Secure Coding
I have found links of some good articles on “Secure Coding” which was the topic of my today’s lecture in FPGDST course of CDAC Mumbai & Banglore.
Here are some important links that I have found:
Guidelines for Secure Coding by Trupti Shiralkar and Brenda Grove, January 2009
(This is a very good article.)
Secure Coding Guidelines Version 2.0 for the Java Programming Language
Secure a Web application, Java-style
Use Java’s multiple-layer security implementation to protect your Web
By Michael Cymerman, JavaWorld.com, 04/28/00
Secure Coding: Principles & Practices (Book)
http://www.secureprogramming.com/
Recipes for Cryptography, Authentication, Networking, Input Validation and More
OOP in Java
Reusing Classes
The idea is to use the classes without soiling the existing code. There are two ways, you can do this:
- Compositions
- Inheritance
Composition: The new class is composed of objects of existing classes. You are simply reusing the functionality of the code, not its form.
Inheritance: It creates a new class as a type of an existing class. You literally take the form of the existing class and add code to it without modifying the existing class. Compiler does most of the work.
It is important to note that how cleanly the classes are separated. You don’t even need the source code for the methods in order to reuse the code. At most just import a package. (This is true for both inheritance and composition).
Delegation: Not directly supported in Java.
Composition vs. Inheritance
- Composition is generally used when you want the features of an existing class inside your new class, but not its interface. That is, you embed an object so that you can use it to implement features in your new class, but the user of your new class sees the interface you have defined for the new class rather than the interface from the embedded object. For this effect, you embed private objects of existing classes inside your new class.
- Composition is for has-a relationship whereas Inheritance is for is-a relationship.
- Ask whether you will ever need to upcast from your new class to the base class. If you must upcast, then inheritance is necessary, but if you don’t need to upcast then you should look closely at whether you need inheritance. “Do I need to upcast?” you will have a good tool for deciding between composition and inheritance.
Polymorphism deals with decoupling in terms of types. Inheritance allows the treatment of an object as its own type or its base type. This ability is critical because it allows many types (derived from the same base type) to be treated as if they were one type and a single piece of code to work on all those different types equally.
Polymorphism (also called dynamic binding or late binding or run-time binding).
Writing good XML Schema
I have found out some good articles to go through if you want to write a good XML Schema and follow best practices.
eForm Solutions in the Software Industry and Trends
I was searching for the currently existing eform (electronic form) solutions in the industry. I found the following major products with their companies.
- “Cardiff Liquid Office eForms” from Autonomy Cardiff.
- PureEdge eForms (now Lotus Forms) from IBM.
- Livecycle (eForm for the enterprise) from Adobe.
UUID – Universally Unique Identifier
The intent of UUIDs is to enable distributed systems to uniquely identify information without significant central coordination. Thus, anyone can create a UUID and use it to identify something with reasonable confidence that the identifier will never be unintentionally used by anyone for anything else. (Globally Unique Identifiers (GUIDs) are also related.)
The J2SE 5.0 release of Java provides a class that will produce 128-bit UUIDs, although it only implements version 3 and 4 generation methods, not the original method (due to lack of means to access MAC addresses using pure Java). The API documentation for the java.util.UUID class refers to ISO/IEC 11578:1996.
Open source implementations supporting MAC addresses on several common operating systems are UUID – generate UUIDs (or GUIDs) in Java , Java Uuid Generator (JUG) and ActiveScript.
We have used Java Uuid Generator (JuG) from Safehaus (http://jug.safehaus.org/) in NSDG/SSDG projects. It had the requirement of 2 IDs (CorrelationID and AuditID) to be unique across the gateway constellation. These 2 ids required to be 128 bits(32 hexadecimal bits).
Notes: JUG generates UUIDs according to the IETF UUID draft specification(and further clarified in UUID URN name space IETF draft ) – all 3 ‘official’ types defined by the draft – is fast, portable and Open Source(as well as Free Software ).
Reference:
http://jug.safehaus.org/
http://en.wikipedia.org/wiki/Uuid
Design Patterns
Christopher Alexander says, “Each pattern describes a problem which occurs over and over again in our environment, and then describes the core of the solution to that problem, in such a way that you can use this solution a million times over, without ever doing it the same way twice”.
Design patterns(Gang of Four) are grouped in the following categories:
- Creational patterns
- Structural patterns
- Behavioral patterns
Reference:
Book: Design Patterns, Elements of Reusable Object-Oriented Software by Erich Gamma, Richard Helm, Ralph Johnson, John Vlissides
Tricky Stuff in Java
| Important Points |
|---|
If there is a method call to methods with the same name and with (String[] args) and (String… args), the code won’t compile because it won’t know which method to call.
|
Remember that after threadName.start() is declared, the thread my not enter the running state until all the code after it has been executed.
|
The class has a lock, and each object has a lock, and notify() and notifyAll() only notify threads waiting for the same lock.
|
| When wait() and notify() methods are called from non-sychronized context, code will compile, but IllegalMonitorStateException will be thrown at runtime. |
| Static methods can’t override non-static methods and vice-versa – will not compile. |
If there is unreachable portion of code, it will not compile(java.lang.Unreachable). e.g. after throwing an exception.
|
new Boolean(“TRue”) results in true, new Boolean(“AnythingOtherThanCaseInsensitiveTrue”) is false, boolean x = true or false (boolean x=True or boolean x=TRUE will not compile).
|
in System.out.format/printf(“%b”, varX) will print true if varX has any value
|
HashMap and LinkedHashMap can have 1 null key and multiple null values, but TreeMap can’t have any null keys (can have null values), and Hashtable can’t have any null keys or values (will result in NullPointerException)
|
| Use of collectionType.toArray() and trying to use as array as specific types, without casting, when toArray() returns Objects. |
| Static member variables are automatically initialized, final member variables must initialized by the time the constructor finishes, and static final member variables must be assigned at time of declaration or in a static initialization block. Breaking these rules results in failed compilation. |
| Flow of execution: First the static variables are initialized –> then static block is executed –> then main method is called. |
Classes can have multiple static initialization blocks and instance initialization blocks. Remember these Rules:
Example:
class Init {
// constructors
Init(int x) {System.out.println(“1-arg const”);}
Init() {System.out.println(“no-arg const”);}
// Static Initialization block
static {System.out.println(“1st static init”);}
// Instance Initialization blocks
{System.out.println(“1st instance init”);}
{System.out.println(“2nd instance init”);}
public static void main(String [] args) {
new Init();
new Init(7);
}
}
Result of running this program: |
Overloading in Java
Constructor Overloading
We may have the requirement of creating objects in many ways. But constructor name is the same as the name of the class, so all the required constructor will have the same name as that of the class. This is called constructor overloading. And can be overloaded on argument types. (constructors have no return types)
Method Overloading
Similarly methods can be overloaded on argument types. Meaning by you can keep the name of methods same but make methods different by arguments. So how methods will be distinguished? Each method have unique list of arguments and will be decided which method will be called.
You can’t overload a method on return values in Java. But why?
To understand this lets consider the following:
void someMethod() {}
String someMethod(){return "something";}
So if I call someMethod() method in the following way:
someMethod();
How can Java determine which someMethod() should be called? So to avoid this confusion methods can not be overloaded on return type.
Cloud Computing
“The rise of the cloud is more than just another platform shift that gets geeks excited. It will undoubtedly transform the IT industry, but it will also profoundly change the way people work and companies operate.” —The Economist, “Let it Rise,” 10/23/08
“By 2011, early technology adopters will forgo capital expenditure and instead purchase 40% of their IT infrastructure as a service… ‘Cloud computing’ will take off, thus untying applications from specific infrastructure.” — Gartner Press Release, “Gartner Highlights Key Predictions for IT Organisations and Users in 2008 and Beyond,” 1/31/08
Cloud Computing Defined
“It’s one of the foundations of the next generation of computing… It’s a world where the network is the platform for all computing, where everything we think of as a computer today is just a device that connects to the big computer we’re building. Cloud computing is a great way to think about how we’ll deliver computing services in the future.” — Tim O’Reilly, CEO, O’Reilly Media
Read more…
Enterprise Integration Patterns
Some important points from the book “Enterprise Integration Pattern” – Gregor Hohpe, Bobby Woolf:
Basic Messaging Concepts
- Channels
- Messages
- Pipes and Filters
- Routing
- Transformation
- Endpoints
Message Channel
SCEA Java EE 5 (CX-310-052)
Just started to prepare for SCEA for Java EE 5 (CX-310-052). So currently collecting neccessary resources for it. Some are:
Syllabus:
http://in.sun.com/training/certification/java/scea.xml
Resources on Javaranch:
http://saloon.javaranch.com/forums/forum-026.html
Blogs:
How to pass SCEA 5? (javaxcross)
Books and study Materials:
- The Java EE 5 Tutorial
- SCEA – J2EE Study Guide
- Java – SCEA – Practice Exam
- Learn all about the JEE 5 Sun Certified Architect Exam (SCEA) – Humphrey Sheil, CTO Comtec (Europe) Limited
- Java certification success, Part 4: SCEA – Sivasundaram Umapathy (authors@whizlabs.com)
- Tim_Ho_Notes
- Security – Notes – SCEA
- SCJEA Process for J2EE SIG (Presentation)
- Protocols – Notes – SCEA
- Most Important SCEA Exam Notes
- Messaging – Notes – SCEA
- Legacy Connectivity
- John – Wetherbie – Notes
- Heather – Mackenzie – Notes
- I18N notes
- Guide2SCEA-J2EE
- EJB Container Model
- Design Pattern
- EJB
- Applicability of J2EE
- Chris – Broecker – Notes
I was looking for the following book but after too much searching I found that it is still not available:
Exceptions/Errors while starting JBoss
Following are the exception I faced while staring jboss-5.0.0.GA in Fedora 6.
1) 14:43:53,046 ERROR [ServerInfo] Error looking up local address
java.net.UnknownHostException: localhost.localdomain: localhost.localdomain at java.net.InetAddress.getLocalHost(InetAddress.java:1353) at org.jboss.system.server.ServerInfo.getHostAddress(ServerInfo.java:338)
Reason Found:
it’s a wrong /etc/hosts configuration issue.
set your hosts file like this:
Read more…
jdbc Java Database Connectivity
There are 4 different types of JDBC drivers:
- JDBC-ODBC Bridge drivers (follows ODBC standards)
- Partly Java – Partly Native (this does not use any standards)
- Pure Java – Net Protocol Drivers
- Pure Java Drivers (also called Type4Drivers, most popular one)
Important Classes:
DriverManager
Driver
Connection
Statement
ResultSet
Read more…
NSDG: JBoss Case Study
This case study was presented by Mr. Zia Saquib, Executive Director, C-DAC Mumbai at one of the event of JBoss by Red Hat, Mumbai at Bandra Kurla Complex on 11th Dec 2008. The emphasis was to use Open Source Technologies in Mission Mode Projects.
Read more…
EJB3: Mapping Persistent Objects Example 5
Following are the example from the chapter “Mapping Persistent Objects” from the book “Enterprise JavaBeans 3.0″ by Bill Bruke & Richard Monson-Haefel. This example I have tried it out on JBoss AS 5.0.0.CR1. I have used Postgresql as the database. And I have used eclipse WTP as IDE.
Example 5: Embeddable Classes
This example shows the use of @javax.persistence.Embedded annotation to map a persistent property that is a nonentity class.
Read more…
EJB3: Mapping Persistent Objects Example 4
Following are the example from the chapter “Mapping Persistent Objects” from the book “Enterprise JavaBeans 3.0″ by Bill Bruke & Richard Monson-Haefel. This example I have tried it out on JBoss AS 5.0.0.CR1. I have used Postgresql as the database. And I have used eclipse WTP as IDE.
Example 4: Multitable Mappings
This example shows the use of @javax.persistence.SecondaryTable annotation to map one entity class to multiple tables.
Read more…
EJB3: Mapping Persistent Objects Example 3
Example 3: @EmbeddedId
This example shows the use of @javax.persistence.EmbeddedId to map a primary key class to the database and also the use of @javax.persistence.Transient annotation.
Read more…
EJB3: Mapping Persistent Objects Example 2
Following are the example from the chapter “Mapping Persistent Objects” from the book “Enterprise JavaBeans 3.0″ by Bill Bruke & Richard Monson-Haefel. This example I have tried it out on JBoss AS 5.0.0.CR1. I have used Postgresql as the database. And I have used eclipse WTP as IDE.
Read more…
EJB3: Mapping Persistent Objects Example 1
Following are the example from the chapter “Mapping Persistent Objects” from the book “Enterprise JavaBeans 3.0″ by Bill Bruke & Richard Monson-Haefel. This example I have tried it out on JBoss AS 5.0.0.CR1. I have used Postgresql as the database. And I have used eclipse WTP as IDE.
Example 1: Basic Property Mappings
This example shows the use of @Temporal, @Lob and @Enumerated mapping types.
Read more…
EJB3: Mapping Persistent Objects
Entities are real-world objects and can be expressed as nouns. Entities represent data in the database, so changes to an entity bean result in changes to the database. When a new entity is created and persisted, a record must me inserted into the database. When an entity is used and its state changes, that must be reflected to the database.
An entity must implement java.io.Serializable so that it can be used as a DTO.
Read more…
Projects working on
|
|
Recent Comments