intro/background:
recently DELTASPIKE-1345 was reported. since i checked the available integration of javax.annotation.security.* as well as JSR-375 just recently, it was clear that there isn't a well-established CDI extension which integrates with the servlet- and ejb-api (at least at this point).
in the past few years we usually used @Secured (or @Secures) to integrate with those and other authentication (and authorization) mechanisms. in most cases that allowed a type-safe and more CDI-like approach in combination with solid security-frameworks like http://shiro.apache.org
however, (currently) projects like keycloak are integrated e.g. with wildfly (and therefore with javax.annotation.security.*), but only for servlet based artifacts and EJBs.
since JSR-375 is integrated with CDI out-of-the-box, only EE6 and EE7 still have a gap in view of those annotations for authentication (in combination with CDI). in most cases it's enough to use @Secures in combination with the std. EE-APIs (like it's illustrated for JSF in one of the wildfly-demos). however, it's for sure inconsistent that those annotations can be used with different EE-APIs, but out-of-the-box not with CDI beans. therefore, i prototyped https://github.com/os890/ds-role-bridge-addon
it's a bridge which supports @DenyAll, @PermitAll, @RolesAllowed and @RunAs. i skipped the support for @DeclareRoles in combination with @RunAs, because a full support with EJBs wouldn't be portable anyway. the remaining annotations are also integrated with EJBs and therefore in most cases it should just work as it would be supported out-of-the-box.
the short story:
as shown in the demo-applications it's just needed to add the bridge as a runtime-dependency and use the javax.annotation.security.* annotations directly at the CDI beans. behind the scenes the final-role check is delegated to the servlet-api or if it isn't available (or there is no active servlet-request), a fallback gets triggered which delegates the check to the EJBContext. only @RunAs required a custom role-evaluation (including an explicit approach for the integration with EJBs).
the result:
https://github.com/os890/ds-role-bridge-addon should allow the same overall usage of @DenyAll, @PermitAll, @RolesAllowed and @RunAs (please report an issue if there is a difference). the main (known) difference is that you need to use annotations like @RolesAllowed explicitly (there is no "default/implicit" protection). furthermore, the result of a violation is a java.lang.SecurityException. however, the bridge also provides a rich set of SPIs which allows to customize the default behavior (in this case e.g. with an @Alternative implementation of AccessDeniedHandler).
btw. since cdi is really powerful it took longer to create the examples then the bridge itself.
Showing posts with label deltaspike. Show all posts
Showing posts with label deltaspike. Show all posts
Saturday, May 26, 2018
Friday, March 30, 2018
multi-profiles in one minute
2012 spring added bean-profiles which is similar to project-stages added in myfaces-codi 2010. deltaspike improved and unified the project-stage concept. for the average case it's (imo) easier to handle than bean-profiles. however, from time to time users come up with some very special edge-cases which can be done with (custom) expressions supported by @Exclude. per definition such cases can get quite complex and usually there is an easier approach with deltaspike. in all the years (on the mailing-lists and in projects) i just saw one case which would really benefit a bit from the (imo) more complex bean-profiles approach. even in that case the result wasn't just "bad luck" and a questionable workaround as a result. instead it is possible to implements bean-profiles as a deltaspike-addon with less than 30 lines of code.
the usage is quite simple.
a type-safe approach based on cdi-stereotypes is supported as well. the usage of the type-safe approach is also straightforward: enabling 1-n profiles can be done with any active config-source.
the implementation including tests are available at ds-multi-profile-addon.
the usage is quite simple.
a type-safe approach based on cdi-stereotypes is supported as well. the usage of the type-safe approach is also straightforward: enabling 1-n profiles can be done with any active config-source.
the implementation including tests are available at ds-multi-profile-addon.
Tuesday, October 27, 2015
type-safe configs the second minute
in my first post about this topic i explained how to create a type-safe config based on interfaces and the partial-bean-module provided by deltaspike.
this second part is about a new possibility which is available since deltaspike v1.5.1.
until deltaspike v1.5.1, you needed to create and inject the type-safe config for accessing configured values. one part of the example shown in the first post looked like:
since deltaspike v1.5.1, you can use @Produces in your type-safe config. with that you can directly inject the result instead of the config-class.
this second part is about a new possibility which is available since deltaspike v1.5.1.
until deltaspike v1.5.1, you needed to create and inject the type-safe config for accessing configured values. one part of the example shown in the first post looked like:
since deltaspike v1.5.1, you can use @Produces in your type-safe config. with that you can directly inject the result instead of the config-class.
Saturday, October 3, 2015
type-safe configs in one minute
within the last months i heard about more and more projects which move to cdi.
an important aspect of cdi is the type-safe injection including type-safe qualifiers and many other concepts based on type-safety.
"surprisingly" type-safe concepts get ignored quite often when it comes to accessing config-values.
however, there is no technical limitation here. in fact creating even generic approaches for type-safe configs can be easy once the implementation is based on deltaspike.
-> like with many other topics my answer is something like:
"use deltaspike and it's way easier."
in case of config-approaches, deltaspike provides several flexible and extensible concepts.
e.g. the upcoming chapter of http://cdiatwork.irian.at will also describe some of them in detail.
beyond that it's easy to implement your own concepts based on mechanisms provided by deltaspike.
the following listing illustrates how to implement your own type-safe config.
this implementation is based on the partial-bean module of http://deltaspike.apache.org (@TypeSafeConfig is annotated with @org.apache.deltaspike.partialbean.api.PartialBeanBinding). in a second step it's required to annotate an implementation of java.lang.reflect.InvocationHandler with our own binding-annotation (see @TypeSafeConfig) and implement the logic to load and parse the config-values. in our example we delegate the lookup of the config-values to ConfigResolver#getProjectStageAwarePropertyValue. ConfigResolver is provided by deltaspike and allows to integrate even custom config-sources easily.
with those two simple classes, we can create custom type-safe configs by just creating interfaces and annotating them with our own binding-annotation (see @TypeSafeConfig). the following listings show two examples how to define and use such a custom config (see AppConfig and BatchConfig).
the last snippet shows how to inject and use both configs in any cdi-bean. in the illustrated example we use them in CustomBatchStarter, which is a cdi-enabled implementation of org.quartz.Job (see @org.apache.deltaspike.scheduler.api.Scheduled).
an important aspect of cdi is the type-safe injection including type-safe qualifiers and many other concepts based on type-safety.
"surprisingly" type-safe concepts get ignored quite often when it comes to accessing config-values.
however, there is no technical limitation here. in fact creating even generic approaches for type-safe configs can be easy once the implementation is based on deltaspike.
-> like with many other topics my answer is something like:
"use deltaspike and it's way easier."
in case of config-approaches, deltaspike provides several flexible and extensible concepts.
e.g. the upcoming chapter of http://cdiatwork.irian.at will also describe some of them in detail.
beyond that it's easy to implement your own concepts based on mechanisms provided by deltaspike.
the following listing illustrates how to implement your own type-safe config.
this implementation is based on the partial-bean module of http://deltaspike.apache.org (@TypeSafeConfig is annotated with @org.apache.deltaspike.partialbean.api.PartialBeanBinding). in a second step it's required to annotate an implementation of java.lang.reflect.InvocationHandler with our own binding-annotation (see @TypeSafeConfig) and implement the logic to load and parse the config-values. in our example we delegate the lookup of the config-values to ConfigResolver#getProjectStageAwarePropertyValue. ConfigResolver is provided by deltaspike and allows to integrate even custom config-sources easily.
with those two simple classes, we can create custom type-safe configs by just creating interfaces and annotating them with our own binding-annotation (see @TypeSafeConfig). the following listings show two examples how to define and use such a custom config (see AppConfig and BatchConfig).
the last snippet shows how to inject and use both configs in any cdi-bean. in the illustrated example we use them in CustomBatchStarter, which is a cdi-enabled implementation of org.quartz.Job (see @org.apache.deltaspike.scheduler.api.Scheduled).
Friday, October 24, 2014
[deltaspike] restricting the amount of windows
with codi it was possible to restrict the number of windows and old windows are dropped if the maximum was reached and a new window should get created.
deltaspike doesn't allow that before v1.1.0, however, it's very easy to implement it manually:
deltaspike doesn't allow that before v1.1.0, however, it's very easy to implement it manually:
Wednesday, October 22, 2014
Friday, July 4, 2014
Wednesday, June 18, 2014
8th release of deltaspike -> v1
The Apache DeltaSpike team is pleased to announce the 8th release of DeltaSpike. It's v1.0.0!
Friday, June 6, 2014
openwebbeans on wls
some time ago, i described how to run openwebbeans on glassfish and wls.
the described approach works pretty well. however, once deltaspike added an optional ee7-support (esp. for jsf 2.2+), wls fails during the startup, because v12.1.2 doesn't support optional classes which contain imports of unknown classes (ee7 classes unknown to an ee6-server) like the other ee6 servers do.
therefore i created a new branch for ds-owb-bundle which filters those optional ee7 classes.
with that deltaspike works on wls without issues.
the described approach works pretty well. however, once deltaspike added an optional ee7-support (esp. for jsf 2.2+), wls fails during the startup, because v12.1.2 doesn't support optional classes which contain imports of unknown classes (ee7 classes unknown to an ee6-server) like the other ee6 servers do.
therefore i created a new branch for ds-owb-bundle which filters those optional ee7 classes.
with that deltaspike works on wls without issues.
Saturday, May 31, 2014
openwebbeans on glassfish
some time ago, i described how to run openwebbeans on glassfish3 and wls12.
in my previous post i described how to run openwebbeans on wildfly8 (and as7).
with the latest commit for ds-owb-bundle and the trunk of owb add-on,
the demo-application also works on glassfish4.
in my previous post i described how to run openwebbeans on wildfly8 (and as7).
with the latest commit for ds-owb-bundle and the trunk of owb add-on,
the demo-application also works on glassfish4.
Friday, May 30, 2014
openwebbeans on wildfly8
recently i showed how to run owb on as7. the same owb add-on works with wildfly8 as well. however, wildfly8 ships a version of weld which implements cdi 1.1. therefore, i had to update the repackaged version of deltaspike. with the latest commit for ds-owb-bundle, the demo-application also works on wildfly8.
Thursday, May 29, 2014
openwebbeans on as7
some time ago, i described how to run openwebbeans on a weld based ee6 server.
i mentioned that the used classpath-scanner doesn't support the virtual-file-system.
however, today i rewrote the scanner-service.
now it uses the "Corn Classpath Scanner" lib, which supports the vfs.
therefore, i tested the result with as7 (v7.2.0) and owb works fine as expected.
you can have a look at the result at the as7-branch of the same repository.
i mentioned that the used classpath-scanner doesn't support the virtual-file-system.
however, today i rewrote the scanner-service.
now it uses the "Corn Classpath Scanner" lib, which supports the vfs.
therefore, i tested the result with as7 (v7.2.0) and owb works fine as expected.
you can have a look at the result at the as7-branch of the same repository.
Wednesday, May 21, 2014
apache deltaspike pmc chair
now it's official - i'm the new pmc chair of deltaspike for this year.
i'll try to continue the great work of the previous chair!
furthermore, i would like to thank mark for being such a great chair!
in my first blog-post as new pmc chair i would like to mention:
everybody is welcome to join our awesome community!
i'll try to continue the great work of the previous chair!
furthermore, i would like to thank mark for being such a great chair!
in my first blog-post as new pmc chair i would like to mention:
everybody is welcome to join our awesome community!
Saturday, May 10, 2014
[add-on] fast event processing with disruptor + deltaspike
cdi offers synchronous events. they are more like a decoupled method call. that's fine for a lot of use-cases.
in some cases the processing can take some time (in the observer method). a common trick is to use an ejb + @Asynchronous for the observer-method. with that the event-source can continue and the observer operates in a new thread.
however, that isn't enough if there is a huge amount of such events. for use-cases like that i've prototyped an add-on for apache deltaspike which allows to use disruptor for firing and observing events. it includes a simple qualifier support, however, it doesn't provide an 1:1 implementation of the cdi event rules. it can be used the same way as cdi events:
and
the add-on creates a disruptor-processor for every observer methods. the method gets invoked on the cdi-bean itself. the cdictrl-module provided by deltaspike is used for starting the cdi request- and session-scope before an observer method gets called (and to stop it afterwards). with that the application-, session- and request-scope (as well as all scopes based on them which start autom.) can be used for such beans.
since the observer methods are invoked on the contextual-instance, cdi features like dependency-injection can be used as expected. the result is really nice. there is a huge difference in view of the pure event-processing performance of the events:
the result might look strange at the first view. however, the effects are quite clear. since the observer-logic in the demo is fast, the benefit of using @Asynchronous is lost. here the pure invocation of observers in ejbs is slower (than observers in a cdi-bean), because the container has to handle additional ejb features like transactions. the cdi bean as well as the stateful ejb is application-scoped and therefore only one (cached) instance is needed.
in the charts above it's hard to see, but the numbers show that tomee is faster in case of the deltaspike/disruptor add-on (due to the highly optimized proxies of openwebbeans 1.2.x) and as7 is a bit faster with dispatching standard cdi events.
currently the add-on works with tomee and as7 (tested with v7.2) and is available here. the repository also contains several tests, which illustrate the supported use-cases.
in some cases the processing can take some time (in the observer method). a common trick is to use an ejb + @Asynchronous for the observer-method. with that the event-source can continue and the observer operates in a new thread.
however, that isn't enough if there is a huge amount of such events. for use-cases like that i've prototyped an add-on for apache deltaspike which allows to use disruptor for firing and observing events. it includes a simple qualifier support, however, it doesn't provide an 1:1 implementation of the cdi event rules. it can be used the same way as cdi events:
and
the add-on creates a disruptor-processor for every observer methods. the method gets invoked on the cdi-bean itself. the cdictrl-module provided by deltaspike is used for starting the cdi request- and session-scope before an observer method gets called (and to stop it afterwards). with that the application-, session- and request-scope (as well as all scopes based on them which start autom.) can be used for such beans.
since the observer methods are invoked on the contextual-instance, cdi features like dependency-injection can be used as expected. the result is really nice. there is a huge difference in view of the pure event-processing performance of the events:
the result might look strange at the first view. however, the effects are quite clear. since the observer-logic in the demo is fast, the benefit of using @Asynchronous is lost. here the pure invocation of observers in ejbs is slower (than observers in a cdi-bean), because the container has to handle additional ejb features like transactions. the cdi bean as well as the stateful ejb is application-scoped and therefore only one (cached) instance is needed.
in the charts above it's hard to see, but the numbers show that tomee is faster in case of the deltaspike/disruptor add-on (due to the highly optimized proxies of openwebbeans 1.2.x) and as7 is a bit faster with dispatching standard cdi events.
currently the add-on works with tomee and as7 (tested with v7.2) and is available here. the repository also contains several tests, which illustrate the supported use-cases.
Monday, May 5, 2014
[add-on] mock cdi-beans with deltaspike
i've prototyped an add-on for apache deltaspike which allows to mock cdi-beans manually or with a mocking-framework.
an example for a simple cdi-bean:
an example for a simple manual-mock for the cdi-bean: an example for a simple mockito-mock for the cdi-bean: the same is possible in combination with qualifiers as well as with producers and @Typed beans.
the add-on is available here. the repository also contains several tests, which illustrate the supported use-cases. the tests use manual-mocks as well as mockito-mocks. however, you can provide any object as mock which is a subclass of the original implementation.
an example for a simple cdi-bean:
an example for a simple manual-mock for the cdi-bean: an example for a simple mockito-mock for the cdi-bean: the same is possible in combination with qualifiers as well as with producers and @Typed beans.
the add-on is available here. the repository also contains several tests, which illustrate the supported use-cases. the tests use manual-mocks as well as mockito-mocks. however, you can provide any object as mock which is a subclass of the original implementation.
Sunday, April 20, 2014
[add-on] monitoring lite with deltaspike
there are quite a lot of different use-cases for monitoring and auditing. for more advanced use-cases projects like apache sirona are reasonable. however, in several cases it's enough to have a simple interceptor which collects information (which can get processed at the end of a request). since a lot of projects implemented it on their own and end up with similar solutions, i've created an add-on for apache deltaspike which supports several common use-cases like exception monitoring, performance monitoring (via execution time) and auditing (with or without method-parameter values).
after adding the add-on to a project based on deltaspike the usage is simple, just annotate a method or the whole class with @InvocationMonitored and create a cdi-observer for MonitoredMethodInvocationsEvent. the add-on will collect information about the monitored method-invocations during a request and you can process the entries based on your requirements. the following example illustrates a sample usage. it's up to you which information you use and how you process it (e.g. logging it, storing it in a persistent store,...).
asynchronous processing is also supported via an @Asynchronous observer in an ejb.
the optional jsf module allows to record the current view-id per entry and the processing after the rendering-phase.
the add-on is available here.
after adding the add-on to a project based on deltaspike the usage is simple, just annotate a method or the whole class with @InvocationMonitored and create a cdi-observer for MonitoredMethodInvocationsEvent. the add-on will collect information about the monitored method-invocations during a request and you can process the entries based on your requirements. the following example illustrates a sample usage. it's up to you which information you use and how you process it (e.g. logging it, storing it in a persistent store,...).
asynchronous processing is also supported via an @Asynchronous observer in an ejb.
the optional jsf module allows to record the current view-id per entry and the processing after the rendering-phase.
the add-on is available here.
Friday, April 18, 2014
simple cdi and ejb tests with deltaspike
apache deltaspike v0.6+ provides an easy to use, but quite powerful junit test-runner.
it's based on the container-control api of deltaspike. deltaspike itself currently provides implementations for openwebeans, weld and openejb (tomee).
the last one is important, if you need to test a cdi+ejb based application. just by using a different container-control implementation (deltaspike-cdictrl-openejb) in your build config and adding openejb (/tomee) via org.apache.openejb:openejb-core, you can test cdi-beans as well as ejbs. just inject them as usual via @Inject (also @EJB works as expected).
an example can be found here.
the last one is important, if you need to test a cdi+ejb based application. just by using a different container-control implementation (deltaspike-cdictrl-openejb) in your build config and adding openejb (/tomee) via org.apache.openejb:openejb-core, you can test cdi-beans as well as ejbs. just inject them as usual via @Inject (also @EJB works as expected).
an example can be found here.
Tuesday, March 25, 2014
Monday, March 24, 2014
welcome cdiatwork.irian.at
today we announced a german book about cdi and apache deltaspike.
it's available at http://cdiatwork.irian.at
instead of publishing it at once, we do it step by step.
readers have the chance to provide feedback of any kind. therefore a github issue-tracker is linked in the menu. if you don't like to do it there, you can also contact me directly. every feedback is very welcome.
it's available at http://cdiatwork.irian.at
instead of publishing it at once, we do it step by step.
readers have the chance to provide feedback of any kind. therefore a github issue-tracker is linked in the menu. if you don't like to do it there, you can also contact me directly. every feedback is very welcome.
Thursday, March 20, 2014
migrate codi 1.x to deltaspike 0.6
the myfaces-stack demo at https://github.com/os890/tomee_mf_stack_001 (later added to the tomee examples) is a codi-feature-demo which includes the most important features of codi compacted in few jsf pages and classes. a second branch (https://github.com/os890/tomee_mf_stack_001/tree/codi2ds) in the same repository shows the needed changes to migrate such a codi application to deltaspike (currently v0.6).
update: for upgrading to v0.7, just upgrade the version number of deltaspike (the demo was upgraded already)
update: for upgrading to v0.7, just upgrade the version number of deltaspike (the demo was upgraded already)
Subscribe to:
Posts (Atom)