Simple Java web framework
- by Gabriel
Is there any simple java web framework like sinatra (for ruby) or web.py (for python)?
Search Results
Search found 86615 results on 3465 pages for 'page viewer web part'.
Page 17/3465 | < Previous Page | 13 14 15 16 17 18 19 20 21 22 23 24 | Next Page >
-
-
Web 3.0 Design: Ten Questions to Ask Your Web Designer
[ WEB 3.0 DESIGN - WEBREDESIGNMIAMI.COM ] We get calls all the time from people asking "How much does a website cost?", as if web design was an undifferentiated commodity like salt or sugar. It is no... [Author: Bruce Arnold - Web Design and Development - April 24, 2010]Read the article
-
How to acces a file under WEB-INF from a Java web application
- by John Manak
Hi! Do you have any idea how to access files in WEB-INF/index folder from my application? I'm using OpenCMS for my application and I want to open a Lucene search index (with the help of Lucene IndexReader class) located at WEB-INF/index folder. Lucene jar is stored in WEB-INF/lib folder.Read the article
-
Register for a free Web Camp: Learn and Build on the Microsoft Web Platform
Interested in learning how new innovations in Microsoft's Web Platform and developer tools like ASP.NET 4 and Visual Studio 2010 can make you a more productive web developer? If you're currently working with PHP, Ruby, ASP or older versions of ASP.NET and want to hear how you can create amazing websites more easily, then register for a Web Camp near you today!Read the article
-
Consume restful webservice through web proxy
- by Chico
Hello, I'm trying to consume a restful webservice in java using the Apache Wink framework through my school web proxy requiring authentification ClientConfig clientConfig = new ClientConfig(); clientConfig.proxyHost("proxy.school.com"); clientConfig.proxyPort(3128); //nothing to set username and password :( RestClient client = new RestClient(clientConfig); Resource resource = client.resource("http://vimeo.com/api/v2/artist/videos.xml"); String response = resource.accept("text/plain").get(String.class); I've also tried to use the BasicAuthSecurityHandler but it seems to be used to authenticate directly to a web server, not the web proxy BasicAuthSecurityHandler basicAuthHandler = new BasicAuthSecurityHandler(); basicAuthHandler.setUserName("username"); basicAuthHandler.setPassword("password"); config.handlers(basicAuthHandler); It still fail with a HTTP 407 error code : Proxy Authentication Required. I've googled the best I could, nothing came up better to consume a webservice from a Java client through a web proxy, if someone has another idea, feel free to respondRead the article
-
.NET Web Service hydrate custom class
- by row1
I am consuming an external C# Web Service method which returns a simple calculation result object like this: [Serializable] public class CalculationResult { public string Name { get; set; } public string Unit { get; set; } public decimal? Value { get; set; } } When I add a Web Reference to this service in my ASP .NET project Visual Studio is kind enough to generate a matching class so I can easily consume and work with it. I am using Castle Windsor and I may want to plug in other method of getting a calculation result object, so I want a common class CalculationResult (or ICalculationResult) in my solution which all my objects can work with, this will always match the object returned from the external Web Service 1:1. Is there anyway I can tell my Web Service client to hydrate a particular class instead of its generated one? I would rather not do it manually: foreach(var fromService in calcuationResultsFromService) { ICalculationResult calculationResult = new CalculationResult() { Name = fromService.Name }; yield return calculationResult; } Edit: I am happy to use a Service Reference type instead of the older Web Reference.Read the article
-
From Page 20 to Page 1 on Google in 21 Days - Long-Tail Keyword Experiment Success
I've been conducting an experiment with Google searches and long-tail keywords. The experiment seems to have been a success, so I thought I would share the experience.Read the article
-
After changing web host, I get a 'file does not exist' error
- by Jordan
I run a WordPress blog, and have recently changed web hosts. When changing web hosts, I copied all files and exported/imported the database etc as explained by lots of tutorials found easily on Google. The blog home page works fine. What goes wrong: When I click on any link from the home page, the browser gets stuck in a redirect loop. Looking at the error log, I see: File does not exist: /usr/local/apache/htdocs/index.php The directory /usr doesn't even exist for my website - so perhaps this is looking for a file that was present using my old Web Host and is no longer present with my new web host? What is going on, and how might I resolve it?Read the article
-
Hosting media on separate server than web server
- by user18832
Basically I have a website hosted by a web hosting company which I have limited access to (ftp upload etc). I have a home server which I use to record and store audio files. Is there an elegant way or best practice to host a page on the webserver which links to the audio files? I'm considering hosting a page on the home server and redirecting to that from the web server, or setting up something like rsync to push the audio files to the web server - I'm just not certain which solution would be best.Read the article
-
How Would a Newborn Baby Learn Web Programming?
- by Mugatu
Hello all, I chose that title because I equate my knowledge of web programming and web development with that of a newborn. Here's the shortest version of my story and what I'm looking to do: A friend and I have been coming up with website ideas for a couple years, mostly just jotting them down whenever we come up with a good, useful idea when browsing the web. For the past 6 months we've hired a couple different programmers to make a couple of the sites for us, but have been disappointed with how it's gone. Been too slow and too many miscommunications for our liking. So like the saying goes if you want something done right do it yourself, we're going to do it ourselves. I know nothing about programming, I've never written a line of code in my life. I consider myself very good with math and about as logical as you can get, but I have zero real-life programming knowledge. The sites we want to make are all pretty 'Web 2.0'ish', meaning user-generated content, commenting on posts, pages that change on the fly, etc. So here are some of my questions for anyone who's been there before: Is there a language you'd recommend learning first? Something that is a good indicator how most other languages work? What web programming languages do you recommend learning first based on popularity both now and the future. I don't want to learn a language that's going to be outdated by the time I'm an expert at it. Any specific books you'd recommend? Any general advice you'd give to someone literally starting at square zero for coding who plans on being in it for the long haul? Thanks in advance for the helpRead the article
-
Vidéo sur le développement Web avec Dart, le langage orienté Web de Google, par Yohan Beschi
Yohan Beschi de la société SOAT (http://blog.soat.fr/) vous propose une vidéo sur une introduction au développement Web avec Dart, le langage orienté Web de Google.Au cours de cette vidéo vous verrez :comment Dart permet de développer des applications clientes aussi bien que serveurs ; quelques éléments du langage ; mais aussi les outils permettant un développement industrialisé et une productivité accrue. Le lien de la vidéo : http://soat.developpez.com/videos/da...web-avec-dart/N'hésitez...Read the article
-
Develop web site from existing software or cherry pick and use a web framework?
- by erisco
A small team and I are tasked with developing a web site. The client has referenced a particular open source project (we'll call it X) when describing some of the features. Because of this, the team wants to start with X and adapt it to satisfy the client. I have looked at X and its code and, in my opinion, it would be unwise. However, my experience is limited, and could really benefit from the insights of others so that I can figure out what I should be asserting as the right direction for the team. My red flags are going up and this is why. X was developed in the earlier days of PHP; 500 line blocks of code are the norm; global variables are abundant; giant switch cases are the norm for switching between which page is shown. There is no clear mapping between URL and where the code for that page sits. From a feature-set standpoint, X is actually software specialized for a different task and has dozens of features we don't need or have use for that come as core assumptions. We will be unable to adapt X through its plugin system. That said, there are a few features which can be mapped, with some modification, to suit our purposes. I believe this is the attraction the team feels. I would feel comfortable if, instead of using X directly, we lifted what is salvageable and useful to us. We can then use that code, and the same 3rd party libraries X is using, in a new code base built on top of a PHP web framework (particularly Agavi, so you understand what I mean by 'web framework'). The web framework gives us a strong MVC structure and provides the common facilities for web development, or adapters to work with 3rd party libraries that do so. We will also have a clean slate feature-wise to work from, which means we can work additively instead of subtractively. Because the code base is better structured, and contains none of what we don't need, it will be easier to document, which is a critical requirement of our client. So to summarize, the team wants to use X, whereas I want to take the bits we can from X and use a web framework instead. I want to bounce this opinion off of other's experiences so that I can be more informed. Thanks for your insight.Read the article
-
Matching my skills with Java and Web Programming
- by John R
here is my main question: What is the most common way that Java is used in web development? The reason I ask: I am currently in the process of finding my first internship. Every employer has a separate set of languages, technologies and acronyms they want their candidates to know. In school I did well with Java. As a hobby and interest I have developed a handful of web pages widgets, scripts, etc. My university emphasized Java, C and theory. My hobbies emphasize HTML, PHP, JavaScript, CSS, and a little jQuery, etc. I can't learn a dozen different technologies to satisfy most prospective employers (in what is left of the summer). I think my best bet is combine my skills with Java and my interests in web development. That brings me back to my original question: What is the most common way that Java is used in web development?Read the article
-
How to customize web-app (pages and UI) for different customers
- by demoncodemonkey
We have an ASP.NET web-application which has become difficult to maintain, and I'm looking for ideas on how to redesign it. It's an employee administration system which can be highly customized for each of our customers. Let me explain how it works now: On the default page we have a menu where a user can select a task, such as Create Employee or View Timesheet. I'll use Create Employee as an example. When a user selects Create Employee from the menu, an ASPX page is loaded which contains a dynamically loaded usercontrol for the selected menuitem, e.g. for Create Employee this would be AddEmployee.ascx If the user clicks Save on the control, it navigates to the default page. Some menuitems involve multiple steps, so if the user clicks Next on a multi-step flow then it will navigate to the next page in the flow, and so on until it reaches the final step, where clicking Save navigates to the default page. Some customers may require an extra step in the Create Employee flow (e.g. SecurityClearance.ascx) but others may not. Different customers may use the same ASCX usercontrol, so in the AddEmployee.OnInit we can customize the fields for that customer, i.e. making certain fields hidden or readonly or mandatory. The following things are customizable per customer: Menu items Steps in each flow (ascx control names) Hidden fields in each ascx Mandatory fields in each ascx Rules relating to each ascx, which allows certain logic to be used in the code for that customer The customizations are held in a huge XML file per customer, which could be 7500 lines long. Is there any framework or rules-engine that we could use to customize our application in this way? How do other applications manage customizations per customer?Read the article
-
Google I/O 2012 - Putting the App Back into Web App - Web Programming with Dart
Google I/O 2012 - Putting the App Back into Web App - Web Programming with Dart Dan Grove, Vijay Menon Do you want to build blazingly fast applications with beautiful graphics and offline support? Would you like to run those apps anywhere on the open web? Would you like to develop those apps in a language that supports modular large-scale development while keeping the lightweight feel of a scripting language? This session will show you how to use the Dart programming language to develop the next generation of amazing applications for the open web. For all I/O 2012 sessions, go to developers.google.com From: GoogleDevelopers Views: 187 4 ratings Time: 57:16 More in Science & TechnologyRead the article
-
Fiddler - A useful free tool for checking Web Services (and web site) traffic
- by TATWORTH
Recently I had reason to be very glad that I had Fiddler. I was able to record some web service traffic and identify a problem as Fiddler can record both the call to a web service and response from the web service. By seeing the actual data traffic I was able to resolve a problem found in testing in less time than it has taken me to write this blog entry! This tool is also useful for studying general web site traffic. Fiddler is available from http://www.fiddler2.com/fiddler2/ There are training videos available on the above site.Read the article
-
Compute jvm heap size to host web application
- by Enrique
Hello, I want to host a web application on a private JVM they offer 32, 64, 128, 256 MB plans. My web application uses Spring. And I store some objects for every logged in user session. My question is: How can I profile my web app to see how much heap size it needs so I can choose a plan?, How can I simulate hundreds of users logged in at the same time? I'm developing the application using Netbeans 6.7 Java 1.6 Tomcat 6.0.18 Thank you.Read the article
-
What are solutions and tradeoffs to maintain search result consistency in a web application
- by iammichael
Consider a web application with a custom search function that must display the results in a paged manner (twenty per page with up to hundreds of thousands of total results) and the ability to drill down to individual results that maintain next/previous links to navigate through the results. Re-executing the search on each page request to get the appropriate results for that page of data can be too expensive (up to 15s per search). Also, since the underlying data can change frequently (e.g. addition of new results), re-executing could cause the next/previous functionality to result in inconsistent behavior (e.g. the same results reappearing on a later page after having been viewed on an earlier page). What options exist to ensure the search results can be viewed across multiple pages in a consistent manner, and what tradeoffs does each option have in terms of network, CPU, memory, and storage requirements? EDIT: I thought caching the query search results was an obvious necessity. The question is really asking about where to cache the result set and what tradeoffs might exist to each. For example, storing the ids of the entities in the result set on the client, or storing the IDs of the entities themselves in the users session on the web server, or in a temporary table in the database. I'm not looking specifically for a single solution as different scenarios may result in different approaches (and such a question would be more suited for stackoverflow.com rather than here), but more of a design comparison between the possible approaches.Read the article
-
.NET Web Serivce hydrate custom class
- by row1
I am consuming an external C# Web Service method which returns a simple calculation result object like this: [Serializable] public class CalculationResult { public string Name { get; set; } public string Unit { get; set; } public decimal? Value { get; set; } } When I add a Web Reference to this service in my ASP .NET project Visual Studio is kind enough to generate a matching class so I can easily consume and work with it. I am using Castle Windsor and I may want to plug in other method of getting a calculation result object, so I want a common class CalculationResult (or ICalculationResult) in my solution which all my objects can work with, this will always match the object returned from the external Web Service 1:1. Is there anyway I can tell my Web Service client to hydrate a particular class instead of its generated one? I would rather not do it manually: foreach(var fromService in calcuationResultsFromService) { ICalculationResult calculationResult = new CalculationResult() { Name = fromService.Name }; yield return calculationResult; } Edit: I am happy to use a Service Reference type instead of the older Web Reference.Read the article
-
Adding Web Controls to a Web Form in GDI+
In this article you will learn how to Add Web Controls to a Web Form in GDI+Read the article
-
ASP.NET Convert to Web App question
- by mattgcon
The following web control will not convert for some reason (add designer and cs pages). I am getting a page directive is missing error What is wrong with the code that is causing it to not convert? <%@ Control Language="C#" AutoEventWireup="true" %> <%@ Register TagPrefix="ipam" TagName="tnavbar" src="~/controls/tnavbar.ascx" %> <script language="C#" runat="server"> string strCurrent = ""; string strDepth = ""; public string Current { get { return strCurrent; } set { strCurrent = value; } } public string Depth { get { return strDepth; } set { strDepth = value; } } void Page_Load(Object sender, EventArgs e) { idTnavbar.Current = strCurrent; idTnavbar.Item1Link = strDepth + idTnavbar.Item1Link; idTnavbar.Item2Link = strDepth + idTnavbar.Item2Link; idTnavbar.Item3Link = strDepth + idTnavbar.Item3Link; idTnavbar.Item4Link = strDepth + idTnavbar.Item4Link; idTnavbar.Item5Link = strDepth + idTnavbar.Item5Link; idTnavbar.Item6Link = strDepth + idTnavbar.Item6Link; idTnavbar.Item7Link = strDepth + idTnavbar.Item7Link; } </script> <ipam:tnavbar id="idTnavbar" Item1="2000 -- 2001" Item1Link="2000_--_2001.aspx" Item2="2001 -- 2002" Item2Link="2001_--_2002.aspx" Item3="2002 -- 2003" Item3Link="2002_--_2003.aspx" Item4="2003 -- 2004" Item4Link="2003_--_2004.aspx" Item5="2004 -- 2005" Item5Link="2004_--_2005.aspx" Item6="2005 -- 2006" Item6Link="2005_--_2006.aspx" Item7="2006 -- 2007" Item7Link="2006_--_2007.aspx" runat="server" /> Please help, if I can solve this issue many more pages will be fixed to.Read the article
-
The architecture and technologies to use for a secure, fast, reliable and easily scalable web application
- by DSoul
^ For actual questions, skip to the lists down below I understand, that his is a vague topic, but please, before you turn the other way and disregard me, hear me out. I am currently doing research for a web application(I don't know if application is the correct word for it, but I will proceed w/ that for now), that one day might need to be everything mentioned in the title. I am bound by nothing. That means that every language, OS and framework is acceptable, but only if it proves it's usefulness. And if you are going to say, that scalability and speed depend on the code I write for this application, then I agree, but I am just trying to find something, that wouldn't stand in my way later on. I have done quite a bit reading on this subject, but I still don't have a clear picture, to what suits my needs, so I come to you, StackOverflow, to give me directions. I know you all must be wondering what I'm building, but I assure you, that it doesn't matter. I have heard of 12 factor app though, if you have any similar guidelines or what is, to suggest the please, go ahead. For the sake of keeping your answers as open as possible, I'm not gonna provide you my experience regarding anything written in this question. ^ Skippers, start here First off - the weights of the requirements are probably something like that (on a scale of 10): Security - 10 Speed - 5 Reliability (concurrency) - 7.5 Scalability - 10 Speed and concurrency are not a top priority, in the sense, that the program can be CPU intensive, and therefore slow, and only accept a not-that-high number of concurrent users, but both of these factors must be improvable by scaling the system Anyway, here are my questions: How many layers should the application have, so it would be future-proof and could best fulfill the aforementioned requirements? For now, what I have in mind is the most common version: Completely separated front end, that might be a web page or an MMI application or even both. Some middle-ware handling communication between the front and the back end. This is probably a server that communicates w/ the front end via HTTP. How the communication w/ the back end should be handled is probably dependent on the back end. The back end. Something that handles data through resources like DB and etc. and does various computations w/ the data. This, as the highest priority part of the software, must be easily spread to multiple computers later on and have no known security holes. I think ideally the middle-ware should send a request to a queue from where one of the back end processes takes this request, chops it up to smaller parts and buts these parts of the request back onto the same queue as the initial request, after what these parts will be then handled by other back end processes. Something *map-reduce*y, so to say. What frameworks, languages and etc. should these layers use? The technologies used here are not that important at this moment, you can ignore this part for now I've been pointed to node.js for this part. Do you guys know any better alternatives, or have any reasons why I should (not) use node.js for this particular job. I actually have no good idea, what to use for this job, there are too many options out there, so please direct me. This part (and the 2. one also, I think) depend a lot on the OS, so suggest any OSs alongside w/ the technologies/frameworks. Initially, all computers (or 1 for starters) hosting the back end are going to be virtual machines. Please do give suggestions to any part of the question, that you feel you have comprehensive knowledge and/or experience of. And also, point out if you feel that any part of the current set-up means an instant (or even distant) failure or if I missed a very important aspect to consider. I'm not looking for a definitive answer for how to achieve my goals, because there certainly isn't one, for I haven't provided you w/ all the required information. I'm just looking for recommendations and directions on what to look into. Also, bare in mind, that this isn't something that I have to get done quickly, to sell and let it be re-written by the new owner (which, I've been told for multiple times, is what I should aim for). I have all the time in the world and I really just want to learn doing something really high-end. Also, excuse me if my language isn't the best, I'm not a native. Anyway. Thanks in advance to anyone, who takes the time to help me out here. PS. When I do seem to come up w/ a good architecture/design for this project, I will certainly make it an open project and keep you guys up to date w/ it's development. As in what you could have told me earlier and etc. For obvious reasons the very same question got closed on SO, but could you guys still help me?.Read the article
-
Nginx error page using django master page
- by user835199
I am using python django to develop a web app and using nginx and gunicorn as servers. I need to define nginx error page (for error codes like 500, 501 etc), but i want to keep the layout same as that in other site pages. For site pages, i use the include functionality of django but in this case, since django won't preprocess the page, i need to create a pure html page. Is there a way to reuse the master page that i created in django for creating this error page?Read the article
-
When building a web Application project, TFS 2008 Builds two spearate projects in the _PublishedFold
- by Steve Johnson
Hi all, I am trying to a perform build automation on one of web application projects built using VS 2008. The _PublishedWebSites contains two folders: Web and Deploy. I just want the TFS 2008 to generate only the Deploy Folder and Not the Web Folder. Here is my TFSBuild.proj File <Project ToolsVersion="3.5" DefaultTargets="Compile" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> <Import Project="$(MSBuildExtensionsPath)\Microsoft\VisualStudio\TeamBuild\Microsoft.TeamFoundation.Build.targets" /> <Import Project="$(MSBuildExtensionsPath)\Microsoft\WebDeployment\v9.0\Microsoft.WebDeployment.targets" /> <ItemGroup> <SolutionToBuild Include="$(BuildProjectFolderPath)/../../Development/Main/MySoftware.sln"> <Targets></Targets> <Properties></Properties> </SolutionToBuild> </ItemGroup> <ItemGroup> <ConfigurationToBuild Include="Release|AnyCPU"> <FlavorToBuild>Release</FlavorToBuild> <PlatformToBuild>Any CPU</PlatformToBuild> </ConfigurationToBuild> </ItemGroup> <!--<ItemGroup> <SolutionToBuild Include="$(BuildProjectFolderPath)/../../Development/Main/MySoftware.sln"> <Targets></Targets> <Properties></Properties> </SolutionToBuild> </ItemGroup> <ItemGroup> <ConfigurationToBuild Include="Release|x64"> <FlavorToBuild>Release</FlavorToBuild> <PlatformToBuild>x64</PlatformToBuild> </ConfigurationToBuild> </ItemGroup>--> <ItemGroup> <AdditionalReferencePath Include="C:\3PR" /> </ItemGroup> <Target Name="GetCopyToOutputDirectoryItems" Outputs="@(AllItemsFullPathWithTargetPath)" DependsOnTargets="AssignTargetPaths;_SplitProjectReferencesByFileExistence"> <!-- Get items from child projects first. --> <MSBuild Projects="@(_MSBuildProjectReferenceExistent)" Targets="GetCopyToOutputDirectoryItems" Properties="%(_MSBuildProjectReferenceExistent.SetConfiguration); %(_MSBuildProjectReferenceExistent.SetPlatform)" Condition="'@(_MSBuildProjectReferenceExistent)'!=''"> <Output TaskParameter="TargetOutputs" ItemName="_AllChildProjectItemsWithTargetPathNotFiltered"/> </MSBuild> <!-- Remove duplicates. --> <RemoveDuplicates Inputs="@(_AllChildProjectItemsWithTargetPathNotFiltered)"> <Output TaskParameter="Filtered" ItemName="_AllChildProjectItemsWithTargetPath"/> </RemoveDuplicates> <!-- Target outputs must be full paths because they will be consumed by a different project. --> <CreateItem Include="@(_AllChildProjectItemsWithTargetPath->'%(FullPath)')" Exclude= "$(BuildProjectFolderPath)/../../Development/Main/Web/Bin*.pdb; *.refresh; *.vshost.exe; *.manifest; *.compiled; $(BuildProjectFolderPath)/../../Development/Main/Web/Auth/MySoftware.dll; $(BuildProjectFolderPath)/../../Development/Main/Web/BinApp_Web_*.dll;" Condition="'%(_AllChildProjectItemsWithTargetPath.CopyToOutputDirectory)'=='Always' or '%(_AllChildProjectItemsWithTargetPath.CopyToOutputDirectory)'=='PreserveNewest'" > <Output TaskParameter="Include" ItemName="AllItemsFullPathWithTargetPath"/> <Output TaskParameter="Include" ItemName="_SourceItemsToCopyToOutputDirectoryAlways" Condition="'%(_AllChildProjectItemsWithTargetPath.CopyToOutputDirectory)'=='Always'"/> <Output TaskParameter="Include" ItemName="_SourceItemsToCopyToOutputDirectory" Condition="'%(_AllChildProjectItemsWithTargetPath.CopyToOutputDirectory)'=='PreserveNewest'"/> </CreateItem> </Target> <!-- To modify your build process, add your task inside one of the targets below and uncomment it. Other similar extension points exist, see Microsoft.WebDeployment.targets. <Target Name="BeforeBuild"> </Target> <Target Name="BeforeMerge"> </Target> <Target Name="AfterMerge"> </Target> <Target Name="AfterBuild"> </Target> --> </Project> I want to build everything that the builtin Deploy project is doing for me. But i dont want the generated Web Project as it conatains App_Web_xxxx.dll assemblies instead of a single compiled assembly. Please help. ThanksRead the article
-
Securing an ADF Application using OES11g: Part 2
- by user12587121
To validate the integration with OES we need a sample ADF Application that is rich enough to allow us to test securing the various ADF elements. To achieve this we can add some items including bounded task flows to the application developed in this tutorial. A sample JDeveloper 11.1.1.6 project is available here. It depends on the Fusion Order Demo (FOD) database schema which is easily created using the FOD build scripts.In the deployment we have chosen to enable only ADF Authentication as we will delegate Authorization, mostly, to OES.The welcome page of the application with all the links exposed looks as follows: The Welcome, Browse Products, Browse Stock and System Administration links go to pages while the Supplier Registration and Update Stock are bounded task flows. The Login link goes to a basic login page and once logged in a link is presented that goes to a logout page. Only the Browse Products and Browse Stock pages are really connected to the database--the other pages and task flows do not really perform any operations on the database. Required Security Policies We make use of a set of test users and roles as decscribed on the welcome page of the application. In order to exercise the different authorization possibilities we would like to enforce the following sample policies: Anonymous users can see the Login, Welcome and Supplier Registration links. They can also see the Welcome page, the Login page and follow the Supplier Registration task flow. They can see the icon adjacent to the Login link indicating whether they have logged in or not. Authenticated users can see the Browse Product page. Only staff granted the right can see the Browse Product page cost price value returned from the database and then only if the value is below a configurable limit. Suppliers and staff can see the Browse Stock links and pages. Customers cannot. Suppliers can see the Update Stock link but only those with the update permission are allowed to follow the task flow that it launches. We could hide the link but leave it exposed here so we can easily demonstrate the method call activity protecting the task flow. Only staff granted the right can see the System Administration link and the System Administration page it accesses. Implementing the required policies In order to secure the application we will make use of the following techniques: EL Expressions and Java backing beans: JSF has the notion of EL expressions to reference data from backing Java classes. We use these to control the presentation of links on the navigation page which respect the security contraints. So a user will not see links that he is not allowed to click on into. These Java backing beans can call on to OES for an authorization decision. Important Note: naturally we would configure the WLS domain where our ADF application is running as an OES WLS SM, which would allow us to efficiently query OES over the PEP API. However versioning conflicts between OES 11.1.1.5 and ADF 11.1.1.6 mean that this is not possible. Nevertheless, we can make use of the OES RESTful gateway technique from this posting in order to call into OES. You can easily create and manage backing beans in Jdeveloper as follows: Custom ADF Phase Listener: ADF extends the JSF page lifecycle flow and allows one to hook into the flow to intercept page rendering. We use this to put a check prior to rendering any protected pages, again calling on to OES via the backing bean. Phase listeners are configured in the adf-settings.xml file. See the MyPageListener.java class in the project. Here, for example, is the code we use in the listener to check for allowed access to the sysadmin page, navigating back to the welcome page if authorization is not granted: if (page != null && (page.equals("/system.jspx") || page.equals("/system"))){ System.out.println("MyPageListener: Checking Authorization for /system"); if (getValue("#{oesBackingBean.UIAccessSysAdmin}").toString().equals("false") ){ System.out.println("MyPageListener: Forcing navigation away from system" + "to welcome"); NavigationHandler nh = fc.getApplication().getNavigationHandler(); nh.handleNavigation(fc, null, "welcome"); } else { System.out.println("MyPageListener: access allowed"); } } Method call activity: our app makes use of bounded task flows to implement the sequence of pages that update the stock or allow suppliers to self register. ADF takes care of ensuring that a bounded task flow can be entered by only one page. So a way to protect all those pages is to make a call to OES in the first activity and then either exit the task flow or continue depending on the authorization decision. The method call returns a String which contains the name of the transition to effect. This is where we configure the method call activity in JDeveloper: We implement each of the policies using the above techniques as follows: Policies 1 and 2: as these policies concern the coarse grained notions of controlling access to anonymous and authenticated users we can make use of the container’s security constraints which can be defined in the web.xml file. The allPages constraint is added automatically when we configure Authentication for the ADF application. We have added the “anonymousss” constraint to allow access to the the required pages, task flows and icons: <security-constraint> <web-resource-collection> <web-resource-name>anonymousss</web-resource-name> <url-pattern>/faces/welcome</url-pattern> <url-pattern>/afr/*</url-pattern> <url-pattern>/adf/*</url-pattern> <url-pattern>/key.png</url-pattern> <url-pattern>/faces/supplier-reg-btf/*</url-pattern> <url-pattern>/faces/supplier_register_complete</url-pattern> </web-resource-collection> </security-constraint> Policy 3: we can place an EL expression on the element representing the cost price on the products.jspx page: #{oesBackingBean.dataAccessCostPrice}. This EL Expression references a method in a Java backing bean that will call on to OES for an authorization decision. In OES we model the authorization requirement by requiring the view permission on the resource /MyADFApp/data/costprice and granting it only to the staff application role. We recover any obligations to determine the limit. Policy 4: is implemented by putting an EL expression on the Browse Stock link #{oesBackingBean.UIAccessBrowseStock} which checks for the view permission on the /MyADFApp/ui/stock resource. The stock.jspx page is protected by checking for the same permission in a custom phase listener—if the required permission is not satisfied then we force navigation back to the welcome page. Policy 5: the Update Stock link is protected with the same EL expression as the Browse Link: #{oesBackingBean.UIAccessBrowseStock}. However the Update Stock link launches a bounded task flow and to protect it the first activity in the flow is a method call activity which will execute an EL expression #{oesBackingBean.isUIAccessSupplierUpdateTransition} to check for the update permission on the /MyADFApp/ui/stock resource and either transition to the next step in the flow or terminate the flow with an authorization error. Policy 6: the System Administration link is protected with an EL Expression #{oesBackingBean.UIAccessSysAdmin} that checks for view access on the /MyADF/ui/sysadmin resource. The system page is protected in the same way at the stock page—the custom phase listener checks for the same permission that protects the link and if not satisfied we navigate back to the welcome page. Testing the Application To test the application: deploy the OES11g Admin to a WLS domain deploy the OES gateway in a another domain configured to be a WLS SM. You must ensure that the jps-config.xml file therein is configured to allow access to the identity store, otherwise the gateway will not b eable to resolve the principals for the requested users. To do this ensure that the following elements appear in the jps-config.xml file: <serviceProvider type="IDENTITY_STORE" name="idstore.ldap.provider" class="oracle.security.jps.internal.idstore.ldap.LdapIdentityStoreProvider"> <description>LDAP-based IdentityStore Provider</description> </serviceProvider> <serviceInstance name="idstore.ldap" provider="idstore.ldap.provider"> <property name="idstore.config.provider" value="oracle.security.jps.wls.internal.idstore.WlsLdapIdStoreConfigProvider"/> <property name="CONNECTION_POOL_CLASS" value="oracle.security.idm.providers.stdldap.JNDIPool"/></serviceInstance> <serviceInstanceRef ref="idstore.ldap"/> download the sample application and change the URL to the gateway in the MyADFApp OESBackingBean code to point to the OES Gateway and deploy the application to an 11.1.1.6 WLS domain that has been extended with the ADF JRF files. You will need to configure the FOD database connection to point your database which contains the FOD schema. populate the OES Admin and OES Gateway WLS LDAP stores with the sample set of users and groups. If you have configured the WLS domains to point to the same LDAP then it would only have to be done once. To help with this there is a directory called ldap_scripts in the sample project with ldif files for the test users and groups. start the OES Admin console and configure the required OES authorization policies for the MyADFApp application and push them to the WLS SM containing the OES Gateway. Login to the MyADFApp as each of the users described on the login page to test that the security policy is correct. You will see informative logging from the OES Gateway and the ADF application to their respective WLS consoles. Congratulations, you may now login to the OES Admin console and change policies that will control the behaviour of your ADF application--change the limit value in the obligation for the cost price for example, or define Role Mapping policies to determine staff access to the system administration page based on user profile attributes. ADF Development Notes Some notes on ADF development which are probably typical gotchas: May need this on WLS startup in order to allow us to overwrite credentials for the database, the signal here is that there is an error trying to access the data base: -Djps.app.credential.overwrite.allowed=true Best to call Bounded Task flows via a CommandLink (as opposed to a go link) as you cannot seem to start them again from a go link, even having completed the task flow correctly with a return activity. Once a bounded task flow (BTF) is initated it must complete correctly via a return activity—attempting to click on any other link whilst in the context of a BTF has no effect. See here for example: When using the ADF Authentication only security approach it seems to be awkward to allow anonymous access to the welcome and registration pages. We can achieve anonymous access using the web.xml security constraint shown above (where no auth-constraint is specified) however it is not clear what needs to be listed in there….for example the /afr/* and /adf/* are in there by trial and error as sometimes the welcome page will not render if we omit those items. I was not able to use the default allPages constraint with for example the anonymous-role or the everyone WLS group in order to be able to allow anonymous access to pages. The ADF security best practice advises placing all pages under the public_html/WEB-INF folder as then ADF will not allow any direct access to the .jspx pages but will only allow acces via a link of the form /faces/welcome rather than /faces/welcome.jspx. This seems like a very good practice to follow as having multiple entry points to data is a source of confusion in a web application (particulary from a security point of view). In Authentication+Authorization mode only pages with a Page definition file are protected. In order to add an emty one right click on the page and choose Go to Page Definition. This will create an empty page definition and now the page will require explicit permission to be seen. It is advisable to give a unique context root via the weblogic.xml for the application, as otherwise the application will clash with any other application with the same context root and it will not deployRead the article
