Skip to content

Instantly share code, notes, and snippets.

@AdamBien

AdamBien/8thAirhacksQ&A.md

Last active August 29, 2015 14:07
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save AdamBien/b65cad58e783b5df9b16 to your computer and use it in GitHub Desktop.
Save AdamBien/b65cad58e783b5df9b16 to your computer and use it in GitHub Desktop.
Download ZIP
8thAirhacksQ&A
Raw
8thAirhacksQ&A.md

Questions for the November edition of the http://airhacks.io show:

  1. Question about ejb scheduler vs java ee batch processing. What are pros and cons when using batch processing over ejb scheduler ? Marek
  2. Question about multi datasource and EJB. What is the best way to deal with EJBs which need to use a specific database for caller/user? Should I use
    Interceptors? Should I use injection with request scoped? Wesley
  3. Statement: "You forgot to say one advantage of Spring over JEE. Spring you can deploy on any container." Mauricio
  4. 'How do you manage deployed microservices (status, healthchecks, restarting) locally and on servers?' Tomek
  5. 'How do you use Docker (what setup) locally and on servers? Tomek
  6. Does JSF play well with JavaScript frameworks? [Edward]
  7. Why It Is Impossible To Automatically Handle javax.persistence.OptimisticLockException? "...I had even more finding on optimisticLockException. I had encounter this
    exception and my solution was pretty straight forward which was just retry and
    it works fine with my design and the data were good. The catch is, recently I added a new table which has a relationship to the row
    which was throwing the optimisticLockException. I noticed that the entry in the second table was not created because of this exception. However the record data consistency was maintained because of the retry. But I loose an important
    information in my related table. Does anyone have suggestion on what to do with this kind of scenario?..." [Anuj]
  8. can you share some updates on how to do high availability JEE apps in light of
    JEE7 and tackling session stored data Ahmed
@haisi
Copy link

haisi commented Nov 1, 2014

Adam, you often say that Java EE7 is really lean, which I can agree on in most cases, but when it comes to security, authentication and authorization Java EE isn't lean at all and really complicated (JAAS, JASPIC, JACC...) _compared to_ spring security (especially in combination with grails).
So what are your thoughts on this and do you know anything about future plans of Java EE8 concerning this?
In the mean time I just use a Java EE kickoff app made by the omniface guys using JASPIC, but I would really appreciate some clearance or even a dedicated video about this topic.

@masumcse1
Copy link

is JSF2.2 by default owasp supported ?

if not , which secuirity need customize/optimized  for JSF based webapp ?

OWASP security -----------------------------

A1 – Injection
A2 – Broken Authentication and Session Management
A3 – Cross-Site Scripting (XSS)
A4 – Insecure Direct Object References
A5 – Security Misconfiguration
A6 – Sensitive Data Exposure
A7 – Missing Function Level Access Control
A8 – Cross-Site Request Forgery (CSRF)
A9 – Using Known Vulnerable Components
A10 – Unvalidated Redirects and Forwards

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment