spring roo rev005
TRANSCRIPT
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Spring Roo (By Rich Helton)
(Date September 15, 2011)
State of Colorado Office of Cyber Security
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Spring Framework, AOP and IoC
Aspect Oriented Programming takes Object Oriented Programming one step further by separating out the cross-cutting concerns and assigning them to the framework. An example of a cross-cutting concern is Transaction management. The Spring framework is an Open source framework that introduces AOP by managing, or taking care of the plumbing, of the business objects. http://www.springsource.com/ Spring introduces the concept of Inversion of Control (IoC), which simply means instead of having the application call the framework, the framework will call the components defined by the application. I like to think of IoC as collecting the application pieces in modular blocks. The IoC will pass the appropriate object into the Class when it needs to work with that object. Spring provides the "Spring Security" framework that allows different implementations to be connected seamlessly to the application.
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Spring • The Spring Framework is an open source application framework for the
Java platform. See http://en.wikipedia.org/wiki/Spring_Framework • Besides the benefits of using IOC and AOP, Spring comes with many
frameworks for Web Flow, MVC, Annotations, Transaction Management and Data Access. Spring Roo is a quick way to put those pieces together.
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
MVC
The Model-View-Controller is the most common design pattern in Software Architecture. Here are the pieces:
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Spring MVC
Spring has its own MVC framework. See http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/mvc.html
Spring MVC is designed around a DispatcherServlet that dispatches the requests to handlers. Theses handlers are handled through the configuration which will map them, the views, and define the locale, uploading files and other configurations.
The Controller is defined through the @Controller annotation. Mapping URLs are done through the @RequestMapping annotation. This
mapping can be done in the controller as well. The ModelMap class can be used to map the model to the view for display. The model is simply an entity that can also be passed from the View to the
Controller and from the Controller to the View. The ModelAndView function contains the Model and View information for
mapping to the View from the Controller.
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Spring Web Flow The system is ideal for building web application modules that guide the user
through controlled navigations that drive business process. The Web Flow philosophy says that any page can be drawn as a simple
flow chart where each state in the page flow is either a view or the action. Web Flow manages the transition between states and requires input from
the actions , or the views, to determine the next step of the configured execution path of the page flow.
See http://www.ervacon.com/products/swf/intro/index.html The Web Flow will have a Controller, a FlowController, that could be for
different web flows like an Ajax FlowController. The FlowController is a JavaBean in the application context of the
DispatcherServlet. The Web Flow will have a web flow schema that will define the different
states, like view states and action states that are used. The Flow Controller will use a Flow Executer to execute these states in the
schema.
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
What are Spring Faces
• When working with Spring Web Flow, and connecting Java Server Faces, there needs to be a layer integrating the two frameworks. That layer is Spring Faces.
• See http://static.springsource.org/spring-webflow/docs/2.0-m1/reference/spring-faces.html and http://static.springsource.org/spring-webflow/docs/2.0.x/reference/html/ch12.html
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
What are JavaServer Faces
• JavaServer Faces (JSF) is a request-driven MVC web framework based on component-driven UI design model, using XML files called view templates or Facelets views
• See http://en.wikipedia.org/wiki/JavaServer_Faces • JSF is a server-side technology for developing web applications with rich
user interfaces. Which includes a framework for validation, error handling, data conversion, internalization and custom components.
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Tomcat
• Tomcat can be downloaded http://tomcat.apache.org/ , and is a Servlet Container that can run Java Objects.
• This is one of the free Spring supported Web Servers from Apache, others include Apache Geronimo, JBoss, Oracle WebLogic and many more.
• Tomcat has a startup.bat or startup shell to start the server. • After it starts, it can be accessed using http://127.0.0.1:8080/ • Many of the deployments will be deployed in the /WebApps/ directory as a
WAR (Web Archive) file, similar to a JAR (Java Archive) file. See http://en.wikipedia.org/wiki/WAR_(Sun_file_format)
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
• Tomcat
Tomcat is a Servlet and Java Server Pages Container developed by Apache, reference http://en.wikipedia.org/wiki/Tomcat_(software) and http://tomcat.apache.org/ .
It provides a Java HTTP Server to run Java code. Catalina is Tomcat’s servlet container. A servlet container a Java class that responds to HTTP requests. A HTTP request is an HTTP page that will call Java code and
execute an action running on the Tomcat Server. The Tomcat server may be started with a startup script and use
different ports so that many servers may be provide different services.
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Benefits of Tomcat/Catalina
Tomcat can run a web server by just starting the startup.bat or startup.sh.
It uses other scripts to setclasspath, start catalina shutdown. A directory structure is used locally that can contain the classes,
libraries, configurations, etc. This way multiple tomcat server can be used in their own
containment area, or directory, without affecting other instances of the Java Web Server.
The Tomcat Web Server is Operating System dependent, and does not require a formal installation or setup to be run. Only that the directory and its contents are copied over correctly.
Again, all of this is Open Source.
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
• Tomcat Directory
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
• Tomcat Directory
bin Directory containing the scripts and Tomcat JAR files. conf The properties and XML files that configure the server,
including ports, Admin ports, database connections, etc. lib The supporting JAR files needed to run Tomcat. logs log files that are written during runtime and startup. webapps any WAR files that contain the web applications. WAR
files are similar to JAR files except they also contain the Web pages, like JSPs and Servlets. This is where the Flex applications will be stored.
• Reference http://tomcat.apache.org/tomcat-3.3-doc/tomcat-ug.html#directory_structure
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Catalina
Tomcat is the web server that presents HTML and Java Server Pages (JSP’s).
Catalina is the servlet code that responds on the server to server requests and sends its response in HMTL, JSPs and even XML.
A Servlet will receive a request and issue a response after processing the request. It may do a database lookup, call other code or many other tasks.
Catalina is a container that will pool, secure, and oversee these servlets as they are configured. The servlets are the binary code to be executed.
There is a Java Servlet protocol to be explored further at http://en.wikipedia.org/wiki/Java_Servlet#Servlet_containers
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Tomcat Management Interface
• Tomcat has a management interface for loading new applications,
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Springsource
• Spring has several reference applications for MVC and Webflow. • They can be found at http://www.springsource.org/webflow-samples . • The installation of Webflow can be found
http://www.installationwiki.org/Setup_for_Spring_Web_Flow_2 .
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Apache Maven
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
• What is it?
Apache Maven 2 is a software tool for Java project management and build automation.
It uses a .pom file in XML form that will generate a configuration for pulling down libraries from Maven repositories, building the project and even testing the project with results.
See http://en.wikipedia.org/wiki/Apache_Maven, http://maven.apache.org/guides/getting-started/index.html, http://maven.apache.org/guides/getting-started/index.html and http://maven.apache.org/ as a reference.
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
• POM
The Project Object Model (POM) is used in Apache Maven to describe the software project being built.
The POM can also be generated using IDE’s like NetBeans that will use a plugin to Maven to generate the files.
The POM files are in XML format.
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
POM Example
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Maven Directory structure
Maven uses a predefined directory structure called a standard project structure.
The pom.xml will be stored in the project home directory which is the base directory for the file tree.
From this base directory, there will be a src and target directory:
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
• Maven Directory structure
The src/main/java directory is where the Java source code is stored.
The src/main/resources are where the application resources are stored like GIF files.
The src/main/config are where the configuration files are stored. The src/main/webapp are where the web application WAR files
are stored. The src/test/java are where the Unit test files are stored.
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
• Running Maven
The “mvn” command is used to run maven. It must be executed in the project home directory. Here are some of the commands:
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Spring Roo
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Spring Roo Intro
Spring Roo, http://en.wikipedia.org/wiki/Spring_Roo , is an open source software tool that uses convention-over-configuration principles to provide rapid application development of Java-based enterprise software.
The reulsing application use common Java technologies such as Spring Framework, Java Persistence API, Java Server Pages, Apache Mavin and AspectJ.
The Spring Roo home page can be found at http://www.springsource.org/roo .
A good tutorial can be found at http://blog.springsource.com/2009/05/27/roo-part-2/
Installation can be found at http://www.springsource.org/roo/start
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Why Spring Roo?
Spring Roo is mentioned in http://europe.springone.com/dl/springone-amsterdam-2009/slides/RodJohnson_WelcomeKeynote.pdf as part of the Future of Java Innovation.
A great case study is the Tom-Tom, http://www.tomtom.com/ , where it cut development time by 50% for a customer base of 45 million, http://www.springsource.org/node/3001 .
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Spring Roo Download
Spring Roo can also be incorporated in the Spring Tool Suite, http://www.springsource.com/developer/sts which is a Eclipse UI running a VMWare vFabric optimized server for Spring.
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Spring Roo Web Flow
To install Spring web flow on Spring Roo, we will use the “roo> web flow” command. A project has to be created first, and we will start with the PetClinic that comes a Samples/clinic.roo file to get started.
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Spring Roo Web Flow
Many artifacts are created, including a pom.xml for a Maven build, and the templated src files,
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Spring Roo Web Flow
Next, run “perform tests” to see if everything generated correctly, which will run for several minutes (it will perform Maven JUnit tests in the src directory)…
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Spring Roo Web Flow
Look for the “Build Success” …
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Spring Roo Web Flow
Add the webflow and perform tests after, do “perform tests” after significant changes to ensure there are no issues….
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Spring Roo Web Flow
The web flow command will create the flow view state files in \src\main\webapp\WEB-INF\views\sampleflow and a webflow-config .xml in \src\main\webapp\WEB-INF\spring, the views appear as:
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Log4J
A Log4J logger is created in src/main/resources/log4j.properties, and can be changed so it logs to a file appender, see http://logging.apache.org/log4j/1.2/manual.html
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Running
Running the new Pet Clinic application in tomcat can be done from Maven.
Quit Roo and run “mvn clean tomcat:run” in the project.
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Running
Then access the browser with http://localhost:8080/petclinic/ and select the SampleFlow to access the web flow.
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Wedding
A Wedding RSVP example that uses HSQL DB as a database can be found at http://blog.springsource.com/2009/05/27/roo-part-2/
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
HSQL Database
HSQLDB (Hyper Structured Query Language Database) is a relational database management system written in Java. See http://en.wikipedia.org/wiki/HSQLDB .
HSSQLDB is loaded at runtime of Tomcat through its JDBC Java Database Driver, so it does not persist information in a database that is already loaded into the Operating System like MySQL or SQL Server. Therefore, HSSQLDB is normally used in a development environment.
Where is the data saved? The configuration of the HSSQLDB is saved in the “database/
jiradb.properties” file. The data of the HSSQLDB is saved in the “database/
jiradb.script” file.
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
HSQL Database
In the configuration, I set the properties to /tmp/our-wedding, the “/tmp” is the directory and the “our-wedding” are the files.
From database properties set --key database.url --value jdbc:hsqldb:/tmp/our-wedding
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
HSQL Database
Where is the data saved? The configuration of the HSQLDB is saved in the “/tmp/our-
wedding.properties” file. The data of the HSSQLDB is saved in the “/tmp/our-
wedding.script” file. The hsqldb-1.8.0.10.jar , running from Maven, will be from a
~Home\.m2\repository\hsqldb directory that has stored Maven running JARs.
Notice the data saved in script when entering an RSVP:
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
HS SQL Display
Running “java -cp hsqldb-1.8.0.10.jar org.hsqldb.util.DatabaseManager -user sa -url jdbc:hsqldb:our-wedding” :
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Maven Selenium
Selenium, web testing, can also be run from Maven using “mvn selenium:selenese”
Selenium is a Firefox plugin, so FireFox must be installed. The Tomcat server must also be running from the previous “mvn
tomcat:run” example. A Firefox browser will appear during the run and a “wedding\target
\selenium.html” will be the result.
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Maven Selenium
Running the command “mvn selenium:selenese”
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Maven Selenium
The selenium.html results:
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
What is Selenium IDE
Selenium IDE is another Open Source concept that is a Integrated Development Environment running on top of the FireFox browser as a plugin. Supports load testing. This allows a recording of the browser actions that can be played
back execute buttons being pushed and actions inside the browser.
Assertions can be executed on the HTML pages itself for checking specific information.
The test itself can be exported into Java, .NET, Perl, Ruby, etc, and then code to execute the tests in that language.
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Selenium IDE Test (running from Firefox)
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Selenium is now integrated in the site
Running in Firefox, we can select Selenium Tests,
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Selenium is now integrated in the site
We get the last tests,
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Setting Log4j
Running “roo> logging setup --package WEB --level DEBUG” will rewrite the “log4j.properties” to log on Debug with the spring framework.
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Log4j
Even though the basic JDK logging framework can accept changes on destination through its Handler in the “logging.properties”, Log4j offers more advanced features in its XML use of its Appender class.
Appenders add functionality to add logging to the current logging, for instance printing to the console and then adding appenders to send email logs through SMTP.
Log4j supports XML configuration and a text configuration in log4j.properties.
Log4J is an Apache framework found at http://logging.apache.org/log4j/1.2/ and more information can be found at http://en.wikipedia.org/wiki/Log4j
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
An example Log4j JSP code
• <%@ page import="org.apache.log4j.Logger" %><html><head> <title>Demonstration log4j usage in jsp</title></head><body> <% Logger log = Logger.getLogger("com.demo.test"); log.debug("Show DEBUG message"); log.info("Show INFO message"); log.warn("Show WARN message"); log.error("Show ERROR message"); log.fatal("Show FATAL message"); %> <b> The log messages are shown in the Tomcat console and in the ${catalina.home}/logs/demo.log file. </b></body></html>
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
An example Log4j demo.log
• 2008-08-11 20:03:43,379 [com.demo.test] DEBUG - Show DEBUG message. 2008-08-11 20:03:43,409 [com.demo.test] INFO - Show INFO message. 2008-08-11 20:03:43,409 [com.demo.test] WARN - Show WARN message. 2008-08-11 20:03:43,409 [com.demo.test] ERROR - Show ERROR message. 2008-08-11 20:03:43,419 [com.demo.test] FATAL - Show FATAL message.
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
An example SMTP Appender
An Appender is configured in the log4j.properties to define the loggers. Here is a sample of an logger to send email logs:
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Spring Security
Spring security is the de-facto standard for securing Spring application. It is a highly customizable authentication and access-control framework. http://static.springsource.org/spring-security/site/
Running “roo> security setup”,
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Spring Security While Spring Security templates are now stubbed out, the
applicationContext-Security.xml needs to be edited to point to newly created Login page:
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Now we get out Login page Login page:
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Backup Run “roo> backup” to created a backup zip of the current src:
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
MVC Run “roo> controller class --class ~.web.PublicRsvpController” to
create the stubs for a Controller class.
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
MVC The PublicRsvpController.java stub. @RequestMapping will map the URL to the Controller @Controller will define this as a Controller class. For example, index will be called from the URL, then process the
function and call the View.
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Entity (Model) Next, we will create a Roo Finder. Roo Finders provide methods to search through your entities
using JPA. We will list the available finders using “roo> finder list”:
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Entity (Model) Next, we will create one of the available Roo Finders by using
“roo> finder add”.
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Entity (Model) Among many things, it will set the @RooEntity in the Rsvp.java
file to add the finder and a corresponding Rsvp_Roo_Finder.aj (AspectJ) file that defines the finder query.
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Email Roo can also set up the stubs for email support using “roo> email
sender setup”, the email.properties will be used to set up the SMPT connection properties:
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Setting up for STS Roo can also set up the project files for STS, or Eclipse, by
running “roo> perform eclipse”:
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Import into STS After an Eclipse/STS project is set up, it can now be imported
into STS from the File->Import->General->Existing Project:
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Import into STS Imported….
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Fields and Pizza.roo
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Commands To view the available commands, just push TAB:
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Pizza.roo Some of this is covered in
http://static.springsource.org/spring-roo/reference/html-single/index.html
Creating the top level with “project –topLevelPackage com.springsource.roo.pizzashop”:
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Hint Typing in “hint” will assist us in what to do next, and typing part
of the command and TAB will give us options:
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Persistence We set up HSQL DB persistence by running “persistence setup --
provider HIBERNATE --database HYPERSONIC_IN_MEMORY” :
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Persistence We can see the database properties by running “database
properties list” :
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Creating our first Entity The enities are models that will map to the database, and the first
one is treated like a base class to add fields to, using “entity –class ~.domain.Topping –testAutomatically” :
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Creating our first Entity Our class, the @RooEntity is a JPA annotation, @RooJavaBean
creates JaveBean accessors and mutators, see http://static.springsource.org/spring-roo/org.springframework.roo.annotations/apidocs/ :
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Creating our first Fields First, let’s see what fields are available, like enum and date:
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Creating our first Fields While looking at Springs validation from annotation, we know
that Spring can annotate a field, like @NotNull, and it will give an exception if a null is passed through.
Roo can put these in when declaring fields, and these are available with the string field:
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Creating our first Fields Let’s create a simple string called “name” with “field string –
fieldName name –notNull –sizeMin 2”:
As:
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Creating more Fields To just simplify some of the running, I am going to create a small
script of classes and fields, and use “script fields.roo”, like Pizza and price, to run it:
Running:
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Adding Relationships Adding many toppings to a Pizza, with “field set --fieldName
toppings --type ~.domain.Topping”, notice we are in the Pizza domain:
It created the “toppings” field in the Pizza class:
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Adding Relationships Now we add the Many to One, by adding the Base class to the
Pizza class:
It created the “base” field in the Pizza class:
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Creating more Fields Creating fields2.roo for PizzaOrder, which has name, address,
total and delivery Date:
Running:
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Enum Field Commands Creating Enum Field commands can be found at
http://static.springsource.org/spring-roo/reference/html/command-index.html#command-index-enum-constant
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Adding Enum Lets’s add a DeliveryType enum with “enum type –class
~.domain.DeliveryTypeEnum”, and add the field to PizzaOrder:
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Adding Enum It added DeliveryType into the PizzaOrder:
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Maven perform commands There are many perform commands that will execute from
Maven:
Perform “package” creates the JAR or WAR, “eclipse” will create an Eclipse project, “tests” perform the Maven tests, “command” Maven specific command, “clean” will execute a full clean.
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Perform tests Using “perform tests” checks to see if there are currently issues
with the source code (Always wait for the “Build Success” or “Build Failure” at the end):
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Creating the Web tier Use “web mvc setup” will setup the basic Web configutation,
JSPXs, icons, and png files in a webapp directory.
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Creating the Web tier If you look through the files, you will notice under webapps
\WEB-INF\views several files like “index.jspx”, “header.jspx”, “footer.jspx” and exception jspx files.
Some of these files are defined in “layouts.xml”:
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Creating the Web tier The layouts.xml file is defining the Apache Tiles format. Roo will put this layout will put Tiles, or templates, in the
following format:
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Apache Tiles Apache Tiles is a templating framework built to simplify the
development of the web application user interfaces. See http://tiles.apache.org/ Tiles is similar to JSTL templates to form the composite of a
website. To customize these pages, you merely need to customize the
various parts that make up the pages.
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Web MVC The previous “web mvc setup” command only setup some basic
views, but not the controllers. Looking at other available “web mvc” commands”
“web mvc all” will create all the controllers but a package name is required.
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Web MVC All Running “web mvc all --package ~.web” will give us controllers
for all the entities in the “com\sprinsource\roo\pizzashop\web\” directory:
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
The Controller Looking at the Controller, we see that it has the “@Controller”
annotation, the “@RequestMapping” for the URL, and the “@RooWebScaffold” which will define the path of the class and the View to back out into, see http://static.springsource.org/spring-roo/reference/html/base-web.html :
Scaffolding are the Roo annotations that provide the ability to automatically generate View and Controller information.
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Maven Tomcat Run To run the Pizza Shop, we run the Maven command outside of
Roo, “mvn tomcat:run”:
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Running Browse http://localhost:8080/pizzashop/ :
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Vote.Roo With JMS and Email
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Vote.Roo
There are several examples in the /Spring-Roo/samples directory. http://static.springsource.org/spring-roo/reference/html/intro.html Clinic.roo is the PetClinic script and demonstrates entity
relationships of different cardinalities. Vote.roo is the Voting sample that demonstrates Spring Security,
JMS and email support. Wedding.roo demonstrates a Weddign RSVP program. Expenses.roo is a Google Web Toolkit (GWT) example that shows
GWT scaffolding. A good tutorial on vote.roo can be found at
http://stsmedia.net/introducing-spring-roo-part-2-security-jms-email-support/
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Vote.Roo
Let’s start by creating the directory and running “script vote.roo”.
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Vote.Roo
We see that vote.roo will setup its HSQLDB.
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Vote.Roo
And some basic security in “applicationContext-security.xml”.
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Vote.Roo
Readinf vote.roo, we see the scripts that create these as “persistence setup --provider HIBERNATE --database HYPERSONIC_PERSISTENT” and “security setup”:
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Vote.Roo
Running out of the box, we run “mvn tomcat:run” and browse http://localhost:8080/vote/ :
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Vote.Roo
When clicking on “Create New Choice”, we are going to be forwarded to a Login page, this is because “applicationContext-security.xml” has “choices/**” access is the Admin Role.
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Vote.Roo
We are forwarded to a Login Screen.
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Vote.Roo
The roles are also currently saved in “applicationContext-security.xml”. The passwords are saved in a sha-256 hash format so they are not readable:
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Vote.Roo
That 256 byte string for the Admin’s password will simply be hashed from the password “admin”. Using “admin”,”admin”,
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Vote.Roo
Now we can create a choice saved in HSQLDB,
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Vote.Roo
And add a Vote with Drop-Down name, IP and Date,
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Vote.Roo
Let’s look at the Calendar, the Calendar is being loaded as a Spring Decoration that is loading dijit code from datetime.tagx
Reading vote.roo, this is create with the “field date registered –type java.util.Date –notnull –past”:
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Vote.Roo And JMS
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
JMS
Java Messaging Service, is a publish-subscribe protocol to queue requests. See http://en.wikipedia.org/wiki/Java_Message_Service
The Spring Roo JMS commands can be found at http://static.springsource.org/spring-roo/reference/html/command-index.html#command-index-jms-setup
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
JMS
Spring JMS is JMS that works inside the Spring framework, and the Spring framework nuisances must be understood. A good introduction can be found at http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/jms.html
In JMS, there will be a Producer, that sends messages, and a Consumer, that receives messages.
The package “org.springframework.jms.core” provides the core functionality for using JMS.
The package “org.springframework.jms.support” provides JMSException translation functionality.
The JmsTemplate class is the central class in the JMS core package. It contains many convenience methods to send a message.
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Apache ActiveMQ
One of the best Open Source mechanism mentioned on Wiki’s page is Apache’s ActiveMQ. See http://en.wikipedia.org/wiki/ActiveMQ and http://activemq.apache.org/
Active MQ supports languages like C/C++, .NET, and scripting languages like Python, Perl and PHP.
It also has Ajax support and a REST API.
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Our Technique
For vote.roo, we will set up a MyAccesListener and JmsTopicSecurityListener.
The MyAccessListener will listen for Access Exceptions in Vote and send a message to the Queue using the JmsTemplate.
The JmsTopicSecurityListener will listen for the message with the onMessage function and send an email to the administrator.
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Creating the Access Listener
First, create the class with “class –class ~.security.MyAccessListener”, which create an empty class.
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Creating the Access Listener
Now, we will add the Application Listener code and print bad authentications, we use @Component to have it load:
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Adding the Bean
Starting up Tomcat with “mvn tomcat:run” , I login incorrectly into the Vote app and it prints the “not Authorized” information in the Tomcat window:
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Adding JMS
We are going to set up JMS with the service name as “securityAlerts” and the type as “TOPIC”.
The type is either QUEUE, with messages to be read, or TOPIC, which are particular messages sent to multiple subscribers.
Running “jms setup --provider ACTIVEMQ_IN_MEMORY --destinationType TOPIC --destinationName securityAlerts”
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Adding JMSTemplate
Now we add JmsTemplate to MyAccessListener to send JMS messages with “field jms template” since we are in the context on MyAccessListener (Note: This will Autowire JmsTemplate, so then remove the MyAccessListener bean from applicationContext.xml):
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Adding JMS Listener
Now we create the JMS Listener class with “jms listener class --class ~.security.JmsSecurityTopicListener --destinationName securityAlerts --destinationType TOPIC”, which will be basic class with the onMessage:
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
We add to MyAccessListener
We are going to add some code to MyAccessListener to format the event:
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Set up the email properties
Revisiting the Roo commands:
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Set up the email properties
We are now setting up the email properties with “email sender setup --hostServer localhost --protocol SMTP --port 587 --username rich --password secret%pass” and view it with “properties list --name email.properties --path SPRING_CONFIG_ROOT”:
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Email Template
We will now setup an email in JmsTopicListener to send emails when it receives a message with “field email template --class ~.security.JmsSecurityTopicListener” :
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Email Template
Add the code to call sendMessage:
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Testing Email
To test email, we will set up a local SMTP server for test called Neptune, http://donovanbrown.com/post/Neptune.aspx
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Testing Email
Testing again, Neptune receives an email for an invalid Login (this was a lot of work, but there is a lot of functionality):
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
SQL Role Access
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
MySQL
We are going to install MySQL. A free Open Source database that can run as a service and is more
relational for production use is the MySQL database. See http://en.wikipedia.org/wiki/MySQL .
Install MySQL from http://www.mysql.com/downloads/mysql/ Here is an example to create the myTestAppDB:
mysql> create database myTestAppDB character set utf8; Here is an example to create user “myUser” password “XXXXXXXX”
• mysql> CREATE USER ‘myUser’@’localhost’ IDENTIFIED BY ‘XXXXXXXX’;
• mysql> GRANT ALL PRIVILEGES ON *.* TO ‘jirauser’@’localhost’ WITH GRANT OPTION;
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Typical Security
In order to save some time, we are going to use a Roo addon package called Typical Security.
Typical Security can be found at http://code.google.com/p/spring-roo-addon-typical-security/
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Typical Security roo
We are going to run the following roo script which will setup typical security:
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Database Properties
To see the “database.properties”, run “database properties list” :
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Running
We will run the “mvn tomcat:run” as before, and browse to http://localhost:8080/testapp-web/.
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Running
We will create a new user by going through signup (Notice it already has Captcha and the fields):
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Running
We are successful:
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Running
We are successful by looking at the users:
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Running
We are successful by looking at the MySQL database:
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
LDAP
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
LDAP
The Lightweight Directory Access Protocol (LDAP) is a protocol for storing directory services for an organization that usually includes user, group and machine policies. An example of an LDAP server is Microsoft’s Active Directory. See http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol LDAP servers are commonly used to store roles and access privileges as well. http://en.wikipedia.org/wiki/List_of_LDAP_software provides a list of LDAP browsers like JXplorer, http://en.wikipedia.org/wiki/JXplorer , and Apache Directory Studio, http://directory.apache.org/studio/ . These are for managing the LDAP Servers.
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Choosing the LDAP Server
There are many LDAP servers, and OpenDS, Open Directory Services, is one of the popular Open Source servers that is written in Java and sponsored by Sun. http://en.wikipedia.org/wiki/OpenDS I will be using the Apache Directory Server, http://directory.apache.org/apacheds/1.5/ simply because I am using mostly Apache tools and want to try to minimize any integration issues. It will default as a Window’s Service in Windows XP, and the instructions for logging in and managing can be found at http://directory.apache.org/apacheds/1.5/apacheds-v15-basic-users-guide.html Since I am using ApacheDS, I will use the Apache Directory Studio that comes with a ApacheDS management tool, http://directory.apache.org/studio/
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Choosing the LDAP Browser
There are many LDAP servers, and OpenDS, Open Directory Services, is one of the popular Open Source servers that is written in Java and sponsored by Sun. http://en.wikipedia.org/wiki/OpenDS I will be using the Apache Directory Studio, simply http://directory.apache.org/ simply because I am using mostly Apache tools and want to try to minimize any integration issues. Apache Directory Studio is easy to install and can be found at http://directory.apache.org/studio/ It will default as a Window’s Service in Windows XP, and the instructions for logging in and managing can be found at http://directory.apache.org/studio/users-guide.html
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Apache Directory Studio
After installing the ApacheDS, and Directory Studio, I can browse and edit the LDAP Server:
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Spring-LDAP
Spring has a couple of JARS that are needed for the Spring connectors to LDAP. Spring-ldap downloads and documentation can be found at Information can be found at http://www.springsource.org/ldap We can run the Spring-LPAP examples by:
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Spring-LDAP
Accessing the sample, we can add users to the LDAP server:
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
LDAP-Server
Accessing the sample, we can add users to the LDAP server:
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
Pom.xml
We will have to add the Spring LDAP libraries to the build by editing the Pom.xml: