Dependency Injection

Total Page:16

File Type:pdf, Size:1020Kb

Dependency Injection Dependency Injection DESIGN PATTERNS USING SPRING AND GUICE DHANJI R. PRASANNA MANNING Greenwich (74° w. long.) www.allitebooks.com For online information and ordering of this and other Manning books, please visit www.manning.com. The publisher offers discounts on this book when ordered in quantity. For more information, please contact Special Sales Department Manning Publications Co. Sound View Court 3B fax: (609) 877-8256 Greenwich, CT 06830 email: [email protected] ©2009 by Manning Publications Co. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by means electronic, mechanical, photocopying, or otherwise, without prior written permission of the publisher. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in the book, and Manning Publications was aware of a trademark claim, the designations have been printed in initial caps or all caps. Recognizing the importance of preserving what has been written, it is Manning’s policy to have the books we publish printed on acid-free paper, and we exert our best efforts to that end. Recognizing also our responsibility to conserve the resources of our planet, Manning books are printed on paper that is at least 15% recycled and processed without the use of elemental chlorine. Development Editor: Tom Cirtin Manning Publications Co. Copyeditor: Linda Recktenwald Sound View Court 3B Typesetter: Gordan Salinovic Greenwich, CT 06830 Cover designer: Leslie Haimes ISBN 978-1-933988-55-9 Printed in the United States of America 1 2 3 4 5 6 7 8 9 10 – MAL – 14 13 12 11 10 09 www.allitebooks.com Dependency injection: what’s all the hype? 1 1 1.1 Every solution needs a problem 2 Seeing objects as services 2 1.2 Pre-DI solutions 4 Construction by hand 5 ■ The Factory pattern 7 ■ The Service Locator pattern 12 1.3 Embracing dependency injection 13 The Hollywood Principle 13 ■ Inversion of Control vs. dependency injection 15 1.4 Dependency injection in the real world 17 Java 17 ■ DI in other languages and libraries 19 1.5 Summary 19 Time for injection 21 2 2.1 Bootstrapping the injector 22 2.2 Constructing objects with dependency injection 23 www.allitebooks.com 2.3 Metadata and injector configuration 26 XML injection in Spring 27 ■ From XML to in-code configuration 30 Injection in PicoContainer 31 ■ Revisiting Spring and autowiring 34 2.4 Identifying dependencies for injection 36 Identifying by string keys 37 ■ Limitations of string keys 42 Identifying by type 44 ■ Limitations of identifying by type 46 Combinatorial keys: a comprehensive solution 47 2.5 Separating infrastructure and application logic 51 2.6 Summary 52 Investigating DI 54 3 3.1 Injection idioms 55 Constructor injection 55 ■ Setter injection 56 ■ Interface injection 60 Method decoration (or AOP injection) 62 3.2 Choosing an injection idiom 65 Constructor vs. setter injection 66 ■ The constructor pyramid problem 69 The circular reference problem 71 ■ The in-construction problem 75 Constructor injection and object validity 78 3.3 Not all at once: partial injection 81 The reinjection problem 81 ■ Reinjection with the Provider pattern 82 The contextual injection problem 84 ■ Contextual injection with the Assisted Injection pattern 86 ■ Flexible partial injection with the Builder pattern 88 3.4 Injecting objects in sealed code 92 Injecting with externalized metadata 93 ■ Using the Adapter pattern 95 3.5 Summary 96 Building modular applications 99 4 4.1 Understanding the role of an object 100 4.2 Separation of concerns (my pants are too tight!) 101 Perils of tight coupling 102 ■ Refactoring impacts of tight coupling 105 ■ Programming to contract 108 ■ Loose coupling with dependency injection 111 4.3 Testing components 112 Out-of-container (unit) testing 113 ■ I really need my dependencies! 114 More on mocking dependencies 115 ■ Integration testing 116 4.4 Different deployment profiles 118 Rebinding dependencies 118 ■ Mutability with the Adapter pattern 119 4.5 Summary 121 www.allitebooks.com Scope: a fresh breath of state 123 5 5.1 What is scope? 124 5.2 The no scope (or default scope) 125 5.3 The singleton scope 128 Singletons in practice 131 ■ The singleton anti-pattern 135 5.4 Domain-specific scopes: the web 139 HTTP request scope 141 ■ HTTP session scope 149 5.5 Summary 154 More use cases in scoping 156 6 6.1 Defining a custom scope 157 A quick primer on transactions 157 ■ Creating a custom transaction scope 158 ■ A custom scope in Guice 160 ■ A custom scope in Spring 164 6.2 Pitfalls and corner cases in scoping 166 Singletons must be thread-safe 167 ■ Perils of scope-widening injection 169 6.3 Leveraging the power of scopes 180 Cache scope 181 ■ Grid scope 181 ■ Transparent grid computing with DI 183 6.4 Summary 184 From birth to death: object lifecycle 186 7 7.1 Significant events in the life of objects 187 Object creation 187 ■ Object destruction (or finalization) 189 7.2 One size doesn’t fit all (domain-specific lifecycle) 191 Contrasting lifecycle scenarios: servlets vs. database connections 191 ■ The Destructor anti-pattern 196 ■ Using Java’s Closeable interface 197 7.3 A real-world lifecycle scenario: stateful EJBs 198 7.4 Lifecycle and lazy instantiation 201 7.5 Customizing lifecycle with postprocessing 202 7.6 Customizing lifecycle with multicasting 205 7.7 Summary 207 Managing an object’s behavior 210 8 8.1 Intercepting methods and AOP 211 A tracing interceptor with Guice 212 ■ A tracing interceptor with Spring 214 How proxying works 216 ■ Too much advice can be dangerous! 219 www.allitebooks.com 8.2 Enterprise use cases for interception 221 Transactional methods with warp-persist 222 ■ Securing methods with Spring Security 224 8.3 Pitfalls and assumptions about interception and proxying 228 Sameness tests are unreliable 228 ■ Static methods cannot be intercepted 230 ■ Neither can private methods 231 ■ And certainly not final methods! 233 ■ Fields are off limits 234 ■ Unit tests and interception 236 8.4 Summary 238 Best practices in code design 240 9 9.1 Objects and visibility 241 Safe publication 244 ■ Safe wiring 245 9.2 Objects and design 247 On data and services 247 ■ On better encapsulation 252 9.3 Objects and concurrency 257 More on mutability 258 ■ Synchronization vs. concurrency 261 9.4 Summary 264 Integrating with third-party frameworks 266 10 10.1 Fragmentation of DI solutions 267 10.2 Lessons for framework designers 270 Rigid configuration anti-patterns 271 ■ Black box anti-patterns 276 10.3 Programmatic configuration to the rescue 280 Case study: JSR-303 280 10.4 Summary 286 Dependency injection in action! 289 11 11.1 Crosstalk: a Twitter clone! 290 Crosstalk’s requirements 290 11.2 Setting up the application 290 11.3 Configuring Google Sitebricks 294 11.4 Crosstalk’s modularity and service coupling 295 11.5 The presentation layer 296 The HomePage template 298 ■ The Tweet domain object 301 Users and sessions 302 ■ Logging in and out 304 11.6 The persistence layer 308 Configuring the persistence layer 310 11.7 The security layer 311 11.8 Tying up to the web lifecycle 312 11.9 Finally: up and running! 313 11.10 Summary 314 appendix A The Butterfly Container 315 appendix B SmartyPants for Adobe Flex 320 index 323 Dependency injection: what’s all the hype? This chapter covers: ■ Seeing an object as a service ■ Learning about building and assembling services ■ Taking a tour of pre-existing solutions ■ Investigating the Hollywood Principle ■ Surveying available frameworks “We all agree that your theory is crazy, but is it crazy enough?” —Niels Bohr So you’re an expert on dependency injection (DI); you know it and use it every day. It’s like your morning commute—you sleepwalk through it, making all the right left turns (and the occasional wrong right turns before quickly correcting) until you’re comfortably sitting behind your desk at work. Or you’ve heard of DI and Inversion of Control (IoC) and read the occasional article, in which case this is your first com- mute to work on a new job and you’re waiting at the station, with a strong suspicion you are about to get on the wrong train and an even stronger suspicion you’re on the wrong platform. 1 2 CHAPTER 1 Dependency injection: what’s all the hype? Or you’re somewhere in between; you’re feeling your way through the idea, not yet fully convinced about DI, planning out that morning commute and looking for the best route to work, MapQuesting it. Or you have your own home-brew setup that works just fine, thank you very much. You’ve no need of a DI technology: You bike to work, get a lot of exercise on the way, and are carbon efficient. Stop! Take a good, long breath. Dependency injection is the art of making work come home to you. 1.1 Every solution needs a problem Most software today is written to automate some real-world process, whether it be writ- ing a letter, purchasing the new album from your favorite band, or placing an order to sell some stock. In object-oriented programming (OOP), these are objects and their interactions are methods. Objects represent their real-world counterparts. An Airplane represents a 747 and a Car represents a Toyota; a PurchaseOrder represents you buying this book; and so on. Of particular interest is the interaction between objects: An airplane flies, while a car can be driven and a book can be opened and read. This is where the value of the automation is realized and where it is valuable in simplifying our lives.
Recommended publications
  • FAKULT¨AT F¨UR INFORMATIK Architectural Design And
    FAKULTAT¨ FUR¨ INFORMATIK DER TECHNISCHEN UNIVERSITAT¨ MUNCHEN¨ Masterarbeit in Informatik Architectural Design and Implementation of a Web Application for Adaptive Data Models Stefan Bleibinhaus FAKULTAT¨ FUR¨ INFORMATIK DER TECHNISCHEN UNIVERSITAT¨ MUNCHEN¨ Masterarbeit in Informatik Architectural Design and Implementation of a Web Application for Adaptive Data Models Architektur Design und Implementierung einer Web Anwendung fur¨ adaptive Datenmodelle Author: Stefan Bleibinhaus Supervisor: Prof. Florian Matthes Advisor: Matheus Hauder Date: April 15, 2013 Ich versichere, dass ich diese Masterarbeit selbstandig¨ verfasst und nur die angegebenen Quellen und Hilfsmittel verwendet habe. I assure the single handed composition of this master thesis only supported by declared resources. Munchen,¨ den 15. April 2013 Stefan Bleibinhaus Acknowledgments I would like to express my very great appreciation to Prof. Florian Matthes for offering me to write my thesis on such a delightful topic and showing so much interest in my work. I am particularly grateful for the assistance given by Matheus Hauder and his will to support me in my research. vii Abstract This thesis discusses the architectural design and implementation of an Enterprise 2.0 collaboration web application. The designed web application uses the concept of hybrid wikis for enabling business users to capture easily content in structured form. A Hybrid wiki is a wiki, which empowers business users to incrementally structure and classify content objects without the struggle of being enforced to use strict information structures. The emergent information structure in a hybrid wiki evolves in daily use by the interaction with its users. Whenever a user wants to extend the content, the system guides them to automatically structure it by using user interface friendly methods like auto-completion and unobtrusive suggestions based on previous similar content.
    [Show full text]
  • SDL Livecontent S1000D Delivery Server Installation and Upgrade Manual
    SDL LiveContent S1000D Delivery Server Installation and Upgrade Manual SDL LiveContent S1000D 5.6 January 2018 Legal notice Copyright and trademark information relating to this product release. Copyright © 2009–2018 SDL Group. SDL Group means SDL PLC. and its subsidiaries and affiliates. All intellectual property rights contained herein are the sole and exclusive rights of SDL Group. All references to SDL or SDL Group shall mean SDL PLC. and its subsidiaries and affiliates details of which can be obtained upon written request. All rights reserved. Unless explicitly stated otherwise, all intellectual property rights including those in copyright in the content of this website and documentation are owned by or controlled for these purposes by SDL Group. Except as otherwise expressly permitted hereunder or in accordance with copyright legislation, the content of this site, and/or the documentation may not be copied, reproduced, republished, downloaded, posted, broadcast or transmitted in any way without the express written permission of SDL. LiveContent S1000D is a registered trademark of SDL Group. All other trademarks are the property of their respective owners. The names of other companies and products mentioned herein may be the trademarks of their respective owners. Unless stated to the contrary, no association with any other company or product is intended or should be inferred. This product may include open source or similar third-party software, details of which can be found by clicking the following link: “Acknowledgments ” on page 15. Although SDL Group takes all reasonable measures to provide accurate and comprehensive information about the product, this information is provided as-is and all warranties, conditions or other terms concerning the documentation whether express or implied by statute, common law or otherwise (including those relating to satisfactory quality and fitness for purposes) are excluded to the extent permitted by law.
    [Show full text]
  • What Is Spring Framework?
    Software Engineering a.a. 2019-2020 Introduction to Spring Framework Prof. Luca Mainetti Università del Salento Roadmap ■ Introduction to Spring ■ Dependency Injection and IoC ■ Bean ■ AoP ■ Module Architecture Introduction to Spring Framework 2 Luca Mainetti What Is Spring Framework? ■ Spring is the most popular application development framework for Java enterprise ■ Open source Java platform since 2003. ■ Spring supports all main application servers and JEE standards ■ Spring handles the infrastructure so you can focus on your application ■ Current version: 5.0.X Introduction to Spring Framework 3 Luca Mainetti What does Spring offer? ■ Dependency Injection – Also known as IoC (Inversion of Control) ■ Aspect Oriented Programming – Runtime injection-based ■ Portable Service Abstractions – The rest of spring • ORM, DAO, Web MVC, Web, etc. • Allows access to these without knowing how they actually work Introduction to Spring Framework 4 Luca Mainetti Dependency Injection ■ The technology that actually defines Spring (Heart of Spring). ■ Dependency Injection helps us to keep our classes as indepedent as possible. – Increase reuse by applying low coupling – Easy testing – More understandable An injection is the passing of a dependency (a service) to a dependent object (a client). Passing the service to the client, rather than allowing a client to build or find the service, is the fundamental requirement of the pattern. Introduction to Spring Framework 5 Luca Mainetti Dependency Injection and Inversion of Control (IoC) In software engineering, inversion of control (IoC) describes a design in which custom-written portions of a computer program receive the flow of control from a generic, reusable library. ■ The Inversion of Control (IoC) is a general concept, and it can be expressed in many different ways and dependency Injection is merely one concrete example of Inversion of Control.
    [Show full text]
  • Dynamic Data Access Object Design Pattern (CECIIS 2008)
    Dynamic Data Access Object Design Pattern (CECIIS 2008) Zdravko Roško, Mario Konecki Faculty of Organization and Informatics University of Zagreb Pavlinska 2, 42000 Varaždin, Croatia [email protected], [email protected] Abstract . Business logic application layer accessing 1 Introduction data from any data source (databases, web services, legacy systems, flat files, ERPs, EJBs, CORBA This paper presents a pattern that help to desing the services, and so forth) uses the Dynamic Data Access data access layer for any data source (not just Object which implements the Strategy[1] design relational) such as CICS, JMS/MQ, iSeries, SAP, pattern and hides most of the complexity away from Web Services, and so forth. Dynamic Data Access an application programmer by encapsulating its Object (DDAO) is an implementation of the Strategy dynamic behavior in the base data access class. By design pattern [1] which defines a family of using the data source meta data, it automates most of algorithms, encapsulate each one, and make them the functionality it handles within the application. interchangeable through an interface. Application programmer needs only to implement Having many options available (EJB, Object specific „finder“ functions, while other functions such Relational Mapping, POJO, J2EE DAO, etc.) to use as „create, store, remove, find, removeAll, storeAll, while accessing a data source, including persistent createAll, findAll“ are implemented by the Dynamic storage, legacy data and any other data source, the Data Access Object base class for a specific data main question for development is: what to use to source type.. bridge the business logic layer and the data from a Currently there are many Object Relational data source ? Assuming that the data access code is Mapping products such as Hibernate, iBatis, EJB not coded directly into the business logic layer (Entity CMP containers, TopLink, which are used to bridge Bean, Session Bean, Servlet, JSP Helper class, POJO) objects and relational database.
    [Show full text]
  • Reference Guide
    Apache Syncope - Reference Guide Version 2.1.9 Table of Contents 1. Introduction. 2 1.1. Identity Technologies. 2 1.1.1. Identity Stores . 2 1.1.2. Provisioning Engines . 4 1.1.3. Access Managers . 5 1.1.4. The Complete Picture . 5 2. Architecture. 7 2.1. Core . 7 2.1.1. REST . 7 2.1.2. Logic . 8 2.1.3. Provisioning . 8 2.1.4. Workflow. 9 2.1.5. Persistence . 9 2.1.6. Security . 9 2.2. Admin UI. 10 2.2.1. Accessibility . 10 2.3. End-user UI. 12 2.3.1. Password Reset . 12 2.3.2. Accessibility . 13 2.4. CLI . 15 2.5. Third Party Applications. 15 2.5.1. Eclipse IDE Plugin . 15 2.5.2. Netbeans IDE Plugin. 15 3. Concepts . 16 3.1. Users, Groups and Any Objects . 16 3.2. Type Management . 17 3.2.1. Schema . 17 Plain . 17 Derived . 18 Virtual . 18 3.2.2. AnyTypeClass . 19 3.2.3. AnyType . 19 3.2.4. RelationshipType . 21 3.2.5. Type Extensions . 22 3.3. External Resources. 23 3.3.1. Connector Bundles . 24 3.3.2. Connector Instance details . 24 3.3.3. External Resource details . 25 3.3.4. Mapping . 26 3.3.5. Linked Accounts . 29 3.4. Realms . 29 3.4.1. Realm Provisioning . 30 3.4.2. LogicActions . 31 3.5. Entitlements. 31 3.6. Privileges . 31 3.7. Roles. 31 3.7.1. Delegated Administration . 32 3.8. Provisioning. 33 3.8.1. Overview. 33 3.8.2.
    [Show full text]
  • Ioc Containers in Spring
    301AA - Advanced Programming Lecturer: Andrea Corradini [email protected] http://pages.di.unipi.it/corradini/ AP-2018-11: Frameworks and Inversion of Control Frameworks and Inversion of Control • Recap: JavaBeans as Components • Frameworks, Component Frameworks and their features • Frameworks vs IDEs • Inversion of Control and Containers • Frameworks vs Libraries • Decoupling Components • Dependency Injection • IoC Containers in Spring 2 Components: a recap A software component is a unit of composition with contractually specified interfaces and explicit context dependencies only. A software component can be deployed independently and is subject to composition by third party. Clemens Szyperski, ECOOP 1996 • Examples: Java Beans, CLR Assemblies • Contractually specified interfaces: events, methods and properties • Explicit context dependencies: serializable, constructor with no argument • Subject to composition: connection to other beans – Using connection oriented programming (event source and listeners/delegates) 3 Towards Component Frameworks • Software Framework: A collection of common code providing generic functionality that can be selectively overridden or specialized by user code providing specific functionality • Application Framework: A software framework used to implement the standard structure of an application for a specific development environment. • Examples: – GUI Frameworks – Web Frameworks – Concurrency Frameworks 4 Examples of Frameworks Web Application Frameworks GUI Toolkits 5 Examples: General Software Frameworks – .NET – Windows platform. Provides language interoperability – Android SDK – Supports development of apps in Java (but does not use a JVM!) – Cocoa – Apple’s native OO API for macOS. Includes C standard library and the Objective-C runtime. – Eclipse – Cross-platform, easily extensible IDE with plugins 6 Examples: GUI Frameworks • Frameworks for Application with GUI – MFC - Microsoft Foundation Class Library.
    [Show full text]
  • Design Pattern Interview Questions
    DDEESSIIGGNN PPAATTTTEERRNN -- IINNTTEERRVVIIEEWW QQUUEESSTTIIOONNSS http://www.tutorialspoint.com/design_pattern/design_pattern_interview_questions.htm Copyright © tutorialspoint.com Dear readers, these Design Pattern Interview Questions have been designed specially to get you acquainted with the nature of questions you may encounter during your interview for the subject of Design Pattern. As per my experience good interviewers hardly plan to ask any particular question during your interview, normally questions start with some basic concept of the subject and later they continue based on further discussion and what you answer: What are Design Patterns? Design patterns represent the best practices used by experienced object-oriented software developers. Design patterns are solutions to general problems that software developers faced during software development. These solutions were obtained by trial and error by numerous software developers over quite a substantial period of time. What is Gang of Four GOF? In 1994, four authors Erich Gamma, Richard Helm, Ralph Johnson and John Vlissides published a book titled Design Patterns - Elements of Reusable Object-Oriented Software which initiated the concept of Design Pattern in Software development. These authors are collectively known as Gang of Four GOF. Name types of Design Patterns? Design patterns can be classified in three categories: Creational, Structural and Behavioral patterns. Creational Patterns - These design patterns provide a way to create objects while hiding the creation logic, rather than instantiating objects directly using new opreator. This gives program more flexibility in deciding which objects need to be created for a given use case. Structural Patterns - These design patterns concern class and object composition. Concept of inheritance is used to compose interfaces and define ways to compose objects to obtain new functionalities.
    [Show full text]
  • Design Patterns in PHP and Laravel — Kelt Dockins Design Patterns in PHP and Laravel
    Design Patterns in PHP and Laravel — Kelt Dockins Design Patterns in PHP and Laravel Kelt Dockins [email protected] Design Patterns in PHP and Laravel Kelt Dockins Dolph, Arkansas USA ISBN-13 (pbk): 978-1-4842-2450-2 ISBN-13 (electronic): 978-1-4842-2451-9 DOI 10.1007/978-1-4842-2451-9 Library of Congress Control Number: 2016961807 Copyright © 2017 by Kelt Dockins This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. Trademarked names, logos, and images may appear in this book. Rather than use a trademark symbol with every occurrence of a trademarked name, logo, or image we use the names, logos, and images only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. The use in this publication of trade names, trademarks, service marks, and similar terms, even if they are not identified as such, is not to be taken as an expression of opinion as to whether or not they are subject to proprietary rights. While the advice and information in this book are believed to be true and accurate at the date of publication, neither the authors nor the editors nor the publisher can accept any legal responsibility for any errors or omissions that may be made.
    [Show full text]
  • Process Synchronisation Background (1)
    Process Synchronisation Background (1) Concurrent access to shared data may result in data inconsistency Maintaining data consistency requires mechanisms to ensure the orderly execution of cooperating processes Producer Consumer Background (2) Race condition count++ could be implemented as register1 = count register1 = register1 + 1 count = register1 count- - could be implemented as register2 = count register2 = register2 - 1 count = register2 Consider this execution interleaving with ―count = 5‖ initially: S0: producer execute register1 = count {register1 = 5} S1: producer execute register1 = register1 + 1 {register1 = 6} S2: consumer execute register2 = count {register2 = 5} S3: consumer execute register2 = register2 - 1 {register2 = 4} S4: producer execute count = register1 {count = 6 } S5: consumer execute count = register2 {count = 4} Solution: ensure that only one process at a time can manipulate variable count Avoid interference between changes Critical Section Problem Critical section: a segment of code in which a process may be changing Process structure common variables ◦ Only one process is allowed to be executing in its critical section at any moment in time Critical section problem: design a protocol for process cooperation Requirements for a solution ◦ Mutual exclusion ◦ Progress ◦ Bounded waiting No assumption can be made about the relative speed of processes Handling critical sections in OS ◦ Pre-emptive kernels (real-time programming, more responsive) Linux from 2.6, Solaris, IRIX ◦ Non-pre-emptive kernels (free from race conditions) Windows XP, Windows 2000, traditional UNIX kernel, Linux prior 2.6 Peterson’s Solution Two process solution Process Pi ◦ Mutual exclusion is preserved? ◦ The progress requirements is satisfied? ◦ The bounded-waiting requirement is met? Assumption: LOAD and STORE instructions are atomic, i.e.
    [Show full text]
  • Tracking Known Security Vulnerabilities in Third-Party Components
    Tracking known security vulnerabilities in third-party components Master’s Thesis Mircea Cadariu Tracking known security vulnerabilities in third-party components THESIS submitted in partial fulfillment of the requirements for the degree of MASTER OF SCIENCE in COMPUTER SCIENCE by Mircea Cadariu born in Brasov, Romania Software Engineering Research Group Software Improvement Group Department of Software Technology Rembrandt Tower, 15th floor Faculty EEMCS, Delft University of Technology Amstelplein 1 - 1096HA Delft, the Netherlands Amsterdam, the Netherlands www.ewi.tudelft.nl www.sig.eu c 2014 Mircea Cadariu. All rights reserved. Tracking known security vulnerabilities in third-party components Author: Mircea Cadariu Student id: 4252373 Email: [email protected] Abstract Known security vulnerabilities are introduced in software systems as a result of de- pending on third-party components. These documented software weaknesses are hiding in plain sight and represent the lowest hanging fruit for attackers. Despite the risk they introduce for software systems, it has been shown that developers consistently download vulnerable components from public repositories. We show that these downloads indeed find their way in many industrial and open-source software systems. In order to improve the status quo, we introduce the Vulnerability Alert Service, a tool-based process to track known vulnerabilities in software projects throughout the development process. Its usefulness has been empirically validated in the context of the external software product quality monitoring service offered by the Software Improvement Group, a software consultancy company based in Amsterdam, the Netherlands. Thesis Committee: Chair: Prof. Dr. A. van Deursen, Faculty EEMCS, TU Delft University supervisor: Prof. Dr. A.
    [Show full text]
  • APPLYING MODEL-VIEW-CONTROLLER (MVC) in DESIGN and DEVELOPMENT of INFORMATION SYSTEMS an Example of Smart Assistive Script Breakdown in an E-Business Application
    APPLYING MODEL-VIEW-CONTROLLER (MVC) IN DESIGN AND DEVELOPMENT OF INFORMATION SYSTEMS An Example of Smart Assistive Script Breakdown in an e-Business Application Andreas Holzinger, Karl Heinz Struggl Institute of Information Systems and Computer Media (IICM), TU Graz, Graz, Austria Matjaž Debevc Faculty of Electrical Engineering and Computer Science, University of Maribor, Maribor, Slovenia Keywords: Information Systems, Software Design Patterns, Model-view-controller (MVC), Script Breakdown, Film Production. Abstract: Information systems are supporting professionals in all areas of e-Business. In this paper we concentrate on our experiences in the design and development of information systems for the use in film production processes. Professionals working in this area are neither computer experts, nor interested in spending much time for information systems. Consequently, to provide a useful, useable and enjoyable application the system must be extremely suited to the requirements and demands of those professionals. One of the most important tasks at the beginning of a film production is to break down the movie script into its elements and aspects, and create a solid estimate of production costs based on the resulting breakdown data. Several film production software applications provide interfaces to support this task. However, most attempts suffer from numerous usability deficiencies. As a result, many film producers still use script printouts and textmarkers to highlight script elements, and transfer the data manually into their film management software. This paper presents a novel approach for unobtrusive and efficient script breakdown using a new way of breaking down text into its relevant elements. We demonstrate how the implementation of this interface benefits from employing the Model-View-Controller (MVC) as underlying software design paradigm in terms of both software development confidence and user satisfaction.
    [Show full text]
  • Return of Organization Exempt from Income
    OMB No. 1545-0047 Return of Organization Exempt From Income Tax Form 990 Under section 501(c), 527, or 4947(a)(1) of the Internal Revenue Code (except black lung benefit trust or private foundation) Open to Public Department of the Treasury Internal Revenue Service The organization may have to use a copy of this return to satisfy state reporting requirements. Inspection A For the 2011 calendar year, or tax year beginning 5/1/2011 , and ending 4/30/2012 B Check if applicable: C Name of organization The Apache Software Foundation D Employer identification number Address change Doing Business As 47-0825376 Name change Number and street (or P.O. box if mail is not delivered to street address) Room/suite E Telephone number Initial return 1901 Munsey Drive (909) 374-9776 Terminated City or town, state or country, and ZIP + 4 Amended return Forest Hill MD 21050-2747 G Gross receipts $ 554,439 Application pending F Name and address of principal officer: H(a) Is this a group return for affiliates? Yes X No Jim Jagielski 1901 Munsey Drive, Forest Hill, MD 21050-2747 H(b) Are all affiliates included? Yes No I Tax-exempt status: X 501(c)(3) 501(c) ( ) (insert no.) 4947(a)(1) or 527 If "No," attach a list. (see instructions) J Website: http://www.apache.org/ H(c) Group exemption number K Form of organization: X Corporation Trust Association Other L Year of formation: 1999 M State of legal domicile: MD Part I Summary 1 Briefly describe the organization's mission or most significant activities: to provide open source software to the public that we sponsor free of charge 2 Check this box if the organization discontinued its operations or disposed of more than 25% of its net assets.
    [Show full text]