Tag Archives: java

Property Injection with CDI

1 Reply

Over the last several months, I’ve been working on a large enterprise web application development effort using Java EE 7. As a long user of the Spring Framework for Java web application development, one of the things I immediately missed were the simple property injection techniques supported by Spring’s PropertyOverrideConfigurer and PropertyPlaceholderConfigurer.

Out of the box, CDI provides no good solution for property injection. However, CDI’s really outstanding extension mechanism makes it really easy to get CDI to do things that it doesn’t inherently support. I made a CDI extension named Pinject that provides all of the property injection support needed by the typical Java web application.

It’s as simple as this:

[java]
package com.example.myapp;

public class MyBean implements MyService {

@Inject
@Property
private URL location;

@Inject
@Property
private int maxRetries;

}
[/java]

And we place a properties file named beans.properties on the classpath containing the
values to inject:

[java]
com.example.myapp.MyBean.location=http://www.google.com
com.example.myapp.MyBean.maxRetries=3
[/java]

Pinject provides a great deal of flexibility in resolving and converting property values and injecting them into your beans. It even provides its own extension points so that you can easily cover use cases I didn’t think to provide. Please check it out and let me know if you find it useful.

JSF Resources and Security Constraints in web.xml

If your JSF application uses the standard Java Servlet security mechanisms (<security-role>, <security-constraint>, <login-config>, et al), and your application allows a mixture of public and non-public access, you’ll probably want to make the JSF resource library available to the browsers of both public and non-public users.

Assuming that you’re using the JSF resource library mechanisms (like <h:outputStylesheet>), you’ll need this security constraint:

[xml]


Public Resources
/javax.faces.resource/*




[/xml]

If (like me) you’re mixing use of JSF tags like (<h:outputStylesheet>) with some direct references to resources, you’ll also want to include a URL pattern that allows that direct access:

[xml]


Public Resources
/javax.faces.resource/*
/resources/*




[/xml]

Since these security constraints don’t specify an auth constraint, they are accessible to any browser that requests them. As noted, you can still include a <user-data-constraint> to enable SSL, if you like.

UNIX-compatible Password Encryption for Java

I’m working on a project in which there is a need to encrypt passwords in format that is compatible with the crypt(3) function from the GNU C Library. I looked around a bit and found a couple of alternatives, but none that implemented the SHA-512 and SHA-256 variants which are now commonplace on Linux systems.

Lacking any better alternatives, I produced my own Crypt4j module which provides a crypt(3) compatible implementation in Java, by using the open-source C implementations as a reference.

Crypt4j is open source, and uses the ASL 2.0 license. If you use it in your own project, I’d like to hear about it.