{"id":13753550,"url":"https://github.com/arcuri82/testing_security_development_enterprise_systems","last_synced_at":"2025-10-05T17:52:34.026Z","repository":{"id":52878128,"uuid":"77936449","full_name":"arcuri82/testing_security_development_enterprise_systems","owner":"arcuri82","description":"Testing, Security and Development of Enterprise Systems","archived":false,"fork":false,"pushed_at":"2021-04-15T12:07:41.000Z","size":259258,"stargazers_count":66,"open_issues_count":0,"forks_count":26,"subscribers_count":9,"default_branch":"master","last_synced_at":"2024-11-16T06:30:31.838Z","etag":null,"topics":["development","docker","ejb","enterprise-systems","jacoco","java","jee","jpa","jsf","json","kotlin","microservice","reactjs","rest-api","security","selenium","spring","spring-boot","testing","web-service"],"latest_commit_sha":null,"homepage":"","language":"Kotlin","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"lgpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/arcuri82.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-01-03T17:02:35.000Z","updated_at":"2024-09-15T11:47:54.000Z","dependencies_parsed_at":"2022-08-23T11:41:31.217Z","dependency_job_id":null,"html_url":"https://github.com/arcuri82/testing_security_development_enterprise_systems","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arcuri82%2Ftesting_security_development_enterprise_systems","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arcuri82%2Ftesting_security_development_enterprise_systems/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arcuri82%2Ftesting_security_development_enterprise_systems/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arcuri82%2Ftesting_security_development_enterprise_systems/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/arcuri82","download_url":"https://codeload.github.com/arcuri82/testing_security_development_enterprise_systems/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253328972,"owners_count":21891559,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["development","docker","ejb","enterprise-systems","jacoco","java","jee","jpa","jsf","json","kotlin","microservice","reactjs","rest-api","security","selenium","spring","spring-boot","testing","web-service"],"created_at":"2024-08-03T09:01:24.388Z","updated_at":"2025-10-05T17:52:34.015Z","avatar_url":"https://github.com/arcuri82.png","language":"Kotlin","readme":"# Testing, Security and Development of Enterprise Systems\n\n![](doc/img/glenn-carstens-peters-120205.jpg  \"Photo by Glenn Carstens-Peters on Unsplash\")\n\n\n\u003c!--- Continuous Integration build status banner --\u003e\n![CI](https://github.com/arcuri82/testing_security_development_enterprise_systems/workflows/CI/badge.svg)\n\nThis repository contains a set of examples related to the testing, security\nand development of enterprise systems.\nCurrently, this repository focuses on Java/Kotlin, \ntargeting frameworks like Spring and Java EE.\n\nThe material in this repository is used in two university-level courses at\nthe university college [Høyskolen Kristiania](https://kristiania.no/).\nIn particular:\n\n* *PG5100 Enterpriseprogrammering 1*: introduction to enterprise programming. \n   Documentation [here](doc/intro/main.md).\n\n* *PG6100 Enterpriseprogrammering 2*: advanced enterprise programming.\n   Documentation [here](doc/advanced/main.md). \n\n \n \n\nThe repository is built with Maven, and it is divided in two main sub-modules:\n\n* `intro`: material used in the first PG5100 course, where the goal is to be able to build\n           a web application accessing a SQL database, and deployed on a cloud provider.\n           Main technologies: Java, JEE, JPA, EJB, JSF, WildFly, SpringBoot, Spring Security, \n           Selenium, Docker.\n           \n* `advanced`: material used in the second PG6100 course, where the goal is to dig into the details\n            of web services and micro-service architectures.\n            Main technologies: Kotlin, SpringBoot, REST, GraphQL, React, Docker, Spring Security, \n            Spring Cloud, AMQP.            \n\n\nFor building GUIs, the second part of the course `advanced` relies on knowledge of JavaScript and Single-Page-Applications.\nThis is covered in a different course, called [Web Development and API Design](https://github.com/arcuri82/web_development_and_api_design) (PG6301).\nSuch course should be taken before the `advanced` one (PG6100), in parallel or after the `intro` course (PG5100). \n\nBefore taking these courses, you might want to refresh your knowledge of algorithms and\ndata structures (e.g., [PG4200](https://github.com/arcuri82/algorithms)), as those are widely used here\n(e.g., maps, sets and streams).\n\n### Philosophy of This Repository\n\nThere are many resources (e.g., courses and books) out there that deal with the\n*development* of enterprise/web systems, using different technologies (e.g, Java and C#). \nHowever, often such resources only deal with the *development* of these systems,\nwhereas important concepts like *testing* and *security* are treated like \njust secondary concerns, if treated at all.\nThis situation has been improved in recent years, but more could be done, and we hope that \nthe courses in this repository are a step in that direction.\n\nThere are plenty of applications out of there that are afflicted with bugs and\nsecurity holes. \nCorrectness and security should play a major role when developing software,\nand we try to reflect it in this repository.\n\nFurthermore, software engineering is a practical discipline, like any other \nengineering discipline. \nAs such, although theory is important, it is also important to get your hands \n*dirty* by actually developing software, and putting theory into practice.\nTherefore, in this repository, all concepts are explained also via examples,\nwith test cases (unit and integration/system ones).\nIn other words, we follow the principle of *Code is King*, i.e., if something\nis worth discussing, then you must have a working example with test cases for it.\nIn the past, it would had been a problem when you had to download and configure\nall needed software manually, like for example a PostgreSQL database or a RabbitMQ\nserver. \nFortunately, with the coming of *Docker*, this is not a problem any more.   \n    \nIn this repository two languages are used: *Java* and *Kotlin*.\nAlso two different frameworks are used: *Spring* and *Java EE*.\nWhy such choices? \nWhen studying the concepts of enterprise software development/testing/security,\nthe actual used languages/frameworks are not so important.\nThe languages/frameworks are just used to get *practice*, and get your hands dirty.\nFor example, using C# with .Net would had been a viable option as well.\nWhen you get a degree in software engineering, by all means afterwards\nyou could end up working with C#/.Net and never touch Java again. \nTherefore, it is important to learn the fundamental concepts behind those \nlanguages/frameworks, and not just their low level technical details. \n\n\nTrying and getting some experience with all the main languages and frameworks would be good. \nHowever, when studying \nsuch topics for a university degree, time is limited, and one needs to make\nsome choices.\nAnd switching between too many languages/frameworks would just be a too large overhead\n(e.g., learning different IDEs and building tools).\nThe motivation for the choices of languages and frameworks in this repository is as\nfollows:\n\n* `Java`: one of the most used programming languages, with a very large\n  ecosystem of existing applications and libraries.\n  Java is one of the main languages for enterprise development \n  (if not *the* main language). \n  Enterprise systems are often large and complex, and so a *statically typed*\n  language is recommended. \n  In our personal opinion, this excludes languages like JavaScript, Python, Ruby, etc.\n  TypeScript is statically typed, but it is still JavaScript in its core...  \n  Nowadays, C# is a good option, and as a language might even be considered\n  better than Java.\n  On one hand, it does not have as large ecosystem as Java.\n  On the other hand, considering the bullshit of Oracle's new 6 month release cycle,\n  .Net seems a more open-source friendly option (depending on how effective\n  [adoptopenjdk.net](https://adoptopenjdk.net) will be).\n  Note: stating something like this before 2010 (when Oracle bought Sun) would\n  rightly grant you a single way ticket to your local asylum.\n  So strange to see how much the computing world has changed since \n  the [Java Zone Trailer](https://www.youtube.com/watch?v=8Px-GHPxB4I)\n  and \n  [Lady Java](https://www.youtube.com/watch?v=1JZnj4eNHXE)\n  videos came out. \n  \n\n* `Kotlin`: our language of choice. It is a better Java that can reuse all\n    of its existing ecosystem. \n    However, it does have more abstractions and \"magic\" than Java, which arguably\n    means that it is not suited to learn as first language, i.e., better\n    to learn Java first.\n    That is the reason why it is only used in the `advanced` course, and not the\n    `intro` one.\n    Furthermore, job-wise, Kotlin is not so popular yet, although there are some \n    interesting cases (e.g., the Tax Department of Norway using it for their backend\n    development, with [few systems open-source](https://github.com/Skatteetaten) on GitHub).\n\n\n* `Spring`: our framework of choice. SpringBoot is simply great.\n    It does have a non-trivial learning curve though.\n    However, once you understand the concepts of *dependency injection* and\n    *proxy classes*, it is a great tool.\n    For the development of web services, DropWizard can be a good choice\n    as well, especially if you do not like the \"magic\" of Spring and want\n    a more direct/explicit library. \n    \n    \n* `Java EE`: in theory it was the \"official\" Java framework for enterprise development.\n   But Oracle (owner of Java) donated it away in 2017, and now it is called `Jakarta EE`.\n   Anyway, in our opinion, it is much worse than Spring.\n   Job-wise, at least in Norway, it is used less and less. \n   Still, it is important to look at different frameworks. \n   As the jump from Java EE to Spring is relatively simple, it is a good\n   choice as starting point before moving into SpringBoot.\n   Furthermore, you cannot really appreciate SpringBoot until you have\n   gone through the blood, sweat and tears of debugging an\n   EJB test using Arquillian to deploy to a WildFly container. \n\n\n### Documentation\n\nCurrent documentation is available \n[here](doc/intro/main.md) for the `intro` course, and\n[here](doc/advanced/main.md) for the second `advanced` course.\n\n### Requirements\n\n* JDK 11 (download it from [https://adoptopenjdk.net/](), do not use the JDK from Oracle)\n  \n* An IDE (recommended _IntelliJ IDEA Ultimate Edition_)\n\n* _Maven_ 3.x\n\n* _Docker_ \n\n* _Chrome_ and _Chrome Driver_ (only needed to run Selenium tests locally instead of in Docker)\n\n* _YARN_ and _NodeJS_\n\nThe code in this repository should run on all major operating systems, i.e. Mac, Linux and Windows.\n\nOn Windows, if you have problems with too long file names \nwhen checking out the code with Git, then you might need to run\nthe following command on a terminal:\n\n`git config --system core.longpaths true`\n\n\n\n\n### Useful Maven Command\n\n* `mvn clean install -DskipTests`\n\n  this will compile all the code and install all the generated jar files into \n  your local Maven repository. Does not run the tests.\n  **Note**: first time your run it, it might take a long while, as needing to download\n  many dependencies.\n   \n \n\n### How to Contribute\n\nThere are many ways in which you can contribute. \nIf you found the material in this repository of any use, the easiest\nway to show appreciation is to *star* it.\nFurthermore, if you find issues, you can report them on \nthe [issues](https://github.com/arcuri82/testing_security_development_enterprise_systems/issues) \npage.\nPossible types of issues:\n  \n* Some of the code examples are unclear, or with not enough\n  documentation to understand exactly what is going on.\n   \n  \n* You find a *non-intended* security vulnerability or bad practice in any of the \n  code examples.\n  Note: in some cases, for didactic reasons there will be non-secure code.\n  But in those cases that should be explicitly stated.\n\n* Comments regarding a tool/library/framework are no longer valid (e.g., since a new version\n  has been released).\n\n### License \u0026 Copyright\n\nThe materials herein are all Copyright (c) of [Andrea Arcuri](http://www.arcuriandrea.org) \nand [contributors](https://github.com/arcuri82/testing_security_development_enterprise_systems/graphs/contributors).\nThe material was/is produced while working at \nWesterdals Oslo ACT and Høyskolen Kristiania.\n\nAll the source code in this repository is released under \n[LGPL version 3 license](LICENSE).\n\n\u003ca rel=\"license\" href=\"http://creativecommons.org/licenses/by-nc-nd/4.0/\"\u003e\n\u003cimg alt=\"Creative Commons License\" style=\"border-width:0\" \nsrc=\"https://i.creativecommons.org/l/by-nc-nd/4.0/88x31.png\" /\u003e\u003c/a\u003e\n\u003cbr /\u003e\nThe documentation is licensed under a \u003ca rel=\"license\" href=\"http://creativecommons.org/licenses/by-nc-nd/4.0/\"\u003eCreative Commons Attribution-NonCommercial-NoDerivs 4.0 Unported License\u003c/a\u003e.\n\n\n\n\n### ![](https://www.yourkit.com/images/yklogo.png)\n\nYourKit supports open source projects with its full-featured Java Profiler.\nYourKit, LLC is the creator of \n\u003ca href=\"https://www.yourkit.com/java/profiler/\"\u003eYourKit Java Profiler\u003c/a\u003e\nand \n\u003ca href=\"https://www.yourkit.com/.net/profiler/\"\u003eYourKit .NET Profiler\u003c/a\u003e,\ninnovative and intelligent tools for profiling Java and .NET applications.","funding_links":[],"categories":["web-service"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Farcuri82%2Ftesting_security_development_enterprise_systems","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Farcuri82%2Ftesting_security_development_enterprise_systems","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Farcuri82%2Ftesting_security_development_enterprise_systems/lists"}