Approximately 2 years ago I’ve written a set of PHP Tutorials that served as a guideline for a Beginner’s PHP Training Course. These tutorials were made with the WAMP solution stack in mind.
Since I’ve been working with Java EE Technologies and Servers recently, I’ve decided do add another one explaining how to install JBoss Web 1.0.1 GA with PHP support (PHP Handler Servlet).
This was based on a tutorial by Philippe Fievet that is now offline for some reason.
The Maven 2 Cobertura Plugin web site lacks information to successfully generate Cobertura reports. Worse, some of the usage examples are incorrect and don’t work.
The most common problem when generating Cobertura reports is when the generated report shows 100% test coverage while in reality many of the classes don’t even have tests.
The following example shows how to configure the reports so that it would reflect real test coverage and then check if the specified packages achieved the wanted test coverage:
<build>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>cobertura-maven-plugin</artifactId>
<version>2.1</version>
<configuration>
<check>
<haltOnFailure>false</haltOnFailure>
<regexes>
<regex>
<pattern>com.samaxes.business.*</pattern>
<branchRate>90</branchRate>
<lineRate>90</lineRate>
</regex>
<regex>
<pattern>com.samaxes.persistence.*</pattern>
<branchRate>90</branchRate>
<lineRate>90</lineRate>
</regex>
</regexes>
</check>
<instrumentation>
<includes>
<include>com/samaxes/**/*.class</include>
</includes>
</instrumentation>
</configuration>
<executions>
<execution>
<id>clean</id>
<phase>pre-site</phase>
<goals>
<goal>clean</goal>
</goals>
</execution>
<execution>
<id>instrument</id>
<phase>site</phase>
<goals>
<goal>instrument</goal>
<goal>cobertura</goal>
<goal>check</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
<reporting>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>cobertura-maven-plugin</artifactId>
</plugin>
</plugins>
</reporting> |
Sometimes no single login module is enough to meet our needs. Imagine the case of using an external LDAP server to provide the user authentication and a database server to provide the user authorization. A user would be in one repository or the other, and login should succeed if the user is found in either repository.
JBoss allows you to specify multiple login modules for a single security domain. But simple module stacking doesn’t resolve the problem on its own. For that, you need to use password stacking.
Password stacking allows modules to skip the actual authentication and to provide supplemental roles. The modules require the password-stacking option to useFirstPass for this to work.
<application-policy name="myRealm">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="optional">
<module-option name="password-stacking">useFirstPass</module-option>
<module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
<module-option name="java.naming.provider.url">ldap://LDAP_SERVER:LDAP_PORT/</module-option>
<module-option name="java.naming.security.authentication">simple</module-option>
<module-option name="principalDNPrefix">MY_DOMAIN\</module-option>
</login-module>
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
<module-option name="password-stacking">useFirstPass</module-option>
<module-option name="dsJndiName">java:myDS</module-option>
<module-option name="principalsQuery">SELECT passwd FROM user WHERE login = ?</module-option>
<module-option name="rolesQuery">SELECT role, 'Roles' FROM user_roles r, user u WHERE u.userid = r.userid AND u.login = ?</module-option>
</login-module>
</authentication>
</application-policy> |
The option principals query is optional; it’s a fallback in the case the authentication fails in the LDAP server. Notice that the LDAP configuration omits the roles query option set so the authorization is only provided by the database server module.
Werner Schuster posted at InfoQ an article entitled “Microsoft Surpasses Java’s Dynamic Language Support” trying to show where .NET is doing better than Java.
Some of the highlights are:
- Microsoft CLR (Common Language Runtime), LINQ and the support for multiple languages
- DLR (Dynamic Language Runtime)
- .NET modularization and versioning
Web applications frameworks support the development of Java web applications for years. They aim to alleviate the overhead associated with common activities like internationalization, automated form validation, caching, Ajax, and more.
Only recently have they started playing an important role in PHP, more specifically since the release of the PHP 5.
There are already some awesome PHP frameworks out there like PRADO, CakePHP, and Zend Framework, but the one that seems the most stable, enjoyable, and most feature-packed is Symfony.
Symfony is fully documented and has a nice step-by-step tutorial covering all its features: Askeet - symfony Advent Calendar.
With the release of symfony 1.0, Francois Zaninotto has seized the opportunity to post a beginner’s symfony tutorial at Sitepoint.
Start now using it and make your applications faster, better, and Web 2.0 ready.
Now that I use preferably Stripes over Struts Framework, I’ve decided to port my example “Deploying BIRT Report Engine API with Jakarta Struts” to this Framework.
For this example I’ve used Stripes 1.4.2, BIRT Runtime 2.1.2, and Tribix 2.1.2.
Read the rest of this entry »
LINQ (Language Integrated Query) is one of the most promising technologies for Microsoft®’s .NET.
Here are some great resources for those interested in learning more about this generic data query API:
- LINQ/C# Learning Guide - Quick look at the LINQ extensions and the upcoming release of C# 3.0 in general
- LINQ in Action - Learn about LINQ, LINQ to SQL (DLINQ) and LINQ to XML (XLINQ)
- Hooked on LINQ - Developers’ Wiki for .NET Language Integrated Query
- LINQDev - Dedicated site to Language Integrated Query development
I’ve just created the project Secure JSP Taglibs at Google Code Project Hosting with the ambition to fill some gaps in the security of the presentation layer in a Java web application.
For now it doesn’t do too much, more features will be added in the future.
This Taglib allows you to evaluate the nested body content of the tag to test if the user has the specified roles.
This is equivalent to the isUserInRole() method, but you can evaluate multiple roles (comma separated) at the same time.
Examples:
<secure:one roles="role1toevaluate, role2toevaluate">
Show this content if the user has one of the specified roles.
</secure:one> |
<secure:all roles="role1toevaluate, role2toevaluate">
Show this content if the user has all the specified roles.
</secure:all> |
<secure:none roles="role1toevaluate, role2toevaluate">
Show this content if the user has none of the specified roles.
</secure:none> |
Feel free to use it, it’s licensed under Apache License 2.0 and can be found at http://code.google.com/p/secure-taglib/.
Reading the TheServerSide.COM news I’ve found a comparison’s article between Stripes and JSF frameworks.
I can’t agree more with the author Gregg Bolinger when he says Since I stumbled on Stripes, I’ve found it to be the best all around framework for my purposes.
Read it at “Stripes and JSF: A Brief Comparison“.
If the J2SE platform has come a long way in internationalization, entering non-ASCII text in the J2EE world isn’t nearly as easy.
To achieve the same result you have to make some changes in your code and in your web server settings.
Firstly, to make sure that the right value in the Content-Type header precedes the text/html content so your browser correctly auto-detects the right encoding, place the following declaration at the beginning of the JSP:
<%@ page contentType="text/html; charset=utf-8" pageEncoding="UTF-8" %> |
Next you have to create a filter that implements the ‘javax.servlet.Filter’ interface so you can have the request parameters encoded with UTF-8:
package com.samaxes.filters;
import javax.servlet.*;
import java.io.IOException;
/**
* Filter called before every action.
*
* @author : samaxes
*/
public class UTF8Filter implements 1.5.0/docs/api/java/util/logging/Filter.html">Filter {
public void init(FilterConfig filterConfig) {
}
public void destroy() {
}
public void doFilter(ServletRequest servletRequest,
ServletResponse servletResponse,
FilterChain filterChain)
throws 1.5.0/docs/api/java/io/IOException.html">IOException, ServletException {
servletRequest.setCharacterEncoding("UTF-8");
filterChain.doFilter(servletRequest, servletResponse);
}
} |
Now, your server reads the URL POST parameters correctly…
But there still is an issue - during a GET operation.
The trouble is that none of the charset information gets sent back to the web server during a GET or POST operation. The server has no way of knowing how to interpret the url-encoded GET parameters, so it assumes ISO-8859-1.
Fortunately the solution to address this is pretty simple, just specify URIEncoding="UTF-8" in your Tomcat’s connector settings within the server.xml file.
Your application shall now handle UTF-8 just fine.
