Group items matching

in title, tags, annotations or url

When the application inserts or updates an object, it will set these fields and they will be stored in the database. JPA events could also be used to record the audit information, or to write to a separate audit table.

Example AuditedObject class

@MappedSuperclass public Class AuditedObject {

@Column("AUDIT_USER"); protected String auditUser; @Column("AUDIT_TIMESTAMP"); protected Calendar auditTimestamp;

@PrePersist @PreUpdate public void updateAuditInfo() { setAuditUser((String)AuditedObject.currentUser.get()); setAuditTimestamp(Calendar.getInstance()); }

In an EAV data model, each attribute-value pair is a fact describing an entity, and a row in an EAV table stores a single fact

EAV tables are often described as "long and skinny": "long" refers to the number of rows, "skinny" to the few columns

Data is recorded as three columns: The entity: the item being described. The attribute or parameter: a foreign key into a table of attribute definitions. At the very least, the attribute definitions table would contain the following columns: an attribute ID, attribute name, description, data type, and columns assisting input validation

The value of the attribute

Row modeling, where facts about something (in this case, a sales transaction) are recorded as multiple rows rather than multiple columns

differences between row modeling and EAV (which may be considered a generalization of row-modeling) are:

A row-modeled table is homogeneous in the facts that it describes

The data type of the value column/s in a row-modeled table is pre-determined by the nature of the facts it records. By contrast, in an EAV table, the conceptual data type of a value in a particular row depend on the attribute in that row

In the EAV table itself, this is just an attribute ID, a foreign key into an Attribute Definitions table

The Attribute

The Value

Coercing all values into strings

larger systems use separate EAV tables for each data type (including binary large objects, "BLOBS"), with the metadata for a given attribute identifying the EAV table in which its data will be stored

Where an EAV system is implemented through RDF, the RDF Schema language may conveniently be used to express such metadata

access to metadata must be restricted, and an audit trail of accesses and changes put into place to deal with situations where multiple individuals have metadata access

quality of the annotation and documentation within the metadata (i.e., the narrative/explanatory text in the descriptive columns of the metadata sub-schema) must be much higher, in order to facilitate understanding by various members of the development team.

Attribute metadata

Validation metadata include data type, range of permissible values or membership in a set of values, regular expression match, default value, and whether the value is permitted to be null

Presentation metadata: how the attribute is to be displayed to the user

Grouping metadata: Attributes are typically presented as part of a higher-order group, e.g., a specialty-specific form. Grouping metadata includes information such as the order in which attributes are presented

Advanced validation metadata Dependency metadata:

highly type-safe

consistent

portable

CDI enhances the Java EE programming model in two more important ways

allows you to use EJBs directly as JSF backing beans

CDI allows you to manage the scope, state, life-cycle and context for objects in a much more declarative fashion, rather than the programmatic way

CDI has no component model of its own

set of services that are consumed by Java EE components such as managed beans, Servlets and EJBs.

well-defined create/destroy life-cycle that you can get callbacks for via the @PostConstruct and @PreDestroy annotations.

Managed beans

annotation

CDI also integrates with JSF via EL bean name resolution

CDI does not directly support business component services such as transactions, security, remoting, messaging

JSR 330 defines a minimalistic API for dependency injection solutions and is primarily geared towards non-Java EE environments.

Figure 1 shows how CDI fits with the major APIs in the Java EE platform.

none of this uses string names that can be mistyped and all the code is in Java and so is checked at compile time

are additional pieces of meta-data that narrow down a particular class when more than one candidate for injection exists

Separating object id and business key

recommend using the "semi"-unique attributes of your persistent class to implement equals() (and hashCode()

The database identifier property should only be an object identifier, and basically should be used by Hibernate only

Instead of using the database identifier for the equality comparison, you should use a set of properties for equals() that identify your individual objects

"name" String and "created" Date, I can use both to implement a good equals() method

Workaround by forcing a save/flush

work around by forcing a save() / flush() after object creation and before insertion into the set

Note that it's highly inefficient and thus not recommended

 getRoleNamesForUser(Connection conn, String username) 

elements of the user interface are displayed to the user based on the user's privilege level

assign permissions to individual objects within the application’s business domain

Permissions

Permissions assigned to user for a given resource in the tree are inherited by other resources

Permissions are inherited

persist user, group and role information in database. JPA implementation is his dream

Security Module Drafts

Identity

interface Identity

login()

logout()

getUser()

Events LoggedInEvent LoginFailedEvent AlreadyLoggedInEvent PreLoggedOutEvent PostLoggedOutEvent PreAuthenticateEvent PostAuthenticateEvent

Object level permission

Grant or revoke permissions

Group management

User/Identity management

identity.hasRole

identity.hasPermission

User, Group and Role

hooks for common IDM or Security operations

Audit and logging for permission and IDM related changes

Event API.

Impersonalization

Impersonalization

control which elements of the user interface are displayed to the user based on their assigned permissions

ask for permission

more advanced security resolution mechanisms

Rules based engine

external services - XACML

GraniteDS validation framework provides a set of standard constraints

Constraint Description AssertFalse The annotated element must be false AssertTrue The annotated element must be true DecimalMax The annotated element must be a number whose value must be lower or equal to the specified maximum DecimalMin The annotated element must be a number whose value must be greater or equal to the specified minimum Digits The annotated element must be a number whithin accepted range Future The annotated element must be a date in the future Max The annotated element must be a number whose value must be lower or equal to the specified maximum Min The annotated element must be a number whose value must be greater or equal to the specified minimum NotNull The annotated element must not be null Null The annotated element must be null Past The annotated element must be a date in the past Pattern The annotated String must match the supplied regular expression Size The annotated element size must be between the specified boundaries (included)

must use

Note that the bundle name must always be set to "ValidationMessages".

Log date and time

Event date and time

Application identifier

Application address

User identity

Type of event

Severity of event

Description

Action

original intended purpose of the request

Object

affected component

Result status

Reason

Extended details

Data to exclude

Access tokens

Session identification values

Sensitive personal data

passwords

Database connection strings

Encryption keys

payment

Information a user has opted out of collection

Synchronize time across all servers and devices

Input validation failures

Which events to log

proportional to the information security risks

Always log:

Authentication successes and failures

Authorization failures

Session management failures

Application errors and system events

Application and related systems start-ups and shut-downs

Use of higher-risk functionality

new entity has no id until it has been persisted to the database

take care that you have added the [Lazy] annotation to your Flex metadata compilation configuration