Skip to main content

Home/ SoftwareEngineering/ Group items matching "performance" in title, tags, annotations or url

Group items matching
in title, tags, annotations or url

Sort By: Relevance | Date Filter: All | Bookmarks | Topics Simple Middle
17More

Testing | Apache Shiro - 0 views

shiro.apache.org/testing.html security ApacheShiro testing
shared by kuni katsuya on 22 Sep 12 - No Cached
  • Testing with Apache Shiro
  • how to enable Shiro in unit tests.
  • Subject
  • ...14 more annotations...
  • is security-specific view of the
  • 'currently executing' user
  • and that Subject instances are always bound to a thread to ensure we know who is executing logic at any time during the thread's execution
  • Subject instance must be created
  • Subject instance must be bound to the currently executing thread
  • Subject must be unbound to ensure that the thread remains 'clean' in any thread-pooled environment
  • Shiro has architectural components that perform this bind/unbind logic automatically
  • root Shiro Filter performs this logic when filtering a request
  • after creating a Subject instance, it must be bound to thread
  • Test Setup
  • 'setup' and 'teardown'
  • can be used in both unit testing and integration testing
  • AbstractShiroTest
  • abstract class AbstractShiroTest
31More

TH01-EP03-US004 - Property Mgmt, Edit Location & Directions, Content Mgmt - Projects - ... - 0 views

confluence.visualfrenzy.com/...viewpage.action
shared by kuni katsuya on 06 Dec 12 - No Cached
  • Property Mgmt
  • Property Mgmt
  • Property Mgmt
  • ...18 more annotations...
  • Property Mgmt
  • Property Mgmt
  • Property Mgmt
  • As a user
    • kuni katsuya
      kuni katsuya on 06 Dec 12
       
      with what granted roles? from which organization?
  • ability to see
    • kuni katsuya
      kuni katsuya on 06 Dec 12
       
      permissions required: retrieve these resource types
  • Location Type
  • Description
  • Airports
  • belonging to other organizations
    • kuni katsuya
      kuni katsuya on 06 Dec 12
       
      content (license) owned by organization different than user's
  • clone this information
    • kuni katsuya
      kuni katsuya on 06 Dec 12
       
      clone = retrieve, then create ie. required permissions: {retrieve,create:}
  • have the rights
    • kuni katsuya
      kuni katsuya on 06 Dec 12
       
      generally speaking, there can be a few independent but overlapping mechanism that will control who is allowed to do what with content: 1. any subject's access to the content itself can be controlled via authorization rules (ie. required vs granted permissions) enforced via system-wide resource-based access control 2. content licensors (~content owners) can restrict the usage of their content by: * whom - ie. content licensee (legally/commercially represented by an organization) * how - eg. reuse as unmodified, create derivatives, composite, redistribute, etc * where - ie. distribution channels their content can be used (eg. only on hotel's vbrochure site, but not in any ids/gds channels) * when - temporal restrictions may limit scope of content license grant by: start, end, duration, season, etc 3. content licensees can further filter or funnel content available to them (resulting from a combination of license granted to them and access control) based on their own criteria (eg. generate a templated hotel presentation only if: at least 1 textual description, 5 photos and 1 video for a hotel is available with a license to combine them (composite content)
  • see how other organizations describe the property
    • kuni katsuya
      kuni katsuya on 06 Dec 12
       
      permission required: retrieve hotel descriptive content(?) owned by independent organization
  • Property Mgmt
  • which textual information
  • displayed
    • kuni katsuya
      kuni katsuya on 06 Dec 12
       
      displayed where? on specific channels?
  • ECM will ask user to confirm that the user has rights to use that content
    • kuni katsuya
      kuni katsuya on 06 Dec 12
       
      if ecm/vfml is to manage content licensing as a third party between organizations (content licensors & licensees) shouldn't ecm *know* if the user('s organization) has rights to use the content in question? is this question posed to the user (with required explicit acknowledgement) purely to absolve vfml from liability issues that may result from licensing disagreements?
  • property’s
    • kuni katsuya
      kuni katsuya on 06 Dec 12
       
      this being the user's (organization's) 'version'or 'view'of the hotel, since this user normally wouldn't/shouldn't be granted permissions to replace content for a hotel on a different organization's 'view'or 'version' of the same hotel
  • to see the user’s original content
    • kuni katsuya
      kuni katsuya on 06 Dec 12
       
      this implies that *at least* one version of such (temporarily) replaceable content needs to be managed/maintaned to allow reverting what if, deliberately, ignorantly or maliciously, a user replaces the same piece of--textual or any type, really--content for this hotel n times? will all n versions be required to be managed as an undo history? the user's ''original content'' might have been version 1, but equally might have been 1 mean: - previous version of the content, regardless of which user - initial version of that content attached to the hotel regardless of which user created/updated it and ignoring which organization owns it?, or, -
30More

Access Tokens and Types - Facebook Developers - 0 views

developers.facebook.com/...access-tokens-and-types Facebook login authentication AccessToken FacebookAPI
shared by kuni katsuya on 27 Mar 13 - No Cached
  • Access Tokens and Types
  • Access Tokens
  • random string that provides temporary, secure access to Facebook APIs
  • ...27 more annotations...
  • token identifies a User, App or Page session and provides information about granted permissions
  • Types
  • User Access
  • generated in the login flow when a
  • Facebook Pages
  • on behalf of a user
  • use this token to perform API calls
  • Page Access
  • used to
  • manage
  • user grants permissions to an app
  • user who is the
  • App Secret or an App Access token should never be included in any code that could be accessed by anyone other than a developer of the app
  • must grant an extended permission called
  • manage_pages
  • use this type of token to make API calls
  • on behalf of a page
  • unique to each page, admin and app
  • App Access
  • useful to modify app settings, create and manage test users or read App Insights data
  • use app tokens to publish or delete content
  • on behalf of a user
  • unique to each app
  • Security Best Practices
  • extremely important that an App Secret is not compromised
  • Page admin
  • App Access Tokens should only be used directly from your app's servers in order to provide the best security
14More

CQ Digital Asset Management - 0 views

dev.day.com/...dam_documentation.html
shared by kuni katsuya on 01 Feb 13 - No Cached
  • primary representation
    • kuni katsuya
      kuni katsuya on 01 Feb 13
       
      ie. source media file
  • Renditions may be of a different size, with a different resolution, with an added watermark, or some other changed characteristic
    • kuni katsuya
      kuni katsuya on 01 Feb 13
       
      ie. 'encoded' version of original media file (cropped thumbnail, different bitrate/codec video, etc)
  • Sub-assets
  • ...8 more annotations...
  • assets that make up an asset
    • kuni katsuya
      kuni katsuya on 01 Feb 13
       
      cleaner to model via composites(?)
  • Metadata
  • Collection
  • collection of assets
  • perform an action on an asset or collection
  • trigger preconfigured workflows
  • Renditions
  • uploaded file
10More

Graph database - Wikipedia, the free encyclopedia - 0 views

en.wikipedia.org/...Graph_database
shared by kuni katsuya on 12 Dec 12 - Cached
  • are pertinent information that relate to nodes
    • kuni katsuya
      kuni katsuya on 12 Dec 12
       
      ie. attributes of the entities (aka nodes)
  • Edges
  • are the lines that connect
  • ...6 more annotations...
  • nodes to nodes
  • nodes to properties
  • they represent the relationship between the two
  • Most of the important information is really stored in the edges
  • depend less on a rigid schema, they are more suitable to manage ad-hoc and changing data with evolving schemas
  • Conversely, relational databases are typically faster at performing the same operation on large numbers of data elements
25More

Java Persistence/Mapping - Wikibooks, open books for an open world - 0 views

en.wikibooks.org/...Mapping
shared by kuni katsuya on 11 Oct 12 - Cached
  • Access Type
  • field
  • get method
  • ...21 more annotations...
  • FIELD
  • PROPERTY
  • Either all annotations must be on the fields, or all annotations on the get methods, but not both (unless the @AccessType annotation is used)
  • if placed on a get method, then the class is using PROPERTY access
  • For FIELD access the class field value will be accessed directly to store and load the value from the database
  • field can be private or any other access type
  • FIELD is normally safer, as it avoids any unwanted side-affect code that may occur in the application get/set methods
  • For PROPERTY access the class get and set methods will be used to store and load the value from the database
  • PROPERTY has the advantage of allowing the application to perform conversion of the database value when storing it in the object
  • be careful to not put any side-affects in the get/set methods that could interfere with persistence
  • Common Problems
  • Odd behavior
  • One common issue that can cause odd behavior is
  • using property access and putting side effects in your get or set methods
  • For this reason it is generally recommended to
  • use field access in mapping, i.e. putting your annotations on your variables not your get methods
  • causing duplicate inserts, missed updates, or a corrupt object model
  • if you are going to use property access, ensure your property methods are free of side effects
  • Access Type
  • Access Type
  • Access Type
  • kuni katsuya on 11 Oct 12
     
    "Access Type"
11More

MySQL :: MySQL 5.1 Reference Manual :: 5.1.7 Server SQL Modes - 0 views

dev.mysql.com/...server-sql-mode.html
shared by kuni katsuya on 23 Oct 12 - No Cached
  • Modes define what SQL syntax MySQL should support and what kind of data validation checks it should perform
  • Server SQL Modes
  • When working with InnoDB tables using the InnoDB Plugin, consider also the innodb_strict_mode configuration option. It enables additional error checks for InnoDB tables, as listed in InnoDB Strict Mode
  • ...7 more annotations...
  • Setting the SESSION variable affects only the current client. Any client can change its own session sql_mode value at any time
  • To avoid this, it is best to use single-row statements because these can be aborted without changing the table
    • kuni katsuya
      kuni katsuya on 21 May 13
       
      ie. the cheezy and hugely time consuming workaround for avoiding the partial update failure issue with slaves (ie. master-slave data skew)
  • STRICT_TRANS_TABLES
  • Strict mode does not affect whether foreign key constraints are checked
  • POSTGRESQL
  • ORACLE
  • TRADITIONAL
23More

Collaboration Best Practices - 3 Reasons Interruptions are Hurting Your Team's Producti... - 0 views

blogs.atlassian.com/...nterruptions-hurt-productivity agile productivity anti-patterns
shared by kuni katsuya on 01 Nov 12 - No Cached
  • Interruptions Hurt Your Team’s Productivity
  • Productivity is futile in the face of constant interruptions
  • work is scattered through shared network drives, hard drives, and email
    • kuni katsuya
      kuni katsuya on 01 Nov 12
       
      or sharepoint, confluence, jira, word docs, pdf docs, spreadsheets, walled post-it notes, emails... not universally or easily searchable. arghhh...
  • ...17 more annotations...
  • Charging towards a common goal is difficult when:
  • center on meetings alone.
  • When disorganization and uncertainty is the norm, clarification and re-clarification is needed to regularly keep a team focused and working together
  •  waste A LOT of your time
  • Information isn’t located in a centralized place so it isn’t easily accessible to everyone.
  • It’s just easier to ask someone else because they are a Subject Matter Expert (SME). Both.
  • 2. Interruptions encourage multi-tasking, which is bad
  • 1. Most interruptions are trivial and could be avoided
  • it takes most people 16 minutes to refocus after sending an email while doing other work
    • kuni katsuya
      kuni katsuya on 01 Nov 12
       
      it takes most software engineers *at least* 20-30 minutes to get back into 'the zone' following an unrelated distraction
  • No wonder people like to work from home!
  • To perform at your productive best, you need your best focus, something that’s unachievable when you’re constantly interrupted
  • 3. Recovering from interruptions takes longer than you think
  • Between email, meetings, and interruptions (both active and passive),
  • there’s hardly time to get any work done while you’re actually at work.
  • Pro-Tip: Only turn on email and instant message when you need to use them
    • kuni katsuya
      kuni katsuya on 01 Nov 12
       
      ie. never?  ;) though then, you end up with 5,932 unread emails in your inbox and 113 angry co-workers!
  • To combat such interruption, check these tools 3 times a day – when you first get into the office in the morning, around lunch, and before going home for the night – and turn them off otherwise.
  • reduce the rate at which interruptions occur
9More

Adobe - real time data streaming | Adobe LiveCycle Data Services ES3: Solutions - 0 views

www.adobe.com/...compare.html livecycle es blazeds comparison lcds
shared by kuni katsuya on 18 May 12 - Cached
  • BlazeDS
  • Java NIO high-performance messaging (thousands of clients per CPU) No Yes Real Time Messaging Protocol (RTMP) No Yes Data throttling No Yes Reliable communications
  • Managed remoting
  • ...6 more annotations...
  • Transaction (batch processing)
  • Data paging
  • Lazy loading (on demand)
  • Conflict resolution and synchronization
  • SQL adapter
  • Hibernate adapter No Yes "Fiber-aware" assembler No Yes Offline synchronization framework
22More

Enterprise Architect - Product Demonstrations - 0 views

www.sparxsystems.com/...index.html enterprisearchitect overview video
shared by kuni katsuya on 27 Jun 12 - Cached
  • Part 2 Subversion Setting up a Subversion repository for use with Enterprise Architect models.
  • Part 4 Configure & Connect Configuring Enterprise Architect and connecting to your Version Control system.
  • Part 5 Controlled Packages Working with version controlled UML packages in Enterprise Architect.
  • ...19 more annotations...
  • Eclipse A tour of MDG Integration for Eclipse.
  • Baseline Diagram Comparison Conduct a visual diagram comparison between your current diagram and a previous baseline .
  • Personal Information Window See how the Personal Information Window in Enterprise Architect can help you organize your daily tasks and workflow.
  • Working Sets As you perform work on your model, you open various windows, diagrams and views. Working Sets allow you to return to these same views in a later work session.
  • Business Rules A car rental system is used to illustrate how to generate executable business rules using Enterprise Architect.
  • Menu Customization Quickly and easily suppress individual menu items or entire categories of commands to create custom menu layouts.
  • Floating and Dockable Windows Save the position and layout of Floating and Dockable Windows using a Working Set in the Personal Information Window.
  • Build and Debug a Java Application Set up Enterprise Architect to build and debug a Java Application, using a VEA sample project.
  • Sequence Diagrams Learn how to create a simple Sequence diagram. The video also illustrates how to bring your Sequence diagram to life using model simulation.
  • HTML Report Generation This brief introduction illustrates how to automatically generate a HTML Report using Enterprise Architect.
  • Basic Use Case Demonstration A guide to constructing a Use Case model in under 30 seconds, including use cases, notes and issues.
  • Traceability within Enterprise Architect This video examines Traceability and discusses how to use Enterprise Architect to conduct an Impact Analysis.
  • Requirements Reporting A brief overview of requirements reporting in Enterprise Architect. Topics include document generation in web and RTF formats, report customization and virtual documents, including Model and Master documents.
  • Requirements Traceability An examination of requirements traceability in Enterprise Architect. Topics include traceability views, tracing to external artifacts, conducting an impact analysis, viewing the Relationship Matrix and using Enterprise Architect's Auditing capabilities.
  • Requirements Modeling A brief overview of requirements modeling in Enterprise Architect. Topics include requirements capture and definition, custom properties, tabular editing, auto-naming and screen prototypes.
  • Installing EA An introductory walk through and discussion of Enterprise Architect in the Software Development Lifecycle.
  • Enterprise Architect 7.5 Overview An overview of Enterprise Architect features released with version 7.5.
  • Introduction to Enterprise Architect An introductory walk through and discussion of Enterprise Architect in the Software Development Lifecycle.
  • Brief Overview The 10 minute guide to Enterprise Architect, from Requirements Management and Business Process Modeling to MDA and Code Engineering.
6More

Migrating from Spring to Java EE 6 - Part 4 | How to JBoss - 0 views

howtojboss.com/...rom-spring-to-java-ee-6-part-4
shared by kuni katsuya on 02 Jul 12 - No Cached
  • discuss the rationale for migrating your applications from Spring to Java EE 6 and show you real examples of upgrading the web UI, replacing the data access layer, migrating AOP to CDI interceptors, migrating JMX, how to deal with JDBC templates, and as an added bonus will demonstrate how to perform integration tests of you Java EE 6 application using Arquillian
  • EntityManagerClinicTest
  • There is also an interesting Arquillian Persistence extension that integrates DBUnit in Arquillian where you can define your test data externally
  • ...3 more annotations...
  • @RunWith(Arquillian.class)
  • JDBC Templates hardly give any abstraction on top of the database and you’re on your own for Object Relational Mapping. We strongly advise to use JPA wherever possible; it gives portability by abstracting most of the database specific SQL that you would need, and it does all the hard and painful work of object mapping
  • small part of your application
4More

Seam Framework - Why is the constructor invoked twice when a normal scoped bean is crea... - 0 views

sfwk.org/...WhenANormalScopedBeanIsCreated cdi constructor invocation @PostConstruct
shared by kuni katsuya on 12 Jul 12 - No Cached
  • Why is the constructor invoked twice when a normal scoped bean is created?
  • What you see is the instantiation of two objects: one is the actual bean instance, the other one is the proxy. Both likely invoke the default constructor.
  • That's why it's generally considered a bad idea to do initialization in class construction code. Instead, when using managed beans (objects managed by the EE container) to perform initialisation in a @PostConstruct or @Inject annotated method.
  • kuni katsuya on 12 Jul 12
     
    Why is the constructor invoked twice when a normal scoped bean is created?
11More

WildcardPermission (Apache Shiro 1.2.1 API) - 0 views

shiro.apache.org/...WildcardPermission.html ApacheShiro permission
shared by kuni katsuya on 29 Aug 12 - No Cached
  • first token is the
  • domain
  • second token is the
  • ...7 more annotations...
  • action b
  • eing performed
  • boolean implies(Permission p)
  • Returns true if this current instance
  • implies all the functionality and/or resource access described by the specified Permission argument
  • false otherwise
  • current instance must be exactly equal to or a superset of the functionalty and/or resource access described by the given Permission argument
  • kuni katsuya on 29 Aug 12
     
    "first token is the"
7More

Permission (Apache Shiro 1.2.1 API) - 0 views

shiro.apache.org/...Permission.html ApacheShiro permission
shared by kuni katsuya on 29 Aug 12 - No Cached
  • A Permission represents the ability to perform an action or access a resource. A Permission is the most granular, or atomic, unit in a system's security policy and is the cornerstone upon which fine-grained security models are built.
  • a Permission instance only represents functionality or access - it does not grant it
  • permissions are immutable and reflect an application's raw functionality
  • ...4 more annotations...
  • because Permissions represent raw functionality and only change when the application's source code changes, they are immutable at runtime - they represent 'what' the system can do
  • by transitive association, the user 'has' the permissions in their roles
  • all Permission checks are relegated to Realm implementations, and only those implementations really determine how a user 'has' a permission or not
  • Realm could use the semantics described here, or it could utilize some other mechanism entirely
42More

Access control - Wikipedia, the free encyclopedia - 0 views

en.wikipedia.org/...Access_control security models authentication authorization
shared by kuni katsuya on 31 Aug 12 - No Cached
  • Computer security
  • authentication, authorization and audit
  • In any access control model, the entities that can perform actions in the system are called subjects, and the entities representing resources to which access may need to be controlled are called objects
  • ...39 more annotations...
  • Principle of least privilege
  • object-capability model, any software entity can potentially act as both a subject and object
  • Access control models used by current systems tend to fall into one of two classes:
  • those based on capabilities
  • those based on access control lists (ACLs)
  • Both capability-based and ACL-based models have mechanisms to allow access rights to be granted to all members of a group of subjects (often the group is itself modeled as a subject)
  • identification and authentication determine who can log on to a system, and the association of users with the software subjects that they are able to control as a result of logging in; authorization determines what a subject can do; accountability identifies what a subject (or all subjects associated with a user) did.
  • Authorization determines what a subject can do on the system
  • Authorization
  • Access control models
  • categorized as either discretionary or non-discretionary
  • three most widely recognized models are
  • Discretionary Access Control (DAC)
  • Mandatory Access Control (MAC)
  • Role Based Access Control (RBAC)
  • Attribute-based access control
  • Discretionary access control
  • Discretionary access control (DAC) is a policy determined by the owner of an object. The owner decides who is allowed to access the object and what privileges they have.
  • Every object in the system has an owner
  • access policy for an object is determined by its owner
  • DAC systems, each object's initial owner is the subject that caused it to be created
  • Mandatory access control
  • Mandatory access control refers to allowing access to a resource
  • if and only if rules exist
  • that allow a given user to access the resource
  • Management is often simplified (over what can be required) if the information can be protected using
  • hierarchical access control
  • or by implementing sensitivity labels.
  • Sensitivity labels
  • A subject's sensitivity label specifies its
  • level of trust
  • level of trust required for access
  • subject must have a sensitivity level equal to or higher than the requested object
  • Role-based access control
  • Role-based access control (RBAC) is an
  • access policy
  • determined by the system
  • not the owner
  • Access control
3More

Shiro User - Instance level security w/ Permissions | Threaded View - 0 views

shiro-user.582556.n2.nabble.com/y-w-Permissions-tt2218218.html security ApacheShiro authorization AuthorizationInfo Role Permission optimization
shared by kuni katsuya on 03 Sep 12 - No Cached
  • idea is to try to keep the number per role low if possible
    • kuni katsuya
      kuni katsuya on 03 Sep 12
       
      ie. keep number of permissions per role low for better performance
  • kuni katsuya on 03 Sep 12
     
    " idea is to try to keep the number per role low if possible"
10More

Realm (Apache Shiro :: Core 1.1.0 API) - 0 views

127.0.0.1/...Realm.html security ApacheShiro Realm authentication authorization user Role Permission
shared by kuni katsuya on 03 Sep 12 - No Cached
  • Interface Realm
  • AuthenticatingRealm
  • AuthorizingRealm
  • ...7 more annotations...
  • JdbcRealm
  • A Realm is a security component that can access application-specific security entities such as users, roles, and permissions to determine authentication and authorization operations
  • security-specific DAOs
  • If for some reason you don't want your Realm implementation to perform authentication duties, you should override the supports(org.apache.shiro.authc.AuthenticationToken) method to always return false
  • does not require you to implement or extend any User, Group or Role interfaces or classes
  • Shiro tries to maintain a non-intrusive development philosophy
  • Most users will not implement the Realm interface directly, but will extend one of the subclasses, AuthenticatingRealm or AuthorizingRealm, greatly reducing the effort requird to implement a Realm from scratch
1More

[Shiro-user] permission everything but this item - Grokbase - 0 views

grokbase.com/...ssion-everything-but-this-item security ApacheShiro authorization NegativePermission AllowDeny
shared by kuni katsuya on 04 Sep 12 - No Cached
  • No, 'negative' permissions are not supported out of the box due to thecomplexity and performance hit it would probably incur
14More

AuthorizingRealm (Apache Shiro 1.2.1 API) - 0 views

shiro.apache.org/...AuthorizingRealm.html security ApacheShiro authorization AuthorizingRealm realm
shared by kuni katsuya on 09 Sep 12 - No Cached
  • perform all role and permission checks automatically
  • getAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection) method returns an AuthorizationInfo
  • subclasses do not have to write this logic
  • ...11 more annotations...
  • If caching is enabled and if any authorization data for an account is changed at runtime, such as adding or removing roles and/or permissions, the subclass implementation should clear the cached AuthorizationInfo for that account via the
  • clearCachedAuthorizationInfo method
  • getAuthorizationInfo
  • AuthorizingRealm
  • AuthorizationInfo getAuthorizationInfo(PrincipalCollection principals)
  • Returns an account's authorization-specific information for the specified principals, or null if no account could be found
  • This implementation obtains the actual AuthorizationInfo object
  • from the subclass's implementation of doGetAuthorizationInfo
  • and then caches it for efficient reuse if caching is enabled
  • clearCachedAuthorizationInfo(PrincipalCollection principals)
  • Clears out the AuthorizationInfo cache entry for the specified account.
‹ Previous 21 - 40 of 55 Next ›
Showing 20 items per page