Ben Alex has released the 0.6.1 version of the Acegi Security System for Spring.
For those who don’t know the project provides comprehensive security services for The Spring Framework. I think it’s a must if you need security in your applications (who doesn’t need?). It’s easy and powerful.

FEATURES:

* It is ready NOW
* Easy to use and deploy (eg see samples/quick-start directory)
* Enterprise-wide single sign on (via Yale Uni’s CAS project)
* Reuses your Spring expertise
* Domain object instance security
* Non-intrusive setup
* Full (but optional) container integration
* Keeps your objects free of security code
* Secures your HTTP requests (regular expressions, Ant Paths etc)
* Channel security (HTTPS/HTTP auto redirection etc)
* Supports HTTP BASIC authentication (RFC 1945)
* Convenient security taglib
* Application context or attribute-based configuration
* Various authentication backends (including JDBC)
* Event support
* Easy integration with existing databases (no schema changes)
* Caching (now pluggable, with an EHCACHE implementation)
* Pluggable architecture
* Startup-time validation
* Remoting support (demonstrated in sample application)
* Advanced password encoding (SHA, MD5, salts etc)
* Run-as replacement
* Unit tests (Clover coverage is currently 98%)
* Container integration tests
* Supports your own unit tests
* Peer reviewed
* Thorough documentation
* Apache license

CHANGES IN 0.6.1:

* Resolved to use http://apr.apache.org/versioning.html for versioning
* Added additional DaoAuthenticationProvider event when user not found
* Added Authentication.getDetails() to DaoAuthenticationProvider resp
* Added DaoAuthenticationProvider.hideUserNotFoundExceptions
* Added PasswordAuthenticationProvider for password-validating DAOs
* Added FilterToBeanProxy compatibility with ContextLoaderServlet
* Added convenience methods to ConfigAttributeDefinition
* Improved sample applications’ bean reference notation
* Clarified contract for ObjectDefinitionSource.getAttributes(Object)
* Extracted removeUserFromCache(String) to UserCache interface
* Improved ConfigAttributeEditor so it trims spaces
* Refactored UsernamePasswordAuthenticationToken.getDetails() to Object
* Fixed MethodDefinitionAttributes to implement ObjectDefinitionSource
* Fixed EH-CACHE-based caching implementation behaviour if cache exists
* Fixed Ant “release” target not including project.properties
* Fixed GrantedAuthorityEffectiveAclsResolver if null ACLs provided
* Documentation improvements

As per the Apache APR project versioning guidelines (URL above), this is
a patch release. Existing users of release 0.6 should be able to upgrade
by simply replacing the JAR(s) and testing.

The new Maven 1.0.1 release is on the way, with many bugfixes.
Check the road map

A better option than defining each mapping resource using the mappingResources property of LocalSessionFactoryBean is using mappingDirectoryLocations with something like the following, only needed once for all the system.

<bean id="sessionFactory">
 <property name="dataSource">
   <ref bean="dataSource">
   </ref>
   <property name="mappingDirectoryLocations">
     <list>
       <value>net/sf/oness</value>
     </list>
   </property>
   <property name="hibernateProperties">
     <ref bean="hibernateProperties">
     </ref>
   </property>
  </property>
</bean>

But be careful, this doesn’t allow you to use classpath locations, they have to be in the filesystem. AFAIK there’s no way to use all mapping files in the classpath under some package, that would be the best solution, e.g. I wanna use all *.hbm.xml in the classpath under net/sf/oness

If you want to use transactions (trust me, you want) you have to use InnoDB tables, so add default-table-type=InnoDB to your mysql configuration file (my.cnf or my.ini). This solution is Hibernate friendly.

For example in windows you can use the following my.ini in the windows dir:

[mysqld]
# Uncomment the following if you want to log updates
log-bin
# Uncomment the following if you are NOT using BDB tables
skip-bdb
# Uncomment the following if you are using Innobase tables
innodb_data_file_path = ibdata1:20M:autoextend
default-table-type=InnoDB

If you are using a MySQL version previous to 4.0 you should check InnoDB configuration to enable InnoDB.

When using Spring transaction proxy org.springframework.transaction.interceptor.TransactionProxyFactoryBean with an Hibernate transaction manager org.springframework.orm.hibernate.HibernateTransactionManager you should know that Hibernate session will be opened at the start of the transaction and closed at the end. Any modification to persistent objects will be flushed to database, so be careful when in service managers (aka business delegates or facades) you touch Hibernate persisted objects. What I’ve done is return clones of them in my DAOs so they can be used as Transfer Objects, changing its state will not change database state.

Be sure that in the TransactionProxyFactoryBean bean definition you add transactionAttributes for every method in the facade or the session will be closed every time a DAO call spring HibernateTemplate.execute method. I forgot this for get* methods and got errors difficult to debug.

If you’re looking for a library and don’t know where it is check this search engine

Mike Thomas has developed SpringGraph a stylesheet to generate a graph from Spring beans in application context.
I took it and developed the maven-springgraph-plugin, check the sample output. I think spring users will find it useful.
The main drawback is the need to install Graphviz, so if anyone knows a Java implementation to make graphs, please tell me.

I don’t know why but the comments on this weblog are not emailed to me altough I checked the “E-Mail Comments” checkbox in settings.

Also I don’t know why comments are disabled for posts older than seven days.

Update: This happened when using a tool to post the entry such as w.bloggar

Another bug I’ve just discovered happened when logged in I added a comment in other weblog, the result page was MY weblog with the other weblog entry and comment added!

I think roller needs a bit more testing.

I found many blame Maven for many things that are not right, they just have not found the way to solve them.

Here it goes some of them:

• The learning curve is as steep as it can get, the documentation is rudimentary and limited and public domain is not much help either
  
  Almost all questions in the user list are answered, Maven has a growing community with lots of users. And once you are used to a Maven project you are used to all Maven projects all over the world.
• Limited Utilities to Integrate with existing IDEs like WSAD (eclipse 2.1 platform based)
  – mevenide is improving with time, anyway I don’t really need to use it, I prefer doing by hand.
• Tedious process of creating XDoc files
  – Use html2xdoc plugin
• Dependency management is a pain
  – Dependency management is one of the best things of Maven. You can’t blame maven because your alternatives are: doing it by hand writing lots of xml lines!
• Limited Integration facilities with SCM tools like Sub-Version, Serena etc.
  
  – It’s already done for next versions

I have just implemented a tiles controller that sets css styles based on user-agent header automatically.

The layout of the webapps can be easily customised without touching any jsp code nor creating new jsp files, CSS stylesheets are profusely used, no annoying tables, no need for typing different urls according to the browser you’re using, you can check that most of sites in the net are using different urls for pdas and other browsers, e.g. in Google you need to go to www.google.com/palm to see the palm site.

Here you can find the controller documentation
http://oness.sourceforge.net/multiproject/oness-common-webapp-controller/

And here some snapshots and the view documentation and tiles configuration file with a sample of setting a custom layout to a Palm pda.
http://oness.sourceforge.net/multiproject/oness-common-webapp-view