<<Write once run everywhere...>>
The secret of how to be miserable is to constantly expect things are going to happen the way that they are "supposed" to happen.
You can have faith, which carries the understanding that you may be disappointed. Then there's being a willfully-blind idiot, which virtually guarantees it.
Tim Holloway wrote:Not to disparage your PL/SQL skills, but I have discovered (the hard way) that database stored procedures are a programming nightmare and should be used sparingly. The problem is that it fractures the app into 2 different sets of source code, and so the first thing a maintenance programmer always has to do when working on the app is figure out which source code (java or PL/SQL) a given function is in. Also, stored procedures don't easily fit into source code version control. Which means that shipping source code to someone else can be a and that getting old copies of a function require the assistance of a DBA.
Stored procedures can be more efficient, but if we really needed that much more efficiency, we'd still be coding in assembly language and not using expensive frameworks like JDBC and JSF. Plus, you're dumping extra work on the database server machine and usually there are more appservers than DB servers.
Tim Holloway wrote:
Users and Roles are not something that I recommend handling yourself. J2EE has a built-in container-managed security system that uses role-based access control as well as authentication (login). It is far, far more secure than user-written security systems, since it was designed by security specialists and has had more than a decade of real-world use to prove itself. In that same period of time I've encountered more user-written security systems than I can count, including some in critical finance apps and even military use. And not one blessed one of them had any real security at all. Most could be defeated in 15 minutes or less.
You don't need session objects for userids and roles using the J2EE standard security system. The userid is available from the HttpServletRequest, and roles can be checked via the isUserInRole() method. More importantly, the J2EE security standard can keep people from accessing secured pages altogether via declarations in web.xml without any code at all.
Tim Holloway wrote:
There is one caveat for JSF, however. JSF doesn't normally track URLs as closely as most frameworks, and the J2EE page protection is based on the URL, not the page view definition file resource. This is easily allowed for by using the "redirect" JSF navigation option.
<<Write once run everywhere...>>
The secret of how to be miserable is to constantly expect things are going to happen the way that they are "supposed" to happen.
You can have faith, which carries the understanding that you may be disappointed. Then there's being a willfully-blind idiot, which virtually guarantees it.
Tim Holloway wrote:1. I'd like a link on that, if you could provide one. Might be useful at some point. Unfortunately, where I have my real scorch marks, the database was SQL Server. I got sent a ZIP file with the source code. Then I got sent another zip file with a database in it. I then had to import the database and chase down some scripts to dump all the stored procedures out of the database and into text files.
Tim Holloway wrote:
2. No. J2EE security is Container Managed Security (not to be confused with Content Management Systems). CM security usually is backed by plug-in security Realm modules that are configured into the server itself. Tomcat, for example, comes with a Realm that uses a simple XML file to define users and roles, 2 different database Realms, a JAAS Realm, and an LDAP/Active Directory Realm. And that's just the beginning. I've also done custom Realms on occasion, like when I needed to interface with a corporate web service based security system.
Tim Holloway wrote:
3. That's correct. redirect an option on JSF view navigation.
<<Write once run everywhere...>>
Interesting, i will investigate about CMS. Do you know if GlassFish implements this?
The secret of how to be miserable is to constantly expect things are going to happen the way that they are "supposed" to happen.
You can have faith, which carries the understanding that you may be disappointed. Then there's being a willfully-blind idiot, which virtually guarantees it.
Then YOU must do the pig's work! Read this tiny ad. READ IT!
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
|