Group items matching

in title, tags, annotations or url

Entity Beans in combination with an EntityManager

use CDI to inject the EntityManager into my JpaRealm

JpaRealm is not container managed but is instantiated by Shiro

delegate your JpaRealm into @Stateless EJB, which can @Inject EntityManager

JpaRealm

@PersistenceContext   private EntityManager entityManager;

EnvironmentLoaderListener

found the cause

Instead of configuring the ShiroFilter in my web.xml I had the IniShiroFilter configured. The IniShiroFilter creates a new SecurityManager from the ini file. This new SecurityManager didn't know about the realm I've added in my EnvironmentLoader, so it didn't have any realms.

I replaced it with the ShiroFilter in my web.xml and all seems to be working now with my CdiEnvironmentLoaderListener.

always have to include this library in either WEB-INF/lib

support for CDI is included in the library granite-cdi.jar

10.1. Configuration with Servlet 3 On Servlet 3 compliant containers, GraniteDS can use the new APIs to automatically register its own servlets and filters and thus does not need any particular Configuration in web.xml. This automatic setup is triggered when GraniteDS finds a class annotated with @FlexFilter in one of the application archives:

@FlexFilter(configProvider=CDIConfigProvider.class) public class GraniteConfig { }  

list of annotation names that enable remote access to CDI beans

@FlexFilter declaration will setup an AMF processor for the specified url pattern

@TideEnabled

@RemoteDestination

always declared by default

10.3.2. Typesafe Remoting with Dependency Injection

It is possible to benefit from even more type safety by using the annotation [Inject] instead of In. When using this annotation, the full class name is used to find the target bean in the CDI context instead of the bean name.

Security

integration between the client RemoteObject credentials and the server-side container security

client-side component named

API to define runtime authorization checks on the Flex UI

bindable property

represents the current authentication state

integrated with server-side role-based security

clear the security cache manually with

file listed under the filename parameter can be deployed to the server using the deploy goal

deploy

redeploy

undeploy

<phase>install</phase>

<goal>deploy</goal>

Deploying other artifacts

possible to deploy other artifacts that are not related to your deployment, e.g. database drivers:

<phase>install</phase>

<goal>deploy-artifact</goal>

<configuration> <groupId>postgresql</groupId> <artifactId>postgresql</artifactId> <name>postgresql.jar</name> </configuration>

artifact must be already listed as a dependency in the projects pom.xml.

Deploying your application in domain mode.

add the domain tag as well as specify at least one server group.

<domain> <server-groups> <server-group>main-server-group</server-group> </server-groups> </domain>

Subject

'Subject' can mean a human being, but also a 3rd party process, daemon account, or anything similar. It simply means 'the thing that is currently interacting with the software'

Subject currentUser = SecurityUtils.getSubject();

SecurityManager

SecurityManager manages security operations for all users

Realms

Realm acts as the ‘bridge’ or ‘connector’ between Shiro and your application’s security data. That is, when it comes time to actually interact with security-related data like user accounts to perform authentication (login) and authorization (access control), Shiro looks up many of these things from one or more Realms configured for an application.

Realm is essentially a security-specific DAO

Shiro provides out-of-the-box Realms to connect to a number of security data sources (aka directories) such as LDAP, relational databases (JDBC), text configuration sources like INI and properties files, and more

Authorization

A permission is a raw statement of functionality, for example ‘open a door’, ‘create a blog entry’, ‘delete the ‘jsmith’ user’, etc. By having permissions reflect your application’s raw functionality, you only need to change permission checks when you change your application’s functionality. In turn, you can assign permissions to roles or to users as necessary at runtime.

“Run As” support for assuming the identity of another Subject

 logout() 

An implementation of this interface must be thread safe

If authorization fails, either because the user is not logged in or because it doesn't have required rights, it must throw an appropriate org.granite.messaging.service.security.SecurityServiceException.

Writing a Security Service

nothing to do with a true Flex destination

only one instance of this service is used in the entire web-app and will be called by concurrent threads

This method is called upon each and every service method call invocations (RemoteObject) or subscribe/publish actions (Consumer/Producer). When used with RemoteObjects, the authorize method is responsible for checking security, calling the service method, and returning the corresponding result.

default implementation of this method in AbstractSecurityService is to do nothing

security services are not exposed to outside calls

character encoding

could either be automatically detected from the server configuration, or could be configured by the user through the useUnicode and characterEncoding properties

character encoding between client and server is automatically detected upon connection

character_set_server for server versions 4.1.0 and newer

To override the automatically detected encoding on the client side, use the characterEncoding property in the URL used to connect to the server.

jboss.as.jpa.adapterModule

jboss.as.jpa.adapterClass

org.jboss.as.jpa.hibernate3.HibernatePersistenceProviderAdaptor

Working with other persistence providers

A project to build integration for persistence providers like EclipseLink, is here.

Troubleshooting

“org.jboss.as.jpa” logging can be enabled to get the following information: INFO - when persistence.xml has been parsed, starting of persistence unit service (per deployed persistence.xml), stopping of persistence unit service DEBUG - informs about entity managers being injected, creating/reusing transaction scoped entity manager for active transaction TRACE - shows how long each entity manager operation took in milliseconds, application searches for a persistence unit, parsing of persistence.xml

To enable TRACE, open the as/standalone/configuration/standalone.xml (or as/domain/configuration/domain.xml) file. Search for <subsystem xmlns="urn:jboss:domain:logging:1.0"> and add the org.jboss.as.jpa category

Packaging the Hibernate 3.5 or greater 3.x JPA persistence provider with your application

jboss.as.jpa.providerModule needs to be set to hibernate3-bundled.

<property name="jboss.as.jpa.providerModule" value="hibernate3-bundled" />

Sharing the Hibernate 3.5 or greater JPA persistence provider between multiple applications

Applications can share the same Hibernate3 (for Hibernate 3.5 or greater) persistence provider by manually creating an org.hibernate:3 module (in the AS/modules folder). Steps to create the Hibernate3 module:

<property name="jboss.as.jpa.providerModule" value="org.hibernate:3" />

Due to the limited capabilities of the ActionScript 3 reflection API than cannot access private fields, it is necessary to create an externalizable AS3 class (implementing flash.utils.IExternalizable and its corresponding externalizable Java class

In both classes you have to implement two methods

the Gas3 generator can automatically generate the writeExternal and readExternal methods.

With GraniteDS automated externalization and without any modification made to our bean, we may serialize all properties of the Person class, private or not

In order to externalize the Person.java entity bean, we must tell GraniteDS which classes we want to externalize with a

externalize all classes named com.myapp.entity.Person by using the org.granite.hibernate.HibernateExternalizer

you could use this declaration, but note that type in the example above is replaced by

            <include annotated-with="javax.persistence.Entity"/>             <include annotated-with="javax.persistence.MappedSuperclass"/>             <include annotated-with="javax.persistence.Embeddable"/>

: type

annotated-with

Instead of configuring externalizers with the above method, you may use the

feature:

precedence rules for these three configuration options:

Spring 3.1 application