Technical Fundas: 2008

Sunday, February 10, 2008

ACEGI Authorization

Hi,in my previous blog i have talked about authentication.Here i am going to talk about authorization.Let me tell u first what it is.
Say for an application you want some users to use some feautres and you do not want that feautre to accessible by othere users.This blocking you can achieve through ACEGI
what you have to do is to create roles for each uses and giving priviles to each roles so that roles having certain privileges can access their feautres.Like in an web application we can have roles like Admin,Manager,Quest etc.So each roles can access feautres that others cannot.
You can use the code as i have given in authentication only you have to add some extra tags
which is shown below.

Here URLInterceptor is a filter which gets invoked for each url and sees whether the current user with a given role has the privilege to acess the url if yes then he can go to the page defined by this url else he is redirected to acess denied page.

The filter code goes here

import java.util.Iterator; import java.util.List; import java.util.Map; import org.acegisecurity.ConfigAttributeDefinition; import org.acegisecurity.ConfigAttributeEditor; import org.acegisecurity.intercept.web.AbstractFilterInvocationDefinitionSource; /** * ********************* * Intercepts URL * @author Ajay * ********************* * */ public classURLInterceptor extends AbstractFilterInvocationDefinitionSource{ /** * default constructor * */ public URLInterceptor(){ } /** * Retrives the roles based on url. * @param url String * @return ConfigAttributeDefinition */ public ConfigAttributeDefinition lookupAttributes(String url) { List secureObjectRoles = null; String absUrl = null; if( url.endsWith("Login.jsp") || url.endsWith("MyAlerts.jsp") || url.endsWith("error.jsp")) { return null; } final IROAppsAlertService alertSer = (IROAppsAlertService) ROAppsBeanLoader .getInstance("ROAppsAlertService"); if(url.indexOf("?") > 0 ) { absUrl=url.substring( url.lastIndexOf("/")+1,url.lastIndexOf(".")); if(absUrl.equalsIgnoreCase("ROAppsAcegiLogin")) { return null; } secureObjectRoles = alertSer.getRoleBasedOnURL(absUrl); System.out.println("xxxxxxxxxxxxxxxxurlxxxxxxxxxxxxxxxx"+absUrl); System.out.println("xxxxxxxxxxxxxxxxxxxxurl rolesxxxxxxxxxxxxx"+secureObjectRoles); } if(url.endsWith("jsp") || url.endsWith("jspf")) { absUrl=url.substring( url.lastIndexOf("/")+1,url.lastIndexOf(".")); secureObjectRoles = alertSer.getRoleBasedOnURL(absUrl); System.out.println("xxxxxxxxxxxxxxxxxxsecured oblectsx ends withxxxxxxxxxxxxxxxx"+secureObjectRoles); } if (secureObjectRoles == null)// if secure object not exist in database return null; if (secureObjectRoles != null && !secureObjectRoles.isEmpty()) { System.out.println("xxxxxxxxxxxxxxxxxxsecured oblects not nullxxxxxxxxxxxxxxxxx"+secureObjectRoles); final ConfigAttributeEditor configAttrEditor = new ConfigAttributeEditor(); final StringBuffer rolesStr = new StringBuffer(); for (int i = 0; i < secureObjectRoles.size(); i++) { final Map objRole = (Map) secureObjectRoles.get(i); final String role=(String) objRole.get("txt_acegi_role"); rolesStr.append(role).append(","); } System.out.println("xxxxxxxxxxxxxxxxxrole stringxxxxxxxxxxx"+rolesStr); configAttrEditor.setAsText(rolesStr.toString().substring(0, rolesStr.length() - 1)); final ConfigAttributeDefinition configAttrDef = (ConfigAttributeDefinition) configAttrEditor .getValue(); return configAttrDef; } return null; } /** * Implemented to store and can identify * the net.sf.acegisecurity.ConfigAttributeDefinition * that applies to a given secure object invocation. * @return Iterator */ public Iterator getConfigAttributeDefinitions() { return null; } }

Let me explain a bit of the code the method lookupAttributes gets called for each url
with parameter as the url of the current page.Here in this method we do some login inorder to find the all the roles for the current role from the database.
and bind that url to the ConfigAttributeEditor object and return to the caller that is the browser.If the user has role that is present in the this object than he can access the current page else not.

Wednesday, February 6, 2008

Memory leakage

What is memory leakage?
It is nothing but if your jvm cannot provide heap size that your application requires at runtime then memory leakage takes place.
Todays industry are facing a great problem with this the reason basically for this is creating unnessary objects.And also care has not been taken while creating session object which pays a high penalty.Imagine a web application where a 1000 user hits persecond and we have created session objects without having any thought so imagine what is going to happen.
To avoid this lets create only one session per user.For that you have to create session like this
HttpSession session =request.getSession(false);
what it will do if a session object is already there it wont create a new one as regard to true or void arguement of getSession method of request object.

How to give an alias name for a web application?

Well one day a need arised that we have to maintain versioning for our application i.e a war and ear
So the problem happpened with me was how to keep the context root of the war which i have used in my Apps for page redirection.
As i was using Jboss server for development.It has a capability of adding an alias name for context root.We just have to create a file called jboss-web.xml and put inside our web-inf folder of our application the tag we have to put inside the file is

thats all.So now if your war file name is project-1.0.war
you can just acess your application from brower as http://host:portno/yourroot/ thats all.

Friday, January 18, 2008

What is DWR?

As i am working on web application.It demands a lot of performace from UI perspective.
So i found Ajax is rescue for me.I am not going to explain what is Ajax.In the beginning when i was learing classical Ajax it was too boring and also it was not fitting in any architecture.So this made me to lose focus on Ajax.But one fine day i came across a framework called DWR I was amaged to learn about it.So from that time onwards i became lover of DWR.I have a very good knowledge of it.Its true when you love some one you will try to know a lot about it.
Now let me tell you what is DWR and what its advantage is over Classical Ajax.
DWR is simply Direct Web Remoting.A simple Ajax framework for java.
Its too simple to learn.Its preserves your apps architecture which classical does not.It segreggates java and UI codes(Of any framework Struts,JSF).The main advantage of this is that from UI we can directly call a java method which is nor possible in classical Ajax.Inorder to learn DWR you have to know few things like HTML,javascript and CSS if possible and thats all you can start doing Ajax programming.

Improve your apps performance using Terracotta

I am once again back.Today i was going through some sites which was telling how to improve Transaction performance which i was really facing for my apps.There were many solutions which i know before it was like EChace,JCS,Confluence,Jboss Cache and lots
But when i read about Teracotta today i was amazed the way it works.It is superb.
It is far better than other caching mechanism which i have spoken above.No doubt it has inbuild above caching mechanisam apart from that it can be used in clustered environment.It is a very cheap solution as a organisation does not have to go for clustered database and it uses very less number of Apps server for clustering from traditional approach it saves a lot of finance from buying commercial server that has in built capability of clustering.
The main highlights of Terracotta is It provides virtual RAM virtual JVM as a result it reduces out of memory problem.Also it improves transaction efficiency because it provides second level cache.It has also capability to manage Session objects accross various servers in clustered environment without replication those objects in the server.As a result Terracotta is fantastic.

Technical Fundas