Starting in Spring Security 3.2, developers gained an easy solution to their Cross-Site Request Forgery problems with Spring’s implementation of the Synchronizer Token Pattern. Spring’s documentation does a great job of explaining Synchronizer Token Pattern and their implementation, so rather than talk about all of that, I’m going to show you how to tweak their configuration so you can have greater control over the urls that are protected.
Now we will cover the fun stuff for which we’ve been waiting. In this post, I’ll go over how to setup Sonar for a Java project that utilizes Ant for its build. I’ll go through the basic steps for installing and running a Sonar instance, and how to use a MySQL database for collecting metrics. Then I’ll go into some details around analyzing a Java project using Ant and Sonar. This involves writing Ant script, pointing to the source codes, analyzing the binaries, analyzing JUnit test cases, analyzing Ecl Emma coverage, etc.
At home and at work, I find that the things that I have to do over and over are the most painful. At home, it’s the dishes; at work, it reading data out of a file or doing Hibernate mappings. No matter what I do, I can’t seem to escape them, even while, for the most part, the inventors of the tools I use have done a pretty good job of making the work less of a chore.
At a recent job, I was asked to do some comma-separated value (CSV) file processing. A Microsoft Access power user was going to be running some queries, and our business users wanted to alter the behavior of our system based off the records that he found. Multiple files were going to be produced each day, and dropped off in a directory where I could pick them up.
About the Post:
This article presents techniques on how to develop Java Portlets using JavaServer Faces, PrimeFaces and Spring. This hands-on example will integrate all of these technologies into a single application.
This post assumes that you have a basic understanding of Portlet, JSF, PrimeFaces and Spring. And a good understanding of Java 5 and annotations.
Before getting started, please have the following downloaded and setup in your environment.
- Eclipse IDE configured with Maven 2 to ease development.
- Apache Pluto 2.0.3
If you are working in a Java Web Application and you are using Spring IoC Container in your application, there is a chance that you might have to inject Spring Beans into a Java Servlet.
Since there is not a direct way to inject Spring Beans into a Java Servlet, you might try to lookup the Spring Beans from the Spring Context within your servlet and assign the dependencies which means that part of injection would no more be IoC and you would be looking for some concise way of doing this.
Spring is an essential part of my technology stack. I cann’t image providing quality software that doesn’t leverage an IoC container. However, decoupling components requires some amount of configuration. Whether this is accomplished through annotations or XML, it’s fairly easy to mess up. Fixing these missing or incorrect configurations doesn’t take very long. The real question is how quickly can you identify these errors?
This question of how long, is a feedback loop question. Unfortunately many teams wait until they fire up the application server to see if their Spring context is wired correctly. This is too late.
One of our clients suffered from this very issue. Due to environmental constraints they could not run automated, in-container tests that would have identified misconfigured beans. After repeatedly committing stupid configuration mistakes, I decided that I would write a Spring wiring test. As I began to write this I encountered five problems.
Lately I have been thinking that the standard service-calling-the-dao-layer architecture hasn’t been working out as well as I would hope. The applications I have been working on have been using Spring and Hibernate with a dao object per model object. While this does provide a good separation between the two, I have been finding it increasingly difficult to write good tests for the service layer as the project matures. Past experience has shown that if writing tests is difficult, then it just isn’t done. Follow along as I think about possible ways to address this issue.