9. 4
Persistence Frameworks
1990
SQL(++) ODB C
1995 O/R mapping
JDBC
e
2000 H i be r n at
iBATIS DbU t i l s J DO
J PA
2005
2010
10. 4
Persistence Frameworks
1990
SQL(++) ODB C
1995 O/R mapping
JDBC
e next generation
2000 H i be r n at
iBATIS DbU t i l s J DO
J PA
LINQ
2005
JaiQ u
SFq uMl
l
LIQUid OR
QL
2010 iS
oo te Q ub
JJmsuirErLyd s lre
E QpU e - d ae
EQ
11. 4
Persistence Frameworks
1990
SQL(++) ODB C
1995 O/R mapping
JDBC
e next generation
2000 H i be r n at
iBATIS DbU t i l s J DO
J PA
LINQ
2005
JaiQ u
SFq uMl
l
LIQUid OR
QL
2010 J PA 2 .0 iS
oo te Q ub
JJmsuirErLyd s lre
E QpU e - d ae
EQ
21. 6
O/R Mapping
Illusion
- there is no database
b e r n a te
- still need configuration
Hi
Auto-Save
- objects are stateful
- automatic dirty checking
J DO
J PA
Auto-Navigation
- in queries
- get() loads referred object
- collection support
32. 9
Next Generation: JaQu
POJO
public class Student {
private String name;
public void setName(String name) {
this.name = name;
}
public String getName() {
return name;
}
}
33. 9
Next Generation: JaQu
public class Student {
private String name;
POJO
public void setName(String name) {
this.name = name;
}
public String getName() {
return name;
}
}
Query
- Typesafe Student s = new Student();
- Embedded DSL s = db.from(s).where(s.name).
- Fluent API
- Autocomplete is(name).selectFirst();
34. 9
Next Generation: JaQu
public class Student {
private String name;
POJO
public void setName(String name) {
this.name = name;
}
public String getName() {
return name;
}
}
Query
- Typesafe Student s = new Student();
- Embedded DSL s = db.from(s).where(s.name).
- Fluent API
- Autocomplete is(name).selectFirst();
No String Student s = new Student(); Student s = new Student();
- No SQL injection List<Student> students = s.name = "Robert";
db.from(s).where(s.name). db.insert(s);
is(name).select();
43. 11
SQL Injection
CT * " +
JDBC stat.exe cute("SELE ERE " +
ERS WH
"FROM US ='"+pwd+"'");
D
"PASSWOR
44. 11
SQL Injection
run.query( ("SELECT * " +
JDBC te
stat.execu * ERS WHERE s +
"SELECT S FROM User " " +
"F HEREU sswor
"WROM paD='"+pwd'" "'");
+
DBUtils SWOR
pwAS+ "'");
"P d
d= +
45. 11
SQL Injection
< lect d
rusequeriy(=""SELECT * " +
n. g
JDBC selext cDte( etUser"RE " +
t.ec e I u asFRS WHE ...>
sta ELECT * EidOM Users
"S
whHEMPUS R fromwd+""S);
"F er RE pass O + U
"WROe ASSWworp = SER '"+
DBUtils '$PASSWORD='" D = '" +
"pd + '
pwwd$"'");
Rd
</select>
iBATIS
46. 11
SQL Injection
< lect d
rusequeriy(=""SELECTQuery(
n. q = *"+
JDBC Query t cDte(g.creaer" ..E " +
selexe I u emetUs te R .>
stat.ec ECTasEidSfWH) "ers
"SEL (u E
"SELereT U* FRCTom U+E""S);
whHEMPOBJE OM pwd+ R +
O REAS R r Us S +
EC
"WR Us Rss ORD = " '"
"F
"FROSSWOSSWwordRE '" +
pa u W+
DBUtils '$PAM$' erD='"HE =
" pwd "'"); '"+pwd+"'");
pwd +
</selesword=
"pasct>
iBATIS
JPA
47. 11
SQL Injection
< l t d
rusequeriy(=""SELECTQuery(
Querecq = em.creaer * "y(
n. y =
er +
JDBC Qutley tqIDte(getUs te" er " +
se .execu pm.newQuRE
c ...>
staUserECas* EidSfWH) "ers
EC as,
"SEL T OBJE OM Us
s E
"SELer.clT S FRCTom U+E""S);
whHEMPU R r (u wd+ R +
"WR M UserD'"+RD RES +
"F Oe AS
"passwor SWO HE = " '"
RE pa u W+p
"FROSSWOd= ='"pwd+"'"+
DBUtils '$PA d$' Rssword = '" );
" pw + "'"); '"+pwd+"'");
pwd
</selesword=
"pasct>
iBATIS
JPA
JDO
48. 11
SQL Injection
< l t d
rusequeriy(=""SEresCTQuery(
Querecq = q(g.creaeeQu y(
n. y = pm.newQu* " +
JDBC Quer y tqIDte metLE te" er " +
selexecu em.c U atr RE
u"SEL
Q t.ec ...>
staUserECas* EidSfWH) + +s
.clTaS FRCTom "er " +
s R Or (u"E
s,JE OM Us S
M U E );
"SEECT OB
"SELereCT *
whHEMPU
"F LE pass O pwwd+"'"
"WRO REAerDuworpRE ER+ " +
Su W d H R
"passworSct '"+RDW= "'"ES
M WOd= ='"HE d+'" +
Us R W re+ d = " );
DBUtils "FROunstru
'$Pt: SS '
"n w
"pd +
pwA d$"'"rd='"+pwd+"'",
</s"pesword='"+pwd+"'");
"pasct> o );
el assw
iBATIS Query.SQL);
JPA
JDO
JCR
49. 11
SQL Injection
< l t d
rusequeriy(=""SEresCTQuery(
Querecq = q(g.creaeeQu y(
n. y = pm.newQu* " +
JDBC Quer y tqIDte metLE te" er " +
selexecu em.c U atr RE
u"SEL
Q t.ec ...>
staUserECas* EidSfWH) + +s
.clTaS FRCTom "er " +
s R Or (u"E
s,JE OM Us S
M U E );
"SEECT OB
"SELereCT *
whHEMPU
"F LE pass O pwwd+"'"
"WRO REAerDuworpRE ER+ " +
Su W d H R
"passworSct '"+RDW= "'"ES
M WOd= ='"HE d+'" +
Us R W re+ d = " );
DBUtils "FROunstru
'$Pt: SS '
"n w
"pd +
pwA d$"'"rd='"+pwd+"'",
</s"pesword='"+pwd+"'");
"pasct> o );
el assw
iBATIS Query.SQL);
JPA
JDO
);
User u = new User(
JCR db.from(u).
is(pwd).
where(u.password).
select();
JaQu
50. 11
SQL Injection
< l t d
rusequeriy(=""SEresCTQuery(
Querecq = q(g.creaeeQu y(
n. y = pm.newQu* " +
JDBC Quer y tqIDte metLE te" er " +
selexecu em.c U atr RE
u"SEL
Q t.ec ...>
staUserECas* EidSfWH) + +s
.clTaS FRCTom "er " +
s R Or (u"E
s,JE OM Us S
M U E );
"SEECT OB
"SELereCT *
whHEMPU
"F LE pass O pwwd+"'"
"WRO REAerDuworpRE ER+ " +
Su W d H R
"passworSct '"+RDW= "'"ES
M WOd= ='"HE d+'" +
Us R W re+ d = " );
DBUtils "FROunstru
'$Pt: SS '
"n w
"pd +
pwA d$"'"rd='"+pwd+"'",
</s"pesword='"+pwd+"'");
"pasct> o );
el assw
iBATIS Query.SQL);
JPA
JDO
);
User u = new User(
JCR db.from(u).
is(pwd).
where(u.password).
select();
JaQu
51.
52. Images are Creative Commons licensed
Thomas Mueller Mountain Bike
http://www.flickr.com/photos/kgsbikes/3043775162
Software Engineer Solex
http://www.e-solex.fr
http://www.h2database.com Scooter
http://www.flickr.com/photos/janet/2844615758
http://www.day.com Generic Car
http://jackrabbit.apache.org http://www.flickr.com/photos/markscott/389221242
Generic Jeep
http://www.flickr.com/photos/markscott/389221372
Ford Focus
http://www.flickr.com/photos/stevecoulterperformancecars/
2965383580
Smart
http://www.smart.com
xkcd Comic "Exploits of a Mom"
http://xkcd.com/327
http://ibatis.apache.org
http://commons.apache.org/dbutils
http://www.hibernate.org
http://www.datanucleus.org
http://openjpa.apache.org
http://www.eclipse.org/eclipselink
http://www.oracle.com/technology/products/ias/toplink
http://www.h2database.com/html/jaqu.html