Version 1.3 released of Application Foundation

Kim · April 20, 2010, 6:17pm

Version 1.3 of the
Application foundation
has been released. This version has focused on improving the inbuilt security features but also few other changes have been made. The most significant changes has been in the authentication module, which has gotten a bunch of new features explained below. The view module has also received some new features. Additionally to the new features, bugs have been fixed and the code quality has been improved.

New features, authentication module

Protection against brute force attacks

The authentication module now contains protection against brute force attacks. If a user tries to log in but gets the password wrong five times in a row (number of allowed failed attempts can be configured), the user account will be locked and you can no longer log in with it unless the account is unlocked, thus preventing an attacker from performing brute force attacks in the login form.

Developers often forget another entry point for brute force attacks - the password change form. Password change forms often require the user to give his current password before the new password is applied. If the user forgets to log out and leaves the computer, then an attacker can use the user’s session and perform a brute force attack using the password change form - unless, of course, the developer has remembered block this entry point as well. The UserUtil class contains the method changePassword(). This method keeps track of failed password change attempts. If the user gets his current password wrong five times in a row, then the user is automatically logged out from the application (note that the account will not be locked).

Inbuilt password rules

The authentication module now contains more password rules which can be applied for users. Previously, one have been able to define a minimum length for a password. Now you can also define that a password must contain lower-case letters, upper-case letters, number and/or special characters. The usage of these password rules is explained below in the configuration section of this release note.

It can be user-friendly to give the user feedback about these password policies in the graphical user interface. Hence, you can call the PasswordUtil.getValidators() method which will return a list of Vaadin validators of all active password rules, these validators can be applied directly to Vaadin fields.

New features, view module

Deactivation of views

The view module has received a counterpart for the activation of views - namely, deactivation of views. It works just as activating of views, you call ViewHandler.deactivateView(…) to deactivate a view. An event about the deactivation is sent to the dispatch listeners (who can cancel the deactivation if necessary) after which the parent view is told to deactivate the view. Finally, the view’s deactivated() method will be called.

A default implementation for the ViewContainer interface

The view module has received a new class, the SimpleViewContainer. The SimpleViewContainer is a default implementation of the ViewContainer interface. The SimpleViewContainer is a normal Vaadin CustomComponent with a panel. When a view is activated, any existing views are removed from the panel and the activated view is added to the panel. When a view is deactivated, then it is simply removed from the panel. This implementation of the ViewContainer comes handy when you don’t need any special features for changing views in your application. The SimpleViewContainer extends the AbstractView, so it can be used as a view itself.

The newest version of the Application Foundation can be downloaded from
the directory
.

For more details about the release, please see the
release notes
.

Kim · April 23, 2010, 11:32am

I just noticed that there had been a packaging problem with the release 1.3.0. I’ve now released a 1.3.1 where the error has been corrected. Sorry for the inconvenience.

Kim · June 16, 2010, 6:14am

Version 1.3.2 released

I’m proud to announce that the newest version of
AppFoundation
has been released. Additionally to bug fixes, the authorization module has received some more features for managing permissions. The view module also got an update, where the AbstractView got replaced by a View interface, thus allowing more flexibility for developers to create more lightweight applications.

For more details, please read the
release notes
.

The newest version of the AppFoundation can be downloaded
from the directory
.

Ps. The online demo is currently down, but it will be up and running later today. Also, a completely new demo application is being written, but more of that later

Kim · June 29, 2010, 6:23am

Version 1.3.3 released

The newest version of
AppFoundation
has been released. This release brings two significant improvements, one to the view module and one to the i18n module.

The ViewHandler now supports the usage of URI fragment parameters. For example, consider the URL http://some.site/yourapp#yourview/foo/bar , when calling the URL above, the ViewHandler would activate the view that has been assigned the URI fragment “yourview”. When the view gets activated, the activate() method gets as parameters the strings “foo” and “bar”.

The i18n module’s FillXml tool got an update, as it now makes it easier for you to maintain and add new languages to you translations file.

For more details, please read the
release notes
.

The newest version of the AppFoundation can be downloaded
from the directory
.

Kim · November 5, 2010, 7:39am

Version 1.3.4 released

First of all, my apologies that this release was not announced on the forums even though it was released several weeks ago.

This release has been about expanding existing APIs and making the already available tools a bit more easy to use for the developer. Both the i18n and persistence modules have received updates, changes are explained in more detail below.

New i18n form

The i18n module has already contained the @FieldTranslation annotation feature and with the help of the TranslationUtil helper class, one can bind the translations to a form. This process has been made more simple with the new I18nForm. The I18nForm is basically a normal form, except that it looks for the @FieldTranslation annotation in the properties of the given POJO. Basically, all you need for do is to initialize the form with the POJOs class as the constructor’s parameter.


I18nForm form = new I18nForm(YourPojo.class);
BeanItem<YourPojo> item = new BeanItem<YourPojo>(new YourPojo());
form.setItemDataSource(item);

Expansions to the persistence module’s API

The facade interface has received three new methods. Both {{{list()}}} method have received two new variants in which
both you can specify a subset of the resultset to be returned. Both methods take two extra parameters, a start index
and an amount of results you wish to be returned.

The second change is that there is now a {{{getFieldValues()}}} method. With this method, you can fetch a particular
field’s values of all POJOs from the database without fetching the actual POJO instances. For example, if you have
a POJO called Person, you could fetch the first name of all Persons with getFieldValues method. The method would return a list of strings containing all first names.

Version 1.3.5 released

The newest version of
AppFoundation
has been released. This release contains only three changes: one bug fix, one improvement and one design change.

Bug fix: To make the authorization module compatible with Oracle XE database, the PermissionEntity’s “resource” column had to be renamed to “perm_resource”. If you are using the PermissionEntity, please make sure that you update the column name in your database when upgrading to the newest version of AppFoundation.

Improvement: The i18n module now has the ability to fetch translation messages from other sources than TMX files. If you want to store your translation messages in another format, that is fine, all you have to do is to implement the TranslationSource interface and give it as a parameter to InternationalizationServlet’s loadTranslations() method.

Design change: The view module’s ViewItem class contains a method called getView, which returns the the view instance for that item and if it is not set, then it tries to create a new instance via the view factory. Previously, it was possible that the view instance and the factory were both null, which resulted in getView() returning null as well. This is a bit problematic, since it would most likely cause a NullPointerException later on in the application and tracing back the source of that NPE might be a bit time consuming. Hence, in the newest version, if view and factory fields are both null, the getView() method will throw an NPE itself.

For more details, please read the
release notes
.

The newest version of the AppFoundation can be downloaded
from the directory
.

jlavric · February 21, 2011, 6:12pm

Kim, thank you for your add on, this is really essential component or feature pack. But:blink: I have a problem. I am using Vaadin with JPA and EclipseLink and Eclipse JPA plugin. After adding appfoundation.jar I got two errors in Eclipse, without any messages or log. Another more serious problem is error on @Entity annotation. When I do this:

@Entity public class MyClass extends AbstractPojo... { I got “The entity has no primary key attribute defined”. There is no primary key in MyClass but there is one in AbstractPojo. I guess that this must be ok. Or what? Do you think that I should stop using JPA plugin in Eclipse? Thank you again for your addon and help,
Janez

Kim · February 21, 2011, 7:20pm

Hi

I don’t have the JPA plugin installed, but you are correct, the AbstractPojo class contains the primary key and it thus should be fine.

Kim

jlavric · February 22, 2011, 2:52pm

Everything works fine the only thing is that red error message (…no Id …). But I have changed the configuration in Eclipse to ‘Info’ level and now I’m fine.