Servlet 3.1 Specification (JSR 340) is almost ready for the release. Several new security features have been added in this version of Servlet specification.
In this blog, I will explain one of the security features, namely deny-uncovered-http-methods.
Let us take a look at a simple security-constraint in web.xml as follows:
<web-app xmlns="http://www.w3.org/2001/XMLSchema" ...
on Apr 19, 2013
Servlet 3.1 was in Public Review in Janurary 2013. And it is in Proposed Final Draft now. Most of the new features are related to security.
In this following, I will highlight features since Servlet 3.1 Public Review:
add new API javax.servlet.http.Part#getSubmittedFileName
add new API javax.servlet.ServletContext#getVirtualServerNameThis API allows a JASPIC module to be registered in a Servlet...
on Mar 18, 2013
Update: One should not use response in AsyncListener#onComplete. Only print debug in this example.
Servlet 3.1 (JSR 340) is almost ready for the release. One of the new features is the support for non-blocking IO. ReadListener and WriteListener are introduced to allow non-blocking processing in Servlet.
Non-blocking IO can only be used in async (defined in Servlet 3.0) or the upgrade mode. We can...
on Apr 16, 2013
Have you wanted to do something with asynchronous I/O? I did. After doing some work with Node.js, I wanted to find a way to get some of the goodness of its programming model for Java.
The Acteur project is the result - a framework for building scalable, asynchronous web applications using Netty + Guice - was the result. The programming model is a little unusual - you treat constructors as...
on Apr 7, 2013
One of my favorite sessions at Jfokus 2013 was presented by Typesafe co-founder and Java Champion Jonas Bonér. I always enjoy discussions about how technology evolves over the decades, how we break away from concepts, then sometimes weave our way back via the latest and greatest thing, which can sometimes appear strikingly similar to something that was very much in vogue a decade or so earlier....
on Mar 18, 2013
Atlassian has made some seriously great products, for example the project tracker JIRA. We recently upgraded our rather archaic version of JIRA at Magnolia to the latest and greatest offering. Everyone in the team found something in this upgrade. Some of us were desperate to use GreenHopper, others were looking forward to a better LDAP integration, and my personal favourite was the new REST API...
on Feb 20, 2013
Sometimes, life drops a house on your code. Sometimes, it's flying monkeys. Most of the time though, the damn stuff just stops working and it's nothing so obvious as being crushed by a Kansas farmhouse or being carried away by winged primates.
For this last common case, there are a good number of great tools to help you out. JMeter may help you to reproduce the conditions under load, while...
on Feb 1, 2013
The applications have grown together with the man dream to get more and more information, then more application have been emerging and the man had became hostage of the application.
For example we can recognized the evolution between man and machine:
In the first time: Many men to just one machine ( like mainframe's age) then one man to one machine ( in to Personal computer era) and...
on Mar 17, 2013
If you have wanted JSF not to store any state now is your chance to try out the stateless mode of JSF.
It is as easy as doing the following:
<f:view transient="true"> Your regular content</f:view>
And voila you are running stateless.
If you decide you do want some state to be kept at the server you can use the @xxxScoped annotations on your beans
Be aware that...
on Feb 8, 2013
Whenever the JSF runtime needs to perform a conversion it uses a Converter to do so. As explained in previous blog entries you have the ability to implement your own Converter. But does that mean you need to implement it for simple conversions? No, you do not, the default JSF converters come to the rescue!
<b>Java Datatype</b> ...
on Dec 26, 2012
The following blog articles are part of the JSF State Saving series
Introduction to JSF State Saving
The JSF State Saving APIs
The JSF StateHolder API
The JSF PartialStateHolder API
The StateHelper API
on Dec 19, 2012
To facilitate component developers a convenience API was introduced to make it easier to implement the state saving requirements. Access to this API is made available through UIComponent.getStateHelper().
The API defines the following methods:
void add(Serializable key, Object value) Object eval(Serializable key) Object eval(Serializable key, Object defaultValue) ...
on Dec 15, 2012
Not so long ago Mark Halvorson mentioned in his presentation at the Magnolia Conference 2012 that he doesn't understand why he can't have versioning for templates in Magnolia the same way he has it for content. Then I thought why not? Should be pretty straightforward.
The first implementation was indeed easy. Similar to what Magnolia does when dealing with DMS documents - I just configured a...
on Nov 7, 2012
As mentioned in my talks at JavaOne San Francisco 2012, JSF 2.2 will include a new feature I'm calling HTML(5) Friendly Markup. I owe a debt of thanks to Frank Caputo for collaborating with me on ideas and code for the feature, including the code example from this blog entry. The JSR-344 Expert Group also deserves mention. In true lean fashion, this code sample is taken directly from TDD tests...
on Nov 1, 2012
The definition of a PartialStateHolder according to the PartialStateHolder interface:
void clearInitialState() boolean initialStateMarked() void markInitialState()
Note that the methods above do not mention that a PartialStateHolder extends from StateHolder. Be aware that if you want to implement partial state saving you will also need to implement the methods...
on Oct 18, 2012
The definition of a StateHolder according to the StateHolder interface:
boolean isTransient() void restoreState(FacesContext context, Object state) Object saveState(FacesContext context) void setTransient(boolean newTransient)
Each of the methods mentioned above have a particular role to fulfill during the JSF lifecycle.
Transient or not
The setTransient method can...
on Oct 17, 2012
Web Development Tools
As a test, I re-created the HRSystem application as described in the tutorial Developing Rich Web Applications With Oracle ADF. It's more than your basic Hello World application. For starters, the HR system application accesses a database. It also takes advantage of some sophisticated ADF features, such as graphs, page flows, auto-suggest, menu options to export to Excel and display in...
on Jan 23, 2013
In my last blog post, I explained how to add versioning capability to templates. Being able to create, view and restore different versions of templates is great, but sometimes it's not so easy to see what has actually changed. And we might not be as lucky as having comments about the change from the author, or they might be cryptic to the point of being useless.
So let's try and add the diff and...
on Jan 22, 2013
I am glad our team and me ofcourse, part of the Support mySchool project in WorldBank for Indonesia's Ministery of Education and Culture (MoEC), the URL is http://bantusekolahku.kemdikbud.go.id
The first social media that linked with all the role in our govermental (from ministery directorate, province's education structure, district's educatio structure and schools structure). The public...
on Dec 13, 2012
So I haven't posted a blog here since 2009 - and haven't work for Sun or Oracle since early 2010. It's been a wild few years working on a number of things as diverse as giant clouds to control software for cameras which go down oil wells. And I have a new blog at timboudreau.com, naturally using a blog engine I wrote myself (I gave myself a project to learn node.js). Currently I'm architecting...
on Nov 10, 2012