Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Java Persistence
Frameworks
Popular and next generation persistence frameworks




Thomas Müller
Day Software AG
Presentat...
2



Agenda
• Introduction
• Persistence Frameworks
 - SQL(++)
 - O/R Mapping
 - Next Generation

• SQL Injection
3




Introduction

 Thomas Mueller
 Software Engineer

 http://www.h2database.com
 http://www.day.com
 http://jackrabbit....
3




Introduction

 Thomas Mueller
 Software Engineer

 http://www.h2database.com
 http://www.day.com
 http://jackrabbit....
3




Introduction

 Thomas Mueller
 Software Engineer

 http://www.h2database.com
 http://www.day.com
 http://jackrabbit....
3




Introduction

 Thomas Mueller
 Software Engineer

 http://www.h2database.com
 http://www.day.com
 http://jackrabbit....
4




Persistence Frameworks
 1990


 1995


 2000


 2005


 2010
4




Persistence Frameworks
 1990
        SQL(++)   ODB C
 1995
                  JDBC
 2000
         iBATIS   DbU t i l ...
4




Persistence Frameworks
 1990
        SQL(++)   ODB C
 1995                           O/R mapping
                  J...
4




Persistence Frameworks
 1990
        SQL(++)   ODB C
 1995                           O/R mapping
                  J...
4




Persistence Frameworks
 1990
        SQL(++)   ODB C
 1995                           O/R mapping
                  J...
5




SQL(++)
5




SQL(++)

          public class Student {
            private String name;
            public void setName(String na...
5




SQL(++)                                                 public class Student {
                                     ...
5




      SQL(++)                                 public class Student {
                                               ...
5




      SQL(++)                                                                  public class Student {
              ...
5




      SQL(++)                                                  public class Student {
                              ...
5




      SQL(++)                                                                                  public class Student ...
5




      SQL(++)                                                                                                       ...
6




O/R Mapping
6




O/R Mapping
Illusion
- there is no database

                                          b e r n a te
- still need con...
7


O/R Mapping
7


O/R Mapping

   J DO       J PA                   e
                     H i be r n at
7


O/R Mapping

     J DO                  J PA                    e
                                   H i be r n at

“t...
7


O/R Mapping

     J DO                      J PA                     e
                                        H i be ...
7


O/R Mapping

     J DO                      J PA                          e
                                          ...
8




Hibernate
8




Hibernate
Dependencies
               
   hibernate3.jar
               
   hibernate-annotations.jar
              ...
8
                      <!DOCTYPE hibernate-configuration PUBLIC        
                                                  ...
8
                                                                                                 
   hibernate3.jar
    ...
9




Next Generation: JaQu
9




Next Generation: JaQu
POJO
                  public class Student {
                    private String name;
       ...
9




Next Generation: JaQu
                 public class Student {
                   private String name;




POJO
     ...
9




Next Generation: JaQu
                     public class Student {
                       private String name;




PO...
10




SQL Injection
10




SQL Injection
10




SQL Injection
10




SQL Injection
10




SQL Injection




                stat.execute("select * from " +
                "Students where name='" +
       ...
10




SQL Injection




                stat.execute("select * from " +
                "Students where name='" +
       ...
10




SQL Injection




 PreparedStatement prep =
 conn.prepareStatement(
 "select * from " +
 "Students where name=?"); ...
11


SQL Injection
11


SQL Injection

                                   CT * " +
      JDBC      stat.exe cute("SELE ERE " +
              ...
11


SQL Injection

                run.query( ("SELECT * " +
      JDBC                 te
                stat.execu * E...
11


SQL Injection
                 < lect d
                rusequeriy(=""SELECT * " +
                   n.             ...
11


SQL Injection
                 < lect d
                rusequeriy(=""SELECTQuery(
                   n. q =         ...
11


SQL Injection
                 < l t d
                rusequeriy(=""SELECTQuery(
                Querecq = em.creaer...
11


SQL Injection
                 < l t d
                rusequeriy(=""SEresCTQuery(
                Querecq = q(g.crea...
11


SQL Injection
                 < l t d
                rusequeriy(=""SEresCTQuery(
                Querecq = q(g.crea...
11


SQL Injection
                 < l t d
                rusequeriy(=""SEresCTQuery(
                Querecq = q(g.crea...
Images are Creative Commons licensed
Thomas Mueller                 Mountain Bike
                               http://ww...
Java Persistence Frameworks
Upcoming SlideShare
Loading in …5
×

Java Persistence Frameworks

1,392 views

Published on

Published in: Technology, News & Politics
  • Be the first to comment

Java Persistence Frameworks

  1. 1. Java Persistence Frameworks Popular and next generation persistence frameworks Thomas Müller Day Software AG Presentation 7780
  2. 2. 2 Agenda • Introduction • Persistence Frameworks - SQL(++) - O/R Mapping - Next Generation • SQL Injection
  3. 3. 3 Introduction Thomas Mueller Software Engineer http://www.h2database.com http://www.day.com http://jackrabbit.apache.org
  4. 4. 3 Introduction Thomas Mueller Software Engineer http://www.h2database.com http://www.day.com http://jackrabbit.apache.org
  5. 5. 3 Introduction Thomas Mueller Software Engineer http://www.h2database.com http://www.day.com http://jackrabbit.apache.org
  6. 6. 3 Introduction Thomas Mueller Software Engineer http://www.h2database.com http://www.day.com http://jackrabbit.apache.org
  7. 7. 4 Persistence Frameworks 1990 1995 2000 2005 2010
  8. 8. 4 Persistence Frameworks 1990 SQL(++) ODB C 1995 JDBC 2000 iBATIS DbU t i l s 2005 2010
  9. 9. 4 Persistence Frameworks 1990 SQL(++) ODB C 1995 O/R mapping JDBC e 2000 H i be r n at iBATIS DbU t i l s J DO J PA 2005 2010
  10. 10. 4 Persistence Frameworks 1990 SQL(++) ODB C 1995 O/R mapping JDBC e next generation 2000 H i be r n at iBATIS DbU t i l s J DO J PA LINQ 2005 JaiQ u SFq uMl l LIQUid OR QL 2010 iS oo te Q ub JJmsuirErLyd s lre E QpU e - d ae EQ
  11. 11. 4 Persistence Frameworks 1990 SQL(++) ODB C 1995 O/R mapping JDBC e next generation 2000 H i be r n at iBATIS DbU t i l s J DO J PA LINQ 2005 JaiQ u SFq uMl l LIQUid OR QL 2010 J PA 2 .0 iS oo te Q ub JJmsuirErLyd s lre E QpU e - d ae EQ
  12. 12. 5 SQL(++)
  13. 13. 5 SQL(++) public class Student { private String name; public void setName(String name) { this.name = name; } public String getName() { return name; } }
  14. 14. 5 SQL(++) public class Student { private String name; public void setName(String name) { this.name = name; } public String getName() { return name; } } PreparedStatement prep = conn.prepareStatement( "select * from Student where name = ?"); prep.setString(1, name); ResultSet rs = prep.executeQuery(); rs.next(); Student student = new Student(); student.setName(rs.getString(1)); JDBC
  15. 15. 5 SQL(++) public class Student { private String name; public void setName(String name) { this.name = name; } public String getName() { return name; } } PreparedStatement prep = conn.prepareStatement( "select * from Student where name = ?"); prep.setString(1, name); ResultSet rs = prep.executeQuery(); rs.next(); Student student = new Student(); student.setName(rs.getString(1)); JDBC
  16. 16. 5 SQL(++) public class Student { private String name; public void setName(String name) { this.name = name; } public String getName() { return name; } } <sqlMap resource="com/mydomain/data/Student.xml"/> <sqlMap namespace="Student"> <typeAlias alias="Student" type="com.mydomain.data.Student"/> <select id="selectStudent" resultClass="Student"> select * from Student where name = #name# </select> </sqlMap> PreparedStatement prep = Student student = (Student) sqlMapper. conn.prepareStatement( "select * from Student where name = ?"); queryForObject("selectStudent", name); prep.setString(1, name); ResultSet rs = prep.executeQuery(); rs.next(); Student student = new Student(); student.setName(rs.getString(1)); JDBC iBATIS
  17. 17. 5 SQL(++) public class Student { private String name; public void setName(String name) { this.name = name; } public String getName() { return name; } } PreparedStatement prep = conn.prepareStatement( <sqlMap namespace="Student"> "select * from Student where name = ?"); <typeAlias alias="Student" type="com.mydomain.data.Student"/> prep.setString(1, name); <select id="selectStudent" resultClass="Student"> ResultSet rs = prep.executeQuery(); <sqlMap resource="com/mydomain/data/Student.xml"/> selectStudentStudent where name sqlMapper. * from student = (Student) = #name# rs.next(); </select> queryForObject("selectStudent", name); Student student = new Student(); </sqlMap> student.setName(rs.getString(1)); JDBC iBATIS
  18. 18. 5 SQL(++) public class Student { private String name; public void setName(String name) { this.name = name; } public String getName() { return name; } } ResultSetHandler h = new BeanHandler(Student.class); Student s = (Student) run.query(conn, "select * from Student where name=?", handler, new Object[]{name}); PreparedStatement prep = conn.prepareStatement( <sqlMap namespace="Student"> "select * from Student where name = ?"); <typeAlias alias="Student" type="com.mydomain.data.Student"/> prep.setString(1, name); <select id="selectStudent" resultClass="Student"> ResultSet rs = prep.executeQuery(); <sqlMap resource="com/mydomain/data/Student.xml"/> selectStudentStudent where name sqlMapper. * from student = (Student) = #name# rs.next(); </select> queryForObject("selectStudent", name); Student student = new Student(); </sqlMap> student.setName(rs.getString(1)); JDBC DbUtils iBATIS
  19. 19. 5 SQL(++) public class Student { private String name; public void setName(String name) { this.name = name; } public String getName() { return name; } } PreparedStatement prep = conn.prepareStatement( <sqlMap namespace="Student"> "select * from Student where name = ?"); ResultSetHandler h = new BeanHandler(Student.class); <typeAlias alias="Student" type="com.mydomain.data.Student"/> prep.setString(1, name); Student s = (Student) run.query(conn, <select id="selectStudent" resultClass="Student"> ResultSet rs = prep.executeQuery(); "select * from Student where name=?", selectStudentStudent where name sqlMapper. * from student = (Student) = #name# <sqlMap resource="com/mydomain/data/Student.xml"/> rs.next(); handler, new Object[]{name}); </select> queryForObject("selectStudent", name); Student student = new Student(); </sqlMap> student.setName(rs.getString(1)); JDBC DbUtils iBATIS
  20. 20. 6 O/R Mapping
  21. 21. 6 O/R Mapping Illusion - there is no database b e r n a te - still need configuration Hi Auto-Save - objects are stateful - automatic dirty checking J DO J PA Auto-Navigation - in queries - get() loads referred object - collection support
  22. 22. 7 O/R Mapping
  23. 23. 7 O/R Mapping J DO J PA e H i be r n at
  24. 24. 7 O/R Mapping J DO J PA e H i be r n at “technology agnostic” RDBMS RDBMS
  25. 25. 7 O/R Mapping J DO J PA e H i be r n at “technology agnostic” RDBMS RDBMS few implementations many most popular
  26. 26. 7 O/R Mapping J DO J PA e H i be r n at “technology agnostic” RDBMS RDBMS few implementations many most popular Google AppEngine Google AppEngine
  27. 27. 8 Hibernate
  28. 28. 8 Hibernate Dependencies hibernate3.jar hibernate-annotations.jar hibernate-commons-annotations.jar commons-collections-3.1.jar commons-logging-api-1.1.jar commons-logging-1.1.jar ejb3-persistence.jar antlr-2.7.6.jar dom4j-1.6.1.jar javassist-3.4.GA.jar jta-1.1.jar slf4j-api-1.5.6.jar slf4j-simple-1.5.6.jar
  29. 29. 8 <!DOCTYPE hibernate-configuration PUBLIC hibernate3.jar hibernate-annotations.jar "-//Hibernate/Hibernate Configuration DTD 3.0//EN" hibernate-commons-annotations.jar Hibernate commons-collections-3.1.jar commons-logging-api-1.1.jar "http://hibernate.sourceforge.net/hibernate-configuration-3.0.dtd"> commons-logging-1.1.jar ejb3-persistence.jar <hibernate-configuration> antlr-2.7.6.jar dom4j-1.6.1.jar javassist-3.4.GA.jar <session-factory> jta-1.1.jar slf4j-api-1.5.6.jar <property name="connection.url">jdbc:h2:mem:test</property> slf4j-simple-1.5.6.jar <property name="connection.username">sa</property> <property name="connection.driver_class">org.h2.Driver</property> Dependencies <property name="dialect">org.hibernate.dialect.H2Dialect</property> <property name="connection.password">sa</property> </session-factory> Configuration </hibernate-configuration> hibernate.cfg.xml Annotations or XML import javax.persistence.*; @Entity public class Student { @Id @GeneratedValue private Long id; @Column private String name; }
  30. 30. 8 hibernate3.jar hibernate-annotations.jar hibernate-commons-annotations.jar Hibernate commons-collections-3.1.jar commons-logging-api-1.1.jar commons-logging-1.1.jar ejb3-persistence.jar antlr-2.7.6.jar dom4j-1.6.1.jar javassist-3.4.GA.jar jta-1.1.jar slf4j-api-1.5.6.jar slf4j-simple-1.5.6.jar Dependencies Configuration hibernate.cfg.xml Student s = (Student) session.createQuery( Annotations or XML "from Student s where name=?"). setString(0, name).list().get(0); Query <!DOCTYPE hibernate-configuration PUBLIC import javax.persistence.*; "-//Hibernate/Hibernate Configuration DTD 3.0//EN" "http://hibernate.sourceforge.net/hibernate-configuration-3.0.dtd"> @Entity <hibernate-configuration> <session-factory> public class Student { <property name="connection.url">jdbc:h2:mem:test</property> @Id @GeneratedValue <property name="connection.username">sa</property> private Long id; <property name="connection.driver_class">org.h2.Driver</property> @Column <property name="dialect">org.hibernate.dialect.H2Dialect</property> <property name="connection.password">sa</property> private String name; </session-factory> } </hibernate-configuration>
  31. 31. 9 Next Generation: JaQu
  32. 32. 9 Next Generation: JaQu POJO public class Student { private String name; public void setName(String name) { this.name = name; } public String getName() { return name; } }
  33. 33. 9 Next Generation: JaQu public class Student { private String name; POJO public void setName(String name) { this.name = name; } public String getName() { return name; } } Query - Typesafe Student s = new Student(); - Embedded DSL s = db.from(s).where(s.name). - Fluent API - Autocomplete is(name).selectFirst();
  34. 34. 9 Next Generation: JaQu public class Student { private String name; POJO public void setName(String name) { this.name = name; } public String getName() { return name; } } Query - Typesafe Student s = new Student(); - Embedded DSL s = db.from(s).where(s.name). - Fluent API - Autocomplete is(name).selectFirst(); No String Student s = new Student(); Student s = new Student(); - No SQL injection List<Student> students = s.name = "Robert"; db.from(s).where(s.name). db.insert(s); is(name).select();
  35. 35. 10 SQL Injection
  36. 36. 10 SQL Injection
  37. 37. 10 SQL Injection
  38. 38. 10 SQL Injection
  39. 39. 10 SQL Injection stat.execute("select * from " + "Students where name='" + name + "'");
  40. 40. 10 SQL Injection stat.execute("select * from " + "Students where name='" + "Robert'; DROP TABLE Students--'"); name + "'");
  41. 41. 10 SQL Injection PreparedStatement prep = conn.prepareStatement( "select * from " + "Students where name=?"); stat.execute("select * from " + prep.setString(1, name); "Students where name='" + prep.execute(); "Robert'; DROP TABLE Students--'"); name + "'");
  42. 42. 11 SQL Injection
  43. 43. 11 SQL Injection CT * " + JDBC stat.exe cute("SELE ERE " + ERS WH "FROM US ='"+pwd+"'"); D "PASSWOR
  44. 44. 11 SQL Injection run.query( ("SELECT * " + JDBC te stat.execu * ERS WHERE s + "SELECT S FROM User " " + "F HEREU sswor "WROM paD='"+pwd'" "'"); + DBUtils SWOR pwAS+ "'"); "P d d= +
  45. 45. 11 SQL Injection < lect d rusequeriy(=""SELECT * " + n. g JDBC selext cDte( etUser"RE " + t.ec e I u asFRS WHE ...> sta ELECT * EidOM Users "S whHEMPUS R fromwd+""S); "F er RE pass O + U "WROe ASSWworp = SER '"+ DBUtils '$PASSWORD='" D = '" + "pd + ' pwwd$"'"); Rd </select> iBATIS
  46. 46. 11 SQL Injection < lect d rusequeriy(=""SELECTQuery( n. q = *"+ JDBC Query t cDte(g.creaer" ..E " + selexe I u emetUs te R .> stat.ec ECTasEidSfWH) "ers "SEL (u E "SELereT U* FRCTom U+E""S); whHEMPOBJE OM pwd+ R + O REAS R r Us S + EC "WR Us Rss ORD = " '" "F "FROSSWOSSWwordRE '" + pa u W+ DBUtils '$PAM$' erD='"HE = " pwd "'"); '"+pwd+"'"); pwd + </selesword= "pasct> iBATIS JPA
  47. 47. 11 SQL Injection < l t d rusequeriy(=""SELECTQuery( Querecq = em.creaer * "y( n. y = er + JDBC Qutley tqIDte(getUs te" er " + se .execu pm.newQuRE c ...> staUserECas* EidSfWH) "ers EC as, "SEL T OBJE OM Us s E "SELer.clT S FRCTom U+E""S); whHEMPU R r (u wd+ R + "WR M UserD'"+RD RES + "F Oe AS "passwor SWO HE = " '" RE pa u W+p "FROSSWOd= ='"pwd+"'"+ DBUtils '$PA d$' Rssword = '" ); " pw + "'"); '"+pwd+"'"); pwd </selesword= "pasct> iBATIS JPA JDO
  48. 48. 11 SQL Injection < l t d rusequeriy(=""SEresCTQuery( Querecq = q(g.creaeeQu y( n. y = pm.newQu* " + JDBC Quer y tqIDte metLE te" er " + selexecu em.c U atr RE u"SEL Q t.ec ...> staUserECas* EidSfWH) + +s .clTaS FRCTom "er " + s R Or (u"E s,JE OM Us S M U E ); "SEECT OB "SELereCT * whHEMPU "F LE pass O pwwd+"'" "WRO REAerDuworpRE ER+ " + Su W d H R "passworSct '"+RDW= "'"ES M WOd= ='"HE d+'" + Us R W re+ d = " ); DBUtils "FROunstru '$Pt: SS ' "n w "pd + pwA d$"'"rd='"+pwd+"'", </s"pesword='"+pwd+"'"); "pasct> o ); el assw iBATIS Query.SQL); JPA JDO JCR
  49. 49. 11 SQL Injection < l t d rusequeriy(=""SEresCTQuery( Querecq = q(g.creaeeQu y( n. y = pm.newQu* " + JDBC Quer y tqIDte metLE te" er " + selexecu em.c U atr RE u"SEL Q t.ec ...> staUserECas* EidSfWH) + +s .clTaS FRCTom "er " + s R Or (u"E s,JE OM Us S M U E ); "SEECT OB "SELereCT * whHEMPU "F LE pass O pwwd+"'" "WRO REAerDuworpRE ER+ " + Su W d H R "passworSct '"+RDW= "'"ES M WOd= ='"HE d+'" + Us R W re+ d = " ); DBUtils "FROunstru '$Pt: SS ' "n w "pd + pwA d$"'"rd='"+pwd+"'", </s"pesword='"+pwd+"'"); "pasct> o ); el assw iBATIS Query.SQL); JPA JDO ); User u = new User( JCR db.from(u). is(pwd). where(u.password). select(); JaQu
  50. 50. 11 SQL Injection < l t d rusequeriy(=""SEresCTQuery( Querecq = q(g.creaeeQu y( n. y = pm.newQu* " + JDBC Quer y tqIDte metLE te" er " + selexecu em.c U atr RE u"SEL Q t.ec ...> staUserECas* EidSfWH) + +s .clTaS FRCTom "er " + s R Or (u"E s,JE OM Us S M U E ); "SEECT OB "SELereCT * whHEMPU "F LE pass O pwwd+"'" "WRO REAerDuworpRE ER+ " + Su W d H R "passworSct '"+RDW= "'"ES M WOd= ='"HE d+'" + Us R W re+ d = " ); DBUtils "FROunstru '$Pt: SS ' "n w "pd + pwA d$"'"rd='"+pwd+"'", </s"pesword='"+pwd+"'"); "pasct> o ); el assw iBATIS Query.SQL); JPA JDO ); User u = new User( JCR db.from(u). is(pwd). where(u.password). select(); JaQu
  51. 51. Images are Creative Commons licensed Thomas Mueller Mountain Bike http://www.flickr.com/photos/kgsbikes/3043775162 Software Engineer Solex http://www.e-solex.fr http://www.h2database.com Scooter http://www.flickr.com/photos/janet/2844615758 http://www.day.com Generic Car http://jackrabbit.apache.org http://www.flickr.com/photos/markscott/389221242 Generic Jeep http://www.flickr.com/photos/markscott/389221372 Ford Focus http://www.flickr.com/photos/stevecoulterperformancecars/ 2965383580 Smart http://www.smart.com xkcd Comic "Exploits of a Mom" http://xkcd.com/327 http://ibatis.apache.org http://commons.apache.org/dbutils http://www.hibernate.org http://www.datanucleus.org http://openjpa.apache.org http://www.eclipse.org/eclipselink http://www.oracle.com/technology/products/ias/toplink http://www.h2database.com/html/jaqu.html

×