PMD violationSuppressXPath for all REST #GET methods? - pmd

I am trying to narrow down the PMD rules, how can I exclude all REST methods which are annotated with #GET from PMD checks?

PMD provides several ways to suppress warnings: http://pmd.sourceforge.net/pmd-5.2.3/usage/suppressing.html
via Annotations: #SuppressWarnings("PMD.")
via Comments: //NOPMD ignore this
via Regex and XPath per Rules
You can also excluding complete files - see http://pmd.sourceforge.net/pmd-5.2.3/customizing/howtomakearuleset.html - Excluding files from a ruleset
For your case, violationSuppressXPath, this XPath expression should work:
./ancestor::ClassOrInterfaceBodyDeclaration/Annotation/MarkerAnnotation/Name[#Image='GET']
This will go up (ancestor) from the current node (which might be inside a method) to the method declaration ("ClassOrInterfaceBodyDeclaration") and goes down the tree from there to check for the #GET annotation. However, I don't know about the performance impact.
Update:
Complete example:
<rule ref="rulesets/java/optimizations.xml/MethodArgumentCouldBeFinal">
<properties>
<!-- Ignore Rest resources -->
<property name="violationSuppressXPath" value="
./ancestor::ClassOrInterfaceBodyDeclaration/Annotation/MarkerAnnotation/Name
[#Image='GET' or #Image='POST' or #Image='PUT' or #Image='DELETE']" />
</properties>
</rule>

We are using for example this rules to suppress checks on REST methods for final declaration. Maybe you need similar?
<rule ref="rulesets/java/optimizations.xml/MethodArgumentCouldBeFinal">
<properties>
<!-- Ignore Rest resources -->
<property name="violationSuppressXPath" value="
//ClassOrInterfaceBodyDeclaration/Annotation/MarkerAnnotation//Name[#Image='GET'] |
//ClassOrInterfaceBodyDeclaration/Annotation/MarkerAnnotation//Name[#Image='POST']|
//ClassOrInterfaceBodyDeclaration/Annotation/MarkerAnnotation//Name[#Image='PUT'] |
//ClassOrInterfaceBodyDeclaration/Annotation/MarkerAnnotation//Name[#Image='DELETE']" />
</properties>
</rule>

Related

How to access only virtual views and hide physical tables with a standalone-vdb.xml wildfly/Teiid domain

We are using standalone-vdb.xml domain to create a vdb and then make it accessible through Jupiter for other users.
Now based on the xml file below as an example, we created the VIEW "customer_view"
from the table "Export2.customer_table" and they are both accessible from the Jupiter.
However, we only want the VIEWS to be accessible and not the physical tables
which property can be used to hide the tables and only expose the VIEWS for the end user.
Any one have a clue which property can do that? I tried to find it from the documentation but couldn't find any mentioning for that.
we are using WildFly Full 17.0.1 through the HAL management interface in a Docker container environment and Postgresql database.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<vdb name="stock" version="1">
<description>The VDB</description>
<property name="UseConnectorMetadata" value="true" />
<model visible="true" name="Export2">
<property name="importer.useFullSchemaName" value="false"/>
<property name="importer.schemaPattern" value="public"/>
<property name="importer.tableTypes" value="TABLES,VIEW"/>
<source name="stockDS" translator-name="postgresql" connection-jndi-name="java:jboss/datasources/stockDS"/>
</model>
<model visible="true" name="Data" type="VIRTUAL">
<metadata type="DDL"><![CDATA[
CREATE VIEW customer_view (
field_names string,
field_description string
) AS
SELECT variable_name, variable_description
FROM Export2.customer_table;
]]> </metadata>
</model>
<data-role name="RoleA" any-authenticated="true">
<description>Allow Reads and Writes to tables and procedures</description>
<permission>
<resource-name>Export2.customer_table</resource-name>
<allow-create>true</allow-create>
<allow-read>true</allow-read>
<allow-update>true</allow-update>
</permission>
<mapped-role-name>Admin</mapped-role-name>
</data-role>
</vdb>
see http://teiid.github.io/teiid-documents/master/content/reference/r_xml-deployment-mode.html
you need to define the model with visibility to false like
<model visible="false" name="Export2">
note that this will remove the metadata exposure from any APIs, however, if someone knows the schema they still can use the same connection to issue the query and see the data. If you want to avoid that then you need to look into data security policies to avoid any access.

getting setting from web.config in sitecore

i want to get global setting from web.config file in sitecore solution,
i write setting in config file and able to see it's entry in showconfig. when i try to get it's value, it is not giving appropriate value. my code is like this:
var newsBodyTemplateID = Sitecore.Configuration.Settings.GetSetting("NewsBody");
when i evaluate this, it giving this message:
what i'm missing here can some figure out it.
First of all I don't recomment to add in web.config your settings. If you want to upgrade your Sitecore than you have to merge manually your web.config.
If you still want to add setttings in web.config you need to have something like :
<configuration>
.....
<appSettings>
<add key="YourSeetings" value="your value" />
...
</appSettings>
.....
</configuration>
From C# code you need to use
ConfigurationManager.AppSettings["YourSeetings"]
If you have your settings on section /configuration/sitecore/settings
you need to use from C# code :
Sitecore.Configuration.Settings.GetSetting("yoursettingsname");
Your config file will looks like :
<configuration xmlns:patch="http://www.sitecore.net/xmlconfig/" xmlns:set="http://www.sitecore.net/xmlconfig/set/">
<sitecore>
<!-- General settings -->
<settings>
<setting name="YourSettingsFieldName" value="{1EPR25B2-98C6-45BF-B9E4-824ECAAEF499}" />
</settings>
</sitecore>
</configuration>
That method will return settings from the Sitecore\Settings node. there is another method to get AppSettings.
Sitecore.Configuration.Settings.GetAppSetting()

Report job scheduling with custom data-source in jasper server 4.5.0

I am using Jasperserver 4.5.0 Pro. I have developed a custom data-source for some additional feature. All reports that use this custom DS get executed properly and show the correct output when executed manually. But when the same reports are scheduled using Jasper's report job scheduler, there is some problem with session initiation, and hence the reports do not get executed.
Let me explain this a bit.
For manual execution of reports -
As part of custom DS, I had to update the following 2 xmls -
viewReportFlow.xml :
I updated the action state 'runReport' to use our custom DS executer action bean method 'xmlHttpDsExecuterAction.setUpSession' to start session. Please see the below tag of runReport -
<action-state id="runReport" xmlns:b="http://www.springframework.org/schema/webflow" xmlns:xi="http://www.w3.org/2001/XInclude">
<on-entry>
<evaluate expression="xmlHttpDsExecuterAction.setUpSession"/>
</on-entry>
<evaluate expression="viewReportActionBean"/>
<transition on="success" to="reportOutput"/>
<on-exit>
<evaluate expression="xmlHttpDsExecuterPageAction.setIndex"/>
</on-exit>
viewReportBeans.xml :
I defined the executer action beans used in above flow xml here -
<bean id="xmlHttpDsExecuterAction" class="com.sigma.reporting.xmlhttpds.XmlHttpDsExecuterAction" xmlns:xsi="http://www.w 3.org/2001/XMLSchema-instance"/> <bean id="xmlHttpDsExecuterPageAction" class="com.sigma.reporting.xmlhttpds.XmlHttpDsExecuterPageAction" xmlns:xsi="http://www.w 3.org/2001/XMLSchema-instance">
<property name="requestParameterPageIndex" value="pageIndex"/>
<property name="flowAttributePageIndex" value="pageIndex"/>
<property name="xmlHttpDataSourceName" value="com.sigma.reporting.xmlhttpds.XmlHttpDsExecuterDataSourceService"/>
<property name="repository">
<ref bean="repositoryService"/>
</property>
<property name="jasperPrintName" value="jasperPrintName"/>
<property name="reportUnitObject" value="reportUnitObject"/> </bean>
For job scheduling of reports :
I want to implement similarly as above using scheduler. During my investigations, I have tried to analyze the scheduler flow, and tried to put our changes, but no luck so far. Can any one please let me know what flows are used for running reports via scheduler and also please recommend the places to configure custom DS as above?
Finally after understanding the flow of japser server scheduler i have got the solution for this.
For setting your custom data source beans and calling the function,we need to specify the bean destination in $JASPER_HOME/apache-tomcat/weaaps/jasperserver-pro/WEBINF/flows/reportJobBeans.xml and we can use this bean in reportJobFlow.xml in jobOutput tag lik this
<view-state id="jobOutput" view="modules/reportScheduling/jobOutput">
<on-entry>
<set name="flowScope.prevForm" value="'jobOutput'"/>
<evaluate expression="reportOptionsJobEditAction.setOutputReferenceData"/>
<evaluate expression="xmlHttpDsExecuterAction.setUpSession"/>
</on-entry>
</view-state>

Order of execution of RequestHandlers configured in Apache CXF and JAX-RS

I am in process of implementing a REST API server using Apache CXF JAX-RS v(2.30). I am using spring as container. I am thinking of making use of org.apache.cxf.jaxrs.ext.RequestHandler to implement few features like license check, authentication, authorization (All of which has custom code). My idea is to segregate this code in individual implementation classes (implementing RequestHandler) and configure it for a base REST url something like /rest/*. Being new to Apache CXF and JAX-RS, I want to understand following things.
Is this approach the right way to implement the features I want to?
If yes, then is the order in which the RequestHandlers are declared is the order of their invocation?
For example if in my definition I declare:
<beans>
<jaxrs:server id="abcRestService" address="/rest">
<jaxrs:serviceBeans>
<bean class="com.abc.api.rest.service.FooService" />
</jaxrs:serviceBeans>
<jaxrs:providers>
<ref bean="licenseFilter" />
<ref bean="authorizationFilter" />
</jaxrs:providers>
</jaxrs:server>
<bean id="licenseFilter" class="com.abc.api.rest.providers.LicenseValidator">
<!-- License check bean properties -->
</bean>
<bean id="authorizationFilter" class="com.abc.api.rest.providers.AuthorizationFilter">
<!-- authorization bean properties -->
</bean>
</beans>
then will the licenseFilter always get invoked before authorizationFilter?
I did not find a mention of invocation ordering of RequestHandlers as well as ResponseHandlers.
Thanks in advance.
Figured this out.
It gets invoked in the order of declaration of beans in <jaxrs:providers>. Thus in case mentioned in question, licenseFilter will get invoked before authorizationFilter.

How to use Custom Action for Condition?

I need to check if some service already installed in system before continue installation.
I.e. I have added
<Condition Message="Svc must be installed">
Installed OR SVC_V1
</Condition>
But I can check if it is installed only by using Custom Action because Svc is Windows Service. How I can use CA for this condition?
Custom Actions set properties that then can be used to evaluate a condition.
Actually you don't need custom action for detecting your service. Services get registered under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ so you can use RegistrySearch:
<Property Id="SVC_V1">
<RegistrySearch Id='RegSampleService'
Type='raw'
Root='HKLM'
Name='ImagePath'
Key="SYSTEM\CurrentControlSet\services\YourService" />
</Property>
Note however that Registry read permissions are required.