Secure JSF Application – why you should always define a servlet mapping

16. May 2014

If you deploy a JSF application in WildFly 8, you can omit to define the JSF serlvet mapping. In this case three default mappings will be active out of the box.

  • <context-root>/faces/*
  • <context-root>/*.jsf
  • <context-root>/*.faces

Tested on WildFly 8.0.0.CR1 and JBoss EAP 6.2.0.GA

This behavior is not mentioned in the JSF 2.1 spec. But it explicitly allows implementations to use proprietary means to invoke the JSF lifecycle.

In addition to FacesServlet, JSF implementations may support other ways to invoke the JavaServer Faces request processing lifecycle, but applications that rely on these mechanisms will not be portable.

This default mapping can be problematic as it provides several path to access resources within your web application. Especially if you use security constraints to protect parts of your application. For instance if you restrict access to <context-root>/secure/* using a security constraint in your web.xml, web resources can still be accessed via <context-root>/faces/.
Read the rest of this entry »


Upgrading and patching the Red Hat JBoss Enterprise Application Platform (JBoss EAP)

16. April 2014

One of the biggest advantages, besides the support for the Red Hat JBoss Enterprise Middleware are the access to continuous updates and bug fixes. In previous versions, minor patches could not be applied automatically, also updates or bug fixes had to be installed manually, by changing individual configuration files and replacing Java Archives.

Since version 6.2 the Command Line Interface of the JBoss Enterprise Application Platform (EAP) contains a command to apply minor updates and patches without changing individual files manually.

Read the rest of this entry »


Database migration projects with GuttenBase – Copying done right

15. April 2014

There are many tools to visualize or analyze databases. You will also find lots of programs to copy databases between different vendors. However, we experienced  these tools are not flexible enough for our migration projects. They fail because, e.g., they cannot map the various data types between different databases correctly, or because the amount of data becomes too big. The solution we suggest is to program sophisticated data migrations using an extensible framework instead of configuring some (limited) tool. We found that this approach gives us much more flexibility when performing data migrations. Migrating a database almost always requires a custom solution, since every system has its peculiarities. Another advantage of “programming” a migration is that your developers may freely combine plain copying code with computational parts. For example, it may be necessary  to contact a third-party system during a migration process in order to obtain some information. In one of our projects we had to contact a GIS (Geographic information system) server to relate the positional IDs stored in the database with those in the GIS database.

Read the rest of this entry »


PostgreSQL: Partitioning big tables (Part 2)

9. April 2014
Dieser Artikel auf Deutsch

Alongside various strategies for handling large amounts of data with indexes, PostgreSQL provides another feature: splitting the table with inheritance. This separation of a table’s data into different child tables is called “partitioning” in PostgreSQL.

In part one, we described the pro and cons of this method and its conditions of use. In this second part we describe the steps required to actually configure a partition for production. The proposed instructions are intended for use with a PostgreSQL version 9.2 database but may work on all versions from 8.4.
Read the rest of this entry »


PostgreSQL: Partitioning big tables (Part 1)

7. April 2014
Dieser Artikel auf Deutsch

Alongside various strategies for handling large amounts of data with indexes, PostgreSQL provides another feature: splitting the table with inheritance. This separation of a table’s data into different child tables is called “partitioning” in PostgreSQL. Because it does require a bit of effort to implement, and because there are also limitations in how it can be used, you need to take some points into consideration when creating a partition.

This first part of the article presents the pro and cons and what to consider when using partitioning to improve performance. In the second part we will describe the steps to create a production-ready partition.

Read the rest of this entry »


Interactive SVG with AngularJS – Part 2

26. February 2014

When developing mobile web applications with responsive design, SVG are a viable solution for flexible images.
AngularJS in turn enables the wrapping of complex UI logic into custom HTML directives, resulting in clean and maintainable modules.
The combination of these technologies provides a good basis for interactive control and status elements. It is suitable both for building highly complex custom controls, as well as covering simple use cases in a generic manner.

Part 1 of this article explores several methods of employing SVG as flexible images in a cross-browser compatible manner.

Part 2 describes the use of AngularJS to construct custom control and status elements by manipulating SVG images.
Read the rest of this entry »


Interactive SVG with AngularJS – Part 1

20. February 2014

When developing mobile web applications with responsive design, flexible images for interactive control and status elements pose a particular problem.
SVG offer a viable solution: They are much smaller than bitmaps of comparable size, and can be manipulated through their DOM API.
AngularJS in turn is well suited to wrap complex UI element logic in custom HTML directives, resulting in clean and maintainable modules.
Combining the two sounds attractive, but involves a couple of stumbling blocks to avoid.

Part 1 of this article explores several methods of employing SVG as flexible images in a cross-browser compatible manner.

Part 2 describes the use of AngularJS to construct custom control and status elements by manipulating SVG images.

Read the rest of this entry »


akquinet Technology Radar 2013 available

20. December 2013

Just in time for the holidays here is the new Technology Radar 2013 :-)

Have a look: http://radar.spree.de/results

This year  the radar provides an overview of the trends for technologies, methods and tools in software development for 2013/2014. It is seperated in 6 categories:

  • Methods
  • Platforms & Middleware
  • Databases
  • Frameworks & Libraries
  • Languages
  • Tools

Have a look for trends in 2014 an technologies to build on. You can download the radar: Technology Radar 2013 Print Version

 

Happy Holidays and a Happy New Year

akquinet AG


How to clean your Nexus Release Repositories

9. December 2013

The number of release process executions is steadily increasing. Concepts like Continuous Delivery and Deployment emphasize releasing as often and as automated as possible. While developers and customers enjoy the bright side of the improving software development processes, operations has to deal with the flip side. More releases mean more storage usage. Increasing process quality requirements like archiving every delivered release (or at least, every release which is deployed on a production system) in a structured, easily accessible manner somewhere means more storage. But resources like storage are limited. So you have to collect the garbage sooner or later – and if you have a lot of releases, you desperately want to automate this cleanup process.

So, if you use Sonatype Nexus as intensively as we do and you sooner or later face storage limitations: this blog post might be a solution for you. Read the rest of this entry »


Ohana – Your Family Calendar

22. November 2013
Dieser Artikel auf Deutsch

The family calendar on the fridge is a fixture in many households. When does Bobby need to be collected from piano lessons? And when is Mom coming back from her business trip? Because of their convenience, such calendars have become enormously popular.

Termin erstellen
Read the rest of this entry »


Follow

Get every new post delivered to your Inbox.

Join 71 other followers