edit to assign all of the issues to the relevant version
-
Note that you will not be able to do this if your "Done" column sets an issue's status to "Closed", as issues are not editable once they are "Closed"
-
need to have the JIRA 'Project Administrator' permission in the project(s) whose issues are included in the sprint.
-
need to have the JIRA 'Project Administrator' permission in the project(s) whose issues are included in the sprint.
-
need to have the JIRA 'Project Administrator' permission in the project(s) whose issues are included in the sprint.
-
need to have the JIRA 'Project Administrator' permission in the project(s) whose issues are included in the sprint.
-
need to have the JIRA 'Project Administrator' permission in the project(s) whose issues are included in the sprint.
-
need to have the JIRA 'Project Administrator' permission in the project(s) whose issues are included in the sprint.
-
Ending a Sprint
4More
Implementing RBAC, a practical approach - ServerCare home - 0 views
-
Implementing RBAC, a practical approach
-
The NIST RBAC model addresses the limitations of RBAC for enterprise-wide deployments, which typically focuses on the increased complexity of managing sufficient roles and assigning adequate role membership within a heterogeneous IT infrastructure
-
Higher management needs to understand that RBAC implementation has a profound impact on the way some parts of the company operate
- ...1 more annotation...
-
For example; certain procedures and workflows will need to be developed (new hire/leaver procedures for example)
10More
shared by kuni katsuya on 01 Sep 12
- No Cached
Managing Project Permissions - JIRA Latest - Atlassian Documentation - Confluence - 0 views
confluence.atlassian.com/...Managing+Project+Permissions
security authorization PermissionScheme example Jira
shared by kuni katsuya on 01 Sep 12
- No Cached
-
Permission Schemes
-
A permission scheme is a set of
-
user/group/role
- ...7 more annotations...
-
assignments for the project permissions
-
Every project has a permission scheme
-
One permission scheme can be associated with multiple projects
-
access rights
-
Permission schemes prevent having to set up permissions individually for every project
-
Once a permission scheme is set up
-
it can be applied to all projects that have the same type of access requirements
12More
shared by kuni katsuya on 01 Sep 12
- No Cached
Managing Project Permissions - JIRA 5.1 - Atlassian Documentation - Confluence - 0 views
confluence.atlassian.com/...Managing+Project+Permissions
security authorization Project Permission PermissionScheme example Jira
shared by kuni katsuya on 01 Sep 12
- No Cached
-
Project permissions can be granted to:
-
Individual usersGroupsProject rolesIssue roles such as 'Reporter', 'Project Lead' and 'Current Assignee''Anyone' (e.g. to allow anonymous access)A (multi-)user picker custom field.A (multi-)group picker custom field. This can either be an actual group picker custom field, or a (multi-)select-list whose values are group names.
-
Many other permissions are dependent on this permission
-
example of dependencies *between* permissions. eg, in this case, work-on-issues permission 'needs' browse-projects permission could be expressed as a permission hierarchy where if work-on-issues permission is granted, means/implies that user already has browse-projects permission (w-o-i perm 'subsumes' b-p perm) might imply permission hierarchy
-
- ...8 more annotations...
-
Permission Schemes
-
A permission scheme is a set of
-
user/group/role
-
assignments for the project permissions
-
Every project has a permission scheme
-
One permission scheme can be associated with multiple projects
-
Permission schemes prevent having to set up permissions individually for every project
-
it can be applied to all projects that have the same type of access requirements
18More
shared by kuni katsuya on 07 Sep 12
- No Cached
Securing Data Access - 0 views
login.salesforce.com/...security_data_access.htm
security SecurityModel authorization PermissionScheme permissions example salesforce.com
shared by kuni katsuya on 07 Sep 12
- No Cached
-
assign
-
permission sets
-
profiles
- ...15 more annotations...
-
fields
-
objects
-
that users can access
-
that users can access
-
use field-level security
-
individual records
-
that users can view and edit, you can set your
-
organization-wide sharing settings
-
define a
-
role hierarchy
-
, and create
-
sharing rules
-
Object-Level Security
-
Permission Sets
-
Profiles
3More
shared by kuni katsuya on 02 Aug 12
- No Cached
3 ways to serialize Java Enums | Vineet Manohar's blog - 0 views
www.vineetmanohar.com/...3-ways-to-serialize-java-enums
java enum BestPractices Hibernate EnumUserType
shared by kuni katsuya on 02 Aug 12
- No Cached
-
Mapping enum to database column using JPA/Hibernate You can use any of the 3 approaches discussed above. Map the enum to an integer column. The persistence implementation should automatically convert enum to ordinal() and back for you. Map the enum to a String column. The persistence implementation should automatically convert the enum value to String value via the name() function. Map the enum using a business value. You should mark the enum field as @Transient, and create another String field which you can map to a String column in your database table. Here’s an example code snippet. view plaincopy to clipboardprint?@Entity public class Product { @Column private String colorValue; @Transient public Color getColor() { return Color.fromValue(colorValue); } public void setColor(Color color) { this.colorValue = color.toValue(); } }
-
Approach 3: Using a user defined business value – Recommended approach! This approach involves assigning a an explicit user defined value to each enum constant and defining a toValue() and fromValue() methods on the enum to do the serialization and deserialization.
-
public enum Color { RED("RED"), GREEN("GREEN"), BLUE("BLUE"), UNKNOWN("UNKNOWN"); private final String value; Color(String value) { this.value = value; } public static Color fromValue(String value) { if (value != null) { for (Color color : values()) { if (color.value.equals(value)) { return color; } } } // you may return a default value return getDefault(); // or throw an exception // throw new IllegalArgumentException("Invalid color: " + value); } public String toValue() { return value; } public static Color getDefault() { return UNKNOWN; } } public enum Color { RED("RED"), GREEN("GREEN"), BLUE("BLUE"), UNKNOWN("UNKNOWN"); private final String value; Color(String value) { this.value = value; } public static Color fromValue(String value) { if (value != null) { for (Color color : values()) { if (color.value.equals(value)) { return color; } } } // you may return a default value return getDefault(); // or throw an exception // throw new IllegalArgumentException("Invalid color: " + value); } public String toValue() { return value; } public static Color getDefault() { return UNKNOWN; } } This approach is better than approach 1 and approach 2 above. It neither depends on the order in which the enum constants are declared nor on the constant names.
22More
Java Authorization Guide | Apache Shiro - 0 views
-
Java Authorization Guide with Apache Shiro
-
Levels of permission granularity
-
specify an actions (open, read, delete, etc)
- ...18 more annotations...
-
resource (door, file, customer record, etc)
-
define a permission to any depth
-
Resource Level
-
Instance Level
-
Attribute Level
-
instance of a resource
-
attribute of an instance or resource
-
Permissions Defined
-
Permissions represent what can be done in your application
-
A well formed permission describes a resource types and what actions are possible when you interact with those resources
-
Roles Defined
-
Roles are effectively a collection of permissions
-
Explicit Roles
-
An explicit role has permissions explicitly assigned to it and therefore is an explicit collection of permissions
-
Implicit Roles
-
-
Annotation Authorization
-
@RequiresPermissions(“account:create”)
-
Permission Check
15More
Application Security With Apache Shiro - 0 views
-
previously known as the JSecurity project
-
The word Subject is a security term that basically means "the currently executing user"
-
Core Concepts: Subject, SecurityManager, and Realms
- ...12 more annotations...
-
Subject
-
'Subject' can mean a human being, but also a 3rd party process, daemon account, or anything similar. It simply means 'the thing that is currently interacting with the software'
-
Subject currentUser = SecurityUtils.getSubject();
-
SecurityManager
-
SecurityManager manages security operations for all users
-
Realms
-
Realm acts as the ‘bridge’ or ‘connector’ between Shiro and your application’s security data. That is, when it comes time to actually interact with security-related data like user accounts to perform authentication (login) and authorization (access control), Shiro looks up many of these things from one or more Realms configured for an application.
-
Realm is essentially a security-specific DAO
-
Shiro provides out-of-the-box Realms to connect to a number of security data sources (aka directories) such as LDAP, relational databases (JDBC), text configuration sources like INI and properties files, and more
-
Authorization
-
A permission is a raw statement of functionality, for example ‘open a door’, ‘create a blog entry’, ‘delete the ‘jsmith’ user’, etc. By having permissions reflect your application’s raw functionality, you only need to change permission checks when you change your application’s functionality. In turn, you can assign permissions to roles or to users as necessary at runtime.
-
“Run As” support for assuming the identity of another Subject
18More
Seam - Contextual Components - 0 views
-
15.6. Authorization
-
Seam Security is built around the premise of users being granted roles and/or permissions, allowing them to perform operations that may not otherwise be permissible for users without the necessary security privileges
-
15.6.1. Core concepts
- ...15 more annotations...
-
15.6.1.1. What is a role? A role is a group, or type, of user that may have been granted certain privileges for performing one or more specific actions within an application
-
used to create logical groups of users for the convenient assignment of specific application privileges
-
15.6.1.2. What is a permission? A permission is a privilege (sometimes once-off) for performing a single, specific action. It is entirely possible to build an application using nothing but permissions, however roles offer a higher level of convenience when granting privileges to groups of users
-
consisting of three "aspects";
-
a target
-
an action
-
a recipient
-
An empty @Restrict implies a permission check of componentName:methodName
-
implied permission required to call the delete() method is account:delete
-
equivalent of this would be to write @Restrict("#{s:hasPermission('account','delete')}")
-
@Restrict annotation may reference any objects that exist within a Seam context. This is extremely useful when performing permission checks for a specific object instance.
-
selectedAccount
-
selectedAccount
-
Identity.instance().checkRestriction
-
If the expression specified doesn't evaluate to true, either if the user is not logged in, a NotLoggedInException exception is thrown or if the user is logged in, an AuthorizationException exception is thrown.
8More
shared by kuni katsuya on 06 Jun 12
- No Cached
ListCollectionView/ArrayCollection tip for using GraniteDS - Ross Henderson - 0 views
blog.rosshenderson.info/...ection-tip-for-using-graniteds
graniteds tip ListCollectionView ArrayCollection
shared by kuni katsuya on 06 Jun 12
- No Cached
-
The reason why GraniteDS generates properties of type ListCollectionView is simple : it internally uses collections implementations that extend ListCollectionView and not ArrayCollection. But as you have described when you manually assign collections, you should use ArrayCollection. It’s exactly the same as in Java when you do List list = new ArrayList().
-
ListCollectionView/ArrayCollection tip for using GraniteDS
-
new ListCollectionView();
- ...4 more annotations...
-
instead of this:
-
do this:
-
new ArrayCollection();
-
I’m not really sure what the deal is
-
23More
JPA Reference Guide - JBoss AS 7.1 - Project Documentation Editor - 0 views
-
Troubleshooting The org.jboss.as.jpa logging can be enabled to get the following information: INFO - when persistence.xml has been parsed, starting of persistence unit service (per deployed persistence.xml), stopping of persistence unit service DEBUG - informs about entity managers being injected, creating/reusing transaction scoped entity manager for active transaction TRACE - shows how long each entity manager operation took in milliseconds, application searches for a persistence unit, parsing of persistence.xml
-
Container-managed Extended Persistence context
-
extended persistence context can
- ...20 more annotations...
-
span multiple transactions
-
and allows data modifications to be queued up (like a shopping cart),
-
without an active JTA transaction
-
EXTENDED
-
entity lifecycle
-
is managed by the underlying persistence provider.
-
New (transient):
-
an entity is new if it has just been instantiated using the new operator, and it is not associated with a persistence context. It has no persistent representation in the database and no identifier value has been assigned.
-
Managed (persistent):
-
a managed entity instance is an instance with a persistent identity that is currently associated with a persistence context.
-
Detached:
-
the entity instance is an instance with a persistent identity that is no longer associated with a persistence context, usually because the persistence context was closed or the instance was evicted from the context.
-
Removed:
-
a removed entity instance is an instance with a persistent identity, associated with a persistence context, but scheduled for removal from the database.
-
Replacing the current Hibernate 4.0.x jars with a newer version
-
update the current as7/modules/org/hibernate/main folder
-
Delete *.index files in as7/modules/org/hibernate/main and as7/modules/org/hibernate/envers/main folders
-
Remove the older jars and copy new Hibernate jars into as7/modules/org/hibernate/main + as7/modules/org/hibernate/envers/main.
-
Update the as7/modules/org/hibernate/main/module.xml
-
as7/modules/org/hibernate/envers/main/module.xml to name the jars that you copied in.