I started upgrading my new blog to Drupal5.
It is www.rezashahbazi.com/blog.

This process created me an opportunity to dig more into Drupal; the one most powerful CMS system out in planet.

Today I got the chance to evaluate Microsoft Photo 10.
I would say, "The Adobe Photoshop is the Best!"

this is a sample of the picture I assembled with MS Photo.

I found Nima's art work (http://nimany.com/index.php), one the best Cultural/Modern fashion design. I specially impressed by shows, in terms of quality and uniqueness he introduced.

Congratulations Nima :)

Dear friends,

Norooz Mobarak.

I wish you a happy, healthy and prosperous year for 1386.

Best Regards.
//
Reza

300 the movie

One of former UBC students has put up a new website (www.300themovie.info)
and is trying to show the real image of Persian kingdom back then. He is
also trying to make a Google bomb so his site comes up first in Google
search when somebody searches for "300 the movie" or similar terms.

Anyways, if you know of any artist who would like to contribute to Persian
culture please ask her/him to visit www.300themovie.info and submits his/her
artworks from his/her own perspective to this site. I guess this is a very
effective way to show the real image instead of signing petitions. Also if
you have a website, you could add his link to your site. Please ask your
friends to send their contributions as well.

This guy (Pendar Yousefi) had also made another successful Google bomb in
the past for Persian Gulf. Search "Arabian Gulf" and click on the first link

One note from Dennis' hacking class, It is this fact the security design should be consider for early stage of SDLC when designing a system. One of the main aspects of security development is Technical Requirement gathering for security.

Application security requirements should not be limited to functional requirements, but should also be developed as part of the technical requirements. Technical requirements define the features of the system that are not user defined.

The Acegi is one best security frameworks address most of technical requirements for JEE (Java Enterprise Edition) application.

Yesterday, we had a very nice hacking/security class presented by Dennis Hurst ; Security Evangelist of SPI Dynamics.

This class was a training style class focused on security issues should Developer be aware of that. Most of the topics were about the Web Application Hacking including:

• SQL Injection, Blind SQL injection hacks.
• Cross Site Scripting (XSS) and introduction RSnake's Cheat Sheet.
• Session hijacking
• Cookie poisoning
• And many more

I really amazed how easy can hackers could attack poor victims!

Today, I had problem while I was unit testing Spring 2.0 Scoped beans.
I noticed two things:

1. was using extends AbstractTransactionalDataSourceSpringContextTests
   So, I changed it into regular TestCase

2. I Mocked request and session object at my setup method as:
   
   public void setUp() {
   XmlWebApplicationContext wac = new XmlWebApplicationContext();
   wac.setConfigLocations(new String[] { "classpath:applicationContext.xml","classpath:appl icationContext-acegi-security.xml" });
   wac.refresh();
   this.context = wac;

   MockHttpSession session = new MockHttpSession();
   MockHttpServletRequest request = new MockHttpServletRequest();
   RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(request));
   request.setSession(session);

   }


   ---

   [ reza's blog | login to post comments ]

I implemented a sessionScope bean similar to userPreference mentioned in Spring 2.0 documents. I came up with this question: How to inject (pass) user information into userPreference init method?

Since I am using Acegi Security System, I can call SecurityContextHolder to access Principle object and call DAO method to retrieve more related information for data store.


public void init() {

if (log.isDebugEnabled()){
SecurityContext context = SecurityContextHolder.getContext();
log.debug("User Preference initialized for:"+context.getAuthentication().getName());
/* more code here : e.g. call DAO to retrieve user info.*/
}
}




I have hosted my open source project, redlaw in Google's code site. Recently, it is super slow while I am using svn-eclipse plug-in, specially when I doing synchronize with repository, which usually ends up I kill the process.