The document discusses Spring Framework, Aspect Oriented Programming (AOP), Inversion of Control (IoC), Spring MVC, Spring Web Flow, JavaServer Faces, Tomcat, Maven, and Spring Roo. Key points include:
- Spring introduces AOP and IoC to separate cross-cutting concerns and manage application components.
- Spring MVC and Web Flow provide frameworks for building web applications.
- JavaServer Faces is used to develop rich user interfaces.
- Tomcat is a servlet container that runs Java code to serve web requests.
- Maven and Apache are used for project build automation and management.
- Spring Roo provides rapid application development tools for
1. CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Spring Roo
(By Rich Helton)
(Date September 15, 2011)
State of Colorado
Office of Cyber Security
State of Colorado Office of Cyber Security
2. Spring Framework, AOP and IoC
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Aspect Oriented Programming takes Object Oriented Programming
one step further by separating out the cross-cutting concerns and
assigning them to the framework. An example of a cross-cutting
concern is Transaction management.
The Spring framework is an Open source framework that introduces
AOP by managing, or taking care of the plumbing, of the business
objects. http://www.springsource.com/
Spring introduces the concept of Inversion of Control (IoC), which
simply means instead of having the application call the framework, the
framework will call the components defined by the application.
I like to think of IoC as collecting the application pieces in modular
blocks. The IoC will pass the appropriate object into the Class when it
needs to work with that object.
Spring provides the "Spring Security" framework that allows
different implementations to be connected seamlessly to the
application.
State of Colorado Office of Cyber Security
3. Spring
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
• The Spring Framework is an open source application framework for the
Java platform. See http://en.wikipedia.org/wiki/Spring_Framework
• Besides the benefits of using IOC and AOP, Spring comes with many
frameworks for Web Flow, MVC, Annotations, Transaction Management
and Data Access. Spring Roo is a quick way to put those pieces together.
State of Colorado Office of Cyber Security
4. MVC
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
The Model-View-Controller is the most common design pattern in
Software Architecture.
Here are the pieces:
State of Colorado Office of Cyber Security
5. Spring MVC
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Spring has its own MVC framework. See
http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/
html/mvc.html
Spring MVC is designed around a DispatcherServlet that dispatches the
requests to handlers. Theses handlers are handled through the
configuration which will map them, the views, and define the locale,
uploading files and other configurations.
The Controller is defined through the @Controller annotation.
Mapping URLs are done through the @RequestMapping annotation. This
mapping can be done in the controller as well.
The ModelMap class can be used to map the model to the view for display.
The model is simply an entity that can also be passed from the View to the
Controller and from the Controller to the View.
The ModelAndView function contains the Model and View information for
mapping to the View from the Controller.
State of Colorado Office of Cyber Security
6. Spring Web Flow
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
The system is ideal for building web application modules that guide the user
through controlled navigations that drive business process.
The Web Flow philosophy says that any page can be drawn as a simple
flow chart where each state in the page flow is either a view or the action.
Web Flow manages the transition between states and requires input from
the actions , or the views, to determine the next step of the configured
execution path of the page flow.
See http://www.ervacon.com/products/swf/intro/index.html
The Web Flow will have a Controller, a FlowController, that could be for
different web flows like an Ajax FlowController.
The FlowController is a JavaBean in the application context of the
DispatcherServlet.
The Web Flow will have a web flow schema that will define the different
states, like view states and action states that are used.
The Flow Controller will use a Flow Executer to execute these states in the
schema.
State of Colorado Office of Cyber Security
7. What are Spring Faces
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
• When working with Spring Web Flow, and connecting Java Server Faces,
there needs to be a layer integrating the two frameworks. That layer is
Spring Faces.
• See
http://static.springsource.org/spring-webflow/docs/2.0-m1/reference/spring-
faces.html and
http://static.springsource.org/spring-webflow/docs/2.0.x/reference/html/
ch12.html
State of Colorado Office of Cyber Security
8. What are JavaServer Faces
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
• JavaServer Faces (JSF) is a request-driven MVC web framework based on
component-driven UI design model, using XML files called view templates
or Facelets views
• See http://en.wikipedia.org/wiki/JavaServer_Faces
• JSF is a server-side technology for developing web applications with rich
user interfaces. Which includes a framework for validation, error handling,
data conversion, internalization and custom components.
State of Colorado Office of Cyber Security
9. Tomcat
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
• Tomcat can be downloaded http://tomcat.apache.org/ , and is a Servlet
Container that can run Java Objects.
• This is one of the free Spring supported Web Servers from Apache, others
include Apache Geronimo, JBoss, Oracle WebLogic and many more.
• Tomcat has a startup.bat or startup shell to start the server.
• After it starts, it can be accessed using http://127.0.0.1:8080/
• Many of the deployments will be deployed in the /WebApps/ directory as a
WAR (Web Archive) file, similar to a JAR (Java Archive) file. See
http://en.wikipedia.org/wiki/WAR_(Sun_file_format)
State of Colorado Office of Cyber Security
10. • Tomcat
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Tomcat is a Servlet and Java Server Pages Container developed by
Apache, reference http://en.wikipedia.org/wiki/Tomcat_(software)
and http://tomcat.apache.org/ .
It provides a Java HTTP Server to run Java code.
Catalina is Tomcat’s servlet container.
A servlet container a Java class that responds to HTTP requests.
A HTTP request is an HTTP page that will call Java code and
execute an action running on the Tomcat Server.
The Tomcat server may be started with a startup script and use
different ports so that many servers may be provide different
services.
State of Colorado Office of Cyber Security
11. Benefits of Tomcat/Catalina
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Tomcat can run a web server by just starting the startup.bat or
startup.sh.
It uses other scripts to setclasspath, start catalina shutdown.
A directory structure is used locally that can contain the classes,
libraries, configurations, etc.
This way multiple tomcat server can be used in their own
containment area, or directory, without affecting other instances of
the Java Web Server.
The Tomcat Web Server is Operating System dependent, and does
not require a formal installation or setup to be run. Only that the
directory and its contents are copied over correctly.
Again, all of this is Open Source.
State of Colorado Office of Cyber Security
12. • Tomcat Directory
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
13. • Tomcat Directory
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
bin Directory containing the scripts and Tomcat JAR files.
conf The properties and XML files that configure the server,
including ports, Admin ports, database connections, etc.
lib The supporting JAR files needed to run Tomcat.
logs log files that are written during runtime and startup.
webapps any WAR files that contain the web applications. WAR
files are similar to JAR files except they also contain the Web pages,
like JSPs and Servlets. This is where the Flex applications will be
stored.
• Reference
http://tomcat.apache.org/tomcat-3.3-doc/tomcat-
ug.html#directory_structure
State of Colorado Office of Cyber Security
14. Catalina
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Tomcat is the web server that presents HTML and Java Server
Pages (JSP’s).
Catalina is the servlet code that responds on the server to server
requests and sends its response in HMTL, JSPs and even XML.
A Servlet will receive a request and issue a response after processing
the request. It may do a database lookup, call other code or many
other tasks.
Catalina is a container that will pool, secure, and oversee these
servlets as they are configured. The servlets are the binary code to
be executed.
There is a Java Servlet protocol to be explored further at
http://en.wikipedia.org/wiki/Java_Servlet#Servlet_containers
State of Colorado Office of Cyber Security
15. Tomcat Management Interface
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
• Tomcat has a management interface for loading new applications,
State of Colorado Office of Cyber Security
16. Springsource
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
• Spring has several reference applications for MVC and Webflow.
• They can be found at http://www.springsource.org/webflow-samples .
• The installation of Webflow can be found
http://www.installationwiki.org/Setup_for_Spring_Web_Flow_2 .
State of Colorado Office of Cyber Security
17. CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Apache
Maven
State of Colorado Office of Cyber Security
18. • What is it?
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Apache Maven 2 is a software tool for Java project management and
build automation.
It uses a .pom file in XML form that will generate a configuration
for pulling down libraries from Maven repositories, building the
project and even testing the project with results.
See http://en.wikipedia.org/wiki/Apache_Maven, http://
maven.apache.org/guides/getting-started/index.html,
http://maven.apache.org/guides/getting-started/index.html and
http://maven.apache.org/ as a reference.
State of Colorado Office of Cyber Security
19. • POM
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
The Project Object Model (POM) is used in Apache Maven to
describe the software project being built.
The POM can also be generated using IDE’s like NetBeans that will
use a plugin to Maven to generate the files.
The POM files are in XML format.
State of Colorado Office of Cyber Security
20. POM Example
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
21. Maven Directory structure
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Maven uses a predefined directory structure called a standard
project structure.
The pom.xml will be stored in the project home directory which is
the base directory for the file tree.
From this base directory, there will be a src and target directory:
State of Colorado Office of Cyber Security
22. • Maven Directory structure
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
The src/main/java directory is where the Java source code is
stored.
The src/main/resources are where the application resources are
stored like GIF files.
The src/main/config are where the configuration files are stored.
The src/main/webapp are where the web application WAR files
are stored.
The src/test/java are where the Unit test files are stored.
State of Colorado Office of Cyber Security
23. • Running Maven
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
The “mvn” command is used to run maven. It must be executed in
the project home directory. Here are some of the commands:
State of Colorado Office of Cyber Security
24. CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Spring Roo
State of Colorado Office of Cyber Security
25. Spring Roo Intro
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Spring Roo, http://en.wikipedia.org/wiki/Spring_Roo , is an open
source software tool that uses convention-over-configuration
principles to provide rapid application development of Java-based
enterprise software.
The reulsing application use common Java technologies such as
Spring Framework, Java Persistence API, Java Server Pages,
Apache Mavin and AspectJ.
The Spring Roo home page can be found at
http://www.springsource.org/roo .
A good tutorial can be found at
http://blog.springsource.com/2009/05/27/roo-part-2/
Installation can be found at http://www.springsource.org/roo/start
State of Colorado Office of Cyber Security
26. Why Spring Roo?
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Spring Roo is mentioned in
http://europe.springone.com/dl/springone-amsterdam-2009/
slides/RodJohnson_WelcomeKeynote.pdf as part of the Future of
Java Innovation.
A great case study is the Tom-Tom, http://www.tomtom.com/ ,
where it cut development time by 50% for a customer base of 45
million, http://www.springsource.org/node/3001 .
State of Colorado Office of Cyber Security
27. Spring Roo Download
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Spring Roo can also be incorporated in the Spring Tool Suite,
http://www.springsource.com/developer/sts which is a Eclipse UI
running a VMWare vFabric optimized server for Spring.
State of Colorado Office of Cyber Security
28. Spring Roo Web Flow
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
To install Spring web flow on Spring Roo, we will use the “roo> web
flow” command. A project has to be created first, and we will start
with the PetClinic that comes a Samples/clinic.roo file to get
started.
State of Colorado Office of Cyber Security
29. Spring Roo Web Flow
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Many artifacts are created, including a pom.xml for a Maven build,
and the templated src files,
State of Colorado Office of Cyber Security
30. Spring Roo Web Flow
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Next, run “perform tests” to see if everything generated correctly,
which will run for several minutes (it will perform Maven JUnit
tests in the src directory)…
State of Colorado Office of Cyber Security
31. Spring Roo Web Flow
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Look for the “Build Success” …
State of Colorado Office of Cyber Security
32. Spring Roo Web Flow
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Add the webflow and perform tests after, do “perform tests” after
significant changes to ensure there are no issues….
State of Colorado Office of Cyber Security
33. Spring Roo Web Flow
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
The web flow command will create the flow view state files in src
mainwebappWEB-INFviewssampleflow and a webflow-
config .xml in srcmainwebappWEB-INFspring, the views
appear as:
State of Colorado Office of Cyber Security
34. Log4J
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
A Log4J logger is created in src/main/resources/log4j.properties,
and can be changed so it logs to a file appender, see
http://logging.apache.org/log4j/1.2/manual.html
State of Colorado Office of Cyber Security
35. Running
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Running the new Pet Clinic application in tomcat can be done from
Maven.
Quit Roo and run “mvn clean tomcat:run” in the project.
State of Colorado Office of Cyber Security
36. Running
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Then access the browser with http://localhost:8080/petclinic/ and
select the SampleFlow to access the web flow.
State of Colorado Office of Cyber Security
37. Wedding
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
A Wedding RSVP example that uses HSQL DB as a database can be
found at http://blog.springsource.com/2009/05/27/roo-part-2/
State of Colorado Office of Cyber Security
38. HSQL Database
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
HSQLDB (Hyper Structured Query Language Database) is a
relational database management system written in Java. See
http://en.wikipedia.org/wiki/HSQLDB .
HSSQLDB is loaded at runtime of Tomcat through its JDBC Java
Database Driver, so it does not persist information in a database
that is already loaded into the Operating System like MySQL or SQL
Server. Therefore, HSSQLDB is normally used in a development
environment.
Where is the data saved?
The configuration of the HSSQLDB is saved in the “database/
jiradb.properties” file.
The data of the HSSQLDB is saved in the “database/
jiradb.script” file.
State of Colorado Office of Cyber Security
39. HSQL Database
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
In the configuration, I set the properties to /tmp/our-wedding, the
“/tmp” is the directory and the “our-wedding” are the files.
From database properties set --key database.url --value
jdbc:hsqldb:/tmp/our-wedding
State of Colorado Office of Cyber Security
40. HSQL Database
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Where is the data saved?
The configuration of the HSQLDB is saved in the “/tmp/our-
wedding.properties” file.
The data of the HSSQLDB is saved in the “/tmp/our-
wedding.script” file.
The hsqldb-1.8.0.10.jar , running from Maven, will be from a
~Home.m2repositoryhsqldb directory that has stored
Maven running JARs.
Notice the data saved in script when entering an RSVP:
State of Colorado Office of Cyber Security
41. HS SQL Display
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Running “java -cp hsqldb-1.8.0.10.jar
org.hsqldb.util.DatabaseManager -user sa -url jdbc:hsqldb:our-
wedding” :
State of Colorado Office of Cyber Security
42. Maven Selenium
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Selenium, web testing, can also be run from Maven using “mvn
selenium:selenese”
Selenium is a Firefox plugin, so FireFox must be installed.
The Tomcat server must also be running from the previous “mvn
tomcat:run” example.
A Firefox browser will appear during the run and a “weddingtarget
selenium.html” will be the result.
State of Colorado Office of Cyber Security
43. Maven Selenium
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Running the command “mvn selenium:selenese”
State of Colorado Office of Cyber Security
44. Maven Selenium
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
The selenium.html results:
State of Colorado Office of Cyber Security
45. What is Selenium IDE
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Selenium IDE is another Open Source concept that is a Integrated
Development Environment running on top of the FireFox browser as a
plugin.
Supports load testing.
This allows a recording of the browser actions that can be played
back execute buttons being pushed and actions inside the
browser.
Assertions can be executed on the HTML pages itself for checking
specific information.
The test itself can be exported into Java, .NET, Perl, Ruby, etc,
and then code to execute the tests in that language.
State of Colorado Office of Cyber Security
46. Selenium IDE Test
(running from Firefox)
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
State of Colorado Office of Cyber Security
47. Selenium is now integrated in the site
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Running in Firefox, we can select Selenium Tests,
State of Colorado Office of Cyber Security
48. Selenium is now integrated in the site
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
We get the last tests,
State of Colorado Office of Cyber Security
49. Setting Log4j
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Running “roo> logging setup --package WEB --level DEBUG” will
rewrite the “log4j.properties” to log on Debug with the spring
framework.
State of Colorado Office of Cyber Security
50. Log4j
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Even though the basic JDK logging framework can accept
changes on destination through its Handler in the
“logging.properties”, Log4j offers more advanced features in its
XML use of its Appender class.
Appenders add functionality to add logging to the current
logging, for instance printing to the console and then adding
appenders to send email logs through SMTP.
Log4j supports XML configuration and a text configuration in
log4j.properties.
Log4J is an Apache framework found at
http://logging.apache.org/log4j/1.2/ and more information can
be found at http://en.wikipedia.org/wiki/Log4j
State of Colorado Office of Cyber Security
51. An example Log4j JSP code
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
• <%@ page import="org.apache.log4j.Logger" %><html><head>
<title>Demonstration log4j usage in jsp</title></head><body>
<%
Logger log = Logger.getLogger("com.demo.test");
log.debug("Show DEBUG message");
log.info("Show INFO message");
log.warn("Show WARN message");
log.error("Show ERROR message");
log.fatal("Show FATAL message");
%>
<b>
The log messages are shown in the Tomcat console and in the
${catalina.home}/logs/demo.log file.
</b></body></html>
State of Colorado Office of Cyber Security
52. An example Log4j demo.log
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
• 2008-08-11 20:03:43,379 [com.demo.test] DEBUG - Show
DEBUG message.
2008-08-11 20:03:43,409 [com.demo.test] INFO - Show
INFO message.
2008-08-11 20:03:43,409 [com.demo.test] WARN - Show
WARN message.
2008-08-11 20:03:43,409 [com.demo.test] ERROR - Show
ERROR message.
2008-08-11 20:03:43,419 [com.demo.test] FATAL - Show
FATAL message.
State of Colorado Office of Cyber Security
53. An example SMTP Appender
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
An Appender is configured in the log4j.properties to define the
loggers. Here is a sample of an logger to send email logs:
State of Colorado Office of Cyber Security
54. Spring Security
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Spring security is the de-facto standard for securing Spring
application. It is a highly customizable authentication and
access-control framework.
http://static.springsource.org/spring-security/site/
Running “roo> security setup”,
State of Colorado Office of Cyber Security
55. Spring Security
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
While Spring Security templates are now stubbed out, the
applicationContext-Security.xml needs to be edited to point to
newly created Login page:
State of Colorado Office of Cyber Security
56. Now we get out Login page
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Login page:
State of Colorado Office of Cyber Security
57. Backup
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Run “roo> backup” to created a backup zip of the current src:
State of Colorado Office of Cyber Security
58. MVC
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Run “roo> controller class --class ~.web.PublicRsvpController” to
create the stubs for a Controller class.
State of Colorado Office of Cyber Security
59. MVC
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
The PublicRsvpController.java stub.
@RequestMapping will map the URL to the Controller
@Controller will define this as a Controller class.
For example, index will be called from the URL, then process the
function and call the View.
State of Colorado Office of Cyber Security
60. Entity (Model)
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Next, we will create a Roo Finder.
Roo Finders provide methods to search through your entities
using JPA.
We will list the available finders using “roo> finder list”:
State of Colorado Office of Cyber Security
61. Entity (Model)
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Next, we will create one of the available Roo Finders by using
“roo> finder add”.
State of Colorado Office of Cyber Security
62. Entity (Model)
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Among many things, it will set the @RooEntity in the Rsvp.java
file to add the finder and a corresponding Rsvp_Roo_Finder.aj
(AspectJ) file that defines the finder query.
State of Colorado Office of Cyber Security
63. Email
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Roo can also set up the stubs for email support using “roo> email
sender setup”, the email.properties will be used to set up the
SMPT connection properties:
State of Colorado Office of Cyber Security
64. Setting up for STS
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Roo can also set up the project files for STS, or Eclipse, by
running “roo> perform eclipse”:
State of Colorado Office of Cyber Security
65. Import into STS
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
After an Eclipse/STS project is set up, it can now be imported
into STS from the File->Import->General->Existing Project:
State of Colorado Office of Cyber Security
66. Import into STS
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Imported….
State of Colorado Office of Cyber Security
67. CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Fields
and Pizza.roo
State of Colorado Office of Cyber Security
68. Commands
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
To view the available commands, just push TAB:
State of Colorado Office of Cyber Security
69. Pizza.roo
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Some of this is covered in
http://static.springsource.org/spring-roo/reference/html-single/
index.html
Creating the top level with “project –topLevelPackage
com.springsource.roo.pizzashop”:
State of Colorado Office of Cyber Security
70. Hint
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Typing in “hint” will assist us in what to do next, and typing part
of the command and TAB will give us options:
State of Colorado Office of Cyber Security
71. Persistence
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
We set up HSQL DB persistence by running “persistence setup --
provider HIBERNATE --database
HYPERSONIC_IN_MEMORY” :
State of Colorado Office of Cyber Security
72. Persistence
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
We can see the database properties by running “database
properties list” :
State of Colorado Office of Cyber Security
73. Creating our first Entity
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
The enities are models that will map to the database, and the first
one is treated like a base class to add fields to, using “entity –
class ~.domain.Topping –testAutomatically” :
State of Colorado Office of Cyber Security
74. Creating our first Entity
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Our class, the @RooEntity is a JPA annotation, @RooJavaBean
creates JaveBean accessors and mutators, see
http://static.springsource.org/spring-roo/
org.springframework.roo.annotations/apidocs/ :
State of Colorado Office of Cyber Security
75. Creating our first Fields
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
First, let’s see what fields are available, like enum and date:
State of Colorado Office of Cyber Security
76. Creating our first Fields
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
While looking at Springs validation from annotation, we know
that Spring can annotate a field, like @NotNull, and it will give an
exception if a null is passed through.
Roo can put these in when declaring fields, and these are
available with the string field:
State of Colorado Office of Cyber Security
77. Creating our first Fields
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Let’s create a simple string called “name” with “field string –
fieldName name –notNull –sizeMin 2”:
As:
State of Colorado Office of Cyber Security
78. Creating more Fields
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
To just simplify some of the running, I am going to create a small
script of classes and fields, and use “script fields.roo”, like Pizza
and price, to run it:
Running:
State of Colorado Office of Cyber Security
79. Adding Relationships
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Adding many toppings to a Pizza, with “field set --fieldName
toppings --type ~.domain.Topping”, notice we are in the Pizza
domain:
It created the “toppings” field in the Pizza class:
State of Colorado Office of Cyber Security
80. Adding Relationships
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Now we add the Many to One, by adding the Base class to the
Pizza class:
It created the “base” field in the Pizza class:
State of Colorado Office of Cyber Security
81. Creating more Fields
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Creating fields2.roo for PizzaOrder, which has name, address,
total and delivery Date:
Running:
State of Colorado Office of Cyber Security
82. Enum Field Commands
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Creating Enum Field commands can be found at
http://static.springsource.org/spring-roo/reference/html/
command-index.html#command-index-enum-constant
State of Colorado Office of Cyber Security
83. Adding Enum
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Lets’s add a DeliveryType enum with “enum type –class
~.domain.DeliveryTypeEnum”, and add the field to PizzaOrder:
State of Colorado Office of Cyber Security
84. Adding Enum
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
It added DeliveryType into the PizzaOrder:
State of Colorado Office of Cyber Security
85. Maven perform commands
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
There are many perform commands that will execute from
Maven:
Perform “package” creates the JAR or WAR, “eclipse” will create
an Eclipse project, “tests” perform the Maven tests, “command”
Maven specific command, “clean” will execute a full clean.
State of Colorado Office of Cyber Security
86. Perform tests
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Using “perform tests” checks to see if there are currently issues
with the source code (Always wait for the “Build Success” or
“Build Failure” at the end):
State of Colorado Office of Cyber Security
87. Creating the Web tier
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Use “web mvc setup” will setup the basic Web configutation,
JSPXs, icons, and png files in a webapp directory.
State of Colorado Office of Cyber Security
88. Creating the Web tier
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
If you look through the files, you will notice under webapps
WEB-INFviews several files like “index.jspx”, “header.jspx”,
“footer.jspx” and exception jspx files.
Some of these files are defined in “layouts.xml”:
State of Colorado Office of Cyber Security
89. Creating the Web tier
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
The layouts.xml file is defining the Apache Tiles format.
Roo will put this layout will put Tiles, or templates, in the
following format:
State of Colorado Office of Cyber Security
90. Apache Tiles
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Apache Tiles is a templating framework built to simplify the
development of the web application user interfaces.
See http://tiles.apache.org/
Tiles is similar to JSTL templates to form the composite of a
website.
To customize these pages, you merely need to customize the
various parts that make up the pages.
State of Colorado Office of Cyber Security
91. Web MVC
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
The previous “web mvc setup” command only setup some basic
views, but not the controllers.
Looking at other available “web mvc” commands”
“web mvc all” will create all the controllers but a package name is
required.
State of Colorado Office of Cyber Security
92. Web MVC All
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Running “web mvc all --package ~.web” will give us controllers
for all the entities in the “comsprinsourceroopizzashopweb”
directory:
State of Colorado Office of Cyber Security
93. The Controller
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Looking at the Controller, we see that it has the “@Controller”
annotation, the “@RequestMapping” for the URL, and the
“@RooWebScaffold” which will define the path of the class and
the View to back out into, see
http://static.springsource.org/spring-roo/reference/html/base-
web.html :
Scaffolding are the Roo annotations that provide the ability to
automatically generate View and Controller information.
State of Colorado Office of Cyber Security
94. Maven Tomcat Run
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
To run the Pizza Shop, we run the Maven command outside of
Roo, “mvn tomcat:run”:
State of Colorado Office of Cyber Security
95. Running
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Browse http://localhost:8080/pizzashop/ :
State of Colorado Office of Cyber Security
96. CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Vote.Roo
With JMS and Email
State of Colorado Office of Cyber Security
97. Vote.Roo
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
There are several examples in the /Spring-Roo/samples directory.
http://static.springsource.org/spring-roo/reference/html/intro.html
Clinic.roo is the PetClinic script and demonstrates entity
relationships of different cardinalities.
Vote.roo is the Voting sample that demonstrates Spring Security,
JMS and email support.
Wedding.roo demonstrates a Weddign RSVP program.
Expenses.roo is a Google Web Toolkit (GWT) example that shows
GWT scaffolding.
A good tutorial on vote.roo can be found at
http://stsmedia.net/introducing-spring-roo-part-2-security-jms-
email-support/
State of Colorado Office of Cyber Security
98. Vote.Roo
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Let’s start by creating the directory and running “script vote.roo”.
State of Colorado Office of Cyber Security
99. Vote.Roo
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
We see that vote.roo will setup its HSQLDB.
State of Colorado Office of Cyber Security
100. Vote.Roo
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
And some basic security in “applicationContext-security.xml”.
State of Colorado Office of Cyber Security
101. Vote.Roo
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Readinf vote.roo, we see the scripts that create these as “persistence
setup --provider HIBERNATE --database
HYPERSONIC_PERSISTENT” and “security setup”:
State of Colorado Office of Cyber Security
102. Vote.Roo
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Running out of the box, we run “mvn tomcat:run” and browse
http://localhost:8080/vote/ :
State of Colorado Office of Cyber Security
103. Vote.Roo
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
When clicking on “Create New Choice”, we are going to be
forwarded to a Login page, this is because “applicationContext-
security.xml” has “choices/**” access is the Admin Role.
State of Colorado Office of Cyber Security
104. Vote.Roo
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
We are forwarded to a Login Screen.
State of Colorado Office of Cyber Security
105. Vote.Roo
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
The roles are also currently saved in “applicationContext-
security.xml”. The passwords are saved in a sha-256 hash format so
they are not readable:
State of Colorado Office of Cyber Security
106. Vote.Roo
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
That 256 byte string for the Admin’s password will simply be
hashed from the password “admin”. Using “admin”,”admin”,
State of Colorado Office of Cyber Security
107. Vote.Roo
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Now we can create a choice saved in HSQLDB,
State of Colorado Office of Cyber Security
108. Vote.Roo
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
And add a Vote with Drop-Down name, IP and Date,
State of Colorado Office of Cyber Security
109. Vote.Roo
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Let’s look at the Calendar, the Calendar is being loaded as a Spring
Decoration that is loading dijit code from datetime.tagx
Reading vote.roo, this is create with the “field date registered –type
java.util.Date –notnull –past”:
State of Colorado Office of Cyber Security
110. CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Vote.Roo
And JMS
State of Colorado Office of Cyber Security
111. JMS
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Java Messaging Service, is a publish-subscribe protocol to queue
requests. See http://en.wikipedia.org/wiki/Java_Message_Service
The Spring Roo JMS commands can be found at
http://static.springsource.org/spring-roo/reference/html/
command-index.html#command-index-jms-setup
State of Colorado Office of Cyber Security
112. JMS
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Spring JMS is JMS that works inside the Spring framework, and the
Spring framework nuisances must be understood. A good
introduction can be found at
http://static.springsource.org/spring/docs/3.0.x/spring-
framework-reference/html/jms.html
In JMS, there will be a Producer, that sends messages, and a
Consumer, that receives messages.
The package “org.springframework.jms.core” provides the core
functionality for using JMS.
The package “org.springframework.jms.support” provides
JMSException translation functionality.
The JmsTemplate class is the central class in the JMS core package.
It contains many convenience methods to send a message.
State of Colorado Office of Cyber Security
113. Apache ActiveMQ
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
One of the best Open Source mechanism mentioned on Wiki’s page
is Apache’s ActiveMQ. See http://en.wikipedia.org/wiki/ActiveMQ
and http://activemq.apache.org/
Active MQ supports languages like C/C++, .NET, and scripting
languages like Python, Perl and PHP.
It also has Ajax support and a REST API.
State of Colorado Office of Cyber Security
114. Our Technique
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
For vote.roo, we will set up a MyAccesListener and
JmsTopicSecurityListener.
The MyAccessListener will listen for Access Exceptions in Vote and
send a message to the Queue using the JmsTemplate.
The JmsTopicSecurityListener will listen for the message with the
onMessage function and send an email to the administrator.
State of Colorado Office of Cyber Security
115. Creating the Access Listener
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
First, create the class with “class –class
~.security.MyAccessListener”, which create an empty class.
State of Colorado Office of Cyber Security
116. Creating the Access Listener
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Now, we will add the Application Listener code and print bad
authentications, we use @Component to have it load:
State of Colorado Office of Cyber Security
117. Adding the Bean
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Starting up Tomcat with “mvn tomcat:run” , I login incorrectly into
the Vote app and it prints the “not Authorized” information in the
Tomcat window:
State of Colorado Office of Cyber Security
118. Adding JMS
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
We are going to set up JMS with the service name as
“securityAlerts” and the type as “TOPIC”.
The type is either QUEUE, with messages to be read, or TOPIC,
which are particular messages sent to multiple subscribers.
Running “jms setup --provider ACTIVEMQ_IN_MEMORY --
destinationType TOPIC --destinationName securityAlerts”
State of Colorado Office of Cyber Security
119. Adding JMSTemplate
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Now we add JmsTemplate to MyAccessListener to send JMS
messages with “field jms template” since we are in the context on
MyAccessListener (Note: This will Autowire JmsTemplate, so then
remove the MyAccessListener bean from applicationContext.xml):
State of Colorado Office of Cyber Security
120. Adding JMS Listener
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Now we create the JMS Listener class with “jms listener class --class
~.security.JmsSecurityTopicListener --destinationName
securityAlerts --destinationType TOPIC”, which will be basic class
with the onMessage:
State of Colorado Office of Cyber Security
121. We add to MyAccessListener
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
We are going to add some code to MyAccessListener to format the
event:
State of Colorado Office of Cyber Security
122. Set up the email properties
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Revisiting the Roo commands:
State of Colorado Office of Cyber Security
123. Set up the email properties
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
We are now setting up the email properties with “email sender
setup --hostServer localhost --protocol SMTP --port 587 --
username rich --password secret%pass” and view it with “properties
list --name email.properties --path SPRING_CONFIG_ROOT”:
State of Colorado Office of Cyber Security
124. Email Template
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
We will now setup an email in JmsTopicListener to send emails
when it receives a message with “field email template --class
~.security.JmsSecurityTopicListener” :
State of Colorado Office of Cyber Security
125. Email Template
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Add the code to call sendMessage:
State of Colorado Office of Cyber Security
126. Testing Email
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
To test email, we will set up a local SMTP server for test called
Neptune, http://donovanbrown.com/post/Neptune.aspx
State of Colorado Office of Cyber Security
127. Testing Email
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
Testing again, Neptune receives an email for an invalid Login (this
was a lot of work, but there is a lot of functionality):
State of Colorado Office of Cyber Security
128. CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
SQL
Role Access
State of Colorado Office of Cyber Security
129. MySQL
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
We are going to install MySQL.
A free Open Source database that can run as a service and is more
relational for production use is the MySQL database. See
http://en.wikipedia.org/wiki/MySQL .
Install MySQL from http://www.mysql.com/downloads/mysql/
Here is an example to create the myTestAppDB:
mysql> create database myTestAppDB character set utf8;
Here is an example to create user “myUser” password “XXXXXXXX”
• mysql> CREATE USER ‘myUser’@’localhost’ IDENTIFIED BY
‘XXXXXXXX’;
• mysql> GRANT ALL PRIVILEGES ON *.* TO ‘jirauser’@’localhost’
WITH GRANT OPTION;
State of Colorado Office of Cyber Security
130. Typical Security
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
In order to save some time, we are going to use a Roo addon
package called Typical Security.
Typical Security can be found at
http://code.google.com/p/spring-roo-addon-typical-security/
State of Colorado Office of Cyber Security
131. Typical Security roo
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
We are going to run the following roo script which will setup typical
security:
State of Colorado Office of Cyber Security
132. Database Properties
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
To see the “database.properties”, run “database properties list” :
State of Colorado Office of Cyber Security
133. Running
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
We will run the “mvn tomcat:run” as before, and browse to
http://localhost:8080/testapp-web/.
State of Colorado Office of Cyber Security
134. Running
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
We will create a new user by going through signup (Notice it already
has Captcha and the fields):
State of Colorado Office of Cyber Security
135. Running
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
We are successful:
State of Colorado Office of Cyber Security
136. Running
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
We are successful by looking at the users:
State of Colorado Office of Cyber Security
137. Running
CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
We are successful by looking at the MySQL database:
State of Colorado Office of Cyber Security
138. CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE
LDAP
State of Colorado Office of Cyber Security