The Security Annotation Framework (SAF) is an instance-level access control framework driven by Java 5 annotations. It can be easily integrated into Spring applications which primarily use the SAF to control access to their domain object instances. SAF security annotations define locations in the source code where the SAF shall perform permission checks at runtime. An annotation-driven approach to instance-level access control promotes the separation of an application’s security logic from its business logic. This significantly increases the testability and reusability of application components. It further allows the implementation of instance-level access control features into existing applications without modifying existing business logic.
GASwerk - Geronimo Application Server Assemblies
GASwerk provides production ready solutions based on proven OpenSource components.
Three server assemblies based on Apache Geronimo Application Server are available. Each of them solving a particular problem.
GASwerk SOA Stack is a powerful feature-rich SOA assembly for agile businesses that want to bring their IT department closer to their business processes. GASwerk SOA provides an Enterprise Service Bus for connectivity and an business process engine to model all the processes.
GASwerk Spring is focused on developer needs. It provides a Spring framework deployment feature. Equipped with GASwerk Spring, your Geronimo Application Server is able to directly deploy Spring Applications to your server.
GASwerk JMS is a Messaging Cluster based on Javas Messaging Service (JMS). It is a powerful, scalable solution for companies where message throughput and reliability is critical.
And of course you could use all the GASwerk pieces together or only parts of the whole stack.
Geb GAS!
Reverspring is a Java library that allows you to create Spring IoC XML files from POJO at runtime.
CoI stands for Control of Inversion: Reverspring just inverts the inversion of control mechanism of Spring Framework, allowing you to (re)write Spring descriptors starting from your Java objects. With Reverspring you can write process descriptors on XML files without re-inventing a new DTD or XML-Schema, but just using the well known Spring IoC syntax.
AtUnit minimizes boilerplate code in unit tests and guides test development by enforcing good practices.
* mark exactly one field with @Unit to indicate the object under test.
* mark fields with @Mock or @Stub to obtain mock objects
* inject your tests, and your test subjects, using your favorite IoC container
Mock Objects Integration
AtUnit integrates with JMock or EasyMock to provide mock objects:
* obtain a JMock context simply by declaring a field
* annotate fields with @Mock to obtain JMock or EasyMock mock objects
* annotate fields with @Stub to obtain a JMock or EasyMock stub object
... or you can use your own mock objects plug-in with two easy steps:
* implement the MockFramework interface
* annotate your tests with @MockFrameworkClass(MyMockFramework.class)
Container Integration
AtUnit integrates with Guice or Spring to take all of the work out of dependency-injected tests.
With Guice:
* never see the Injector, never write bootstrapping boilerplate!
* @Inject test class fields without even defining a Module
* declaratively obtain mock objects with @Inject @Mock
* if you need more binding flexibility, simply have your test class implement Module
With Spring:
* annotate fields with @Bean to get them from the Spring context
* fields annotated with @Bean which do not appear in your Spring context are added to it automatically! (This includes @Mock and @Stub fields.)
* AtUnit looks for a Spring XML file with the same name as your test, or you can specify the location yourself with @Context("filename")
* Most of the time, you don't even need a Spring XML file!
You can easily plug in other containers in two steps:
* implement the Container interface
* annotate your tests with @ContainerClass(MyContainer.class)
Spring Remoting with Security and SSL
September 30th, 2008 by Mattias Hellborg Arthursson — Security, Spring
Avatar of Mattias Hellborg Arthursson
One of my favorite features of the Spring Framework is the Spring Remoting part, which enables you to expose any bean in a Spring Application Context as a remote service over HTTP. It's fast, it's easy, and it's really, really simple.
The Firewater Framework lets you create sophisticated REST based web APIs for your Java and Flash/Flex based web applications. Features include:
* Spring based declarative architecture (zero code web services)
* extensible framework
* supports GET, PUT, POST, OPTIONS and DELETE HTTP methods and matches incoming URL patterns
* supports JDBC back-ends with templated SQL mappings
* supports secured web services using Acegi Spring Security
* supports paging, full-text search, sorting and filtering
* flexible cacheing strategy based on OSCache
* custom Spring schema for easy configuration
Spring out of the box provides little support for loading property attributes based on environments and/or server contexts. Many projects work around this by creating custom ant builds. With Configleon you can build one war file that can be deployed to every location.
Configleon really shines is in it's ability to cascade the property attributes. This allows the common attributes to be defined in a global file and then overridden at the environment and server context.
If we consider the development of a web application, it typically starts in a local environment. The application will then be deployed to various environments including dev, qa, test, and production. Within a given environment, you may be deploying the same application to different server contexts.
For example, say we are deploying the JMesa example web application to the test environment. But we also have two different versions of the application. One is deployed to mycompany.com/jmesa and the other is deployed to mycompany.com/jmesa2. In this example that same war file can use different properties based on both environment and context. In this example, the environment is test and the server context is jmesa and jmesa2.
# Proxy Abstract Services and dynamic composition: create services using abstract classes and annotations without providing any implementation.
# Annotation inheritance, create your customs annotations from the corea annotations.
# Compose your service workflows graphically using the jBPM native support.
# Implement services using Java or Ruby.
# 100% Annotation based configuration (plus .properties files for externalization).
# Can be used as a standalone container, in a web environment or integrated with other containers.
# Spring native support (Spring/Spring MVC).
# Testing support integrated within the framework using static Assert classes.
# Monitor and manage the services through JMX (status, start, stop...).
# Spring native support (Spring/Spring MVC).
# Maven plugin.
# Several embedded services are provided out of the box and ready to use.
Spring Crypto Utils aims to provide a wrapper around Java's native cryptography API so that configuration of key stores, public and private keys, signers, message digesters, symmetric and asymmetric cipherers can be easily done via the Spring context configuration.
JSF-Spring-JPA is the popular stack of choice these days, mostly to be used in my consulting and training purposes I’ve created a base project called MovieStore demonstrating the annotation-driven integration of JSF-Spring-JPA. JSF backing beans, spring service level beans and DAO’s are configured and integrated with annotations. Only the core infrastructure like datasource, entityManagerFactory or transactionManager are configured with xml.
The traditional way to integrate JSF and Spring was to define JSF beans in faces-config as managed beans and refer to the spring beans using the managed-property configuration. With the help of the spring’s delegatingvariableresolver the managed property is resolved from spring application context and JSF’s IOC injects the bean to the JSF Managed bean instance. I’ve written an article it about this way before.First approach is modelled as follows
Welcome to JaValid
JaValid is an open source framework for validating your Java business objects. JaValid is licensed under the Eclipse Public License 1.0. JaValid 1.1-rc1 is the latest release.
JaValid is an annotation-based validation framework, which allows you to annotate your Java objects to introduce validation. JaValid can be used in any type of Java application (standalone application, web application etc). The framework currently provides full integration with the Spring Framework, Java Server Faces, Facelets, and any database. The framework can be extended easily, by means of extensions, and allows you to add your own validation constraints in addition to the ones shipping with the framework.
The framework is documented well (both the source and the general documentation), so check it out. To learn more, have a look on the documentation page.
The source and distributions are hosted on sourceforge, go to the downloads directly here. You may also want to check out the weblog, which contains some useful information, including several examples.
Have fun using JaValid!
jSemanticService is a lightweight framework that allows to use Rules and Semantics in Services or Applications using Annotations. Features: jBoss Rules (Drools 4.0) as Business Rules Engine provider. Full support of Annotations, Spring, Flex/Blaze DS.
Business process management (BPM) – while also its own independent practice / school of thought – is an application of technology that is served by many products, not the least of which is jBPM. The best definition of BPM that I've found is: "Business Process Management (BPM) is the concept of shepherding work items through a multi-step process. The items are identified and tracked as they move through each step, with either specified people or applications processing the information. The process flow is determined by process logic and the applications (or processes) play virtually no role in determining where the messages are sent.".
With the addition of generics in Java 5, writing a custom DAO for each domain object is no longer required. There are a wide variety of articles on creating generic DAOs, but my current project uses the approach from this IBM DeveloperWorks article. This approach was choses mainly because of the clearly written article and the integration with Spring. You should be able to extend any generic DAO based on Spring to implement the stored procedure configuration.
Many enterprise business applications have such requirements that they should log their users' operations; who performs and when, records that are inserted into, deleted from database, or are changed during those operations, with a meaningful description about current state of those records. Hibernate already provides an interceptor mechanism at SessionFactory level. Hibernate fires events indicating new records are inserted, old ones are deleted, detection of updates, and other events related with transaction status, session flush etc. By that way one can easily track changes on persistent entities in his application.
Hibernate Annotations is my preferred way to map my entity classes, since they don't require any external file (thus keeping mapping info in your Java files), is fully integrated with all Hibernate mapping capabilities and Hibernate documentation encourages us to use this kind of configuration because it's more efficient.
Annotation driven mapping in Hibernate uses the standard JPA API annotations and introduce some specific extensions to deal with some Hibernate features. You can find a full reference in the official documentation.
Granite Data Services (GDS) is a free, open source (LGPL'd) alternative to Adobe® LiveCycle® (Flex™ 2+) Data Services for J2EE application servers. The primary goal of this project is to provide a framework for Flex 2+/EJB 3/Seam/Spring/Guice/POJO application development with full AMF3/RemoteObject benefits.
It also features a Comet-like data push implemention (AMF3 requests sent over HTTP) and ActionScript3 code generation tools (Ant task and Eclipse builder).
Dedicated service factories are available for:
* EJB 3 (session beans that return entity beans),
* Seam (with identity security and conversation/task support),
* Spring (with Acegi security and entity beans support),
* Guice/Warp (with entity beans support),
* Simple Java classes (aka POJO) interactions.
GDS is designed to be lightweight, robust, fast, and highly configurable.
Hibernate saveOrUpdate trap for web developers and StaleStateException
Summary: Hibernate users should be aware of saveOrUpdate method if they continue to use the same persistent object even if a transaction failed at some point.
Details:
Suppose you have a persistent object bound to your web(like JSF) views. Entered some data (which will lead to a db ConstraintViolationException) and tried to save it (at your DAO service) by using saveOrUpdate method. As we expected, it will throw a ConstraintViolationException and you'll rollback the transaction.
Then, go back to the entry page, correct the wrong field value at the same object, and try to save it again. You'll get a StaleStateException since saveOrUpdate method assigned identifier values automatically to your new object when you attempt to save it first. Later, when the save operation failed, it didn't roll back your object's state to its initial state. The summary of the flow causing this error is as below;