Showing posts with label Apache. Show all posts
Showing posts with label Apache. Show all posts

Thursday, March 1, 2012

JPA Tutorial

Java persistent API is a specification and set of interfaces that helps with persistence of java objects into the database. It has been created after success of object relational mapping frameworks - the most popular is Hibernate.

JPA defines standard basic set of features that every object relational mapping framework should have. Almost all current O/R frameworks implement JPA specification. Of course, most of them have additional features to set them apart.

Saving/loading data with JPA is easier, faster and less error prone than writing SQL and mapping query results to objects. However, JPA does not free you from relational database understanding. And while you do not have to write SQL anymore, you have to learn JPQL which is very similar.
Read more »
Posted by Meri at 00:59 131 comments
Labels: ,

Sunday, December 4, 2011

Apache Shiro Part 3 - Cryptography

Besides securing web pages and managing access rights Apache Shiro does also basic cryptography tasks. The framework is able to:
  • encrypt and decrypt data,
  • hash data,
  • generate random numbers.

Shiro does not implement any cryptography algorithms. All calculations are delegated to Java Cryptography Extension (JCE) API. The main benefit of using Shiro instead of what is already present in Java is ease of use and secure defaults. Shiro crypto module is written in higher abstraction level and by default implements all known best practices.
Read more »
Posted by Meri at 13:21 29 comments
Labels: , , ,

Monday, April 18, 2011

Apache Shiro Part 2 - Realms, Database and PGP Certificates

This is second part of series dedicated to Apache Shiro. We started previous part with simple unsecured web application. When we finished, the application had basic authentication and authorization. Users could log in and log out. All web pages and buttons had access rights assigned and enforced. Both authorization and authentication data have been stored in static configuration file.

As we promised in the end of last part, we will move user account data to database. In addition, we will give users an option to authenticate themselves via PGP certificates. As a result, our application will have multiple alternative log in options: log in with user name/password and log in with certificate. We will finish by turning alternative log in options mandatory.
Read more »
Posted by Meri at 10:42 21 comments
Labels: , , ,

Sunday, March 27, 2011

Apache Shiro Part 1 - Basics

Apache Shiro, originally called JSecurity, is Java security framework. It was accepted and became Apache top level project in 2010. It aims to be powerful and easy to be used.

The project is in active development with active both users and developers mailing lists. Most important areas are documented on its web page. However, it has lot of gaps in documentation. It is not possible to learn to use most Shiro features from documentation alone. Luckily, the code is well commented and where I tried it was also easily readable.

Main Shiro features are:
  • authentication,
  • authorization,
  • cryptography,
  • session management.

In this article article we try and demonstrate various Shiro features. We start with simple unsecured web application, then we add security features into it.  All code code is available in SimpleShiroSecuredApplication project on Github.
Read more »
Posted by Meri at 03:24 58 comments
Labels: , , ,