Saturday, October 24, 2009

Polymorphic one to many relationships in Hibernate

These are some notes on mapping a polymorphic one-to-many relationship in Hibernate. I want to give credit to Clark Updike's blog for providing most of the answers. These notes reflect my own particular bias and needs. I wrote the code samples below in Groovy for ease of prototyping (they actually work). They should be close enough to Java to serve as concise pseudo code, even if you don't know Groovy. They aren't my real production entity classes, of course, but these simple classes are sufficient to illustrate the issues I grappled with.

Monday, October 12, 2009

NESS 2009: Remembering Java platform security

Java platform security is something we normally don't worry about when doing enterprise Java development. Originally designed as a sandbox for applets, Java platform security has evolved into a fine-grained access control architecture for all Java programs. Even so, it remains focused on protecting the host system from the Java application. The Java developer is more concerned about protecting the Java application from malicious users, or protecting users from each other.

So if Java platform security secures the host system, and we are concerned with securing our application, is the former useless? At the New England Software Symposium, I attended Ted Nugent's two presentations on Java platform security, and he argues that it is indeed useful. On the other hand, it is disabled by default, for ordinary Java applications as well as webapps running on Tomcat. This blog entry is based on Ted's presentation.