Tuesday, July 13, 2010

Generic Method


public static <T extends Template<T>> T detailsCopy(T template, boolean snapshot);
public static <T extends Template> Set<T> detailsCopy(Set<T> templateSet, boolean snapshot);
public void draw(List<? extends Shape> shape);

Monday, July 12, 2010

EventQueue & Session timeout tracking

Swing's single-threaded model make UI updates run in Event Dispatch thread. Those actionPerformed listener method of UI components already runs in Event dispatch thread. The EventQueue.invokeLater(Runnable), EventQueue.invokeAndWait(Runnable) cause runnable to have its run method called in the dispatch thread of the system EventQueue. The cases occur for long lasting task and run in separate thread (SwingWork provides convenient methods for it).

SwingUtilites is a wrapper class of EventQueue for old java code.

We could provide our custom EventQueue for System Event Queue, which contains events processed by event dispatch thread. It looks like Swing launch a new AWT-EventQueue- thread when a new EventQueue is set.


Toolkit.getDefaultToolkit().getSystemEventQueue().push(new NSEventQueue());

For custom EventQueue, we can override its dispatchEvent() method and record the keepAlive timestamp for mouse and keyboard activities. It could be used for session timeout tracking.

See: Swing threading and Dispatch thread

Friday, July 9, 2010

Secure Acess in web.xml


<security-constraint>
<web-resource-collection>
<web-resource-name>Restricted Access</web-resource-name>
<url-pattern>/jsp/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>NetSightAdministrator</role-name>
<role-name>NetSightUser</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

<security-constraint>
<web-resource-collection>
<web-resource-name>Secured Access</web-resource-name>
<url-pattern>/sessionDetails</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/failure.jsp</form-error-page>
</form-login-config>
</login-config>


The 1st "Restricted Access" requires login and https access. The 2nd "Secured Access" doesn't have auth-constraint tag and only requires https access. (*The empty auth-constraint tag has different meaning - to exclud access). The user-data-constraint tag to specify http/https access, value NONE or CONFIDENTIAL.

See: Configuring security on a resource