book

Programming Grails

Name: Programming Grails
Author: Burt Beckwith
ISBN: 9781449324537

by Burt Beckwith

April 2013

Intermediate to advanced

364 pages

8h 51m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Programming Grails
Preface
Who This Book Is ForOther ResourcesConventions Used in This BookUsing Code ExamplesSafari® Books OnlineHow to Contact UsAcknowledgments
1. Introduction to Groovy
Installing GroovyGroovy ConsoleOptional TypingCollections and MapsPropertiesUsing the AST BrowserDecompiling with JD-GUIDecompiling with javapClosuresInterface CoercionProgrammatic ClosuresOwner, Delegate, and thisGroovy’s Contributions in the War Against VerbosityConstructorsChecked ExceptionsGroovy TruthSemicolonsOptional ReturnScopeParenthesesDefault ImportsDifferences Between Java and GroovyArray Initializationin and def Keywordsdo/while Loopsfor LoopsAnnotationsGroovy EqualityMultimethod DispatchGroovy StringsStatic thisThe Groovy JDK (GDK)DefaultGroovyMethods and InvokerHelperMetaprogramming and the MOPAdding MethodsIntercepting Method CallsgetProperty and setPropertymethodMissing and propertyMissingOperatorsNull-Safe DereferenceElvisSpreadSpaceshipField AccessasinMethod ReferenceOverload Your OperatorsBeing Too Groovydef Considered HarmfulClosures Versus MethodsTypeChecked, CompileStatic, and invokedynamic
2. Grails Internals
Installing GrailsCreating an ApplicationA nte about the work directoryRunning the applicationThe Grails Command LineIDE SupportPluginsOptional PluginsThe cache pluginThe database-migration pluginThe hibernate pluginThe jquery pluginThe resources pluginThe tomcat pluginThe webxml pluginCore PluginsThe codecs pluginThe controllers pluginThe converters pluginThe core pluginThe dataSource pluginThe domainClass pluginThe filters pluginThe groovyPages pluginThe i18n pluginThe logging pluginThe mimeTypes pluginThe scaffolding pluginThe services pluginThe servlets pluginThe urlMappings pluginThe validation pluginConventionsController and View ConventionsData binding conventionsLayout conventionsURI conventionsService ConventionsDomain Class ConventionsMore Information
3. Persistence
Data MappingNonpersistent Domain ClassesData ValidationCustom ValidationExtreme Custom ValidationValidation PluginsFriendly Error MessagesBlanks Versus NullsTransientsMapping CollectionsQueryingSaving, Updating, and DeletingNoSQL Support
4. Spring
Inversion of Control and Dependency InjectionComplex Dependency Configuration Using Spring SpELManually Injecting Dependencies at RuntimeBean ScopesTransactional Services@TransactionalTransaction ProxiesUnintentionally bypassing the bean proxyTransaction Utility MethodsBean Life Cycles and InterfacesBean PostprocessorsA Groovier WayBean AliasesInternationalizationResourcesResource Dependency InjectionResourceLocatorData Binding and ValidationData BindingValidationDatabase PersistenceThread-Local HoldersJdbcTemplateOther Database SupportSpring MVCFiltersUsing Spring MVC ControllersRemotingClient AccessJMSEJBsJMXEmailCache Abstraction
5. Hibernate
Mapping Domain ClassesDialectsDialect AutodetectionDialect CustomizationHibernate Without GORMhibernate.cfg.xmlHibernateUtilAuthorBookExperimenting with the APIsThe SessionwithSessionwithNewSessionOpen Session in ViewDisabling OSIVCustom User TypesOptimistic and Pessimistic LockingAccessing the Session’s Connectionschema-exportSQL LoggingProxiesequals, hashCode, and compareToCachingExamplesCaching APIevictingAccessing cachesQuery Caching Considered Harmful?HQLexecuteQueryQuery SyntaxReport QueriesSingle propertiesMultiple propertiesnew listAggregate FunctionsExpressionsCollectionsCollections PerformanceThe SolutionSession.createFilter()Custom ConfigurationsMapping Views and Subselect ClassesSubselect Domain ClassesSelecting with a POGOget(), load(), and read()get()load()read()PerformanceCachingLazy LoadingTransactional Write-Behind
6. Integration
JMSXA Support with the Atomikos PluginMailSending EmailSending Email AsynchronouslySending Email from Log4jTestingSOAP Web ServicesThe Server ApplicationThe Client ApplicationTCPMonRESTTCPMonJMX
7. Configuration
External config FilesLoading the ConfigurationPartitioning Config FilesSplitting resources.groovyModularizing Within resources.groovyEnvironment-Specific Spring BeansBeans Closures in Config.groovyOptions for BuildConfig.groovyAdding Additional Source FoldersExtra Folders Under grails-app
8. Plugins
Creating a PluginInitial StepsThe Plugin DescriptorMetadataLife Cycle CallbacksdoWithWebDescriptordoWithSpringdoWithDynamicMethodsdoWithApplicationContextonChangeonConfigChangeonShutdownSplitting Applications into PluginsInline PluginsBuilding and ReleasingAutomated TestingA mini DSL to describe versionsContinuous integrationTesting scriptsRunning the TestsCustom Plugin RepositoriesPlugin DocumentationCustom ArtifactsSome Notes on Plugin Development Workflow

9. Security
OWASPA1: InjectionCommand injectionA2: Cross-Site Scripting (XSS)RemediesBest practicesA3: Broken Authentication and Session ManagementA4: Insecure Direct Object ReferencesRemediesA5: Cross-Site Request ForgeryRemediesA6: Security MisconfigurationRemediesA7: Insecure Cryptographic StorageBest practicesA8: Failure to Restrict URL AccessA9: Insufficient Transport Layer ProtectionA10: Unvalidated Redirects and ForwardsSecurity Pluginsspring-security-coreGetting startedAccess controlOther Plugins and LibrariesAntiSamyESAPIHDIVGeneral Best Practices
10. The Cloud
Cost SavingsWhat You Give UpCloud FoundryDatabase ApplicationsCreating an applicationScalingHTTP sessionsNoSQL, RabbitMQ, and SearchableMonitoring and the Cloud Foundry UI PluginThe cloud-foundry-ui PluginHerokuDatabase ApplicationsCreating an applicationScalingHTTP sessionsBuild PacksOther ProvidersOther Uses for Cloud Services
11. AOP
Grails FiltersHTTP FiltersGroovy AOPRegistering Metaclass InterceptorsError Code URL MappingsSpring AOPEnabling Spring AOPDefining AspectJ-Annotated AspectsCompile-Time Weaving
12. Upgrading Applications and Plugins
Why Doesn’t the Upgrade Script Do More?A General Approach to UpgradingUpgrading Petclinic: A Case StudyStep 1: Determine the changes in the applicationStep 2: Make the first round of changes in a new applicationStep 3: Make the second round of changesStep 4: Finishing upRunning the upgrade script insteadA Short History of GrailsGrails 1.2Grails 1.2.2Grails 1.2.4Grails 1.3Grails 1.3.1Grails 1.3.2Grails 1.3.4Grails 1.3.6Grails 1.3.7Grails 1.3.8Grails 1.3.9Grails 2.0Grails 2.0.2Grails 2.1.xGrails 2.2.xNotes on Upgrading
Index
About the Author
Colophon
Copyright

Content preview from Programming Grails

Chapter 9. Security

The purpose of this chapter is to scare you. You are most likely not doing enough to secure your application and your user data, and running a risk of an embarrassing security breach that could gain you a lot of unwanted attention. In Hollywood, they say that all publicity is good publicity, because whether it’s good or bad, it gets people thinking about you. But for websites, this is far less true; users need to trust your site, and if you violate that trust, they will find an alternative. I often joke at conferences when I talk about security that you want to end up on Slashdot because you are awesome, not because you got hacked.

Please note that this is a very cursory discussion of an important topic, and you should make it a priority that at least someone on your team is knowledgeable about security best practices.

OWASP

The Open Web Application Security Project (OWASP) is an organization that collects web application security information and publishes a list of its top 10 highest-priority security risks for web apps; this list is updated every three years, and the most recent is from 2010. Grails does help mitigate some of the risks by default, and using a security plugin helps with others, but it’s important to be aware of the risks and to be security conscious.

A1: Injection

SQL injection is the most common type of injection attack, and Grails applications are largely immune to these, but not entirely. An SQL injection attack typically consists of tricking ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781449324513Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design