Group items matching

in title, tags, annotations or url

Step 2 securing some content

create a database that will hold the list of the authorized users along with their password

Create a new directory “auth” and add a new JSP under it, let’s call it “BackOffice.jsp“

enable Shiro into our project by adding a ServletFilter into our Web.xml

 <filter-class>05            org.apache.shiro.web.servlet.IniShiroFilter06        </filter-class>

10    <filter-mapping>11         <filter-name>ShiroFilter</filter-name>12         <url-pattern>/*</url-pattern>13    </filter-mapping>

classpath:shiro.ini

shiro-core

shiro-web

create shiro.ini under resource dir

07ds.jdbcUrl=jdbc:derby://localhost:1527/shiro_schema08ds.username = APP09ds.password = APP

15/auth/** = authcBasic16/** = anon

jdbcRealm.authenticationQuery

jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm

setup the jdbc realm, this is where Shiro will find the authorized users

map the URLs to be protected, all the url under /auth should be authenticated with basic HTTP authentication

All the other URLs should be accessed without authentication

Add a new directory under src let’s call it production we will create a new shiro configuration file compatible with MySQL

06ds.serverName = localhost07ds.user = ADM08ds.password = secret12309ds.databaseName = shiro_schema

jdbcRealm which use a MySQL driver

added the appropriate dependency to maven pom.xml

mysql-connector-java

environment.type

staging

13                <jdbc.user>APP</jdbc.user>14                <jdbc.passwd>APP</jdbc.passwd>15                <jdbc.url>jdbc:derby://localhost:1527/shiro_schema</jdbc.url>16                <jdbc.driver>org.apache.derby.jdbc.ClientDriver</jdbc.driver>

src/main/resources

derbyclient

production

environment.type

45                <jdbc.user>ADM</jdbc.user>46                <jdbc.passwd>secret123</jdbc.passwd>47                <jdbc.ds>com.mysql.jdbc.jdbc2.optional.MysqlDataSource</jdbc.ds>48                <jdbc.serverName>localhost</jdbc.serverName>49                <jdbc.databaseName>shiro_schema</jdbc.databaseName>

src/production/resources

To build and run for staging

To build for production

-Denvironment.type=prod

Changes for Hibernate 3.5 applications

if your application uses Hibernate 3 classes that are not available in Hibernate 4, for example, some of the validator or search classes, you may see ClassNotFoundExceptions when you deploy your application. If you encounter this problem, you can try one of two approaches: You may be able to resolve the issue by copying the specific Hibernate 3 JARs containing those classes into the application "/lib" directory or by adding them to the classpath using some other method. In some cases this may result in ClassCastExceptions or other class loading issues due to the mixed use of the Hibernate versions, so you will need to use the second approach. You need to tell the server to use only the Hibernate 3 libraries and you will need to add exclusions for the Hibernate 4 libraries. Details on how to do this are described here: JPA Reference Guide.

In previous versions of the application server, the JCA data source configuration was defined in a file with a suffix of *-ds.xml. This file was then deployed in the server's deploy directory. The JDBC driver was copied to the server lib/ directory or packaged in the application's WEB-INF/lib/ directory. In AS7, this has all changed. You will no longer package the JDBC driver with the application or in the server/lib directory. The *-ds.xml file is now obsolete and the datasource configuration information is now defined in the standalone/configuration/standalone.xml or in the domain/configuration/domain.xml file. A JDBC 4-compliant driver can be installed as a deployment or as a core module. A driver that is JDBC 4-compliant contains a META-INF/services/java.sql.Driver file that specifies the driver class name. A driver that is not JDBC 4-compliant requires additional steps, as noted below.

DataSource Configuration

domain mode, the configuration file is the domain/configuration/domain.xml

standalone mode, you will configure the datasource in the standalone/configuration/standalone.xml

MySQL datasource element:

        <connection-url>jdbc:mysql://localhost:3306/YourApplicationURL</connection-url>        <driver-class> com.mysql.jdbc.Driver </driver-class>        <driver> mysql-connector-java-5.1.15.jar </driver>

       <security>            <user-name> USERID </user-name>            <password> PASSWORD</password>        </security>

example of the driver element for driver that is not JDBC 4-compliant. The driver-class must be specified since it there is no META-INF/services/java.sql.Driver file that specifies the driver class name.

 <driver-class>com.mysql.jdbc.Driver</driver-class>

JDBC driver can be installed into the container in one of two ways: either as a deployment or as a core module

Install the JDBC driver

Install the JDBC driver as a deployment

In AS7 standalone mode, you simply copy the JDBC 4-compliant JAR into the AS7_HOME/standalone/deployments directory

example of a MySQL JDBC driver installed as a deployment:     AS7_HOME/standalone/deployments/mysql-connector-java-5.1.15.jar

after the database DELETE has occurred

before the transaction is committed

after the database UPDATE has occurred

before the transaction is committed

after the database UPDATE has occurred

before the transaction is committed

after the database INSERT has occurred

before the transaction is committed

if the value is a Basic but the key is an Entity a

mapping is used.

if the key is a Basic but the value is an Entity a

mapping is still used

a three way join table, can be mapped using a

used to define a map relationship where the

UserService

UserDao

FacebookWS

User u

UserService uses UserDAO and FacebookWS

but don’t know how those dependencies are instantiated

And you shouldn’t really care, all that is important is that UserService depends on dao and webservice object.

BDD template given-when-then) tests are easy to read

@Entity

public class User

calling new User(“someName”,”somePassowrd”, “someOtherName”, “someOtherPassword”) becomes hardly readable and maintainable

code duplication

Maintaining this code would turn into a nightmare in no time

running the code above will throw an exception by the JPA provider,

Joshua Blooch gives fine example of builder pattern.

Instead of making the desired object directly, the client calls a constructor (or static factory) with all of the required parameters and gets a builder object. Then the client calls setter-like methods on the builder object to set each optional parameter of interest. Finally, the client calls a parameterless build method to generate the object, which is immutable. The builder is a static member class of the class it builds.

Coffee

public static class Builder

Builder(CoffeeType type, int cupSize)

Builder withMilk()

Coffee build()

Coffee(this)

private Coffee(Builder builder)

Coffee coffee = new Coffee.Builder(CoffeeType.Expresso, 3).withMilk().build();2}

especially if most of those parameters are optional.

For all entity attributes I create private fields

those that are obligatory become parameters for the public constructor

parameter-less constructor, I create one, but I give him

protected access level

protected

fully specify table names using the database name (that is, SELECT dbname.tablename.colname FROM dbname.tablename...) in your SQL

work with multiple databases

3 separate projects: a Java project, a Flex project and a Webapp project.

GraniteDS archetypes

archetypeGroupId: org.graniteds.archetypes archetypeVersion: 1.1.0.GA archetypeArtifactId:

Maven 3.x required

mvn archetype:generate    -DarchetypeGroupId=org.graniteds.archetypes    -DarchetypeArtifactId=graniteds-tide-spring-jpa-hibernate    -DarchetypeVersion=1.1.0.GA    -DgroupId=org.example    -DartifactId=springgds    -Dversion=1.0-SNAPSHOT

cd springgdsmvn clean package

build the project

CDI archetype requires a Java EE 6 server and uses an embedded GlassFish

cd webappmvn embedded-glassfish:run

With the Eclipse Maven integration (the M2E plugin), you can simply choose one of the archetypes when doing New Maven Project.

mvn war:war

two very easy ways to quickly create a new GraniteDS project

FIELD

PROPERTY

Either all annotations must be on the fields, or all annotations on the get methods, but not both (unless the @AccessType annotation is used)

if placed on a get method, then the class is using PROPERTY access

For FIELD access the class field value will be accessed directly to store and load the value from the database

field can be private or any other access type

For PROPERTY access the class get and set methods will be used to store and load the value from the database

PROPERTY has the advantage of allowing the application to perform conversion of the database value when storing it in the object

be careful to not put any side-affects in the get/set methods that could interfere with persistence

Common Problems

Odd behavior

One common issue that can cause odd behavior is

For this reason it is generally recommended to

causing duplicate inserts, missed updates, or a corrupt object model

if you are going to use property access, ensure your property methods are free of side effects

@Inject

CDI managed beans. The @EJB annotation is removed and @Inject is used instead

Annotating the boundary (Cart) with the @Named annotation makes the Cart immediately visible for expression language (EL) expressions in JSP and JSF

@Named annotation takes the simple name of the annotated class, puts the first character in lowercase, and exposes it directly to the JSF pages (or JSP). The Cart bean can be accessed directly, without any backed or managed beans, by the JSF pages: <h:commandButton value="Check out!" action="#{cart.checkout}" />

If there is a need for abstraction, the class can be turned into an interface (or abstract class)

local implementation (with CDI events

@Inject Event<String> event;

event.fire("Order proceeded!");

remote implementation:

javax.enterprise.event.Event belongs to the CDI-implementation

class Event can be considered to be a lightweight alternative to the java.beans.PropertyChangeSupport class

@Inject Event<String> event;

event.fire("Order proceeded!");

event can be received by any managed bean and also by EJB beans

provide a method with a single @Observes annotated parameter

@Observes String event

there is no real event, just the payload:

The during attribute in the @Observes annotation allows you to select in which transactional phase the event gets delivered. The default setting is IN_PROGRESS, which causes an immediate event delivery regardless of the transaction outcome. The AFTER_SUCCESS configuration causes the delivery to occur only after successful transaction completion

Although CDI events work only inside a single process (in the default case, CDI is extensible), they are perfectly suitable for decoupling packages from modules

The method checkout() starts a transaction that gets "reused" by the OrderSystem and CustomerNotification session beans

ordering.placeOrder(); notifier.sendNotification();

EJB beans cannot be directly exposed to JSF or JSP without a little help from CDI

Permissions are provided in two ways: A Collection of Strings, where each String can usually be converted into Permission objects by a Realm's PermissionResolver A Collection of Permission objects

most Realms store both sets of data for a Subject

a Realm implementation to utilize an implementation of the Account interface instead, which is a convenience interface that combines both AuthenticationInfo and AuthorizationInfo

always have to include this library in either WEB-INF/lib

support for CDI is included in the library granite-cdi.jar

10.1. Configuration with Servlet 3 On Servlet 3 compliant containers, GraniteDS can use the new APIs to automatically register its own servlets and filters and thus does not need any particular configuration in web.xml. This automatic setup is triggered when GraniteDS finds a class annotated with @FlexFilter in one of the application archives:

@FlexFilter(configProvider=CDIConfigProvider.class) public class GraniteConfig { }  

list of annotation names that enable remote access to CDI beans

@FlexFilter declaration will setup an AMF processor for the specified url pattern

@TideEnabled

@RemoteDestination

always declared by default

10.3.2. Typesafe Remoting with Dependency Injection

It is possible to benefit from even more type safety by using the annotation [Inject] instead of In. When using this annotation, the full class name is used to find the target bean in the CDI context instead of the bean name.

Security

integration between the client RemoteObject credentials and the server-side container security

client-side component named

API to define runtime authorization checks on the Flex UI

bindable property

represents the current authentication state

integrated with server-side role-based security

clear the security cache manually with

new entity has no id until it has been persisted to the database

take care that you have added the [Lazy] annotation to your Flex metadata compilation configuration

jboss.as.jpa.adapterModule

jboss.as.jpa.adapterClass

org.jboss.as.jpa.hibernate3.HibernatePersistenceProviderAdaptor

Working with other persistence providers

A project to build integration for persistence providers like EclipseLink, is here.

Troubleshooting

“org.jboss.as.jpa” logging can be enabled to get the following information: INFO - when persistence.xml has been parsed, starting of persistence unit service (per deployed persistence.xml), stopping of persistence unit service DEBUG - informs about entity managers being injected, creating/reusing transaction scoped entity manager for active transaction TRACE - shows how long each entity manager operation took in milliseconds, application searches for a persistence unit, parsing of persistence.xml

To enable TRACE, open the as/standalone/configuration/standalone.xml (or as/domain/configuration/domain.xml) file. Search for <subsystem xmlns="urn:jboss:domain:logging:1.0"> and add the org.jboss.as.jpa category

Packaging the Hibernate 3.5 or greater 3.x JPA persistence provider with your application

jboss.as.jpa.providerModule needs to be set to hibernate3-bundled.

<property name="jboss.as.jpa.providerModule" value="hibernate3-bundled" />

Sharing the Hibernate 3.5 or greater JPA persistence provider between multiple applications

Applications can share the same Hibernate3 (for Hibernate 3.5 or greater) persistence provider by manually creating an org.hibernate:3 module (in the AS/modules folder). Steps to create the Hibernate3 module:

<property name="jboss.as.jpa.providerModule" value="org.hibernate:3" />