In standalone.xml
Remove/Modify
*************
Add
***
Remove/Modify
*************
Add
***
Subscribe To
Posts
All Comments
Friday, November 8, 2013
Thursday, November 7, 2013
Jbpm web application JBoss
Simple Eclipse
project which creates a deployable web app which contains all the basics
to run JBPM 5.4 inside a web app ussing persistence. The project is
deployed in a JBoss AS 7.1.1 server which was created using the JBPM 5.4
installer. This project uses PostgreSQL as the database. The JBPM
process is read from a local Guvnor instance.
This
example was created by combining a few other existing examples together
and then adding some stuff I've figured out along the way.
Anyway, hopefully this will help get people going using JBPM in thier own web apps.
Here are the instructions which are also found in the web apps home page:
- Install your jdbc drivers into your JBoss AS installation. (I did mine as a module following this.)
- Create a new empty database/schema called "testJBPM" in your database with permissions for a user "jbpm" and password "jbpm". (If you are not using PostgreSQL or want to change the connection information, update jbpm-in-webapp-ds.xml)
- Create a new package in Guvnor called "testPackage". (Change the URL in KBaseService and the packageName in ScriptTeask.bpmn if you want to use a different package name)
- Create a pojo model jar containing HelloService.java and Person.java the and deploy it to the testPackage inside guvnor. (From eclipse basically select the 2 files and do "Export->Java->Jar file. Name it whatever and upload it to Guvnor")
- Upload ScriptTask.bpmn to Guvnor in the same package.
- Build the testPackage in Guvnor (Click "Build package" button in the edit tab))
- Deploy this web app to your jboss server (The needed tables will be built in your database because "hibernate.hbm2ddl.auto" is set to "update" in persistence.xml)
- Go to http://localhost:8080/jbpm-in-webapp/
Eclipse plug-in Installation for jBPM5
Here
are the manual steps to install jBPM5 plug-in and run a sample example
in Eclipse.This install is done automatically after running jBPM5
installer.
Following procedure, however, might be useful if you want to understand
(or having problems completing the install) the main install steps
provided in the automated install script for JBPM5.2. The install
instructions for the previous release 5.1 can also be found in the
attachment jbpm5.1install.zip.
1.) Download Eclipse Helios:
http://download.eclipse.org/technology/epp/downloads/release/helios/SR2/eclipse-java-helios-SR2-win32.zip
Unzip this into a directory, say JBPM5
2.) Download Drools and JBPM5 plugin, i.e., org.drools.updatesite-5.3.1.Final-assembly.zip:
https://repository.jboss.org/nexus/content/repositories/releases/org/drools/org.drools.updatesite/5.3.1.Final/org.drools.updatesite-5.3.1.Final-assembly.zip
Unzip
this plugin to a temp directory, say TEMP\drools-update-site. Copy
'features' and 'plugins' directories from TEMP\drools-update-site into
JBPM5\eclipse
It is required to have a runtime dependant libraries that a jBPM5 sample can use.
3.) Download the libraries (jbpm-5.2.0.Final-bin.zip ) from http://sourceforge.net/projects/jbpm/files/jBPM%205/jbpm-5.2.0.Final/jbpm-5.2.0.Final-bin.zip/download and unzip into a directory, say JBPM5\runtime.
4.) Create a new jBPM sample project in Eclipse and use the runtime libraries downloaded in Step 4.
http://download.eclipse.org/technology/epp/downloads/release/helios/SR2/eclipse-java-helios-SR2-win32.zip
https://repository.jboss.org/nexus/content/repositories/releases/org/drools/org.drools.updatesite/5.3.1.Final/org.drools.updatesite-5.3.1.Final-assembly.zip
JBPM5\eclipse
Install JBPM in Eclipse
jBPM 5 application using a simple Hello World project in combination with the Eclipse jBPM plugin.
jBPM 5 can be freely downloaded from sourceforge here.
jBPM 5 is basically distributed in two formats: the jbpm-5.X.X.Final-installer-full.zip which includes really lots of stuff (including the core libraries, the JBoss AS, the Eclipse plugins and the Web application consoles) and the jbpm-5.X.X.Final-bin.zip which contains just the jBPM 5 libraries and thus it's good for distributing it in production.
For the purpose of learning we will download the latest jbpm-5.X.X.Final-installer-full.zip which contains all the stuff needed to learn jBPM. Once downloaded unzip the package in a folder of your preference.
Ok now you can get started in two ways:
1# Option: Installing all the components contained in the package using:
You need to have Eclipse Indigo installed in order to continue
Now open the file build.properties which is used by ant and specify the path where Eclipse is installed:
For example, if you have installed Eclipse into C:\
In this tutorial we will see a basic hello world process, (in the next one e will show how to deal with of human tasks and data persistence).
Next you need to specify where your jBPM runtime environment has been installed (If you have unpacked the jbpm-installer in C:\ it will be C:\jbpm-installer\runtime)
Ok. Now Eclipse shows your first jBPM5 project which contains barely:
By clicking on the sample.bpmn file, the BPMN 2 process editor will be activated:
As you can see this process contains a start node, an end node and a Script task named "Hello".
A Script Task represents a script that should be executed in this process. The associated action specifies what should be executed, the dialect used for coding the action (i.e., Java or MVEL), and the actual action code. This code can access any variables and globals. When a Script Task is reached in the process, it will execute the action and then continue with the next node.
By clicking on the "Properties" tab, in the lower part of your IDE, you can see the Action which is associated to the process.
As it is, when you run the ProcessMain, a simple "Hello world" message will display on the console.
Let's make it a bit more interesting: Right click on the "Action" of your node, where the [..] button is displayed. This will let you redefine your action. Specify the following action in the Textual editor:
The predefined variable kcontext references the ProcessContext object (which can, for example, be used to access the current ProcessInstance or NodeInstance, and to get and set variables, or get access to the ksession using kcontext.getKnowledgeRuntime()
Now modify your ProcessMain class, so that the process is started with an HashMap containing the process variables initial value:
Ok, we have just instructed jBPM to start a process and into the Script task, to display the "name" process variable. Verify it by running the ProcessMain class.
jBPM 5 can be freely downloaded from sourceforge here.
jBPM 5 is basically distributed in two formats: the jbpm-5.X.X.Final-installer-full.zip which includes really lots of stuff (including the core libraries, the JBoss AS, the Eclipse plugins and the Web application consoles) and the jbpm-5.X.X.Final-bin.zip which contains just the jBPM 5 libraries and thus it's good for distributing it in production.
For the purpose of learning we will download the latest jbpm-5.X.X.Final-installer-full.zip which contains all the stuff needed to learn jBPM. Once downloaded unzip the package in a folder of your preference.
Ok now you can get started in two ways:
1# Option: Installing all the components contained in the package using:
ant install.demo2# Option: If you want to install the component step by step you will understand better the role of every single component of jBPM 5. Here's how to do it:
You need to have Eclipse Indigo installed in order to continue
Now open the file build.properties which is used by ant and specify the path where Eclipse is installed:
For example, if you have installed Eclipse into C:\
# the home of your eclipse installation will be # used to deploy the Eclipse plugin to eclipse.home=C:\\eclipseOk, now we will install the jBPM Eclipse plugin with the following ant command:
ant install.droolsjbpm-eclipse.into.eclipseAnd then we will install the jBPM runtime:
ant install.jBPM.runtime
Creating your first jBPM 5 project:
Good, that's all to get started. Now start Eclipse and create a new jBPM project:In this tutorial we will see a basic hello world process, (in the next one e will show how to deal with of human tasks and data persistence).
Next you need to specify where your jBPM runtime environment has been installed (If you have unpacked the jbpm-installer in C:\ it will be C:\jbpm-installer\runtime)
Ok. Now Eclipse shows your first jBPM5 project which contains barely:
- A ProcessMain class which creates and starts a process bound to the sample.bpmn file
- A ProcessTest which can be used for unit testing the ProcessMain class
- A sample.bpmn resource which is our first process written in BPMN 2.0
By clicking on the sample.bpmn file, the BPMN 2 process editor will be activated:
As you can see this process contains a start node, an end node and a Script task named "Hello".
A Script Task represents a script that should be executed in this process. The associated action specifies what should be executed, the dialect used for coding the action (i.e., Java or MVEL), and the actual action code. This code can access any variables and globals. When a Script Task is reached in the process, it will execute the action and then continue with the next node.
By clicking on the "Properties" tab, in the lower part of your IDE, you can see the Action which is associated to the process.
As it is, when you run the ProcessMain, a simple "Hello world" message will display on the console.
Let's make it a bit more interesting: Right click on the "Action" of your node, where the [..] button is displayed. This will let you redefine your action. Specify the following action in the Textual editor:
The predefined variable kcontext references the ProcessContext object (which can, for example, be used to access the current ProcessInstance or NodeInstance, and to get and set variables, or get access to the ksession using kcontext.getKnowledgeRuntime()
Now modify your ProcessMain class, so that the process is started with an HashMap containing the process variables initial value:
Ok, we have just instructed jBPM to start a process and into the Script task, to display the "name" process variable. Verify it by running the ProcessMain class.
Monday, October 28, 2013
Hibernate Dialect
1. DB2
org.hibernate.dialect.DB2Dialect
2. DB2 AS/400
org.hibernate.dialect.DB2400Dialect
3. DB2 OS390
org.hibernate.dialect.DB2390Dialect
4. PostgreSQL
org.hibernate.dialect.PostgreSQLDialect
5. MySQL
org.hibernate.dialect.MySQLDialect
6. MySQL with InnoDB
org.hibernate.dialect.MySQLInnoDBDialect
7. MySQL with MyISAM
org.hibernate.dialect.MySQLMyISAMDialect
8. Oracle 8
org.hibernate.dialect.OracleDialect
9. Oracle 9i/10g
org.hibernate.dialect.Oracle9Dialect
10. Sybase
org.hibernate.dialect.SybaseDialect
11. Sybase Anywhere
org.hibernate.dialect.SybaseAnywhereDialect
12. Microsoft SQL Server
org.hibernate.dialect.SQLServerDialect
13. SAP DB
org.hibernate.dialect.SAPDBDialect
14. Informix
org.hibernate.dialect.InformixDialect
15. HypersonicSQL
org.hibernate.dialect.HSQLDialect
16. Ingres
org.hibernate.dialect.IngresDialect
17. Progress
org.hibernate.dialect.ProgressDialect
18. Mckoi SQL
org.hibernate.dialect.MckoiDialect
19. Interbase
org.hibernate.dialect.InterbaseDialect
20. Pointbase
org.hibernate.dialect.PointbaseDialect
21. FrontBase
org.hibernate.dialect.FrontbaseDialect
22. Firebird
org.hibernate.dialect.FirebirdDialect
org.hibernate.dialect.DB2Dialect
2. DB2 AS/400
org.hibernate.dialect.DB2400Dialect
3. DB2 OS390
org.hibernate.dialect.DB2390Dialect
4. PostgreSQL
org.hibernate.dialect.PostgreSQLDialect
5. MySQL
org.hibernate.dialect.MySQLDialect
6. MySQL with InnoDB
org.hibernate.dialect.MySQLInnoDBDialect
7. MySQL with MyISAM
org.hibernate.dialect.MySQLMyISAMDialect
8. Oracle 8
org.hibernate.dialect.OracleDialect
9. Oracle 9i/10g
org.hibernate.dialect.Oracle9Dialect
10. Sybase
org.hibernate.dialect.SybaseDialect
11. Sybase Anywhere
org.hibernate.dialect.SybaseAnywhereDialect
12. Microsoft SQL Server
org.hibernate.dialect.SQLServerDialect
13. SAP DB
org.hibernate.dialect.SAPDBDialect
14. Informix
org.hibernate.dialect.InformixDialect
15. HypersonicSQL
org.hibernate.dialect.HSQLDialect
16. Ingres
org.hibernate.dialect.IngresDialect
17. Progress
org.hibernate.dialect.ProgressDialect
18. Mckoi SQL
org.hibernate.dialect.MckoiDialect
19. Interbase
org.hibernate.dialect.InterbaseDialect
20. Pointbase
org.hibernate.dialect.PointbaseDialect
21. FrontBase
org.hibernate.dialect.FrontbaseDialect
22. Firebird
org.hibernate.dialect.FirebirdDialect
Saturday, October 26, 2013
Basic Hacker Skills
When people think of hackers they
immediately think of the worst but there are many different types of
hackers and most of them has done a great deal to improve and develop
software, the Internet and electronic devices.
Hacking skills - You
must have the patience and will to understand programming languages.
There are dozens of programming languages and they have evolved through
the years, so start out with learning the basics. You can begin learning
the programming language C then progress to other languages like Pascal
or Fortran. Then move on to learning Perl, XHTML and other programs
used on the Internet.
Understanding
computer hardware is also a must as well as all the components that a
computer system needs. You need to understand banking systems, and other
systems used in the financial world because this is where you'll learn
the kinds of security that are in place to protect the system and its
clients.
Security Audit Stages
Stage 1. Automation Auditing
Stage 2. Manual Auditing
Automation Tools:-
1. AppScan
2. Scando
3. Acunetix
etc..
Manual Testing Tools:-
1. Burp Suite
2. IE Tamper
3. Achilles
etc..
How to prevent via coding ? [Project should implement the following points]:-
Auto Completion for important controls like password
Salted hash for password fields
Sanitization to all the input controls
Browser Refresh [use captcha]
Steal Password via Refresh or back button [use redirection, clear cache]
Session Fixation [ use new session id before/after login ]
Brute Force [use captcha]
Guessing UserID
Always clear Browser cache
Insecure direct object reference [ in search result screens, avoid give action link with pk id ]
CSRF
Downloading Secure File [ dont take a path from parameter ]
Inproper Error Handling [use proper tr{} catch{}, move to custom error page]
XSS [use sanitization, check server side validation (type,size,input data) ]
SQL Injection [use sanitization]
Cross Account Access
Privileged Escalation
Login Trail
Audit Trail
Forgot Password [use security question, captcha, send a mail link to change password (one time link) ]
etc..
Stage 2. Manual Auditing
Automation Tools:-
1. AppScan
2. Scando
3. Acunetix
etc..
Manual Testing Tools:-
1. Burp Suite
2. IE Tamper
3. Achilles
etc..
How to prevent via coding ? [Project should implement the following points]:-
Auto Completion for important controls like password
Salted hash for password fields
Sanitization to all the input controls
Browser Refresh [use captcha]
Steal Password via Refresh or back button [use redirection, clear cache]
Session Fixation [ use new session id before/after login ]
Brute Force [use captcha]
Guessing UserID
Always clear Browser cache
Insecure direct object reference [ in search result screens, avoid give action link with pk id ]
CSRF
Downloading Secure File [ dont take a path from parameter ]
Inproper Error Handling [use proper tr{} catch{}, move to custom error page]
XSS [use sanitization, check server side validation (type,size,input data) ]
SQL Injection [use sanitization]
Cross Account Access
Privileged Escalation
Login Trail
Audit Trail
Forgot Password [use security question, captcha, send a mail link to change password (one time link) ]
etc..
Fraud Detection on Web App
Prerequisites
Before jumping into ways to detect potential fraud in Web applications and services, we need to set a few ground rules. Number one, and most important, you must have adequate logging. For full coverage on appropriate logging, read “How to Do Application Logging Right.”1 At a minimum, consider the five types of logging events covered
• authentication, authorization, and access events;
• changes to the system, application, or data;
• availability issues;
• resource issues;
Impossible Travel
Let’s say you saw the two entries shown in Figure 2 in your logs. These entries show that someone accessed login.jsp twice (let’s assume the same user and that you have those details in the logs) in two hours. At 10 a.m., an IP address in California accessed it; at noon, someone in Romania accessed it. The quick math says that no one could travel from California to Romania in two hours, even in an SR-71.
HTTP Request
Looking beyond the User-Agent header, what has changed?
• The order of headers differs.
• The order of cookies differs.
• The headers differ. Only the
first request has Origin and Cache-Control; only the second request has Keep-Alive.
• Regarding Accept-Encoding, only the first request lists each.
• regarding Accept-Language, the first request has en-US and q=0.8, whereas the second request has en-us and q=0.5.
Fraud Detection in Sessions :- Its like session hacking / session fixation.
Fraud Detection
Fraud Detection
- Data preprocessing techniques for detection, validation, error correction, and filling up of missing or incorrect data.
- Calculation of various statistical parameters such as averages, quantiles, performance metrics, probability distributions, and so on. For example, the averages may include average length of call, average number of calls per month and average delays in bill payment.
- Models and probability distributions of various business activities either in terms of various parameters or probability distributions.
- Computing user profiles.
- Time-series analysis of time-dependent data.
- Clustering and classification to find patterns and associations among groups of data.
- Matching algorithms to detect anomalies in the behavior of transactions or users as compared to previously known models and profiles. Techniques are also needed to eliminate false alarms, estimate risks, and predict future of current transactions or users.
Let you get more details from :
http://en.wikipedia.org/wiki/Data_Analysis_Techniques_for_Fraud_Detection
http://horicky.blogspot.in/2011/07/fraud-detection-methods.html
For banking
http://www.sqnbankingsystems.com/
For insurance
http://www.capterra.com/insurance-fraud-detection-software
Subscribe to:
Posts (Atom)