JETTY RUNNER version 0.2

those who doesn’t know about JETTY RUNNER:
JETTY RUNNER is a standalone swing based application which is used to bundle java ee based application along with jetty container. it comes with simple web app configuration xml file and global properties manager through a simple properties file.

actually i have been using this project for my own development solution, so i belief this project will become a great strengthen feature gradually.

JETTY RUNNER is now running on max OSX, i have removed system try support in new tag v-0.2, soon i will release *.dmg package for mac osx. here are few screen snaps -

figure – 1: server console main window

figure – 2: global properties editor

change logs -
1. removed system tray support
2. removed default jmx configuration
3. added “start.sh” to launch JETTY RUNNER on *nix based platform where ruby script is installed.
here are few screen snaps, which i have taken from the newly added ruby script! -

figure – 3: newly added jetty runner on ruby

figure – 4: newly added jetty runner implementation in ruby

this script really great , at least i like it

Content Management System (CMS)

today, i got a request to explain about Content management system and how it suppose to be developed. here i am putting my cms architectural thoughts over an Graphical presentation. i hope it will be easier to understand. (more will come on next blog)
How a Content Management System architecture should look like:

Overall architecture

1. Presentation layer:
presentation layer is consists with HTML, WML, XML, PDF or Multimedia object representation. if you say about Java. i would love to use “JSP, Velocity or Ruby” type scripting language. which has less access on core API or database access layer.
2. API:
API is main area to focus for the time being, on my next article, i will come up with more stuffs on integration or joint point. API is a complete bridge among presentation, web services and plugin integration. API has to maintain a series of stuffs.like: framework, repository and version of contents, LDAP and Database stuffs.

3. Framework:
Framework is the way to hook or tie up all stuff together. this part is consisting with Class/Interface and application container. most often DI and IoC container could be used over here, where managed objects are created and destroyed inside the container. this is for concrete Implementation on language dependent framework.

I would love to say about Spring Framework for managing all class and interface and aspects related stuffs.

this part of framework is highly scalable, tuned and tightly coupled with distributed object caching, DSO and persistence layer. this part has to support clustering and other performance and loading balancing related stuffs.

4. Repository/Version (VFS):
Repository is meant to be a process of storing content and their changes in a several versions. Repository is maintained over a Database or filesystem.

some content like Multimedia object which is better to be stored in local file system. repository and version system will ensure those object to be stored with their every change logs.

5. LDAP/Database:
For authentication and authorization purpose LDAP server can be used. it is good for isolating user related stuff. single ldap server can be used for multiple enterprise purpose. it is better practice to keep user out of the application specific storage.

6. Database:
any relational database can be used to store and retrieve contents. local file system will be used to store media type objects. (for example: image, video, audio etc…)
7-8. Web services:
To simplify all stuffs and tie them all under a same hood. web service is meant to be a good choice. it will provide various services over HTTP protocol. RESTful services with various content type. for example: JSON, XML or Plain textual. it is good choice to become more on web 2.0 and more on upcoming WEB 3.0 with lot of sharing with 3rd party buddies.

9-10. Joint point or Plugin:
this part is coming with a simple wrapper of API, which is intended to provide an abstract platform for Plugin and 3rd party developer. those who want to meet or add on their requirement on top of Content Management System, this part has to be developed.

best regards,
-hasan
“Fly without wings”

Common Security flaws

Through out my software development experience I found following common security pitfalls:

1. Relying on web browser supports, for example disabled, readonly or hidden html fields.
Some sites, (for example: spaces.live.com) keep user name inside a read only text field. Using FireBug or other DOM editor, anyone can alter those text fields.

2. Only JavaScript based content validation.
At anytime user can disable javascript feature. Keep security restriction support from server side.
3. No server side content sanitizing and validation
if you are missing server side data sanitizing and validation, it would worth a huge lost, when some people will introduce database injection or other problem.

4. If any button is used for single purpose, it should be disabled or hidden after performing its task.
Otherwise user may click on that button once again, perhaps that button will hit an unexpected server hit. Save server side hit.

5. Incase of own managed session, every session should commit to suicide after a certain life time. After session dead, every session ID must be invalidated.
Otherwise, user may use previous session id to perform any spamming.

6. Limit your controller to “POST” only.
All form submission and data changes request will be performed over “POST” request. And all data retrieval request will be performed over “GET” method.

7. Releasing product without proper security test.
Perform and verify all probable security pitfalls and development limitation, before opening for public.

8. Asynchronize ajax request for each function.
All functionality should be synchronized to perform each request. For example, a pipe can be used to handle one function, another pipe for handling another function. So whenever user double clicks on any button or function. It will wait until previous function is completed.

Functional pipe process

That’s all for today

Color Selector V-1.0

Hello,

i was searching my old projects, suddenly i found one of my funniest projects. i named it “Color Selector”.

“move your mouse over anywhere and checkout the color’s hexa code. it is very helpful for web designer, who wants to pick color.”

Color hints popup window attached with mouse movement	System trey pop up enable/disable icon

history:
JDK 1.5 was in beta version, one day i was checking through all stuffs. suddenly i get to know about MouseInfo class.

so i wrote the following line of code:

MouseInfo.getPointerInfo().getLocation().getLocation();

now i have prepared a standalone package for windows with installer.
hope you will enjoy..