Spring Roo Rev005
Upcoming SlideShare
Loading in...5
×
 

Spring Roo Rev005

on

  • 1,023 views

 

Statistics

Views

Total Views
1,023
Views on SlideShare
1,022
Embed Views
1

Actions

Likes
0
Downloads
25
Comments
0

1 Embed 1

http://www.linkedin.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Spring Roo Rev005 Spring Roo Rev005 Presentation Transcript

  • CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE Spring Roo (By Rich Helton) (Date September 15, 2011) State of Colorado Office of Cyber Security State of Colorado Office of Cyber Security
  • Spring Framework, AOP and IoCCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Aspect Oriented Programming takes Object Oriented Programming one step further by separating out the cross-cutting concerns and assigning them to the framework. An example of a cross-cutting concern is Transaction management.   The Spring framework is an Open source framework that introduces AOP by managing, or taking care of the plumbing, of the business objects. http://www.springsource.com/   Spring introduces the concept of Inversion of Control (IoC), which simply means instead of having the application call the framework, the framework will call the components defined by the application.   I like to think of IoC as collecting the application pieces in modular blocks. The IoC will pass the appropriate object into the Class when it needs to work with that object.   Spring provides the "Spring Security" framework that allows different implementations to be connected seamlessly to the application. State of Colorado Office of Cyber Security
  • SpringCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE •  The Spring Framework is an open source application framework for the Java platform. See http://en.wikipedia.org/wiki/Spring_Framework •  Besides the benefits of using IOC and AOP, Spring comes with many frameworks for Web Flow, MVC, Annotations, Transaction Management and Data Access. Spring Roo is a quick way to put those pieces together. State of Colorado Office of Cyber Security
  • MVCCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE  The Model-View-Controller is the most common design pattern in Software Architecture. Here are the pieces: State of Colorado Office of Cyber Security
  • Spring MVCCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Spring has its own MVC framework. See http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/ html/mvc.html   Spring MVC is designed around a DispatcherServlet that dispatches the requests to handlers. Theses handlers are handled through the configuration which will map them, the views, and define the locale, uploading files and other configurations.   The Controller is defined through the @Controller annotation.   Mapping URLs are done through the @RequestMapping annotation. This mapping can be done in the controller as well.   The ModelMap class can be used to map the model to the view for display.   The model is simply an entity that can also be passed from the View to the Controller and from the Controller to the View.   The ModelAndView function contains the Model and View information for mapping to the View from the Controller. State of Colorado Office of Cyber Security
  • Spring Web FlowCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   The system is ideal for building web application modules that guide the user through controlled navigations that drive business process.   The Web Flow philosophy says that any page can be drawn as a simple flow chart where each state in the page flow is either a view or the action.   Web Flow manages the transition between states and requires input from the actions , or the views, to determine the next step of the configured execution path of the page flow.   See http://www.ervacon.com/products/swf/intro/index.html   The Web Flow will have a Controller, a FlowController, that could be for different web flows like an Ajax FlowController.   The FlowController is a JavaBean in the application context of the DispatcherServlet.   The Web Flow will have a web flow schema that will define the different states, like view states and action states that are used.   The Flow Controller will use a Flow Executer to execute these states in the schema. State of Colorado Office of Cyber Security
  • What are Spring FacesCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE •  When working with Spring Web Flow, and connecting Java Server Faces, there needs to be a layer integrating the two frameworks. That layer is Spring Faces. •  See http://static.springsource.org/spring-webflow/docs/2.0-m1/reference/spring- faces.html and http://static.springsource.org/spring-webflow/docs/2.0.x/reference/html/ ch12.html State of Colorado Office of Cyber Security
  • What are JavaServer FacesCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE •  JavaServer Faces (JSF) is a request-driven MVC web framework based on component-driven UI design model, using XML files called view templates or Facelets views •  See http://en.wikipedia.org/wiki/JavaServer_Faces •  JSF is a server-side technology for developing web applications with rich user interfaces. Which includes a framework for validation, error handling, data conversion, internalization and custom components. State of Colorado Office of Cyber Security
  • TomcatCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE •  Tomcat can be downloaded http://tomcat.apache.org/ , and is a Servlet Container that can run Java Objects. •  This is one of the free Spring supported Web Servers from Apache, others include Apache Geronimo, JBoss, Oracle WebLogic and many more. •  Tomcat has a startup.bat or startup shell to start the server. •  After it starts, it can be accessed using http://127.0.0.1:8080/ •  Many of the deployments will be deployed in the /WebApps/ directory as a WAR (Web Archive) file, similar to a JAR (Java Archive) file. See http://en.wikipedia.org/wiki/WAR_(Sun_file_format) State of Colorado Office of Cyber Security
  • • TomcatCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Tomcat is a Servlet and Java Server Pages Container developed by Apache, reference http://en.wikipedia.org/wiki/Tomcat_(software) and http://tomcat.apache.org/ .   It provides a Java HTTP Server to run Java code.   Catalina is Tomcat’s servlet container.   A servlet container a Java class that responds to HTTP requests.   A HTTP request is an HTTP page that will call Java code and execute an action running on the Tomcat Server.   The Tomcat server may be started with a startup script and use different ports so that many servers may be provide different services. State of Colorado Office of Cyber Security
  • Benefits of Tomcat/CatalinaCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Tomcat can run a web server by just starting the startup.bat or startup.sh.   It uses other scripts to setclasspath, start catalina shutdown.   A directory structure is used locally that can contain the classes, libraries, configurations, etc.   This way multiple tomcat server can be used in their own containment area, or directory, without affecting other instances of the Java Web Server.   The Tomcat Web Server is Operating System dependent, and does not require a formal installation or setup to be run. Only that the directory and its contents are copied over correctly.   Again, all of this is Open Source. State of Colorado Office of Cyber Security
  • • Tomcat DirectoryCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE State of Colorado Office of Cyber Security
  • • Tomcat DirectoryCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   bin  Directory containing the scripts and Tomcat JAR files.   conf  The properties and XML files that configure the server, including ports, Admin ports, database connections, etc.   lib  The supporting JAR files needed to run Tomcat.   logs  log files that are written during runtime and startup.   webapps  any WAR files that contain the web applications. WAR files are similar to JAR files except they also contain the Web pages, like JSPs and Servlets. This is where the Flex applications will be stored. •  Reference http://tomcat.apache.org/tomcat-3.3-doc/tomcat- ug.html#directory_structure State of Colorado Office of Cyber Security
  • CatalinaCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Tomcat is the web server that presents HTML and Java Server Pages (JSP’s).   Catalina is the servlet code that responds on the server to server requests and sends its response in HMTL, JSPs and even XML.   A Servlet will receive a request and issue a response after processing the request. It may do a database lookup, call other code or many other tasks.   Catalina is a container that will pool, secure, and oversee these servlets as they are configured. The servlets are the binary code to be executed.   There is a Java Servlet protocol to be explored further at http://en.wikipedia.org/wiki/Java_Servlet#Servlet_containers State of Colorado Office of Cyber Security
  • Tomcat Management InterfaceCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE •  Tomcat has a management interface for loading new applications, State of Colorado Office of Cyber Security
  • SpringsourceCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE •  Spring has several reference applications for MVC and Webflow. •  They can be found at http://www.springsource.org/webflow-samples . •  The installation of Webflow can be found http://www.installationwiki.org/Setup_for_Spring_Web_Flow_2 . State of Colorado Office of Cyber Security
  • CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE Apache Maven State of Colorado Office of Cyber Security
  • • What is it?CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Apache Maven 2 is a software tool for Java project management and build automation.   It uses a .pom file in XML form that will generate a configuration for pulling down libraries from Maven repositories, building the project and even testing the project with results.   See http://en.wikipedia.org/wiki/Apache_Maven, http:// maven.apache.org/guides/getting-started/index.html, http://maven.apache.org/guides/getting-started/index.html and http://maven.apache.org/ as a reference. State of Colorado Office of Cyber Security
  • • POMCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   The Project Object Model (POM) is used in Apache Maven to describe the software project being built.   The POM can also be generated using IDE’s like NetBeans that will use a plugin to Maven to generate the files.   The POM files are in XML format. State of Colorado Office of Cyber Security
  • POM ExampleCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE State of Colorado Office of Cyber Security
  • Maven Directory structureCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Maven uses a predefined directory structure called a standard project structure.   The pom.xml will be stored in the project home directory which is the base directory for the file tree.   From this base directory, there will be a src and target directory: State of Colorado Office of Cyber Security
  • • Maven Directory structureCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   The src/main/java directory is where the Java source code is stored.   The src/main/resources are where the application resources are stored like GIF files.   The src/main/config are where the configuration files are stored.   The src/main/webapp are where the web application WAR files are stored.   The src/test/java are where the Unit test files are stored. State of Colorado Office of Cyber Security
  • • Running MavenCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   The “mvn” command is used to run maven. It must be executed in the project home directory. Here are some of the commands: State of Colorado Office of Cyber Security
  • CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE Spring Roo State of Colorado Office of Cyber Security
  • Spring Roo IntroCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Spring Roo, http://en.wikipedia.org/wiki/Spring_Roo , is an open source software tool that uses convention-over-configuration principles to provide rapid application development of Java-based enterprise software.   The reulsing application use common Java technologies such as Spring Framework, Java Persistence API, Java Server Pages, Apache Mavin and AspectJ.   The Spring Roo home page can be found at http://www.springsource.org/roo .   A good tutorial can be found at http://blog.springsource.com/2009/05/27/roo-part-2/   Installation can be found at http://www.springsource.org/roo/start State of Colorado Office of Cyber Security
  • Why Spring Roo?CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Spring Roo is mentioned in http://europe.springone.com/dl/springone-amsterdam-2009/ slides/RodJohnson_WelcomeKeynote.pdf as part of the Future of Java Innovation.   A great case study is the Tom-Tom, http://www.tomtom.com/ , where it cut development time by 50% for a customer base of 45 million, http://www.springsource.org/node/3001 . State of Colorado Office of Cyber Security
  • Spring Roo DownloadCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Spring Roo can also be incorporated in the Spring Tool Suite, http://www.springsource.com/developer/sts which is a Eclipse UI running a VMWare vFabric optimized server for Spring. State of Colorado Office of Cyber Security
  • Spring Roo Web FlowCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   To install Spring web flow on Spring Roo, we will use the “roo> web flow” command. A project has to be created first, and we will start with the PetClinic that comes a Samples/clinic.roo file to get started. State of Colorado Office of Cyber Security
  • Spring Roo Web FlowCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Many artifacts are created, including a pom.xml for a Maven build, and the templated src files, State of Colorado Office of Cyber Security
  • Spring Roo Web FlowCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Next, run “perform tests” to see if everything generated correctly, which will run for several minutes (it will perform Maven JUnit tests in the src directory)… State of Colorado Office of Cyber Security
  • Spring Roo Web FlowCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Look for the “Build Success” … State of Colorado Office of Cyber Security
  • Spring Roo Web FlowCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Add the webflow and perform tests after, do “perform tests” after significant changes to ensure there are no issues…. State of Colorado Office of Cyber Security
  • Spring Roo Web FlowCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   The web flow command will create the flow view state files in src mainwebappWEB-INFviewssampleflow and a webflow- config .xml in srcmainwebappWEB-INFspring, the views appear as: State of Colorado Office of Cyber Security
  • Log4JCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   A Log4J logger is created in src/main/resources/log4j.properties, and can be changed so it logs to a file appender, see http://logging.apache.org/log4j/1.2/manual.html State of Colorado Office of Cyber Security
  • RunningCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Running the new Pet Clinic application in tomcat can be done from Maven.   Quit Roo and run “mvn clean tomcat:run” in the project. State of Colorado Office of Cyber Security
  • RunningCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Then access the browser with http://localhost:8080/petclinic/ and select the SampleFlow to access the web flow. State of Colorado Office of Cyber Security
  • WeddingCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   A Wedding RSVP example that uses HSQL DB as a database can be found at http://blog.springsource.com/2009/05/27/roo-part-2/ State of Colorado Office of Cyber Security
  • HSQL DatabaseCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   HSQLDB (Hyper Structured Query Language Database) is a relational database management system written in Java. See http://en.wikipedia.org/wiki/HSQLDB .   HSSQLDB is loaded at runtime of Tomcat through its JDBC Java Database Driver, so it does not persist information in a database that is already loaded into the Operating System like MySQL or SQL Server. Therefore, HSSQLDB is normally used in a development environment.   Where is the data saved?   The configuration of the HSSQLDB is saved in the “database/ jiradb.properties” file.   The data of the HSSQLDB is saved in the “database/ jiradb.script” file. State of Colorado Office of Cyber Security
  • HSQL DatabaseCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   In the configuration, I set the properties to /tmp/our-wedding, the “/tmp” is the directory and the “our-wedding” are the files.   From database properties set --key database.url --value jdbc:hsqldb:/tmp/our-wedding State of Colorado Office of Cyber Security
  • HSQL DatabaseCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Where is the data saved?   The configuration of the HSQLDB is saved in the “/tmp/our- wedding.properties” file.   The data of the HSSQLDB is saved in the “/tmp/our- wedding.script” file.   The hsqldb-1.8.0.10.jar , running from Maven, will be from a ~Home.m2repositoryhsqldb directory that has stored Maven running JARs.   Notice the data saved in script when entering an RSVP: State of Colorado Office of Cyber Security
  • HS SQL DisplayCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Running “java -cp hsqldb-1.8.0.10.jar org.hsqldb.util.DatabaseManager -user sa -url jdbc:hsqldb:our- wedding” : State of Colorado Office of Cyber Security
  • Maven SeleniumCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Selenium, web testing, can also be run from Maven using “mvn selenium:selenese”   Selenium is a Firefox plugin, so FireFox must be installed.   The Tomcat server must also be running from the previous “mvn tomcat:run” example.   A Firefox browser will appear during the run and a “weddingtarget selenium.html” will be the result. State of Colorado Office of Cyber Security
  • Maven SeleniumCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Running the command “mvn selenium:selenese” State of Colorado Office of Cyber Security
  • Maven SeleniumCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   The selenium.html results: State of Colorado Office of Cyber Security
  • What is Selenium IDECYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Selenium IDE is another Open Source concept that is a Integrated Development Environment running on top of the FireFox browser as a plugin.   Supports load testing.   This allows a recording of the browser actions that can be played back execute buttons being pushed and actions inside the browser.   Assertions can be executed on the HTML pages itself for checking specific information.   The test itself can be exported into Java, .NET, Perl, Ruby, etc, and then code to execute the tests in that language. State of Colorado Office of Cyber Security
  • Selenium IDE Test (running from Firefox)CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE State of Colorado Office of Cyber Security
  • Selenium is now integrated in the siteCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Running in Firefox, we can select Selenium Tests, State of Colorado Office of Cyber Security
  • Selenium is now integrated in the siteCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   We get the last tests, State of Colorado Office of Cyber Security
  • Setting Log4jCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Running “roo> logging setup --package WEB --level DEBUG” will rewrite the “log4j.properties” to log on Debug with the spring framework. State of Colorado Office of Cyber Security
  • Log4jCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Even though the basic JDK logging framework can accept changes on destination through its Handler in the “logging.properties”, Log4j offers more advanced features in its XML use of its Appender class.   Appenders add functionality to add logging to the current logging, for instance printing to the console and then adding appenders to send email logs through SMTP.   Log4j supports XML configuration and a text configuration in log4j.properties.   Log4J is an Apache framework found at http://logging.apache.org/log4j/1.2/ and more information can be found at http://en.wikipedia.org/wiki/Log4j State of Colorado Office of Cyber Security
  • An example Log4j JSP codeCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE • <%@ page import="org.apache.log4j.Logger" %><html><head> <title>Demonstration log4j usage in jsp</title></head><body> <% Logger log = Logger.getLogger("com.demo.test"); log.debug("Show DEBUG message"); log.info("Show INFO message"); log.warn("Show WARN message"); log.error("Show ERROR message"); log.fatal("Show FATAL message"); %> <b> The log messages are shown in the Tomcat console and in the ${catalina.home}/logs/demo.log file. </b></body></html> State of Colorado Office of Cyber Security
  • An example Log4j demo.logCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE • 2008-08-11 20:03:43,379 [com.demo.test] DEBUG - Show DEBUG message. 2008-08-11 20:03:43,409 [com.demo.test] INFO - Show INFO message. 2008-08-11 20:03:43,409 [com.demo.test] WARN - Show WARN message. 2008-08-11 20:03:43,409 [com.demo.test] ERROR - Show ERROR message. 2008-08-11 20:03:43,419 [com.demo.test] FATAL - Show FATAL message. State of Colorado Office of Cyber Security
  • An example SMTP AppenderCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   An Appender is configured in the log4j.properties to define the loggers. Here is a sample of an logger to send email logs: State of Colorado Office of Cyber Security
  • Spring SecurityCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Spring security is the de-facto standard for securing Spring application. It is a highly customizable authentication and access-control framework. http://static.springsource.org/spring-security/site/   Running “roo> security setup”, State of Colorado Office of Cyber Security
  • Spring SecurityCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   While Spring Security templates are now stubbed out, the applicationContext-Security.xml needs to be edited to point to newly created Login page: State of Colorado Office of Cyber Security
  • Now we get out Login pageCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Login page: State of Colorado Office of Cyber Security
  • BackupCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Run “roo> backup” to created a backup zip of the current src: State of Colorado Office of Cyber Security
  • MVCCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Run “roo> controller class --class ~.web.PublicRsvpController” to create the stubs for a Controller class. State of Colorado Office of Cyber Security
  • MVCCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   The PublicRsvpController.java stub.   @RequestMapping will map the URL to the Controller   @Controller will define this as a Controller class.   For example, index will be called from the URL, then process the function and call the View. State of Colorado Office of Cyber Security
  • Entity (Model)CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Next, we will create a Roo Finder.   Roo Finders provide methods to search through your entities using JPA.   We will list the available finders using “roo> finder list”: State of Colorado Office of Cyber Security
  • Entity (Model)CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Next, we will create one of the available Roo Finders by using “roo> finder add”. State of Colorado Office of Cyber Security
  • Entity (Model)CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Among many things, it will set the @RooEntity in the Rsvp.java file to add the finder and a corresponding Rsvp_Roo_Finder.aj (AspectJ) file that defines the finder query. State of Colorado Office of Cyber Security
  • EmailCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Roo can also set up the stubs for email support using “roo> email sender setup”, the email.properties will be used to set up the SMPT connection properties: State of Colorado Office of Cyber Security
  • Setting up for STSCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Roo can also set up the project files for STS, or Eclipse, by running “roo> perform eclipse”: State of Colorado Office of Cyber Security
  • Import into STSCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   After an Eclipse/STS project is set up, it can now be imported into STS from the File->Import->General->Existing Project: State of Colorado Office of Cyber Security
  • Import into STSCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Imported…. State of Colorado Office of Cyber Security
  • CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE Fields and Pizza.roo State of Colorado Office of Cyber Security
  • CommandsCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   To view the available commands, just push TAB: State of Colorado Office of Cyber Security
  • Pizza.rooCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Some of this is covered in http://static.springsource.org/spring-roo/reference/html-single/ index.html   Creating the top level with “project –topLevelPackage com.springsource.roo.pizzashop”: State of Colorado Office of Cyber Security
  • HintCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Typing in “hint” will assist us in what to do next, and typing part of the command and TAB will give us options: State of Colorado Office of Cyber Security
  • PersistenceCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   We set up HSQL DB persistence by running “persistence setup -- provider HIBERNATE --database HYPERSONIC_IN_MEMORY” : State of Colorado Office of Cyber Security
  • PersistenceCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   We can see the database properties by running “database properties list” : State of Colorado Office of Cyber Security
  • Creating our first EntityCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   The enities are models that will map to the database, and the first one is treated like a base class to add fields to, using “entity – class ~.domain.Topping –testAutomatically” : State of Colorado Office of Cyber Security
  • Creating our first EntityCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Our class, the @RooEntity is a JPA annotation, @RooJavaBean creates JaveBean accessors and mutators, see http://static.springsource.org/spring-roo/ org.springframework.roo.annotations/apidocs/ : State of Colorado Office of Cyber Security
  • Creating our first FieldsCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   First, let’s see what fields are available, like enum and date: State of Colorado Office of Cyber Security
  • Creating our first FieldsCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   While looking at Springs validation from annotation, we know that Spring can annotate a field, like @NotNull, and it will give an exception if a null is passed through.   Roo can put these in when declaring fields, and these are available with the string field: State of Colorado Office of Cyber Security
  • Creating our first FieldsCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Let’s create a simple string called “name” with “field string – fieldName name –notNull –sizeMin 2”:   As: State of Colorado Office of Cyber Security
  • Creating more FieldsCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   To just simplify some of the running, I am going to create a small script of classes and fields, and use “script fields.roo”, like Pizza and price, to run it:   Running: State of Colorado Office of Cyber Security
  • Adding RelationshipsCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Adding many toppings to a Pizza, with “field set --fieldName toppings --type ~.domain.Topping”, notice we are in the Pizza domain:   It created the “toppings” field in the Pizza class: State of Colorado Office of Cyber Security
  • Adding RelationshipsCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Now we add the Many to One, by adding the Base class to the Pizza class:   It created the “base” field in the Pizza class: State of Colorado Office of Cyber Security
  • Creating more FieldsCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Creating fields2.roo for PizzaOrder, which has name, address, total and delivery Date:   Running: State of Colorado Office of Cyber Security
  • Enum Field CommandsCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Creating Enum Field commands can be found at http://static.springsource.org/spring-roo/reference/html/ command-index.html#command-index-enum-constant State of Colorado Office of Cyber Security
  • Adding EnumCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Lets’s add a DeliveryType enum with “enum type –class ~.domain.DeliveryTypeEnum”, and add the field to PizzaOrder: State of Colorado Office of Cyber Security
  • Adding EnumCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   It added DeliveryType into the PizzaOrder: State of Colorado Office of Cyber Security
  • Maven perform commandsCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   There are many perform commands that will execute from Maven:   Perform “package” creates the JAR or WAR, “eclipse” will create an Eclipse project, “tests” perform the Maven tests, “command” Maven specific command, “clean” will execute a full clean. State of Colorado Office of Cyber Security
  • Perform testsCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Using “perform tests” checks to see if there are currently issues with the source code (Always wait for the “Build Success” or “Build Failure” at the end): State of Colorado Office of Cyber Security
  • Creating the Web tierCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Use “web mvc setup” will setup the basic Web configutation, JSPXs, icons, and png files in a webapp directory. State of Colorado Office of Cyber Security
  • Creating the Web tierCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   If you look through the files, you will notice under webapps WEB-INFviews several files like “index.jspx”, “header.jspx”, “footer.jspx” and exception jspx files.   Some of these files are defined in “layouts.xml”: State of Colorado Office of Cyber Security
  • Creating the Web tierCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   The layouts.xml file is defining the Apache Tiles format.   Roo will put this layout will put Tiles, or templates, in the following format: State of Colorado Office of Cyber Security
  • Apache TilesCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Apache Tiles is a templating framework built to simplify the development of the web application user interfaces.   See http://tiles.apache.org/   Tiles is similar to JSTL templates to form the composite of a website.   To customize these pages, you merely need to customize the various parts that make up the pages. State of Colorado Office of Cyber Security
  • Web MVCCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   The previous “web mvc setup” command only setup some basic views, but not the controllers.   Looking at other available “web mvc” commands”   “web mvc all” will create all the controllers but a package name is required. State of Colorado Office of Cyber Security
  • Web MVC AllCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Running “web mvc all --package ~.web” will give us controllers for all the entities in the “comsprinsourceroopizzashopweb” directory: State of Colorado Office of Cyber Security
  • The ControllerCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Looking at the Controller, we see that it has the “@Controller” annotation, the “@RequestMapping” for the URL, and the “@RooWebScaffold” which will define the path of the class and the View to back out into, see http://static.springsource.org/spring-roo/reference/html/base- web.html :   Scaffolding are the Roo annotations that provide the ability to automatically generate View and Controller information. State of Colorado Office of Cyber Security
  • Maven Tomcat RunCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   To run the Pizza Shop, we run the Maven command outside of Roo, “mvn tomcat:run”: State of Colorado Office of Cyber Security
  • RunningCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Browse http://localhost:8080/pizzashop/ : State of Colorado Office of Cyber Security
  • CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE Vote.Roo With JMS and Email State of Colorado Office of Cyber Security
  • Vote.RooCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   There are several examples in the /Spring-Roo/samples directory. http://static.springsource.org/spring-roo/reference/html/intro.html   Clinic.roo is the PetClinic script and demonstrates entity relationships of different cardinalities.   Vote.roo is the Voting sample that demonstrates Spring Security, JMS and email support.   Wedding.roo demonstrates a Weddign RSVP program.   Expenses.roo is a Google Web Toolkit (GWT) example that shows GWT scaffolding.   A good tutorial on vote.roo can be found at http://stsmedia.net/introducing-spring-roo-part-2-security-jms- email-support/ State of Colorado Office of Cyber Security
  • Vote.RooCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Let’s start by creating the directory and running “script vote.roo”. State of Colorado Office of Cyber Security
  • Vote.RooCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   We see that vote.roo will setup its HSQLDB. State of Colorado Office of Cyber Security
  • Vote.RooCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   And some basic security in “applicationContext-security.xml”. State of Colorado Office of Cyber Security
  • Vote.RooCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Readinf vote.roo, we see the scripts that create these as “persistence setup --provider HIBERNATE --database HYPERSONIC_PERSISTENT” and “security setup”: State of Colorado Office of Cyber Security
  • Vote.RooCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Running out of the box, we run “mvn tomcat:run” and browse http://localhost:8080/vote/ : State of Colorado Office of Cyber Security
  • Vote.RooCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   When clicking on “Create New Choice”, we are going to be forwarded to a Login page, this is because “applicationContext- security.xml” has “choices/**” access is the Admin Role. State of Colorado Office of Cyber Security
  • Vote.RooCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   We are forwarded to a Login Screen. State of Colorado Office of Cyber Security
  • Vote.RooCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   The roles are also currently saved in “applicationContext- security.xml”. The passwords are saved in a sha-256 hash format so they are not readable: State of Colorado Office of Cyber Security
  • Vote.RooCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   That 256 byte string for the Admin’s password will simply be hashed from the password “admin”. Using “admin”,”admin”, State of Colorado Office of Cyber Security
  • Vote.RooCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Now we can create a choice saved in HSQLDB, State of Colorado Office of Cyber Security
  • Vote.RooCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   And add a Vote with Drop-Down name, IP and Date, State of Colorado Office of Cyber Security
  • Vote.RooCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Let’s look at the Calendar, the Calendar is being loaded as a Spring Decoration that is loading dijit code from datetime.tagx   Reading vote.roo, this is create with the “field date registered –type java.util.Date –notnull –past”: State of Colorado Office of Cyber Security
  • CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE Vote.Roo And JMS State of Colorado Office of Cyber Security
  • JMSCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Java Messaging Service, is a publish-subscribe protocol to queue requests. See http://en.wikipedia.org/wiki/Java_Message_Service   The Spring Roo JMS commands can be found at http://static.springsource.org/spring-roo/reference/html/ command-index.html#command-index-jms-setup State of Colorado Office of Cyber Security
  • JMSCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Spring JMS is JMS that works inside the Spring framework, and the Spring framework nuisances must be understood. A good introduction can be found at http://static.springsource.org/spring/docs/3.0.x/spring- framework-reference/html/jms.html   In JMS, there will be a Producer, that sends messages, and a Consumer, that receives messages.   The package “org.springframework.jms.core” provides the core functionality for using JMS.   The package “org.springframework.jms.support” provides JMSException translation functionality.   The JmsTemplate class is the central class in the JMS core package. It contains many convenience methods to send a message. State of Colorado Office of Cyber Security
  • Apache ActiveMQCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   One of the best Open Source mechanism mentioned on Wiki’s page is Apache’s ActiveMQ. See http://en.wikipedia.org/wiki/ActiveMQ and http://activemq.apache.org/   Active MQ supports languages like C/C++, .NET, and scripting languages like Python, Perl and PHP.   It also has Ajax support and a REST API. State of Colorado Office of Cyber Security
  • Our TechniqueCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   For vote.roo, we will set up a MyAccesListener and JmsTopicSecurityListener.   The MyAccessListener will listen for Access Exceptions in Vote and send a message to the Queue using the JmsTemplate.   The JmsTopicSecurityListener will listen for the message with the onMessage function and send an email to the administrator. State of Colorado Office of Cyber Security
  • Creating the Access ListenerCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   First, create the class with “class –class ~.security.MyAccessListener”, which create an empty class. State of Colorado Office of Cyber Security
  • Creating the Access ListenerCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Now, we will add the Application Listener code and print bad authentications, we use @Component to have it load: State of Colorado Office of Cyber Security
  • Adding the BeanCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Starting up Tomcat with “mvn tomcat:run” , I login incorrectly into the Vote app and it prints the “not Authorized” information in the Tomcat window: State of Colorado Office of Cyber Security
  • Adding JMSCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   We are going to set up JMS with the service name as “securityAlerts” and the type as “TOPIC”.   The type is either QUEUE, with messages to be read, or TOPIC, which are particular messages sent to multiple subscribers.   Running “jms setup --provider ACTIVEMQ_IN_MEMORY -- destinationType TOPIC --destinationName securityAlerts” State of Colorado Office of Cyber Security
  • Adding JMSTemplateCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Now we add JmsTemplate to MyAccessListener to send JMS messages with “field jms template” since we are in the context on MyAccessListener (Note: This will Autowire JmsTemplate, so then remove the MyAccessListener bean from applicationContext.xml): State of Colorado Office of Cyber Security
  • Adding JMS ListenerCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Now we create the JMS Listener class with “jms listener class --class ~.security.JmsSecurityTopicListener --destinationName securityAlerts --destinationType TOPIC”, which will be basic class with the onMessage: State of Colorado Office of Cyber Security
  • We add to MyAccessListenerCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   We are going to add some code to MyAccessListener to format the event: State of Colorado Office of Cyber Security
  • Set up the email propertiesCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Revisiting the Roo commands: State of Colorado Office of Cyber Security
  • Set up the email propertiesCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   We are now setting up the email properties with “email sender setup --hostServer localhost --protocol SMTP --port 587 -- username rich --password secret%pass” and view it with “properties list --name email.properties --path SPRING_CONFIG_ROOT”: State of Colorado Office of Cyber Security
  • Email TemplateCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   We will now setup an email in JmsTopicListener to send emails when it receives a message with “field email template --class ~.security.JmsSecurityTopicListener” : State of Colorado Office of Cyber Security
  • Email TemplateCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Add the code to call sendMessage: State of Colorado Office of Cyber Security
  • Testing EmailCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   To test email, we will set up a local SMTP server for test called Neptune, http://donovanbrown.com/post/Neptune.aspx State of Colorado Office of Cyber Security
  • Testing EmailCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Testing again, Neptune receives an email for an invalid Login (this was a lot of work, but there is a lot of functionality): State of Colorado Office of Cyber Security
  • CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE SQL Role Access State of Colorado Office of Cyber Security
  • MySQLCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   We are going to install MySQL.   A free Open Source database that can run as a service and is more relational for production use is the MySQL database. See http://en.wikipedia.org/wiki/MySQL .   Install MySQL from http://www.mysql.com/downloads/mysql/   Here is an example to create the myTestAppDB:   mysql> create database myTestAppDB character set utf8;   Here is an example to create user “myUser” password “XXXXXXXX” •  mysql> CREATE USER ‘myUser’@’localhost’ IDENTIFIED BY ‘XXXXXXXX’; •  mysql> GRANT ALL PRIVILEGES ON *.* TO ‘jirauser’@’localhost’ WITH GRANT OPTION; State of Colorado Office of Cyber Security
  • Typical SecurityCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   In order to save some time, we are going to use a Roo addon package called Typical Security.   Typical Security can be found at http://code.google.com/p/spring-roo-addon-typical-security/ State of Colorado Office of Cyber Security
  • Typical Security rooCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   We are going to run the following roo script which will setup typical security: State of Colorado Office of Cyber Security
  • Database PropertiesCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   To see the “database.properties”, run “database properties list” : State of Colorado Office of Cyber Security
  • RunningCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   We will run the “mvn tomcat:run” as before, and browse to http://localhost:8080/testapp-web/. State of Colorado Office of Cyber Security
  • RunningCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   We will create a new user by going through signup (Notice it already has Captcha and the fields): State of Colorado Office of Cyber Security
  • RunningCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   We are successful: State of Colorado Office of Cyber Security
  • RunningCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   We are successful by looking at the users: State of Colorado Office of Cyber Security
  • RunningCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   We are successful by looking at the MySQL database: State of Colorado Office of Cyber Security
  • CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE LDAP State of Colorado Office of Cyber Security
  • LDAPCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   The Lightweight Directory Access Protocol (LDAP) is a protocol for storing directory services for an organization that usually includes user, group and machine policies. An example of an LDAP server is Microsoft’s Active Directory. See http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol   LDAP servers are commonly used to store roles and access privileges as well.   http://en.wikipedia.org/wiki/List_of_LDAP_software provides a list of LDAP browsers like JXplorer, http://en.wikipedia.org/wiki/JXplorer , and Apache Directory Studio, http://directory.apache.org/studio/ . These are for managing the LDAP Servers. State of Colorado Office of Cyber Security
  • Choosing the LDAP ServerCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE  There are many LDAP servers, and OpenDS, Open Directory Services, is one of the popular Open Source servers that is written in Java and sponsored by Sun. http://en.wikipedia.org/wiki/OpenDS   I will be using the Apache Directory Server, http://directory.apache.org/apacheds/1.5/ simply because I am using mostly Apache tools and want to try to minimize any integration issues.   It will default as a Window’s Service in Windows XP, and the instructions for logging in and managing can be found at http://directory.apache.org/apacheds/1.5/apacheds-v15-basic-users- guide.html   Since I am using ApacheDS, I will use the Apache Directory Studio that comes with a ApacheDS management tool, http://directory.apache.org/studio/ State of Colorado Office of Cyber Security
  • Choosing the LDAP BrowserCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE  There are many LDAP servers, and OpenDS, Open Directory Services, is one of the popular Open Source servers that is written in Java and sponsored by Sun. http://en.wikipedia.org/wiki/OpenDS   I will be using the Apache Directory Studio, simply http://directory.apache.org/ simply because I am using mostly Apache tools and want to try to minimize any integration issues.   Apache Directory Studio is easy to install and can be found at http://directory.apache.org/studio/   It will default as a Window’s Service in Windows XP, and the instructions for logging in and managing can be found at http://directory.apache.org/studio/users-guide.html State of Colorado Office of Cyber Security
  • Apache Directory StudioCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   After installing the ApacheDS, and Directory Studio, I can browse and edit the LDAP Server: State of Colorado Office of Cyber Security
  • Spring-LDAPCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Spring has a couple of JARS that are needed for the Spring connectors to LDAP.   Spring-ldap downloads and documentation can be found at Information can be found at http://www.springsource.org/ldap   We can run the Spring-LPAP examples by: State of Colorado Office of Cyber Security
  • Spring-LDAPCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Accessing the sample, we can add users to the LDAP server: State of Colorado Office of Cyber Security
  • LDAP-ServerCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE   Accessing the sample, we can add users to the LDAP server: State of Colorado Office of Cyber Security
  • Pom.xmlCYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE HOMELAND SECURITY MULTI-USER NETWORK CYBER SECURITY INFORMATION TECHNOLOGY CRITICAL INFRASTRUCTURE  We will have to add the Spring LDAP libraries to the build by editing the Pom.xml: State of Colorado Office of Cyber Security