New in Spring MVC 3.1: CSRF Protection using RequestDataValueProcessor

Introduction

As a software architect one of the common tasks I have to deal with is web applications security. Usually I would try to make sure that security is automatically enforced by the infrastructure, however this is not always that easy – sometimes the underlying frameworks don’t provide any built in support or configuration which globally turns on a security attribute. This is why the new org.springframework.web.servlet.support.RequestDataValueProcessor interface in Spring MVC 3.1 seems to be very interesting: it provides a clean way to implement automatic CSRF protection.

Read More >>

How to configure nginx and uWSGI to serve Django projects

This time a post about Python...lately I was dealing with a Django based project. One of the tasks in the project was to deploy the application using nginx and uWSGI. To document the process and to help others I decided to post a short explanation on how to configure nginx, uWSGI and Django to work together. Unlike most articles I found over the internet I'm not just laying down the final configuration but I'm trying to explain what happens in each step – hopefully it will be useful to others.

Read More >>

Java 7 Working With Directories: DirectoryStream, Filter and PathMatcher

My previous post was about Java 7's new java.nio.file.Path class this time I want to continue and explorer some of the other new file system related APIs in Java 7.

java.nio.file.DirectoryStream

DirectoryStream provides an easy way to iterate over directories content, but more than that it introduces a solution for a long existing problem of listing within very large directories. If I wanted to list folder entries using previous Java versions I had to use one of the java.io.File's list() or listFiles() overloaded methods:

// Pre Java 7 Directory Listing Example
File f = new File("c:/tmp");
String[] names = f.list();

// At this point Java listed all files in c:/tmp and loaded their names into an array of Strings
for (String name : names) {
 System.out.println(name);
}

The problem with the old API is that once I asked a File object to list its entries it would immediately scan the folder creating an array of strings (or file objects if listFiles() was used) for each entry in the folder. This approach might take some time when scanning very large folders but more important than that is the memory overhead – the old API pre-fetches and pre-allocates all entries in the folder even if, for example, all I wanted to do was to print out the names of the first five files found in the folder. Java 7 introduces the new DirectoryStream interface which can be used to iterate over a directory without preloading its content into memory. First here is a basic usage example:

Read More >>

Java 7 - Path Manipulation Using java.nio.file.Path

Lately I had the feeling it's about time to starts looking into Java 7 EA, it has been under development for some time now and by the latest news it should be released soon. So I downloaded JDK 7-EA and Netbeans 7 (Eclipse doesn't support Java 7 language changes yet) and looked for interesting changes in the release notes, the first few I've noticed are the I/O enhancements on which I decided to write a post or two starting with a short coverage of the new APIs for path manipulation in the new java.nio.file.Path interface.

Read More >>

Hibernate/JPA Identity Generators

Introduction

As usually it has been a long time since I have last posted in my blog, and even longer (about half a year) since the last time I wrote about Hibernate but finally I have fond the tome for that. This post is about Hibernate standard compatible (TABLE, SEQUENCE, IDENTITY, and AUTO) identity generators: it explains what the identity generators are and illustrated the different considerations need to be taken when choosing identity generation strategy.

Environment

• Hibernate - 3.5.6-Final
• PostgreSQL - 8.4

Read More >>

Under the Hood of Java Strings Concatenating Performance

Introduction

In my previous post I covered some of the more sophisticated Java strings management issues (Collators, Normalizer, interning, substring). Few of the readers of that post left comments asking about StringBuilder vs. StringBuffer vs. the built-in concatenation (+) operator performance. To have a closure to the subject I decided to elaborate on Java strings concatenating.

Is It Important?

In java we talk a lot about strings concatenating which brings up questions about the importance of that. As always the answer depends on the scenario, if we just want to take two strings and print a message composed out of these strings it is probably doesn't matter - we can use the + operator or String.concat() method and get it done. It is more important when we are processing mass of data and loop a logic performing strings concatenating.

Read More >>

Four Things to Remember about java.lang.String

Hi,
Usually this (and my old) blog is more Hibernate, Spring and other JEE/Server side technologies. Still on my day to day work (and mainly when I lecture) I see a lot of misunderstanding/misconception about basic Java tasks. I decided to drop some notes about such subjects from time to time - and today four issues about java.lang.String:

• Strings are immutable - a very basic one, just a reminder 
• Strings Equality, Normalizer, and Collator - an overview of strings equality in a Locale sensitive  environments (including accented forms)
• The substring() method might cause memory leaks - in some scenarios the usage of String.substring() method can cause memory leaks
• String.intern() - how to improve strings equality performance and memory footprint using String.intern()

Read More >>

Hibernate 3.5/JPA 2.0 - New Query Expressions

Hi all,

As usual it took me a long time to write to my blog again but finally here it is - in this post I continue writing about JPA 2.0 (my previous post is here), more than that this is the first entry I'm publishing in my new (the old one is here) blog - Congratulations to me :-). Anyhow in this post I'm trying to go over some of the new functions introduced by JPA 2.0 to the JPA query language. As always my platform is Hibernate but I am using only JPA standard annotation and query syntax. The post includes the following:

• The INDEX function (and the @OrderColumn annotation)
• The TYPE expression, and
• The four types of case expressions

My environment

• Hibernate 3.5.2-Final
• PostgreSQL 8.3

Read More >>

Hibernate 3.5.0-CR-2/JPA 2.0 - Getting Started

Version 2.0 of the Java Persistency API (JPA), a.k.a JSR-317, was released a while ago (10-December-2009) and Hibernate's next version (3.5.0) will implement this version of the specification. In this, and the next, blog entries I'm planning to explorer JPA 2.0 new features and Hibernate implementation of those feature. Since this is the first post in the series I'll focus on environment setup and include only few new mapping options:

• The orphanRemoval option
• The ElementCollection annotaiotn, and
• The CollectionTable annotation

On my next posts I'll cover some more options.

My Environment

• Hibernate 3.5.0-CR-2 (Please notice that Hibernate 3.5 is still a candidate release so things written in this blog entry might change in the future)
• Database PostgreSQL 8.3

Read More >>

Spring 3.0 - Expression Language Support

One of the new features in Spring 3.0 is the Spring Expression Language (Spring EL or SpEL). While evaluation Spring 3.0 I was also checking out the SpEL capabilities, in this blog entry I'll try to cover some of the more interesting, and less obvious, features and aspects of the SpEL.

The Basics

In its basics SpEL is yet another Expression Language, similar to Unified EL, it supports expressions (no control statements in the language) mainly used to access bean properties, the Spring Expression Language can be used as part of the Spring bean factory configuration (XML or annotation based) but can also be evaluated directly by the application code - meaning we can read and evaluate expressions at runtime. Here is the most basic example of SpEL used in
XML factory bean:

<!-- Classic - Simple bean with random value -->
<bean id="randomNumber" class="java.lang.Math" factory-method="random"/>
<bean id="classicBean" class="com.jroller.blogs.eyallupu.MyBean" p:random-ref="randomNumber"/>


<!-- SpEL - Getting the value of the Random bean -->
<bean id="elBean" class="com.jroller.blogs.eyallupu.MyBean" p:random="#{randomNumber}"/>

Read More >>

Hibernate Derived Properties - Performance and Portability

Hi all,

This time about derived properties, maybe this is not a commonly used feature, and maybe even a little bit hidden one (I don't think I have ever been asked about it in any of the Hibernate courses I had lectured in and this usually a sign that people are not familiar with that feature) but once you're familiar with that it is a powerful feature - however, as always, there are considerations regarding of how and when to use it.

What Is a Derived Property?

A derived, or calculated, property is a read only property which its value is calculated at fetch time using SQL expressions. For example a Product class might have a price and a calculated
final price which is the price including VAT. The first (not so good) solution might be something like that:

@Entity
@Table(name="PRODUCTS")
public class Product {

  @Column(name="PRICE")
  private float price;
  
  public float getFinalPrice() { 
    return VAT*price; 
  } 
}

The getFinalPrice() method in the example above is kind of a calculated property - but it doesn't use Hibernate support for at all - and it is not a derived property, this is only a simple getter which performs a calculation. In first look it seems good enough but it will work only for the simple cases when we wish to perform calculation in memory (for example for display purpose) but what if we would like to query ("I want all of the products which their final price is larger than $10") or sort by the calculated value? Here Hibernate comes to our help.

Read More >>

Content Negotiation using Spring MVC's ContentNegotiatingViewResolver

Hi all,

One of the new features in Spring 3.0 is REST support, REST clients can use the restTemplate class and server as part of the MVC framework. In chapter 18 of the 3.0.M3 documentation we can find a section describing content negotiation using the ContentNegotiatingViewResolver class. Lately I was invited to give a lecture about the new Spring 3.0 features and I prepared a detailed HOWTO example (if you want to skip the theory scroll down to HOTWO) of REST content negotiation which I decided to load to my blog, here it is

What is Content Negotiation?

Sometimes different HTTP clients would like to get different representations of a the same resource, for example the resource http://localhost/app/rest/users will list all of the users in a specific server - however one client would like to get the result as a XML document, another in a JSON format and the third as a human readable fancy HTML table - the process in which a client notifying the server about the preferred format (or formats) is named "content negotiation".

Content negotiation is part of the HTTP specification which defines two types of content negotiation - "server-driven negotiation" and "agent-driven negotiation". The scenario implemented by ContentNegotiatingViewResolver is server-driven negotiation. In abstract the specification defines server-driven negotiation as the following sequence:

1. The agent (e.g., a browser) can include the following HTTP headers in a request: Accept, Accept-Charset, Accept-Encoding, Accept-Language, and User-Agent.
2. Base on these headers the sever selects the best format (based on the server's internal logic) that match these criteria and send it to the client.

Read More >>