Java Persistence Frameworks

1,228 views
1,134 views

Published on

Published in: Technology, News & Politics
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,228
On SlideShare
0
From Embeds
0
Number of Embeds
110
Actions
Shares
0
Downloads
104
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Java Persistence Frameworks

  1. 1. Java Persistence Frameworks Popular and next generation persistence frameworks Thomas Müller Day Software AG Presentation 7780
  2. 2. 2 Agenda • Introduction • Persistence Frameworks - SQL(++) - O/R Mapping - Next Generation • SQL Injection
  3. 3. 3 Introduction Thomas Mueller Software Engineer http://www.h2database.com http://www.day.com http://jackrabbit.apache.org
  4. 4. 3 Introduction Thomas Mueller Software Engineer http://www.h2database.com http://www.day.com http://jackrabbit.apache.org
  5. 5. 3 Introduction Thomas Mueller Software Engineer http://www.h2database.com http://www.day.com http://jackrabbit.apache.org
  6. 6. 3 Introduction Thomas Mueller Software Engineer http://www.h2database.com http://www.day.com http://jackrabbit.apache.org
  7. 7. 4 Persistence Frameworks 1990 1995 2000 2005 2010
  8. 8. 4 Persistence Frameworks 1990 SQL(++) ODB C 1995 JDBC 2000 iBATIS DbU t i l s 2005 2010
  9. 9. 4 Persistence Frameworks 1990 SQL(++) ODB C 1995 O/R mapping JDBC e 2000 H i be r n at iBATIS DbU t i l s J DO J PA 2005 2010
  10. 10. 4 Persistence Frameworks 1990 SQL(++) ODB C 1995 O/R mapping JDBC e next generation 2000 H i be r n at iBATIS DbU t i l s J DO J PA LINQ 2005 JaiQ u SFq uMl l LIQUid OR QL 2010 iS oo te Q ub JJmsuirErLyd s lre E QpU e - d ae EQ
  11. 11. 4 Persistence Frameworks 1990 SQL(++) ODB C 1995 O/R mapping JDBC e next generation 2000 H i be r n at iBATIS DbU t i l s J DO J PA LINQ 2005 JaiQ u SFq uMl l LIQUid OR QL 2010 J PA 2 .0 iS oo te Q ub JJmsuirErLyd s lre E QpU e - d ae EQ
  12. 12. 5 SQL(++)
  13. 13. 5 SQL(++) public class Student { private String name; public void setName(String name) { this.name = name; } public String getName() { return name; } }
  14. 14. 5 SQL(++) public class Student { private String name; public void setName(String name) { this.name = name; } public String getName() { return name; } } PreparedStatement prep = conn.prepareStatement( "select * from Student where name = ?"); prep.setString(1, name); ResultSet rs = prep.executeQuery(); rs.next(); Student student = new Student(); student.setName(rs.getString(1)); JDBC
  15. 15. 5 SQL(++) public class Student { private String name; public void setName(String name) { this.name = name; } public String getName() { return name; } } PreparedStatement prep = conn.prepareStatement( "select * from Student where name = ?"); prep.setString(1, name); ResultSet rs = prep.executeQuery(); rs.next(); Student student = new Student(); student.setName(rs.getString(1)); JDBC
  16. 16. 5 SQL(++) public class Student { private String name; public void setName(String name) { this.name = name; } public String getName() { return name; } } <sqlMap resource="com/mydomain/data/Student.xml"/> <sqlMap namespace="Student"> <typeAlias alias="Student" type="com.mydomain.data.Student"/> <select id="selectStudent" resultClass="Student"> select * from Student where name = #name# </select> </sqlMap> PreparedStatement prep = Student student = (Student) sqlMapper. conn.prepareStatement( "select * from Student where name = ?"); queryForObject("selectStudent", name); prep.setString(1, name); ResultSet rs = prep.executeQuery(); rs.next(); Student student = new Student(); student.setName(rs.getString(1)); JDBC iBATIS
  17. 17. 5 SQL(++) public class Student { private String name; public void setName(String name) { this.name = name; } public String getName() { return name; } } PreparedStatement prep = conn.prepareStatement( <sqlMap namespace="Student"> "select * from Student where name = ?"); <typeAlias alias="Student" type="com.mydomain.data.Student"/> prep.setString(1, name); <select id="selectStudent" resultClass="Student"> ResultSet rs = prep.executeQuery(); <sqlMap resource="com/mydomain/data/Student.xml"/> selectStudentStudent where name sqlMapper. * from student = (Student) = #name# rs.next(); </select> queryForObject("selectStudent", name); Student student = new Student(); </sqlMap> student.setName(rs.getString(1)); JDBC iBATIS
  18. 18. 5 SQL(++) public class Student { private String name; public void setName(String name) { this.name = name; } public String getName() { return name; } } ResultSetHandler h = new BeanHandler(Student.class); Student s = (Student) run.query(conn, "select * from Student where name=?", handler, new Object[]{name}); PreparedStatement prep = conn.prepareStatement( <sqlMap namespace="Student"> "select * from Student where name = ?"); <typeAlias alias="Student" type="com.mydomain.data.Student"/> prep.setString(1, name); <select id="selectStudent" resultClass="Student"> ResultSet rs = prep.executeQuery(); <sqlMap resource="com/mydomain/data/Student.xml"/> selectStudentStudent where name sqlMapper. * from student = (Student) = #name# rs.next(); </select> queryForObject("selectStudent", name); Student student = new Student(); </sqlMap> student.setName(rs.getString(1)); JDBC DbUtils iBATIS
  19. 19. 5 SQL(++) public class Student { private String name; public void setName(String name) { this.name = name; } public String getName() { return name; } } PreparedStatement prep = conn.prepareStatement( <sqlMap namespace="Student"> "select * from Student where name = ?"); ResultSetHandler h = new BeanHandler(Student.class); <typeAlias alias="Student" type="com.mydomain.data.Student"/> prep.setString(1, name); Student s = (Student) run.query(conn, <select id="selectStudent" resultClass="Student"> ResultSet rs = prep.executeQuery(); "select * from Student where name=?", selectStudentStudent where name sqlMapper. * from student = (Student) = #name# <sqlMap resource="com/mydomain/data/Student.xml"/> rs.next(); handler, new Object[]{name}); </select> queryForObject("selectStudent", name); Student student = new Student(); </sqlMap> student.setName(rs.getString(1)); JDBC DbUtils iBATIS
  20. 20. 6 O/R Mapping
  21. 21. 6 O/R Mapping Illusion - there is no database b e r n a te - still need configuration Hi Auto-Save - objects are stateful - automatic dirty checking J DO J PA Auto-Navigation - in queries - get() loads referred object - collection support
  22. 22. 7 O/R Mapping
  23. 23. 7 O/R Mapping J DO J PA e H i be r n at
  24. 24. 7 O/R Mapping J DO J PA e H i be r n at “technology agnostic” RDBMS RDBMS
  25. 25. 7 O/R Mapping J DO J PA e H i be r n at “technology agnostic” RDBMS RDBMS few implementations many most popular
  26. 26. 7 O/R Mapping J DO J PA e H i be r n at “technology agnostic” RDBMS RDBMS few implementations many most popular Google AppEngine Google AppEngine
  27. 27. 8 Hibernate
  28. 28. 8 Hibernate Dependencies hibernate3.jar hibernate-annotations.jar hibernate-commons-annotations.jar commons-collections-3.1.jar commons-logging-api-1.1.jar commons-logging-1.1.jar ejb3-persistence.jar antlr-2.7.6.jar dom4j-1.6.1.jar javassist-3.4.GA.jar jta-1.1.jar slf4j-api-1.5.6.jar slf4j-simple-1.5.6.jar
  29. 29. 8 <!DOCTYPE hibernate-configuration PUBLIC hibernate3.jar hibernate-annotations.jar "-//Hibernate/Hibernate Configuration DTD 3.0//EN" hibernate-commons-annotations.jar Hibernate commons-collections-3.1.jar commons-logging-api-1.1.jar "http://hibernate.sourceforge.net/hibernate-configuration-3.0.dtd"> commons-logging-1.1.jar ejb3-persistence.jar <hibernate-configuration> antlr-2.7.6.jar dom4j-1.6.1.jar javassist-3.4.GA.jar <session-factory> jta-1.1.jar slf4j-api-1.5.6.jar <property name="connection.url">jdbc:h2:mem:test</property> slf4j-simple-1.5.6.jar <property name="connection.username">sa</property> <property name="connection.driver_class">org.h2.Driver</property> Dependencies <property name="dialect">org.hibernate.dialect.H2Dialect</property> <property name="connection.password">sa</property> </session-factory> Configuration </hibernate-configuration> hibernate.cfg.xml Annotations or XML import javax.persistence.*; @Entity public class Student { @Id @GeneratedValue private Long id; @Column private String name; }
  30. 30. 8 hibernate3.jar hibernate-annotations.jar hibernate-commons-annotations.jar Hibernate commons-collections-3.1.jar commons-logging-api-1.1.jar commons-logging-1.1.jar ejb3-persistence.jar antlr-2.7.6.jar dom4j-1.6.1.jar javassist-3.4.GA.jar jta-1.1.jar slf4j-api-1.5.6.jar slf4j-simple-1.5.6.jar Dependencies Configuration hibernate.cfg.xml Student s = (Student) session.createQuery( Annotations or XML "from Student s where name=?"). setString(0, name).list().get(0); Query <!DOCTYPE hibernate-configuration PUBLIC import javax.persistence.*; "-//Hibernate/Hibernate Configuration DTD 3.0//EN" "http://hibernate.sourceforge.net/hibernate-configuration-3.0.dtd"> @Entity <hibernate-configuration> <session-factory> public class Student { <property name="connection.url">jdbc:h2:mem:test</property> @Id @GeneratedValue <property name="connection.username">sa</property> private Long id; <property name="connection.driver_class">org.h2.Driver</property> @Column <property name="dialect">org.hibernate.dialect.H2Dialect</property> <property name="connection.password">sa</property> private String name; </session-factory> } </hibernate-configuration>
  31. 31. 9 Next Generation: JaQu
  32. 32. 9 Next Generation: JaQu POJO public class Student { private String name; public void setName(String name) { this.name = name; } public String getName() { return name; } }
  33. 33. 9 Next Generation: JaQu public class Student { private String name; POJO public void setName(String name) { this.name = name; } public String getName() { return name; } } Query - Typesafe Student s = new Student(); - Embedded DSL s = db.from(s).where(s.name). - Fluent API - Autocomplete is(name).selectFirst();
  34. 34. 9 Next Generation: JaQu public class Student { private String name; POJO public void setName(String name) { this.name = name; } public String getName() { return name; } } Query - Typesafe Student s = new Student(); - Embedded DSL s = db.from(s).where(s.name). - Fluent API - Autocomplete is(name).selectFirst(); No String Student s = new Student(); Student s = new Student(); - No SQL injection List<Student> students = s.name = "Robert"; db.from(s).where(s.name). db.insert(s); is(name).select();
  35. 35. 10 SQL Injection
  36. 36. 10 SQL Injection
  37. 37. 10 SQL Injection
  38. 38. 10 SQL Injection
  39. 39. 10 SQL Injection stat.execute("select * from " + "Students where name='" + name + "'");
  40. 40. 10 SQL Injection stat.execute("select * from " + "Students where name='" + "Robert'; DROP TABLE Students--'"); name + "'");
  41. 41. 10 SQL Injection PreparedStatement prep = conn.prepareStatement( "select * from " + "Students where name=?"); stat.execute("select * from " + prep.setString(1, name); "Students where name='" + prep.execute(); "Robert'; DROP TABLE Students--'"); name + "'");
  42. 42. 11 SQL Injection
  43. 43. 11 SQL Injection CT * " + JDBC stat.exe cute("SELE ERE " + ERS WH "FROM US ='"+pwd+"'"); D "PASSWOR
  44. 44. 11 SQL Injection run.query( ("SELECT * " + JDBC te stat.execu * ERS WHERE s + "SELECT S FROM User " " + "F HEREU sswor "WROM paD='"+pwd'" "'"); + DBUtils SWOR pwAS+ "'"); "P d d= +
  45. 45. 11 SQL Injection < lect d rusequeriy(=""SELECT * " + n. g JDBC selext cDte( etUser"RE " + t.ec e I u asFRS WHE ...> sta ELECT * EidOM Users "S whHEMPUS R fromwd+""S); "F er RE pass O + U "WROe ASSWworp = SER '"+ DBUtils '$PASSWORD='" D = '" + "pd + ' pwwd$"'"); Rd </select> iBATIS
  46. 46. 11 SQL Injection < lect d rusequeriy(=""SELECTQuery( n. q = *"+ JDBC Query t cDte(g.creaer" ..E " + selexe I u emetUs te R .> stat.ec ECTasEidSfWH) "ers "SEL (u E "SELereT U* FRCTom U+E""S); whHEMPOBJE OM pwd+ R + O REAS R r Us S + EC "WR Us Rss ORD = " '" "F "FROSSWOSSWwordRE '" + pa u W+ DBUtils '$PAM$' erD='"HE = " pwd "'"); '"+pwd+"'"); pwd + </selesword= "pasct> iBATIS JPA
  47. 47. 11 SQL Injection < l t d rusequeriy(=""SELECTQuery( Querecq = em.creaer * "y( n. y = er + JDBC Qutley tqIDte(getUs te" er " + se .execu pm.newQuRE c ...> staUserECas* EidSfWH) "ers EC as, "SEL T OBJE OM Us s E "SELer.clT S FRCTom U+E""S); whHEMPU R r (u wd+ R + "WR M UserD'"+RD RES + "F Oe AS "passwor SWO HE = " '" RE pa u W+p "FROSSWOd= ='"pwd+"'"+ DBUtils '$PA d$' Rssword = '" ); " pw + "'"); '"+pwd+"'"); pwd </selesword= "pasct> iBATIS JPA JDO
  48. 48. 11 SQL Injection < l t d rusequeriy(=""SEresCTQuery( Querecq = q(g.creaeeQu y( n. y = pm.newQu* " + JDBC Quer y tqIDte metLE te" er " + selexecu em.c U atr RE u"SEL Q t.ec ...> staUserECas* EidSfWH) + +s .clTaS FRCTom "er " + s R Or (u"E s,JE OM Us S M U E ); "SEECT OB "SELereCT * whHEMPU "F LE pass O pwwd+"'" "WRO REAerDuworpRE ER+ " + Su W d H R "passworSct '"+RDW= "'"ES M WOd= ='"HE d+'" + Us R W re+ d = " ); DBUtils "FROunstru '$Pt: SS ' "n w "pd + pwA d$"'"rd='"+pwd+"'", </s"pesword='"+pwd+"'"); "pasct> o ); el assw iBATIS Query.SQL); JPA JDO JCR
  49. 49. 11 SQL Injection < l t d rusequeriy(=""SEresCTQuery( Querecq = q(g.creaeeQu y( n. y = pm.newQu* " + JDBC Quer y tqIDte metLE te" er " + selexecu em.c U atr RE u"SEL Q t.ec ...> staUserECas* EidSfWH) + +s .clTaS FRCTom "er " + s R Or (u"E s,JE OM Us S M U E ); "SEECT OB "SELereCT * whHEMPU "F LE pass O pwwd+"'" "WRO REAerDuworpRE ER+ " + Su W d H R "passworSct '"+RDW= "'"ES M WOd= ='"HE d+'" + Us R W re+ d = " ); DBUtils "FROunstru '$Pt: SS ' "n w "pd + pwA d$"'"rd='"+pwd+"'", </s"pesword='"+pwd+"'"); "pasct> o ); el assw iBATIS Query.SQL); JPA JDO ); User u = new User( JCR db.from(u). is(pwd). where(u.password). select(); JaQu
  50. 50. 11 SQL Injection < l t d rusequeriy(=""SEresCTQuery( Querecq = q(g.creaeeQu y( n. y = pm.newQu* " + JDBC Quer y tqIDte metLE te" er " + selexecu em.c U atr RE u"SEL Q t.ec ...> staUserECas* EidSfWH) + +s .clTaS FRCTom "er " + s R Or (u"E s,JE OM Us S M U E ); "SEECT OB "SELereCT * whHEMPU "F LE pass O pwwd+"'" "WRO REAerDuworpRE ER+ " + Su W d H R "passworSct '"+RDW= "'"ES M WOd= ='"HE d+'" + Us R W re+ d = " ); DBUtils "FROunstru '$Pt: SS ' "n w "pd + pwA d$"'"rd='"+pwd+"'", </s"pesword='"+pwd+"'"); "pasct> o ); el assw iBATIS Query.SQL); JPA JDO ); User u = new User( JCR db.from(u). is(pwd). where(u.password). select(); JaQu
  51. 51. Images are Creative Commons licensed Thomas Mueller Mountain Bike http://www.flickr.com/photos/kgsbikes/3043775162 Software Engineer Solex http://www.e-solex.fr http://www.h2database.com Scooter http://www.flickr.com/photos/janet/2844615758 http://www.day.com Generic Car http://jackrabbit.apache.org http://www.flickr.com/photos/markscott/389221242 Generic Jeep http://www.flickr.com/photos/markscott/389221372 Ford Focus http://www.flickr.com/photos/stevecoulterperformancecars/ 2965383580 Smart http://www.smart.com xkcd Comic "Exploits of a Mom" http://xkcd.com/327 http://ibatis.apache.org http://commons.apache.org/dbutils http://www.hibernate.org http://www.datanucleus.org http://openjpa.apache.org http://www.eclipse.org/eclipselink http://www.oracle.com/technology/products/ias/toplink http://www.h2database.com/html/jaqu.html

×