Given an java web application that is currently running in a server, will deploying the same app (giving it a new context name ie. /app-readonly) but provide it with a readonly db account the only thing I need to make a readonly version of a web application.
I would expect that this readonly version of the application will be able to view, search but any updates/creates that are triggerred from the screen will just return an error (which is fine). This is the simplest solution I can think of, without introducing a code change in order to give finer grain control on the application's user access control. At the moment the user access control only dictates what screens are accessible to a user. It is not complex in that it does not dictate what the user can do in a given accessible page.
Is this a correct approach or am I missing something?
That approach is good only if you specifically want to deploy a new web application.
In my view you should create read only user and give that user access limited to Search, view.
In this case user wont have the rights to perform insert, update.
This approach should be there within your project, who can access what ? If you have to deploy a new app for view only, IMHO you need to revisit your access control design.
Related
First, this is not a programming question, yes I know.
Now, I am developing a custom software (Java Swing) for a company as a sub contracting company. I create the code and database (MySQL), send them via a protected method online and their IT people install it there by them selves. I cannot reach their place as I am in a far far away city.
I am having a problem with the database, that is, should I hard-code the database configurations into the Java swing application (or .properties file) or else should I allow the user to decide the password, user name and server IP ? Which means user can edit them at any time, I am planning to use java.util.pref.Preferences in that case.
However I have heard that lot of development companies do not allow the user to edit the password, user name etc, mainly because they might go and edit the database.
So right now I am confused. which method should I select? Hard coding the configurations or allowing dynamic configurations? Any advice please?
I am developing an e-commerce web application, and in that ads from other giants pop up. I figured out that this is done by PriceFountain, which is actually a spyware. I found the steps to remove that from my laptop. more found here.
but the problem is my clients can also have this adware. I want to programmatically do following or either of them, on the client side:: (and if it is not possible at least inform the user to do so)
If, PriceFountain is present, uninstall it from their system. If it is an add-on, remove that.
Activate the pop-up blocker (deactivation can be achieved through javascript and jquery). But I want to activate. My site does not need pop-ups.
Alter the registry of user for the contents of PriceFountain.
I know this is somewhat an unethical hack, but can this be achieved and if so, how?
More of that, it is just my curiosity can we affect client site settings.?
You used to be able to do that (with jscript/vbscript) in IE if and only if the user added your site to his trusted sites (and allowed pretty much everywhere there), or if it was the intranet-site with relaxed permissions.
Back in the old day's I had such a thing for the intranet-help-site where users could browse through the faq and click on the 'execute solution' button for the common 'problems' (previously solved and added to DB).
For rather obvious security-reasons this is no longer the case (although one can still pull some stuff in legacy IE environments).
The point is: you can't do this on other browsers then IE (unless maybe you'd develop separate plug-ins for them and ask your users to install something that will essentially give you access to their whole machine). Realize that effectively what you are asking for is a way to fully control the user's machine. Would you install such a browser (on your parents pc)?
The best course of action would be to face-up, inform your users on your main-website (enter-page) that something bad spread throughout an ad-network and guide them through the steps (that you already found) necessary to relieve them from their problem.
Even if what you asked was possible, you'd still need the user's cooperation somewhere along the way, even if you'd were to write an application for this that the users could download and run (administrative/elevated)..
Good Luck!
EDIT: for the registry you might try something with the answers in this question: read/write to Windows Registry using Java
Still, you'd still need the user's co-operation.
I've simple SPA and I make log out on reloading. As I understand the disadvantage of NOT logging out on reloading is to reinitialization of the whole application.
Questions:
What are the disadvantages of NOT logging off at Single Page Application?
What is the best way to achive NOT loging of on reloading (F5)?
The advantage is that not logging off will avoid pissing off your users so much that they'll want to kill you :-). Seriously, if an application logged me off every time I refresh a page (or open a link in a new tab), I would never use that application again.
Well, don't do it. Make sure the authentication token is stored in a place surviving a refresh, i.e. not in some JS variable, but in a cookie or local storage, for example.
App details:
I am writing an app that requires the user to have a device password set. The company distributes blackberry devices to its associates who will then use them to report on sales etc. The company wants to make sure that the device password is set so that the confidential information can not be easily accessed by anyone if they steal the phone. The app must not work if the password is not set, which is easy enough.
The problem:
The company wants the a message to come up saying "Please set a device password" and then direct the user to the device to the options menu to show them where to set their device password. Doing this seems troublesome
What I have tried so far:
I have looked into the ApplicationManager object, which allows you to bring an application to the foreground. However when I use the following code to see what applications are available:
ApplicationManager manager = ApplicationManager.getApplicationManager();
ApplicationDescriptor descriptors[] = manager.getVisibleApplications();
for(int i=0;i<descriptors.length;i++)
{
String applicationName= descriptors[i].getName();
System.out.println("applicationName");
}
The only visible applications are stuff like Phone, Messages, Blackberry Messages, Home Screen etc, but the options application is not present, which leads me to believe its not accessable from here. (If I'm wrong please let me know)
I have also taken a look at the Invoke.invokeApplication(appType, args) method, however the API does not have an appType constant for the options, or settings etc. The API specifies only the following types and I cannot find the one I need:
APP_TYPE_ADDRESSBOOK
APP_TYPE_BLUETOOTH_CONFIG
APP_TYPE_CALCULATOR
APP_TYPE_CALENDAR
APP_TYPE_CAMERA
APP_TYPE_MAPS
APP_TYPE_MEMOPAD
APP_TYPE_MESSAGES
APP_TYPE_PHONE
APP_TYPE_SEARCH
APP_TYPE_TASKS
I have scanned the API docs and I cannot find anything that looks right. Ive searched for Device and Options and Settings but none of the hits are relevant.
If anyone knows what to do then let me know.
Unfortunately there's no standard API to invoke this screen programmatically. But there's a workaround. Use EventInjector to inject a sequence of keyboard events to open Options screen.
This way is not an elegant one, but I think it is the only workaround in this case.
UPDATE:
I would implement the following approach. Upon application startup I would check, whether device is password protected via DeviceInfo.isPasswordEnabled().
If device is not password protected I would display message: Device is not password protected. Please set password for your device in the device Options. And launch the application again.
I understand, this way is not elegant, but it is reliable and provides full information to the customers, how to use this application properly.
Ok so as it turns out you can run internal apps using the ApplicationManager, so I launched the Options app using the following code:
ApplicationManager.getApplicationManager().launch("net_rim_bb_options_app");
However this only launches the Options app, and does not navigate the user to the Security section.
The following blurb from this page helped me understand what this method really does:
Starting
A BlackBerry application can be started in a number of ways:
by the system automatically on device startup
by another application
by the system at a scheduled time
Regardless of how an application is started, the Application Manager is responsible for starting the process the application will run within.
The ApplicationManager class enables applications to interact with the Application Manager to perform tasks, including:
run an application immediately or at a scheduled time
interact with processes, including retrieving the IDs for foreground applications
post global events to the system
Entry points
The Application Manager starts an application by getting a new process and spawning a thread within that process to call one of the entry points of the application. For many applications, the main() method of its application class is the single entry point that is called. But you can configure more than one entry point for an application.
Using more than one entry point lets you create different ways for a user to start an application. For example, if your application allows users to create a new document, you might like to provide users with two icons that they can click to start the application. Users could click one icon to open the application to its home screen and the other icon to open the application to the screen required to create a new document.
Summary
So basically this method just runs the main method of the app, and supplies the arguments in the main method. It is my suspicion that the main method of the Options app does not allow for you to supply the page you want to open up on as an argument in the main method.
There is no documentation (as far as I can tell) on what arguments the options app takes, so short of guessing how it can be used, it seems that directing the user here and giving them some instructions on how to navigate further is my only option
u_u
I have an EJB 2.1 Project (Actually, it must be migrated into EJB 3.1 :-)) Currently it supports only one window. it means the user should work on a window. It is because of the variables, used as session variables. (Last Search Criteria, last used id, etc...).
I want to make it possible to open two or more tabs in for example Firefox and work parallel. If the user is on the same tab, the variables should be kept only for that tab. Only global variables can be valid for all tabs.
How can i approach to this problem.??
Any documentation to understand multiwindow will be also helpful.
Or any other idea or experiences about multiwindow web project is also welcome.
There isn't any built-in way to deal with this in either browsers or any EJB that I am aware of. Other web app frameworks have the concept of Web Flows that are series of connected actions that can handle multiple flows in different tabs of the same browsers, so you may wish to start looking there.
In a nutshell, they create their own "cookies" that the application controls, not the browser itself. These "application cookies" are then used to stash chunks of information related to the current set of operations, much like a session.
These sorts of things are often kicked off by the user clicking a link that opens in a "new window" (or tab) that notifies the application (via a page hit or an ajax call) that a new "work session" is being opened and gets the inner-session set up.