AdamBien/47thAirhacksQ&A.md

Created January 10, 2018 08:18

Star 1 You must be signed in to star a gist
Fork 0 You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/AdamBien/dce90e8d7162c06ca3395f9a9ceb7bf1.js"></script>
Save AdamBien/dce90e8d7162c06ca3395f9a9ceb7bf1 to your computer and use it in GitHub Desktop.

Download ZIP

47thAirhacksQ&A.md

Raw

47thAirhacksQ&A.md

Ask questions and see you at February, 5th, 6.PM. CET: http://www.ustream.tv/channel/adambien

Also checkout recent episode:

omega09 commented Feb 5, 2018 •

edited

Security questions:

What would you recommend for authentication over SSL/TLS? OAuth/2, JWT? Why is it a bad idea to resend the password on each request?
What is your checklist to have when writing code on both client and server which sends and receives sensitive data like credit card information? What security measures need to be instated?

ghost commented Feb 5, 2018

What do you think about NetBeans future?
The same transaction to Apache was done for Open Office and... current situation is not good for Open/Libre Office :(

pgutierrezn2 commented Feb 5, 2018

Hi Adam, thanks for this monthly opportunity to raise questions.

Following your warning that Data Transfer Objects are widely overused we'd like to check if that is the case in our environment. We're starting to use JPA these days and it is a good oportunity to review our approach:

For us it is typical that more than one hundred applications (different EAR files) call (most of them via the remote interface) to the same EJB responsible for dealing with a set of database tables. For that, these applications use a client jar that includes DTOs to communicate with the EJB.
Our DTOs are most of them identical to the JPA entity: same fields, no impedance. We don't need to adapt incompatible domain layers
We've tried to substitute the DTO with the JPA entity itself (I mean, duplicating it) but we get the following exception because the JPA entity in the client jar has different bytecode (I suppose) than the one in the EJB that is enhanced due to weaving
java.rmi.MarshalException: CORBA MARSHAL 0 No; nested exception is: org.omg.CORBA.MARSHAL: cannot locate RunTime CodeBase

Any recomendation for this scenario is welcomed.

vanuatoo commented Feb 5, 2018

What is your approach to this scenario:

There is an Entity with columns: ID and Name. Name is annotated as @column(unique = true)

There is a REST Resource which injects session bean.
POST Request is sent to REST Resource which invokes business method in a session bean.
In a session bean there is a line: em.persist(bean);

The goal is to throw business exception from the session bean when Constraint Violation happens in the database but the exception is not thrown unless you put em.flush(); after em.persist();

Is putting em.flush() a correct approach?
Another approach would be to first find an object with the same Name, but there is still a chance Constraint Violation happens in a race condition.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment