Thursday 29 June 2017

UML - What do those Arrows Mean?

In PlantUML:

@startuml
abstract class Animal
interface Behaviour
interface Prey
Animal <|-- Lion : inheritance
Behaviour <|.. Animal : realization/implementation
Lion -left-* Pride : composition
interface Grouping
Grouping <|.. Pride
Prey -left-O Lion : aggregation
Water <-down- Lion : uni-directional
Habitat -up- Lion : bi-directional
@enduml

implementation/realization: a dotted line with a closed, unfilled arrow means realization (or implementation). The arrow points to the interface.
inheritance: Inheritance is indicated by a solid line with a closed, unfilled arrowhead pointing at the super class
aggregation: a solid line with an unfilled diamond at the class which uses the other class
composition: a solid line with an filled diamond at the class which contains the other class
bi-directional association: A bi-directional association is indicated by a solid line between the two classes. In the example, the Lion lives in his Habitat, but the Habitat benefits in some way from the Lion as well.
uni-directional association: A uni-directional association is indicated by a solid line between the two classes. The class that knows nothing of the other class, has an open arrowhead pointing to it. A Lion uses Water, but not the other way around.

References

[1] Wikipedia - Class diagram: http://en.wikipedia.org/wiki/Class_diagram
[2] IBM Developer Works - UML basics The class diagram: https://www.ibm.com/developerworks/rational/library/content/RationalEdge/sep04/bell/
What's the difference between Aggregation and Composition?: http://randomthoughtsonjavaprogramming.blogspot.nl/2013/11/whats-difference-between-aggregation.html

Thursday 22 June 2017

MessageBodyWriter not found!

I got the following (unhelpful) message in my server log, when I changed some of my Java classes that are translated to JSON (and vice versa).

Severe: MessageBodyWriter not found for media type=application/json, type=class java.util.ArrayList, genericType=java.util.List

Turns out that I added a specific constructor to one of my Java classes, effectively removing the unspecified Default Constructor that Java always adds.

This default constructor is however essential to the proper working of JSON-Java mapping.

Thursday 15 June 2017

REST-EJB AccessLocalException causes BadRequest(500) instead of Unauthorized(401)

I am using EJBs as REST Services. It works pretty well. I added security on the EJB, by means of security definitions in the web.xml file and appropriate annotations on the EJB (@DeclareRoles and @RolesAllowed).

Unfortunately, when I try to access the methods in the EJB without being properly authorized, I received a 500 BadRequest. Instead I would really like to have a 401 Unauthorized.

I posted a question on StackOverflow¹, but I have found the solution² in the mean time, which I also posted, and will repost here.

It is possible to add an ExceptionMapper to your Application, which can map between an Exception and an appropriate HTTP Response.

Note

My ApplicationConfig has now been expanded with a

resources.add(mmud.exceptions.EJBAccessExceptionMapper.class);

References

[1] StackOverflow - REST-EJB AccessLocalException causes BadRequest(500) instead of Unauthorized(401): https://stackoverflow.com/questions/44351224/rest-ejb-accesslocalexception-causes-badrequest500-instead-of-unauthorized401
[2] RESTful Java with JAX-RS 2.0 (Second Edition) - Exception Handling: https://dennis-xlc.gitbooks.io/restful-java-with-jax-rs-2-0-2rd-edition/en/part1/chapter7/exception_handling.html
StackOverflow -: https://stackoverflow.com/questions/3297048/403-forbidden-vs-401-unauthorized-http-responses

Thursday 8 June 2017

Casting JSON Object to TypeScript Class

I have implemented some HTTP service for my Angular App using the explanation at [1]. Now in resource [2] it is mentioned that it is important to provide the JSON Object received from the HTTP Service in the constructor of the data model.

I thought I had found a shortcut. I thought that as long as the JSON object received resembled the structure of the TypeScript class, that I could just cast it to the TypeScript class.

This worked fine, until it didn't, and then I got this huge error in my face.

The problem

The problem started appearing when I defined a method in my TypeScript class. Naturally, this method is not available in the JSON Object, and no manner of Casting is going to make it magically appear there.

You get something like:

ERROR TypeError: item.getItemPriceAsInteger is not a function
    at ItemService.webpackJsonp.71.ItemService.updateItem (http://localhost.com/main.bundle.js:811:67)
    at ItemSettingsComponent.webpackJsonp.183.ItemSettingsComponent.update (http://localhost.com/main.bundle.js:508:28)
    at ItemSettingsComponent.webpackJsonp.183.ItemSettingsComponent.saveItem (http://localhost.com/main.bundle.js:480:14)
    at Object.eval [as handleEvent] (ng:///AppModule/ItemSettingsComponent.ngfactory.js:1663:24)
    at handleEvent (http://localhost.com/vendor.bundle.js:13600:138)
    at callWithDebugContext (http://localhost.com/vendor.bundle.js:14892:42)
    at Object.debugHandleEvent [as handleEvent] (http://localhost.com/vendor.bundle.js:14480:12)
    at dispatchEvent (http://localhost.com/vendor.bundle.js:10500:21)
    at http://localhost.com/vendor.bundle.js:12428:20
    at SafeSubscriber.schedulerFn [as _next] (http://localhost.com/vendor.bundle.js:5549:36)

Solutions

There are several solutions available as described in [3, 4, 5].

Chosen solution

I like the one provided in [6]. It uses TypeScript Decorators⁷. It can be installed as an npm package, according to [8].

To anyone using Java, the solution provided has an uncanny resemblance to JPA annotated Entities or JAXB annotated classes.

I am going to go ahead and try this one out, and see how it works.

I'll provide an update, once I get some results.

References

[1] Angular Docs - HTTP Client: https://angular.io/docs/ts/latest/guide/server-communication.html
[2] Writing a Search Result: ng-book 2 - The Complete Book on Angular Nate Murray, Felipe Coury, Ari Lerner, Carlos Taborda
[3] StackOverflow - How do I cast a JSON object to a typescript class: https://stackoverflow.com/questions/22875636/how-do-i-cast-a-json-object-to-a-typescript-class
[4] StackOverflow - Angular2 cast a json result to an interface: https://stackoverflow.com/questions/34516332/angular2-cast-a-json-result-to-an-interface
[5] Angular2 HTTP GET - Cast response into full object: https://stackoverflow.com/questions/36014161/angular2-http-get-cast-response-into-full-object
[6] Mark Galae - TypeScript Json Mapper: http://cloudmark.github.io/Json-Mapping/
[7] TypeScript - Decorators: https://www.typescriptlang.org/docs/handbook/decorators.html
Ninja Tips 2 - Make your JSON typed with TypeScript
[8] npm - json-typescript-mapper: https://www.npmjs.com/package/json-typescript-mapper; http://blog.ninja-squad.com/2016/03/15/ninja-tips-2-type-your-json-with-typescript/

Thursday 1 June 2017

Bower

Wow. On the website for bower¹, they mention the following quote:

“ ...psst! While Bower is maintained, we recommend yarn and webpack for new front-end projects!”^{2 3}

Damn, it's hard to keep up with the advancements in Front-end Land!

References

[1] Bower - A package manager for the web: https://bower.io/
Yarn - Fast, reliable, and secure dependency management.: https://yarnpkg.com/en/
webpack MODULE BUNDLER: https://webpack.github.io/

flexibleJDBCRealm

I have recently changed my security realm settings, and I thought I'd document them here.

I'm still using the flexibleJDBCRealm¹ as I've documented in previous blogs^2,3.

In the Glassfish administration console, under Configurations -> server-config -> Security -> Realms -> myRealm, the settings are now as follows.

Name	Value	Description
datasource.jndi	jdbc/mydb	the data source to my database
jaas.context	flexibleJdbcRealm
password.digest	SHA-512	I have upgraded from SHA1 to SHA2, which seems more secure
password.encoding	HEX:128	See note below
sql.groups	select groupid from mmv_groups where name in (?)	using a database view, makes it easier to change table layout without effecting the securityrealm
sql.password	select password from mmv_users where name in (?)	same as above

Note

The SHA-512 encoding always creates 128 characters as the hash.

However, in the source code of the flexibleJDBCRealm, this hash is converted from a byte[] into a hexadecimal string by means of a call "new BigInteger(1, aData).toString(16);".

This effectively means that if the byte[] starts with one or more "0"s, these are removed in the BigInteger call leaving you with a hash that is less than 128 characters.

This is why I need to use "HEX:128", instead of just "HEX".

MariaDB/MySQL

The values are easily verifiable in the database.

I can just do a

SELECT SHA2(usertable.password, 512) from usertable where user='mrbear';

It should yield the exact same result as the encryption function of the flexibleJDBCRealm.

References

[1] FlexibleJDBCRealm: http://flexiblejdbcrealm.wamblee.org/site/
[2] Security Realms in Glassfish: http://randomthoughtsonjavaprogramming.blogspot.nl/2016/04/security-realms-in-glassfish.html
[3] Glassfish Security Realms: http://randomthoughtsonjavaprogramming.blogspot.nl/2014/10/glassfish-security-realms.html
[4] Installation instructions: http://flexiblejdbcrealm.wamblee.org/site/documentation/snapshot/installation.html