How to achieve Pagination in Hibernate Query language (HQL) in Hibernate

In my project for achieve pagination i have used below HQL 

There are two methods of the Query interface for pagination.


1 Query setFirstResult(int startPosition)
This method takes an integer that represents the first row in your result set, 
starting with row 0.

2 Query setMaxResults(int maxResult)
This method tells Hibernate to retrieve a fixed number maxResults of objects.
Using above two methods together, we can construct a paging component in our web
 or Swing application. Following is the example which you can extend to fetch 10 
rows at a time:

String hql = "FROM Employee";
Query query = session.createQuery(hql);
query.setFirstResult(1);
query.setMaxResults(10);
List results = query.list();

Why use 31 as multiplier in Java String hashCode() method

In Java, the hash code for a String object is computed as

s[0]*31^(n-1) + s[1]*31^(n-2) + ... + s[n-1]

using int arithmetic, where s[i] is the ith character of the string, n is the length 
of the string, and ^ indicates exponentiation.

According to Josua Bloch's Book Effective Java he has explianed given below

The value 31 was chosen because it is an odd prime. If it were even and the multiplication 
overflowed, information would be lost, as multiplication by 2 is equivalent to shifting. 
advantage of using a prime is less clear, but it is traditional. A nice property of 31 
is that the multiplication can be replaced by a shift and a subtraction for better 
performance: 31 * i == (i << 5) - i. Modern VMs do this sort of optimization automatically.

Important point should remember about Object's hashCode and Equal method to Freahser Java developer at time of interview

  • The default implementation of hashCode() provided by Object is derived by mapping the memory address of the object to an integer value. 
     
    equals() and hashCode(). In general, if you override one of these methods, you must override both, as there are important relationships between them that must be maintained
    
    Java object support hashCode() allows for efficient storage and retrieval using hash-based collections.
    
    
    the equals() method must exhibit the following properties: 
    Symmetry: For two references, a and b, a.equals(b) if and only if b.equals(a) 
    Reflexivity: For all non-null references, a.equals(a)
    Transitivity: If a.equals(b) and b.equals(c), then a.equals(c)
    Consistency with hashCode(): Two equal objects must have the same hashCode() value

Java interview question for Apache ofbiz developer in vinculum solution pvt ltd on dated 02.05.2013

Following below java interview question that has asked by vinculum solution pvt ltd , noida for Apache ofbiz developer

Date 02.05.2013

1. Tell about your role and responsibility in your project

2. Tell how you integrate Apache ofbiz to Magento e-commerce.

3. How to validate XML file

4.  Can we use Hibernate in Apache ofbiz for ORM instead for Entity model.

5. What is serialization and exterlization in java

6. How to override equals method and what importance of Hashcode .

7. About Hibernate HQL and Criteria.

8. About Struts flow.

9. How can you count number of active session in your application.

10. Forward and sendRedirect method

Java Program to Find Sum of Digits in a Number using Recursion - Java Interview Question for Fresher level

 Recently this question to asked was one of my reader, which inspired me to write this tutorial. There was usual check to solve this problem using both recursion and iteration. To be frank, calculating sum of digit of an integral number, is not difficult, but I have still seen quite a few programmers fumbles, even after providing hint in terms of division and modules operator. Key point here is to know how to use division and modules operator in Java. For this kind of exercise including reversing a number, where you need to find digits from a number, use division operator to remove right, and use modules operator or % to get right most digits. For example if you have number 1234 than 1234/10 will give you 123 i.e. right most digit 4 is removed, while 1234%10 will give you 4, which is the right most digit in that number. If you know this property, you can easily solve lots or problems which are related to reversing numbers e.g. checking if a number is palindrome or finding Armstrong numbers in Java.


Java program to calculate sum of digits in a number

How to find sum of digit of a number coding question in JavaHere is complete Java code example to find sum of digits using recursion in Java. This Java example, also includes an iterative solution of this problem to prepare follow-up questions from Interviewer. By the way, you can also use this example to learn Recursion in Java. It’s a tricky concept, and examples like this, certainly helps to understand and apply recursion better.

/**
 * Java program to calculate sum of digits for a number using recursion and iteration.
 * Iterative solution uses while loop here.
 *
 * @author Javin Paul
 */
public class SumOfDigit {

    public static void main(String args[]) {
     
      System.out.println( "Sum of digit using recursion for number 123 is " + sumOfDigits(123));
      System.out.println( "Sum of digit using recursion for number 1234 is " + sumOfDigits(1234));
      System.out.println( "Sum of digit from recursive function for number 321 is " + sumOfDigits(321));
      System.out.println( "Sum of digit from recursive method for number 1 is " + sumOfDigits(1));
    
      System.out.println( "Sum of digit using Iteration for number 123 is " + sumOfDigitsIterative(123));
      System.out.println( "Sum of digit using while loop for number 1234 is " + sumOfDigitsIterative(1234));
    
    }
  
  
 
    public static int sumOfDigits(int number){
        if(number/10 == 0) return number;
      
        return number%10 + sumOfDigits(number/10);
    }
  
    public static int sumOfDigitsIterative(int number){
        int result  = 0;
        while(number != 0){
            result = result + number%10;
            number = number/10;
        }
      
        return result;
    }
 
}


Output:
Sum of digit using recursion for number 123 is 6
Sum of digit using recursion for number 1234 is 10
Sum of digit from recursive function for number 321 is 6
Sum of digit from recursive method for number 1 is 1
Sum of digit using Iteration for number 123 is 6
Sum of digit using while loop for number 1234 is 10

How you can validate your XML file in Java





1. For validation of your XML file first you have to define Schema (XSD) file


2. After that by using Javax.xml.validation.validator we can validate our XML file.

My XML Schema

  1. <?xml version="1.0" encoding="UTF-8"?>  
  2. <xs:schema version="1.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">  
  3.   <xs:element name="destination" type="Destination"/>  
  4.   <xs:complexType name="Destination">  
  5.     <xs:sequence>  
  6.       <xs:element name="name" type="xs:string"/>  
  7.       <xs:element name="destinationID" type="xs:string" minOccurs="0"/>  
  8.       <xs:element name="shortDescription" type="xs:string" minOccurs="0"/>  
  9.       <xs:element name="longDescription" type="xs:string" minOccurs="0"/>  
  10.       <xs:element name="stateID" type="xs:string"/>  
  11.       <xs:element name="typeCode" type="xs:int"/>  
  12.       <xs:element name="countryCode" type="xs:string"/>  
  13.       <xs:element name="categories" type="xs:string"/>  
  14.     </xs:sequence>  
  15.   </xs:complexType>  
  16. </xs:schema> 
My XML file

  1. <?xml version="1.0" encoding="UTF-8"?>  
  2. <destination xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="destination.xsd">  
  3.     <name>ppp</name>  
  4.   <destinationID>PLP</destinationID>  
  5.   <shortDescription>shortDescription</shortDescription>  
  6.   <longDescription>longDescription</longDescription>  
  7.   <typeCode>ZERO</typeCode>  
  8.   <categories>categories</categories>  
  9. </destination> 
 Java Code to validate XML file


  1. SAXSource source = new SAXSource(new InputSource(xmlFileLocation));  
  2. SchemaFactory sf = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);  
  3.  Schema schema = sf.newSchema(new File("src/validate/blog/customer.xsd"));  
  4.  Validator validator = schema.newValidator();  
  5. validator.setErrorHandler(new MyErrorHandler());  
  6.  validator.validate(source);

WebService API - Security Architecture in Hybris e-commerce suit



The Security Strategies The web service security framework implements the strategy pattern, allowing the user to select from a set of security strategies that currently include:
  • Access Manager Security Strategy - based upon the hMC security paradigm
  • Property File Security Strategy - based upon configuration provided in a properties file
  • Custom Security Strategy - allowing the user to write their own strategy
User Group for Web Services
By default the Access Manager Security Strategy is adopted, which authorises a user only if they are in a new security group named webservicegroup. This is not set up by default, so be sure to create this group for your RESTful calls to be authorised as discussed below.
Each strategy implements the SecurityStrategy interface:
public interface SecurityStrategy
{
 boolean isResourceOperationAllowed(final RestResource resource, final String operation);
 boolean isResourceCommandAllowed(final RestResource resource, final String command);
 boolean isDtoOperationAllowed(final Class<?> objectClass, final String operation);
 boolean isAttributeOperationAllowed(final Class<?> attrObjectClass, final String attrQualifier, final String attrOperation);
}
However both strategies differ in implementations and intentions. To specify which strategy to adopt, modify the securityStrategy entry in the platformwebservices-web-spring.xml file:
platformwebservices-web-spring.xml
<beans>
  <!-- ... --->
  <bean id="securityStrategy"
  class="de.hybris.platform.webservices.AccessManagerSecurityStrategy"
  scope="prototype" parent="abstractSecurityStrategy"/>
 
  <!-- <bean id="securityStrategy"
  class="de.hybris.platform.webservices.PropertyFileSecurityStrategy"
  scope="prototype" parent="abstractSecurityStrategy"/>  -->
 
  <!-- <bean id="securityStrategy"
  class="de.hybris.platform.webservices.CustomSecurityStrategy" scope="prototype"
  parent="abstractSecurityStrategy"/>--->
  <!-- ... --->
 
  <bean id="abstractBaseResource"
  class="de.hybris.platform.webservices.AbstractResource" abstract="true"
  scope="prototype">
  <!-- ... --->
  <property name="securityStrategy" ref="securityStrategy"/>
  </bean>
</beans>
If you wish to disable security mechanisms for any reason, it is enough to remove securityStrategy property from the abstractBaseResource bean.
Below we consider the various strategies, starting with the default: Access Manager Security Strategy.

Access Manager Security Strategy

The Access Manager Security Strategy is the default strategy adopted by the hybris WebService API and uses the hMC Access Rights approach.
The Access Manager Security Strategy authorises a user only if they are in a security group named webservicegroup. This is not set up by default, so please be sure to create this group as discussed below, for your RESTful calls to be accepted. The name of this user group is configurable in project.properties file:
webservices.security.group=webservicegroup
By default three user groups are members of this group:
  • admingroup
  • employeegroup
  • customergroup


In RESTful communication, the mapping between the HTTP methods and CRUD operations are as follows:
HTTP method CRUD operation
GET Read
POST Create / Update
PUT Create / Update
DELETE Delete
As seen, both POST and PUT may refer to Create and Update operations. To determine which is meant, when a POST or PUT request is processed, we check if the referenced resource already exists or not. The following situations are possible:
  • If the referenced resource does not exist, it is necessary to check if the user has the right to create instances of the corresponding type.
  • Ff the referenced resource does exist, it is necessary to check if the user has the right to update instances of the corresponding type.
The central management of access rights to each type and its attributes is located within the hybris Management Console:

The type based web services security configuration, managed in hMC is divided into two basic steps:
  1. Resource (type) level security
  2. Attribute level security, which also contains the type level security
For resource level it is possible to set Read, Change, Create and Delete rights. For attribute level security, only the Read and Change rights may be set.
If a user does not have the right to a specified operation on a requested resource, the following message appears:
You do not have permission to request this resource (resource name) using HTTP_method method.
Type level security is included in attribute level security checking. If any operation is not allowed for the specified attribute type, the user receives the message:
You do not have permission to CRUD operation: DTOclassName dto.
If a user has no Read rights for a certain attribute of the requested resource, this attribute is excluded from the response. If a user tries to update an attribute, which he is not allowed to change, the attribute is not modified and the HTTP status code Forbidden (403) is sent with the message:
You do not have permission to change list_of_attributes attributes of the DTOclassName dto.
If a user has Change right to some, but not all attributes of a resource and tries to update all of them, none of them are updated. In this case the user should remove not allowed attributes from the request.
If a user requests a resource and has Read access to some, but not all attributes of the requested resource, then those unavailable attributes are not included in the XML response.

Examples


User A has all access rights.
MyLanguage resource extends Language resource.
Type Attribute Read Change Create Delete
Language  
MyLanguage  

Method URL Result
GET /languages List of all Language instances, but without MyLanguage instances.
GET /languages/de Details of de language.
GET /mylanguages/myde HTTP status code Forbidden (403) informing that the user does not have sufficient rights to execute the requested operation.
PUT/POST /languages/de If the referenced de language exists, it is updated. Otherwise it is created.
DELETE /languages/de Delete de language.
User B has only Read right.
Type Attribute Read Change Create Delete
Language  

Method URL Result
PUT/POST /languages/de HTTP status code Forbidden (403) informing that the user does not have sufficient rights to execute the requested operation.
DELETE /languages/de HTTP status code Forbidden (403) informing that the user does not have sufficient rights to execute the requested operation.
User C is not allowed to update Language resource.
Type Attribute Read Change Create Delete
Language  

Method URL Result
PUT/POST /languages/de If the referenced language does no exist, it is created.
If the referenced language exists, the request results in HTTP status code Forbidden (403), informing that the user does not have sufficient rights to execute update operation.
User D has no rights for Language resource.
Type Attribute Read Change Create Delete
Language  

Method URL Result
GET /languages Empty list, as user D has no Read access to language instances.
GET /languages/de HTTP status code Forbidden (403) informing that the user does not have sufficient rights to execute the requested operation.
PUT/POST /languages/de HTTP status code Forbidden (403) informing that the user does not have sufficient rights to execute the requested operation.
DELETE /languages/de HTTP status code Forbidden (403) informing that the user does not have sufficient rights to execute the requested operation.
User A has all rights.
Type Attribute Read Change Create Delete
Language  
  isocode    
  name    

Method URL Result
GET /languages/de
<language>
  <isocode>de</isocode>
   <name>German</name>
</language>
User B has no rights to read or update the name attribute.
Type Attribute Read Change Create Delete
Language  
  isocode    
  name    

Method URL Result
PUT /languages/de Body of the request:
<language>
   <isocode>de</isocode>
</language>
PUT /languages/fr Body of the request:
<language>
   <isocode>fr</isocode>
   <name>French</name>
</language>

Results in HTTP status code Forbidden (403) informing that the user has no rights to change the name attribute.

Property File Security Strategy

This strategy is based on the configuration project.properties file in the platformwebservices extension. It is a resource level security strategy.

Security Access Roles

Secured resources are given by:
  1. key, which addresses single classes or whole packages, similar to log4j
  2. value, which is a group or role followed by a list of allowed HTTP methods
Leave value of this property empty or set one or more groups.
Examples:
  • Global options. The following settings allow specified groups access to all resources, however anonymous group may just Read them:
    restjersey.security.de=admingroup[GET,PUT,DELETE,POST]
    restjersey.security.de.hybris.platform.restjersey.resources=anonymous[GET]
  • The following settings assign groups to specified resources:
    restjersey.security.de.hybris.platform.restjersey.resources.CatalogsResource=
    anonymous[GET]; customergroup[GET]
    restjersey.security.de.hybris.platform.restjersey.resources.CatalogResource=
    anonymous[GET]; customergroup[GET]

Examples of Different Configurations

All use cases for admingroup are presented in the simple example. Results are retrieved using GET method.
Below different available configurations are presented:
  • restjersey.security.de.hybris.platform.restjersey.resources=
    admingroup[GET,PUT,DELETE,POST]
    restjersey.security.de.hybris.platform.restjersey.resources.CatalogsResource=
    restjersey.security.de.hybris.platform.restjersey.resources.CatalogResource=
    or
    restjersey.security.de.hybris.platform.restjersey.resources=
    admingroup[GET,PUT,DELETE,POST]
    or
    restjersey.security.de.hybris.platform.restjersey.resources=
    restjersey.security.de.hybris.platform.restjersey.resources.CatalogsResource=
    admingroup[GET,PUT,DELETE,POST]
    restjersey.security.de.hybris.platform.restjersey.resources.CatalogResource=
    admingroup[GET,PUT,DELETE,POST]
    or
    restjersey.security.de.hybris.platform.restjersey.resources.CatalogsResource=
    admingroup[GET,PUT,DELETE,POST]
    restjersey.security.de.hybris.platform.restjersey.resources.CatalogResource=
    admingroup[GET,PUT,DELETE,POST]
Request Response
http://localhost:9001/ws410/rest/catalogs/ Retrieves all catalogs
http://localhost:9001/ws410/rest/catalogs/hwcatalog/ Retrieve the specified catalog.
  • restjersey.security.de.hybris.platform.restjersey.resources=
    restjersey.security.de.hybris.platform.restjersey.resources.CatalogsResource=
    admingroup[GET,PUT,DELETE,POST]
    restjersey.security.de.hybris.platform.restjersey.resources.CatalogResource=
    employeegroup[GET]
Request Response
http://localhost:9001/ws410/rest/catalogs/ Retrieves all catalogs
http://localhost:9001/ws410/rest/catalogs/hwcatalog/ HTTP status FORBIDDEN with the message:
You do not have permission to request this resource (CatalogResource) using GET method..
  • restjersey.security.de.hybris.platform.restjersey.resources=
    restjersey.security.de.hybris.platform.restjersey.resources.CatalogsResource=
    restjersey.security.de.hybris.platform.restjersey.resources.CatalogResource=
    admingroup[GET,PUT,DELETE,POST]
    or
    restjersey.security.de.hybris.platform.restjersey.resources.CatalogResource=
    admingroup[GET,PUT,DELETE,POST]
Request Response
http://localhost:9001/ws410/rest/catalogs/ HTTP status FORBIDDEN with the message:
The (CatalogsResource) resource is not available for any user.
http://localhost:9001/ws410/rest/catalogs/hwcatalog/ Retrieve the specified catalog.
  • restjersey.security.de.hybris.platform.restjersey.resources=
    restjersey.security.de.hybris.platform.restjersey.resources.CatalogsResource=
    restjersey.security.de.hybris.platform.restjersey.resources.CatalogResource=
    or any properties.
Request Response
http://localhost:9001/ws410/rest/catalogs/ HTTP status FORBIDDEN with the message:
The (CatalogsResource) resource is not available for any user.
http://localhost:9001/ws410/rest/catalogs/hwcatalog/ HTTP status FORBIDDEN with the message:
The (CatalogsResource) resource is not available for any user.

Custom Security Strategy

It is possible for users to create their own security strategies by:
  • Implementing the SecurityStrategy interface:
public interface SecurityStrategy
{
   boolean isResourceOperationAllowed(final RestResource resource, final String operation);
   boolean isResourceCommandAllowed(final RestResource resource, final String command);
   boolean isDtoOperationAllowed(final Class<?> objectClass, final String operation);
    boolean isAttributeOperationAllowed(final Class<?> attrObjectClass, final String attrQualifier, final String attrOperation);
}
  • Registering the bean in platformwebservices-web-spring.xml:
platformwebservices-web-spring.xml
<beans>
   <!-- ... --->
   <bean id="securityStrategy" class="de.hybris.platform.webservices.CustomSecurityStrategy" scope="prototype" parent="abstractSecurityStrategy"/>
   <!-- ... --->
</beans>

Security Specific Web Services Resources


Checking credentials:

A request for a validation of the provided credentials:
http://localhost:9001/ws410/rest/login If the login process is:
  • Valid: Status is 200 OK
  • Invalid: Status is 401 Unauthorized

Lost Password Scenario

If the restjersey.security property is set to enabled, only RetrievePasswordResource is available for users who lost their passwords.
They have to access to http://localhost:9001/ws410/rest/retrievepassword resource without using basic authentication.
For example, editor user forgets his password. He uses GET method and the following URL path: http://localhost:9001/ws410/rest/retrievepassword/editor. If the user does not have access to PasswordQuestion and AnswerQuestion it is not possible to retrieve password. In other cases, user can retrieve password.
The GET method returns response with PasswordQuestion.
Now, user uses PUT method and the same URL path:
http://localhost:9001/ws410/rest/retrievepassword/editor He places PasswordAnswer within body request and executes request.
    <passwordAnswer>YOUR ANSWER</passwordAnswer>
</user>
If the PasswordAnswer is correct, user retrieves a new password in raw format. In database the password is encoded into a md5 hash.

Change Password Scenario

Use http://localhost:9001/ws410/rest/changepassword, PUT method and the following HTTP body:
<changepassword>
   <newpassword>NO EMPTY</newpassword>
</changepassword>
If you log in correctly, the new password is set.

Security Architecture Configuration

The following configuration files:
  • web.xml
  • platformwebservices-web-spring.xml
are located within the platformwebservices extension and are used to specify and wire up the security framework.

Configuration of web.xml File

web.xml
<web-app>
 <!-- ... -->
 
 <filter>
  <filter-name>springSecurityFilterChain</filter-name>
  <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
 </filter>
 
 <filter-mapping>
  <filter-name>springSecurityFilterChain</filter-name>
  <url-pattern>/*</url-pattern>
 </filter-mapping>
 
 <!-- ... -->
</web-app>
This provides a hook into the Spring Security web infrastructure. DelegatingFilterProxy is a Spring Framework class which delegates to a filter implementation which is defined as a Spring bean in an application context. In this case, the bean is named springSecurityFilterChain, which is an internal infrastructure bean created by the namespace to handle web security. Note that you should not use this bean name yourself.
The next step is configuring the application context file.

Configuration of Spring File


Web security services are configured using security elements.
platformwebservices-web-spring.xml
    <!-- ... -->
 
    <security:http>
        <security:intercept-url  pattern="/**" />
        <security:http-basic />
        <security:logout />
        <security:remember-me />
    </security:http>
 
    <security:authentication-manager  alias="mainAuthenticationManager">
      <security:authentication-provider user-service-ref="userDetailsService">
        <security:password-encoder ref="hybrisPasswordValidator">
            <!-- SaltedMD5PasswordEncoder is used -->
            <!-- <security:salt-source user-property="whatever"/> -->
        </security:password-encoder>
      </security:authentication-provider>
    </security:authentication-manager>
 
    <bean id="userDetailsService"
    class="de.hybris.platform.webservices.security.impl.HybrisUserDetailsService"
    scope="prototype">
        <property name="userService" ref="userService"/>
        <property name="modelService" ref="modelService"/>
        <property name="encryptionInfo" ref="encryptionInfo"/>
    </bean>
 
    <bean id="hybrisPasswordValidator"
    class="de.hybris.platform.webservices.security.impl.HybrisPasswordValidator">
        <property name="encryptionInfo" ref="encryptionInfo"/>
    </bean>
 
    <bean id="encryptionInfo"
    class="de.hybris.platform.webservices.security.impl.EncryptionInfo"/>
 
    <!-- ... -->
</beans>
  • http configuration:
    This element enables web security and denotes that all URLs within our web services should be secured. The WebService API uses basic authentication which is used to prompt for a login when a user attempts to access a protected resource.
  • authentication-provider and password-encoder:
    The hybris web services framework authenticates users against hMC members. We have own implementation of Spring Security UserDetailsService, within which by currently authenticated username it passes the user password and granted authorities (hmc usergroups) to the password validation procedure. Some users have encrypted password (Salted MD5) and others not. Therefore we provide the hybrisPasswordValidator, which takes appropriate care of password comparison.