Tech Tips

Hmm......... Java Web technology is exploding with many web frameworks promoted by the industry and many by opensource. Too many frameworks to choose from is a bad thing or good thing ?. Read on and judge yourselves. May be too much of anything is bad. Just look at the list below. JSF Spring MVC Tapestry Struts 2 ADF from Oracle Cocoon Maverick JBoss seam This is a never ending list. There are many more. Ofcourse not all are mainstream nowadays. Look at Microsoft stack , you mainly have ASP .NET and that's it. It has grown well.You need to learn only that and you focus all your skills in that web framework.It has accumulated many components and matured into a very robust RAD web application framework. The problem with the Java stream is you work on a particular web framework for sometime and all of a sudden you have to work in another web framework for another project.Hence the experiance one gains by working in a particular framework for long time, gets lost. This definitly lowers

A note on Design patterns Many times we can see ourselves looking for design patterns to fit the design of a requirement. Of course if the requirement is simple enough to apply any existing design pattern we should do so. This will save us valuable time. In my opinion it is better not to worry about which pattern to apply.But concentrate on the three basic Object oriented principles. 1) Encapsulate what varies 2) Prefer composition over inheritance 3) Program to an interface not to an implementation. If we approach the design with these principles in mind , we don't have to search for patterns. Pattern will emerge itself. Once we apply these principles, we can definitely look whether any of the existing patterns can solve the issue better than the way we thought of. This way our thinking process will improve tremendously and at times we may end up creating a solution which may be better than any available design patterns.

It is interesting and important to understand how strings are handled in Java. The way Java handles or manages strings is little different from other objects. Case1 : String a = "java"; String b= "java"; Does these two strings represent the same object reference ?. The answer is yes they do. Case 2: String c=new String("java"); String d =new String("java"); Does c and d point to the same object reference. The answer is NO . They don't. Now let us see how all these work out. First thing: Java maintains a pool of string constants called literal pool. Infact this pool contains references to string instances in heap. Since Strings are also objects they are also created in the heap. Whenever you put a literal ( example to this is what the variable a represents) in the code, this gets special treatment. When the JVM loads your class where there is a string literal, the VM checks whether there is an existing entry in the string pool for this string

Every programmer would have encountered a ClassNotfoundException somewhere in the development lifecycle. Many times we search for reasons why this is happening and i have seen many times people spending long hours to find why this is happening. This is particularly seen with web applications which are deployed in a webserver like tomcat or an app server like Weblogic or JBoss.In the case of a normal desktop java application, this can be fixed by adding the required class or the library that contains the class to the classpath. This way with Java 1.2, classpath classloader will load the class and the issue is fixed. For a web application this may not be as staightforward. Some times i have seen people adding the class to the classpath of the webserver and still getting the error again. Now to identify and fix these issues we need to understand that java supports many types of classloaders. The main one being bootstrap classloader responsible for loading Java API. The other one is the c

To protect a web resource typically we add a security constraint CONFIDENTIAL in the web.xml in the case of Java Technology. That means that this resource is protected and can only be accessed via HTTPS. How this works is this way. Browser sends the request to the resource . Container intercepts and sends a redirect url which is the https URL. Browser again sends the request via HTTPS. The advantage is this mechanism will do automatic switch over of protocols. Hence by simply changing the configuration we can make which part is http and which should be https. But the issue is when the application is accessed via a reverse proxy. In this scenario the automatic protocol switch over will contain the IP or domain name of the internal server and not of the proxy. Hence we may have to do the http to https switch over using java script from the browser. So this defeats the whole purpose of CONFIDENTIAL element. I haven't seen any where in the web.xml spec an element to specify the addres

The best approach to improve the performance and scalability is to pre calculate the logic and cache the results. All computer systems are surviving heavy loads due to caching. It is best to cache at DB, cache web pages at the reverse proxy and of course let browser cache the javascript , css and images. The user request may be anticipated and the system execute the logic and store the information in cache. When a request with matching parameter arrives just serve the information from the cache. This is particularly true for availability searches in the case of hotels, airlines etc. The one word mantra : CACHE IT.

How to integrate Container security in a web application and propagate it to EJB Layer. Normally an enterprise application has a web tier and a business tier (Most probably EJB in the case of J2EE).The security requirments for such an application in general will be this "Only an authenticated and authorized user should be able to access the protected part of the application" This includes both dynamic (jsp pages) and static content like HTML files. If the user has the rights for the web page then based on his role he should be restricted to invoke an ejb method.That's even if he has access to a page he should be able to execute only those business operations for which his role is given access. To satisfy the above requirement we have to have security at 2 levels . One at the web container side and other at the ejb container side. The rest of the post explains how we can do that in JBoss 4.2.2 See my old post on securing an EJB. Once the EJB is secured, next step is to sec