Deploying your application
Group items matching
in title, tags, annotations or urlUML as a Data Modeling Notation, Part 4 - 0 views
UML as a Data Modeling Notation, Part 3 - 0 views
UML as a Data Modeling Notation, Part 2 - 0 views
Amazon.com: Data Model Patterns: Conventions of Thought (9780932633293): David C. Hay: ... - 0 views
UML as a Data Modeling Notation, Part 1 - 0 views
18More
JBoss AS7 Deployment Plugin - Deploy/Undeploy Examples - 0 views
-
-
plugin goals deploy, undeploy, and redeploy
-
<plugin> <groupId>org.jboss.as.plugins</groupId> <artifactId>jboss-as-maven-plugin</artifactId> <version>7.1.1.Final</version> </plugin>
- ...15 more annotations...
-
file listed under the filename parameter can be deployed to the server using the deploy goal
-
deploy
-
redeploy
-
undeploy
-
<phase>install</phase>
-
<goal>deploy</goal>
-
Deploying other artifacts
-
possible to deploy other artifacts that are not related to your deployment, e.g. database drivers:
-
<phase>install</phase>
-
<goal>deploy-artifact</goal>
-
<configuration> <groupId>postgresql</groupId> <artifactId>postgresql</artifactId> <name>postgresql.jar</name> </configuration>
-
artifact must be already listed as a dependency in the projects pom.xml.
-
Deploying your application in domain mode.
-
add the domain tag as well as specify at least one server group.
-
<domain> <server-groups> <server-group>main-server-group</server-group> </server-groups> </domain>
3More
Dependency Injection in Java EE 6 (Part 6) - 0 views
-
one of the most important value propositions for frameworks like Spring has been the ability to easily extend the framework or integrate third-party solutions
-
SPI allows you to register your own beans, custom scopes, stereotypes, interceptors and decorators with CDI even if is it not included in the automatic scanning process (such as perhaps registering Spring beans as CDI beans), programmatically looking up CDI beans and injecting them into your own objects (such as injecting CDI beans into Spring beans) and adding/overriding annotation-metadata from other sources (such as from a database or property file)
-
SPI can be segmented into three parts. Interfaces like Bean, Interceptor and Decorator model container meta-data (there are a few other meta-data interfaces such as ObserverMethod, Producer, InjectionTarget, InjectionPoint, AnnotatedType, AnnotatedMethod, etc). Each meta-data object encapsulates everything that the CDI container needs to know about the meta-data type
15More
Application Security With Apache Shiro - 0 views
-
previously known as the JSecurity project
-
The word Subject is a security term that basically means "the currently executing user"
-
Core Concepts: Subject, SecurityManager, and Realms
- ...12 more annotations...
-
Subject
-
'Subject' can mean a human being, but also a 3rd party process, daemon account, or anything similar. It simply means 'the thing that is currently interacting with the software'
-
Subject currentUser = SecurityUtils.getSubject();
-
SecurityManager
-
SecurityManager manages security operations for all users
-
Realms
-
Realm acts as the ‘bridge’ or ‘connector’ between Shiro and your application’s security data. That is, when it comes time to actually interact with security-related data like user accounts to perform authentication (login) and authorization (access control), Shiro looks up many of these things from one or more Realms configured for an application.
-
Realm is essentially a security-specific DAO
-
Shiro provides out-of-the-box Realms to connect to a number of security data sources (aka directories) such as LDAP, relational databases (JDBC), text configuration sources like INI and properties files, and more
-
Authorization
-
A permission is a raw statement of functionality, for example ‘open a door’, ‘create a blog entry’, ‘delete the ‘jsmith’ user’, etc. By having permissions reflect your application’s raw functionality, you only need to change permission checks when you change your application’s functionality. In turn, you can assign permissions to roles or to users as necessary at runtime.
-
“Run As” support for assuming the identity of another Subject
41More
Security Module Drafts - Apache DeltaSpike - Apache Software Foundation - 0 views
-
Authorization
-
Impersonalization
-
-
authenticates “as a user” or access application imitating his identity - without knowing his password
- ...36 more annotations...
-
elements of the user interface are displayed to the user based on the user's privilege level
-
assign permissions to individual objects within the application’s business domain
-
-
Permissions
-
Permissions assigned to user for a given resource in the tree are inherited by other resources
-
Permissions are inherited
-
persist user, group and role information in database. JPA implementation is his dream
-
Security Module Drafts
-
Identity
-
interface Identity
-
login()
-
logout()
-
getUser()
-
Events LoggedInEvent LoginFailedEvent AlreadyLoggedInEvent PreLoggedOutEvent PostLoggedOutEvent PreAuthenticateEvent PostAuthenticateEvent
-
Object level permission
-
Grant or revoke permissions
-
Group management
-
User/Identity management
-
identity.hasRole
-
identity.hasPermission
-
Permissions model
-
Identity Management (IDM)
-
User, Group and Role
-
Events
-
hooks for common IDM or Security operations
-
Audit and logging for permission and IDM related changes
-
Event API.
-
Impersonalization
-
Impersonalization
-
control which elements of the user interface are displayed to the user based on their assigned permissions
-
ask for permission
-
without need to obtain object from DB
-
String resourceId
-
structure of resources
-
more advanced security resolution mechanisms
-
Rules based engine
-
external services - XACML
11More
Interview of GraniteDS founders | RIAgora - 0 views
-
explained the origin of GraniteDS and the differences with LiveCycle Data Services
-
ActionScript3 reflection API
-
GraniteDS 2.2
- ...8 more annotations...
-
JSR-303 (“Bean Validation”) ActionScript3 framework for form validation
-
validation framework is a specific adaptation of the JSR-303 (Bean Validation) specification to Flex: like its Java counterpart, it relies on validation annotations placed on bean properties and provides an engine API that lets you validate your forms without writing by hand a specific validator for each of your input fields
-
code generation tools provided by GraniteDS so that when you write your Java entity bean with validation annotations, they are automatically replicated in your ActionScript3 beans
-
problem with LCDS is mainly that it promotes a strict “client / server” architecture, with – roughly speaking – a heavy Flex client application connected to a server almost reduced to a database frontend
-
big majority of these organizations use BlazeDS, a free and open-source subset of LCDS
-
need more advanced mechanisms than just Remoting start looking for open-source libraries to enable deeper integrations with the Java business layer, and GraniteDS is for sure the most popular project
-
“Flex Data Services” (now renamed to “Live Cycle Data Services”)
-
Flex Data Services seemed too “client-centric”
16More
NetBeansUserFAQ - NetBeans Wiki - 0 views
-
NetBeansUserFAQ
-
frequently asked questions relating to the use of the NetBeans IDE
-
2 Configuration
- ...13 more annotations...
-
3 Migration -- Moving to NetBeans
-
4 Performance
-
8 Maven
-
10 Editing
-
11 Database Connectivity 12 Compiling and Building Projects 13 Debugging
-
15 Java EE Development 16 Web Services Development
-
17 Version Control Systems
-
17.2 Subversion
-
18 Issue Tracking Integration
-
18.2 JIRA
-
19 Profiler
-
23 PHP
-
24 UML
53More
Session Management Cheat Sheet - OWASP - 0 views
-
Session Management Cheat Sheet
-
should not be extremely descriptive nor offer unnecessary details
-
change the default session ID name of the web development framework to a generic name
- ...50 more annotations...
-
length must be at least 128 bits (16 bytes)
-
Session ID Length
-
Session ID Name Fingerprinting
-
Session ID Properties
-
Session ID Entropy
-
must be unpredictable (random enough) to prevent guessing attacks
-
good PRNG (Pseudo Random Number Generator) must be used
-
must provide at least 64 bits of entropy
-
Session ID Content (or Value)
-
content (or value) must be meaningless
-
identifier on the client side
-
meaning and business or application logic associated to the session ID must be stored on the server side
-
session objects or in a session management database or repository
-
create cryptographically strong session IDs through the usage of cryptographic hash functions such as SHA1 (160 bits).
-
Session Management Implementation
-
defines the exchange mechanism that will be used between the user and the web application to share and continuously exchange the session ID
-
token expiration date and time
-
This is one of the reasons why cookies (RFCs 2109 & 2965 & 6265 [1]) are one of the most extensively used session ID exchange mechanisms, offering advanced capabilities not available in other methods
-
Transport Layer Security
-
use an encrypted HTTPS (SSL/TLS) connection for the entire web session
-
not only for the authentication
-
process where the user credentials are exchanged.
-
“Secure” cookie attribute
-
must be used to ensure the session ID is only exchanged through an encrypted channel
-
never switch a given session from HTTP to HTTPS, or viceversa
-
should not mix encrypted and unencrypted contents (HTML pages, images, CSS, Javascript files, etc) on the same host (or even domain - see the “domain” cookie attribute)
-
should not offer public unencrypted contents and private encrypted contents from the same host
-
www.example.com over HTTP (unencrypted) for the public contents
-
secure.example.com over HTTPS (encrypted) for the private and sensitive contents (where sessions exist)
-
only has port TCP/80 open
-
only has port TCP/443 open
-
“HTTP Strict Transport Security (HSTS)” (previously called STS) to enforce HTTPS connections.
-
Secure Attribute
-
instructs web browsers to only send the cookie through an encrypted HTTPS (SSL/TLS) connection
-
HttpOnly Attribute
-
instructs web browsers not to allow scripts (e.g. JavaScript or VBscript) an ability to access the cookies via the DOM document.cookie object
-
Domain and Path Attributes
-
instructs web browsers to only send the cookie to the specified domain and all subdomains
-
“Domain” cookie attribute
-
“Path” cookie attribute
-
instructs web browsers to only send the cookie to the specified directory or subdirectories (or paths or resources) within the web application
-
vulnerabilities in www.example.com might allow an attacker to get access to the session IDs from secure.example.com
-
Expire and Max-Age Attributes
-
“Max-Age”
-
“Expires” attributes
-
it will be considered a
-
persistent cookie
-
and will be stored on disk by the web browser based until the expiration time
-
use non-persistent cookies for session management purposes, so that the session ID does not remain on the web client cache for long periods of time, from where an attacker can obtain it.
-
Session ID Life Cycle
48More
Logging Cheat Sheet - OWASP - 0 views
-
Legal and other opt-ins
-
-
Data changes
-
-
Event attributes
- ...35 more annotations...
-
Log date and time
-
Event date and time
-
Application identifier
-
-
Application address
-
-
User identity
-
-
Type of event
-
Severity of event
-
Description
-
-
Action
-
eg. action performed on managed resource (eg. 'update' action on resource 'hotel')
-
-
original intended purpose of the request
-
Object
-
-
affected component
-
Result status
-
-
Reason
-
-
Extended details
-
Data to exclude
-
Access tokens
-
Session identification values
-
Sensitive personal data
-
passwords
-
Database connection strings
-
Encryption keys
-
payment
-
Information a user has opted out of collection
-
Synchronize time across all servers and devices
-
Input validation failures
-
Which events to log
-
proportional to the information security risks
-
Always log:
-
Authentication successes and failures
-
Authorization failures
-
Session management failures
-
Application errors and system events
-
Application and related systems start-ups and shut-downs
-
Use of higher-risk functionality
21More
SQL Injection - OWASP - 0 views
-
SQL Injection
-
"injection" of a SQL query via the input data from the client to the application
-
exploit can
- ...18 more annotations...
-
read sensitive data
-
modify database data
-
execute administration operations
-
SQL injection errors occur when:
-
Data enters a program from an
-
untrusted source
-
The data used to
-
dynamically construct a SQL query
-
consequences are:
-
Confidentiality:
-
sensitive data
-
Authentication
-
user names and passwords
-
Authorization
-
change this information
-
Integrity
-
read sensitive information
-
changes or even delete this information
Apache OpenJPA -- Index - 0 views
16More
MySQL Error Number 1005 Can't create table '.mydb#sql-328_45.frm' (errno: 150) | VerySi... - 0 views
-
MySQL Error Number 1005 Can’t create table
-
(errno: 150)
-
SHOW ENGINE INNODB STATUS
- ...12 more annotations...
-
Known Causes:
-
First Steps:
-
dreaded errno 150:
-
The two key fields type and/or size is not an exact match
-
One of the key field that you are trying to reference does not have an index and/or is not a primary key
-
One or both of your tables is a MyISAM table
-
You have specified a cascade ON DELETE SET NULL, but the relevant key field is set to NOT NULL
-
Make sure that the Charset and Collate options are the same both at the table level as well as individual field level for the key columns
-
You have a default value (ie default=0) on your foreign key column
-
You have a syntax error in your ALTER statement or you have mistyped one of the field names in the relationship
-
The name of your foreign key exceeds the
-
max length of 64 chars
-
4More
MySQL :: Enforcing Foreign Keys Programmatically in MySQL - 0 views
-
programmatically enforce foreign keys on storage engines which do not natively support them
-
done by the use of triggers
-
Enforcing Foreign Keys Programmatically in MySQL