spring roo rev005

CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE

State of Colorado Office of Cyber Security

Spring Roo (By Rich Helton)

(Date September 15, 2011)




Spring Framework, AOP and IoC

  Aspect Oriented Programming takes Object Oriented Programming one step further by separating out the cross-cutting concerns and assigning them to the framework. An example of a cross-cutting concern is Transaction management.   The Spring framework is an Open source framework that introduces AOP by managing, or taking care of the plumbing, of the business objects. http://www.springsource.com/   Spring introduces the concept of Inversion of Control (IoC), which simply means instead of having the application call the framework, the framework will call the components defined by the application.   I like to think of IoC as collecting the application pieces in modular blocks. The IoC will pass the appropriate object into the Class when it needs to work with that object.   Spring provides the "Spring Security" framework that allows different implementations to be connected seamlessly to the application.



Spring •  The Spring Framework is an open source application framework for the

Java platform. See http://en.wikipedia.org/wiki/Spring_Framework •  Besides the benefits of using IOC and AOP, Spring comes with many

frameworks for Web Flow, MVC, Annotations, Transaction Management and Data Access. Spring Roo is a quick way to put those pieces together.



MVC

 The Model-View-Controller is the most common design pattern in Software Architecture. Here are the pieces:



Spring MVC

  Spring has its own MVC framework. See http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/mvc.html

  Spring MVC is designed around a DispatcherServlet that dispatches the requests to handlers. Theses handlers are handled through the configuration which will map them, the views, and define the locale, uploading files and other configurations.

  The Controller is defined through the @Controller annotation.   Mapping URLs are done through the @RequestMapping annotation. This

mapping can be done in the controller as well.   The ModelMap class can be used to map the model to the view for display.   The model is simply an entity that can also be passed from the View to the

Controller and from the Controller to the View.   The ModelAndView function contains the Model and View information for

mapping to the View from the Controller.



Spring Web Flow   The system is ideal for building web application modules that guide the user

through controlled navigations that drive business process.   The Web Flow philosophy says that any page can be drawn as a simple

flow chart where each state in the page flow is either a view or the action.   Web Flow manages the transition between states and requires input from

the actions , or the views, to determine the next step of the configured execution path of the page flow.

  See http://www.ervacon.com/products/swf/intro/index.html   The Web Flow will have a Controller, a FlowController, that could be for

different web flows like an Ajax FlowController.   The FlowController is a JavaBean in the application context of the

DispatcherServlet.   The Web Flow will have a web flow schema that will define the different

states, like view states and action states that are used.   The Flow Controller will use a Flow Executer to execute these states in the

schema.



What are Spring Faces

•  When working with Spring Web Flow, and connecting Java Server Faces, there needs to be a layer integrating the two frameworks. That layer is Spring Faces.

•  See http://static.springsource.org/spring-webflow/docs/2.0-m1/reference/spring-faces.html and http://static.springsource.org/spring-webflow/docs/2.0.x/reference/html/ch12.html



What are JavaServer Faces

•  JavaServer Faces (JSF) is a request-driven MVC web framework based on component-driven UI design model, using XML files called view templates or Facelets views

•  See http://en.wikipedia.org/wiki/JavaServer_Faces •  JSF is a server-side technology for developing web applications with rich

user interfaces. Which includes a framework for validation, error handling, data conversion, internalization and custom components.



Tomcat

•  Tomcat can be downloaded http://tomcat.apache.org/ , and is a Servlet Container that can run Java Objects.

•  This is one of the free Spring supported Web Servers from Apache, others include Apache Geronimo, JBoss, Oracle WebLogic and many more.

•  Tomcat has a startup.bat or startup shell to start the server. •  After it starts, it can be accessed using http://127.0.0.1:8080/ •  Many of the deployments will be deployed in the /WebApps/ directory as a

WAR (Web Archive) file, similar to a JAR (Java Archive) file. See http://en.wikipedia.org/wiki/WAR_(Sun_file_format)



• Tomcat

  Tomcat is a Servlet and Java Server Pages Container developed by Apache, reference http://en.wikipedia.org/wiki/Tomcat_(software) and http://tomcat.apache.org/ .

  It provides a Java HTTP Server to run Java code.   Catalina is Tomcat’s servlet container.   A servlet container a Java class that responds to HTTP requests.   A HTTP request is an HTTP page that will call Java code and

execute an action running on the Tomcat Server.   The Tomcat server may be started with a startup script and use

different ports so that many servers may be provide different services.



Benefits of Tomcat/Catalina

  Tomcat can run a web server by just starting the startup.bat or startup.sh.

  It uses other scripts to setclasspath, start catalina shutdown.   A directory structure is used locally that can contain the classes,

libraries, configurations, etc.   This way multiple tomcat server can be used in their own

containment area, or directory, without affecting other instances of the Java Web Server.

  The Tomcat Web Server is Operating System dependent, and does not require a formal installation or setup to be run. Only that the directory and its contents are copied over correctly.

  Again, all of this is Open Source.



• Tomcat Directory



• Tomcat Directory

  bin Directory containing the scripts and Tomcat JAR files.   conf The properties and XML files that configure the server,

including ports, Admin ports, database connections, etc.   lib The supporting JAR files needed to run Tomcat.   logs log files that are written during runtime and startup.   webapps any WAR files that contain the web applications. WAR

files are similar to JAR files except they also contain the Web pages, like JSPs and Servlets. This is where the Flex applications will be stored.

•  Reference http://tomcat.apache.org/tomcat-3.3-doc/tomcat-ug.html#directory_structure



Catalina

  Tomcat is the web server that presents HTML and Java Server Pages (JSP’s).

  Catalina is the servlet code that responds on the server to server requests and sends its response in HMTL, JSPs and even XML.

  A Servlet will receive a request and issue a response after processing the request. It may do a database lookup, call other code or many other tasks.

  Catalina is a container that will pool, secure, and oversee these servlets as they are configured. The servlets are the binary code to be executed.

  There is a Java Servlet protocol to be explored further at http://en.wikipedia.org/wiki/Java_Servlet#Servlet_containers



Tomcat Management Interface

•  Tomcat has a management interface for loading new applications,



Springsource

•  Spring has several reference applications for MVC and Webflow. •  They can be found at http://www.springsource.org/webflow-samples . •  The installation of Webflow can be found

http://www.installationwiki.org/Setup_for_Spring_Web_Flow_2 .



Apache Maven



• What is it?

  Apache Maven 2 is a software tool for Java project management and build automation.

  It uses a .pom file in XML form that will generate a configuration for pulling down libraries from Maven repositories, building the project and even testing the project with results.

  See http://en.wikipedia.org/wiki/Apache_Maven, http://maven.apache.org/guides/getting-started/index.html, http://maven.apache.org/guides/getting-started/index.html and http://maven.apache.org/ as a reference.



• POM

  The Project Object Model (POM) is used in Apache Maven to describe the software project being built.

  The POM can also be generated using IDE’s like NetBeans that will use a plugin to Maven to generate the files.

  The POM files are in XML format.



POM Example



Maven Directory structure

  Maven uses a predefined directory structure called a standard project structure.

  The pom.xml will be stored in the project home directory which is the base directory for the file tree.

  From this base directory, there will be a src and target directory:



• Maven Directory structure

  The src/main/java directory is where the Java source code is stored.

  The src/main/resources are where the application resources are stored like GIF files.

  The src/main/config are where the configuration files are stored.   The src/main/webapp are where the web application WAR files

are stored.   The src/test/java are where the Unit test files are stored.



• Running Maven

  The “mvn” command is used to run maven. It must be executed in the project home directory. Here are some of the commands:



Spring Roo



Spring Roo Intro

  Spring Roo, http://en.wikipedia.org/wiki/Spring_Roo , is an open source software tool that uses convention-over-configuration principles to provide rapid application development of Java-based enterprise software.

  The reulsing application use common Java technologies such as Spring Framework, Java Persistence API, Java Server Pages, Apache Mavin and AspectJ.

  The Spring Roo home page can be found at http://www.springsource.org/roo .

  A good tutorial can be found at http://blog.springsource.com/2009/05/27/roo-part-2/

  Installation can be found at http://www.springsource.org/roo/start



Why Spring Roo?

  Spring Roo is mentioned in http://europe.springone.com/dl/springone-amsterdam-2009/slides/RodJohnson_WelcomeKeynote.pdf as part of the Future of Java Innovation.

  A great case study is the Tom-Tom, http://www.tomtom.com/ , where it cut development time by 50% for a customer base of 45 million, http://www.springsource.org/node/3001 .



Spring Roo Download

  Spring Roo can also be incorporated in the Spring Tool Suite, http://www.springsource.com/developer/sts which is a Eclipse UI running a VMWare vFabric optimized server for Spring.



Spring Roo Web Flow

  To install Spring web flow on Spring Roo, we will use the “roo> web flow” command. A project has to be created first, and we will start with the PetClinic that comes a Samples/clinic.roo file to get started.



Spring Roo Web Flow

  Many artifacts are created, including a pom.xml for a Maven build, and the templated src files,



Spring Roo Web Flow

  Next, run “perform tests” to see if everything generated correctly, which will run for several minutes (it will perform Maven JUnit tests in the src directory)…



Spring Roo Web Flow

  Look for the “Build Success” …



Spring Roo Web Flow

  Add the webflow and perform tests after, do “perform tests” after significant changes to ensure there are no issues….



Spring Roo Web Flow

  The web flow command will create the flow view state files in \src\main\webapp\WEB-INF\views\sampleflow and a webflow-config .xml in \src\main\webapp\WEB-INF\spring, the views appear as:



Log4J

  A Log4J logger is created in src/main/resources/log4j.properties, and can be changed so it logs to a file appender, see http://logging.apache.org/log4j/1.2/manual.html



Running

  Running the new Pet Clinic application in tomcat can be done from Maven.

  Quit Roo and run “mvn clean tomcat:run” in the project.



Running

  Then access the browser with http://localhost:8080/petclinic/ and select the SampleFlow to access the web flow.



Wedding

  A Wedding RSVP example that uses HSQL DB as a database can be found at http://blog.springsource.com/2009/05/27/roo-part-2/



HSQL Database

  HSQLDB (Hyper Structured Query Language Database) is a relational database management system written in Java. See http://en.wikipedia.org/wiki/HSQLDB .

  HSSQLDB is loaded at runtime of Tomcat through its JDBC Java Database Driver, so it does not persist information in a database that is already loaded into the Operating System like MySQL or SQL Server. Therefore, HSSQLDB is normally used in a development environment.

  Where is the data saved?   The configuration of the HSSQLDB is saved in the “database/

jiradb.properties” file.   The data of the HSSQLDB is saved in the “database/

jiradb.script” file.



HSQL Database

  In the configuration, I set the properties to /tmp/our-wedding, the “/tmp” is the directory and the “our-wedding” are the files.

  From database properties set --key database.url --value jdbc:hsqldb:/tmp/our-wedding



HSQL Database

  Where is the data saved?   The configuration of the HSQLDB is saved in the “/tmp/our-

wedding.properties” file.   The data of the HSSQLDB is saved in the “/tmp/our-

wedding.script” file.   The hsqldb-1.8.0.10.jar , running from Maven, will be from a

~Home\.m2\repository\hsqldb directory that has stored Maven running JARs.

  Notice the data saved in script when entering an RSVP:



HS SQL Display

  Running “java -cp hsqldb-1.8.0.10.jar org.hsqldb.util.DatabaseManager -user sa -url jdbc:hsqldb:our-wedding” :



Maven Selenium

  Selenium, web testing, can also be run from Maven using “mvn selenium:selenese”

  Selenium is a Firefox plugin, so FireFox must be installed.   The Tomcat server must also be running from the previous “mvn

tomcat:run” example.   A Firefox browser will appear during the run and a “wedding\target

\selenium.html” will be the result.



Maven Selenium

  Running the command “mvn selenium:selenese”



Maven Selenium

  The selenium.html results:



What is Selenium IDE

  Selenium IDE is another Open Source concept that is a Integrated Development Environment running on top of the FireFox browser as a plugin.   Supports load testing.   This allows a recording of the browser actions that can be played

back execute buttons being pushed and actions inside the browser.

  Assertions can be executed on the HTML pages itself for checking specific information.

  The test itself can be exported into Java, .NET, Perl, Ruby, etc, and then code to execute the tests in that language.



Selenium IDE Test (running from Firefox)



Selenium is now integrated in the site

  Running in Firefox, we can select Selenium Tests,



Selenium is now integrated in the site

  We get the last tests,



Setting Log4j

  Running “roo> logging setup --package WEB --level DEBUG” will rewrite the “log4j.properties” to log on Debug with the spring framework.



Log4j

  Even though the basic JDK logging framework can accept changes on destination through its Handler in the “logging.properties”, Log4j offers more advanced features in its XML use of its Appender class.

  Appenders add functionality to add logging to the current logging, for instance printing to the console and then adding appenders to send email logs through SMTP.

  Log4j supports XML configuration and a text configuration in log4j.properties.

  Log4J is an Apache framework found at http://logging.apache.org/log4j/1.2/ and more information can be found at http://en.wikipedia.org/wiki/Log4j



An example Log4j JSP code

• <%@ page import="org.apache.log4j.Logger" %><html><head> <title>Demonstration log4j usage in jsp</title></head><body> <% Logger log = Logger.getLogger("com.demo.test"); log.debug("Show DEBUG message"); log.info("Show INFO message"); log.warn("Show WARN message"); log.error("Show ERROR message"); log.fatal("Show FATAL message"); %> <b> The log messages are shown in the Tomcat console and in the ${catalina.home}/logs/demo.log file. </b></body></html>



An example Log4j demo.log

• 2008-08-11 20:03:43,379 [com.demo.test] DEBUG - Show DEBUG message. 2008-08-11 20:03:43,409 [com.demo.test] INFO - Show INFO message. 2008-08-11 20:03:43,409 [com.demo.test] WARN - Show WARN message. 2008-08-11 20:03:43,409 [com.demo.test] ERROR - Show ERROR message. 2008-08-11 20:03:43,419 [com.demo.test] FATAL - Show FATAL message.



An example SMTP Appender

  An Appender is configured in the log4j.properties to define the loggers. Here is a sample of an logger to send email logs:



Spring Security

  Spring security is the de-facto standard for securing Spring application. It is a highly customizable authentication and access-control framework. http://static.springsource.org/spring-security/site/

  Running “roo> security setup”,



Spring Security   While Spring Security templates are now stubbed out, the

applicationContext-Security.xml needs to be edited to point to newly created Login page:



Now we get out Login page   Login page:



Backup   Run “roo> backup” to created a backup zip of the current src:



MVC   Run “roo> controller class --class ~.web.PublicRsvpController” to

create the stubs for a Controller class.



MVC   The PublicRsvpController.java stub.   @RequestMapping will map the URL to the Controller   @Controller will define this as a Controller class.   For example, index will be called from the URL, then process the

function and call the View.



Entity (Model)   Next, we will create a Roo Finder.   Roo Finders provide methods to search through your entities

using JPA.   We will list the available finders using “roo> finder list”:



Entity (Model)   Next, we will create one of the available Roo Finders by using

“roo> finder add”.



Entity (Model)   Among many things, it will set the @RooEntity in the Rsvp.java

file to add the finder and a corresponding Rsvp_Roo_Finder.aj (AspectJ) file that defines the finder query.



Email   Roo can also set up the stubs for email support using “roo> email

sender setup”, the email.properties will be used to set up the SMPT connection properties:



Setting up for STS   Roo can also set up the project files for STS, or Eclipse, by

running “roo> perform eclipse”:



Import into STS   After an Eclipse/STS project is set up, it can now be imported

into STS from the File->Import->General->Existing Project:



Import into STS   Imported….



Fields and Pizza.roo



Commands   To view the available commands, just push TAB:



Pizza.roo   Some of this is covered in

http://static.springsource.org/spring-roo/reference/html-single/index.html

  Creating the top level with “project –topLevelPackage com.springsource.roo.pizzashop”:



Hint   Typing in “hint” will assist us in what to do next, and typing part

of the command and TAB will give us options:



Persistence   We set up HSQL DB persistence by running “persistence setup --

provider HIBERNATE --database HYPERSONIC_IN_MEMORY” :



Persistence   We can see the database properties by running “database

properties list” :



Creating our first Entity   The enities are models that will map to the database, and the first

one is treated like a base class to add fields to, using “entity –class ~.domain.Topping –testAutomatically” :



Creating our first Entity   Our class, the @RooEntity is a JPA annotation, @RooJavaBean

creates JaveBean accessors and mutators, see http://static.springsource.org/spring-roo/org.springframework.roo.annotations/apidocs/ :



Creating our first Fields   First, let’s see what fields are available, like enum and date:



Creating our first Fields   While looking at Springs validation from annotation, we know

that Spring can annotate a field, like @NotNull, and it will give an exception if a null is passed through.

  Roo can put these in when declaring fields, and these are available with the string field:



Creating our first Fields   Let’s create a simple string called “name” with “field string –

fieldName name –notNull –sizeMin 2”:

  As:



Creating more Fields   To just simplify some of the running, I am going to create a small

script of classes and fields, and use “script fields.roo”, like Pizza and price, to run it:

  Running:



Adding Relationships   Adding many toppings to a Pizza, with “field set --fieldName

toppings --type ~.domain.Topping”, notice we are in the Pizza domain:

  It created the “toppings” field in the Pizza class:



Adding Relationships   Now we add the Many to One, by adding the Base class to the

Pizza class:

  It created the “base” field in the Pizza class:



Creating more Fields   Creating fields2.roo for PizzaOrder, which has name, address,

total and delivery Date:

  Running:



Enum Field Commands   Creating Enum Field commands can be found at

http://static.springsource.org/spring-roo/reference/html/command-index.html#command-index-enum-constant



Adding Enum   Lets’s add a DeliveryType enum with “enum type –class

~.domain.DeliveryTypeEnum”, and add the field to PizzaOrder:



Adding Enum   It added DeliveryType into the PizzaOrder:



Maven perform commands   There are many perform commands that will execute from

Maven:

  Perform “package” creates the JAR or WAR, “eclipse” will create an Eclipse project, “tests” perform the Maven tests, “command” Maven specific command, “clean” will execute a full clean.



Perform tests   Using “perform tests” checks to see if there are currently issues

with the source code (Always wait for the “Build Success” or “Build Failure” at the end):



Creating the Web tier   Use “web mvc setup” will setup the basic Web configutation,

JSPXs, icons, and png files in a webapp directory.



Creating the Web tier   If you look through the files, you will notice under webapps

\WEB-INF\views several files like “index.jspx”, “header.jspx”, “footer.jspx” and exception jspx files.

  Some of these files are defined in “layouts.xml”:



Creating the Web tier   The layouts.xml file is defining the Apache Tiles format.   Roo will put this layout will put Tiles, or templates, in the

following format:



Apache Tiles   Apache Tiles is a templating framework built to simplify the

development of the web application user interfaces.   See http://tiles.apache.org/   Tiles is similar to JSTL templates to form the composite of a

website.   To customize these pages, you merely need to customize the

various parts that make up the pages.



Web MVC   The previous “web mvc setup” command only setup some basic

views, but not the controllers.   Looking at other available “web mvc” commands”

  “web mvc all” will create all the controllers but a package name is required.



Web MVC All   Running “web mvc all --package ~.web” will give us controllers

for all the entities in the “com\sprinsource\roo\pizzashop\web\” directory:



The Controller   Looking at the Controller, we see that it has the “@Controller”

annotation, the “@RequestMapping” for the URL, and the “@RooWebScaffold” which will define the path of the class and the View to back out into, see http://static.springsource.org/spring-roo/reference/html/base-web.html :

  Scaffolding are the Roo annotations that provide the ability to automatically generate View and Controller information.



Maven Tomcat Run   To run the Pizza Shop, we run the Maven command outside of

Roo, “mvn tomcat:run”:



Running   Browse http://localhost:8080/pizzashop/ :



Vote.Roo With JMS and Email



Vote.Roo

  There are several examples in the /Spring-Roo/samples directory. http://static.springsource.org/spring-roo/reference/html/intro.html   Clinic.roo is the PetClinic script and demonstrates entity

relationships of different cardinalities.   Vote.roo is the Voting sample that demonstrates Spring Security,

JMS and email support.   Wedding.roo demonstrates a Weddign RSVP program.   Expenses.roo is a Google Web Toolkit (GWT) example that shows

GWT scaffolding.   A good tutorial on vote.roo can be found at

http://stsmedia.net/introducing-spring-roo-part-2-security-jms-email-support/



Vote.Roo

  Let’s start by creating the directory and running “script vote.roo”.



Vote.Roo

  We see that vote.roo will setup its HSQLDB.



Vote.Roo

  And some basic security in “applicationContext-security.xml”.



Vote.Roo

  Readinf vote.roo, we see the scripts that create these as “persistence setup --provider HIBERNATE --database HYPERSONIC_PERSISTENT” and “security setup”:



Vote.Roo

  Running out of the box, we run “mvn tomcat:run” and browse http://localhost:8080/vote/ :



Vote.Roo

  When clicking on “Create New Choice”, we are going to be forwarded to a Login page, this is because “applicationContext-security.xml” has “choices/**” access is the Admin Role.



Vote.Roo

  We are forwarded to a Login Screen.



Vote.Roo

  The roles are also currently saved in “applicationContext-security.xml”. The passwords are saved in a sha-256 hash format so they are not readable:



Vote.Roo

  That 256 byte string for the Admin’s password will simply be hashed from the password “admin”. Using “admin”,”admin”,



Vote.Roo

  Now we can create a choice saved in HSQLDB,



Vote.Roo

  And add a Vote with Drop-Down name, IP and Date,



Vote.Roo

  Let’s look at the Calendar, the Calendar is being loaded as a Spring Decoration that is loading dijit code from datetime.tagx

  Reading vote.roo, this is create with the “field date registered –type java.util.Date –notnull –past”:



Vote.Roo And JMS



JMS

  Java Messaging Service, is a publish-subscribe protocol to queue requests. See http://en.wikipedia.org/wiki/Java_Message_Service

  The Spring Roo JMS commands can be found at http://static.springsource.org/spring-roo/reference/html/command-index.html#command-index-jms-setup



JMS

  Spring JMS is JMS that works inside the Spring framework, and the Spring framework nuisances must be understood. A good introduction can be found at http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/jms.html

  In JMS, there will be a Producer, that sends messages, and a Consumer, that receives messages.

  The package “org.springframework.jms.core” provides the core functionality for using JMS.

  The package “org.springframework.jms.support” provides JMSException translation functionality.

  The JmsTemplate class is the central class in the JMS core package. It contains many convenience methods to send a message.



Apache ActiveMQ

  One of the best Open Source mechanism mentioned on Wiki’s page is Apache’s ActiveMQ. See http://en.wikipedia.org/wiki/ActiveMQ and http://activemq.apache.org/

  Active MQ supports languages like C/C++, .NET, and scripting languages like Python, Perl and PHP.

  It also has Ajax support and a REST API.



Our Technique

  For vote.roo, we will set up a MyAccesListener and JmsTopicSecurityListener.

  The MyAccessListener will listen for Access Exceptions in Vote and send a message to the Queue using the JmsTemplate.

  The JmsTopicSecurityListener will listen for the message with the onMessage function and send an email to the administrator.



Creating the Access Listener

  First, create the class with “class –class ~.security.MyAccessListener”, which create an empty class.



Creating the Access Listener

  Now, we will add the Application Listener code and print bad authentications, we use @Component to have it load:



Adding the Bean

  Starting up Tomcat with “mvn tomcat:run” , I login incorrectly into the Vote app and it prints the “not Authorized” information in the Tomcat window:



Adding JMS

  We are going to set up JMS with the service name as “securityAlerts” and the type as “TOPIC”.

  The type is either QUEUE, with messages to be read, or TOPIC, which are particular messages sent to multiple subscribers.

  Running “jms setup --provider ACTIVEMQ_IN_MEMORY --destinationType TOPIC --destinationName securityAlerts”



Adding JMSTemplate

  Now we add JmsTemplate to MyAccessListener to send JMS messages with “field jms template” since we are in the context on MyAccessListener (Note: This will Autowire JmsTemplate, so then remove the MyAccessListener bean from applicationContext.xml):



Adding JMS Listener

  Now we create the JMS Listener class with “jms listener class --class ~.security.JmsSecurityTopicListener --destinationName securityAlerts --destinationType TOPIC”, which will be basic class with the onMessage:



We add to MyAccessListener

  We are going to add some code to MyAccessListener to format the event:



Set up the email properties

  Revisiting the Roo commands:



Set up the email properties

  We are now setting up the email properties with “email sender setup --hostServer localhost --protocol SMTP --port 587 --username rich --password secret%pass” and view it with “properties list --name email.properties --path SPRING_CONFIG_ROOT”:



Email Template

  We will now setup an email in JmsTopicListener to send emails when it receives a message with “field email template --class ~.security.JmsSecurityTopicListener” :



Email Template

  Add the code to call sendMessage:



Testing Email

  To test email, we will set up a local SMTP server for test called Neptune, http://donovanbrown.com/post/Neptune.aspx



Testing Email

  Testing again, Neptune receives an email for an invalid Login (this was a lot of work, but there is a lot of functionality):



SQL Role Access



MySQL

  We are going to install MySQL.   A free Open Source database that can run as a service and is more

relational for production use is the MySQL database. See http://en.wikipedia.org/wiki/MySQL .

  Install MySQL from http://www.mysql.com/downloads/mysql/   Here is an example to create the myTestAppDB:

  mysql> create database myTestAppDB character set utf8;   Here is an example to create user “myUser” password “XXXXXXXX”

•  mysql> CREATE USER ‘myUser’@’localhost’ IDENTIFIED BY ‘XXXXXXXX’;

•  mysql> GRANT ALL PRIVILEGES ON *.* TO ‘jirauser’@’localhost’ WITH GRANT OPTION;



Typical Security

  In order to save some time, we are going to use a Roo addon package called Typical Security.

  Typical Security can be found at http://code.google.com/p/spring-roo-addon-typical-security/



Typical Security roo

  We are going to run the following roo script which will setup typical security:



Database Properties

  To see the “database.properties”, run “database properties list” :



Running

  We will run the “mvn tomcat:run” as before, and browse to http://localhost:8080/testapp-web/.



Running

  We will create a new user by going through signup (Notice it already has Captcha and the fields):



Running

  We are successful:



Running

  We are successful by looking at the users:



Running

  We are successful by looking at the MySQL database:



LDAP



LDAP

  The Lightweight Directory Access Protocol (LDAP) is a protocol for storing directory services for an organization that usually includes user, group and machine policies. An example of an LDAP server is Microsoft’s Active Directory. See http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol   LDAP servers are commonly used to store roles and access privileges as well.   http://en.wikipedia.org/wiki/List_of_LDAP_software provides a list of LDAP browsers like JXplorer, http://en.wikipedia.org/wiki/JXplorer , and Apache Directory Studio, http://directory.apache.org/studio/ . These are for managing the LDAP Servers.



Choosing the LDAP Server

 There are many LDAP servers, and OpenDS, Open Directory Services, is one of the popular Open Source servers that is written in Java and sponsored by Sun. http://en.wikipedia.org/wiki/OpenDS   I will be using the Apache Directory Server, http://directory.apache.org/apacheds/1.5/ simply because I am using mostly Apache tools and want to try to minimize any integration issues.   It will default as a Window’s Service in Windows XP, and the instructions for logging in and managing can be found at http://directory.apache.org/apacheds/1.5/apacheds-v15-basic-users-guide.html   Since I am using ApacheDS, I will use the Apache Directory Studio that comes with a ApacheDS management tool, http://directory.apache.org/studio/



Choosing the LDAP Browser

 There are many LDAP servers, and OpenDS, Open Directory Services, is one of the popular Open Source servers that is written in Java and sponsored by Sun. http://en.wikipedia.org/wiki/OpenDS   I will be using the Apache Directory Studio, simply http://directory.apache.org/ simply because I am using mostly Apache tools and want to try to minimize any integration issues.   Apache Directory Studio is easy to install and can be found at http://directory.apache.org/studio/   It will default as a Window’s Service in Windows XP, and the instructions for logging in and managing can be found at http://directory.apache.org/studio/users-guide.html



Apache Directory Studio

  After installing the ApacheDS, and Directory Studio, I can browse and edit the LDAP Server:



Spring-LDAP

  Spring has a couple of JARS that are needed for the Spring connectors to LDAP.   Spring-ldap downloads and documentation can be found at Information can be found at http://www.springsource.org/ldap   We can run the Spring-LPAP examples by:



Spring-LDAP

  Accessing the sample, we can add users to the LDAP server:



LDAP-Server

  Accessing the sample, we can add users to the LDAP server:



Pom.xml

 We will have to add the Spring LDAP libraries to the build by editing the Pom.xml:

spring roo rev005

Documents

tomcat console

log messages