Sometimes it’s easier to just write your SQLs

posted 10-Apr-2012 | 5 comments

Object-relational mapping (in the JPA compliant sense) is so ubiquitous nowadays in the Java development scene, that we rarely question ourselves if we really need it, and if not using it may be a better option.

In my experience, some systems benefit from using JPA technology (most systems actually), but some do not, in fact I think some systems become unnecessarily complicated and bigger because of it.

Read more »

Java concurrency examples – Fork/Join framework

posted 4-Apr-2012 | 2 comments

In the previous posts about the java.util.concurrent framework, I introduced what for me is the core of the package and what you will use the most on real-world applications.

Going further with the topic, it’s worth to know the new fork/join framework introduced in Java 7. The pros and cons of this framework over the usage of thread pools or regular thread/runnable development has been subject of a lot of debate, but I think it is still a nice tool to have in your arsenal.

I’ll use a more classic approach to show you the basic structure of the fork/join framework and code a version of the Quicksort algorithm using it.

Read more »

Java concurrency examples – Getting feedback from concurrent tasks

posted 29-Mar-2012 | 4 comments

Picking up from where I left off in my last post about the java.util.concurrent package, it’s interesting and sometimes mandatory to get feedback from concurrent tasks after they are started.

For example imagine an application that has to send email batches, besides from using a multi-threaded mechanism, you want to know how many of the intended emails were successfully dispatched, and during the actual sending process, the real-time progress of the whole batch.

Read more »

Using a relational DBMS as a multi server concurrency control

posted 26-Mar-2012 | 3 comments

Sometimes you just don’t want or need the complexity of a fancy distributed transaction manager or complicated RPCs to coordinate a concurrent job amongst a farm of servers.

Here is a very simple and efficient way to achieve a lock/release type of concurrency control in a farm-like architecture using nothing but a few SQL sentences and your relational database.

Read more »

Java concurrency examples – Parallel data processing

posted 22-Mar-2012 | 5 comments

Version 5 of the Java platform introduced a high level concurrency API, located in the java.util.concurrent package.

It allows for a much elegant and intuitive multi-threaded programming. I know this is old news for some, but I have found that most programmers still rely on the Thread class and Runnable interface to solve most concurrent problems in Java, when almost all of them can be implemented in a much cleaner way using the new API.

In this post series I’ll provide several examples on the usage of java.util.concurrent classes to solve common challenges. Let’s start with a simple parallel solution for data processing.

Read more »

Give options, not configuration nightmares

posted 21-Mar-2012 | one comment

You have probably heard about convention over configuration, specially if you follow Ruby on Rails, the Play Framework or similar projects.

Taken from Wikipedia:

Convention over configuration (also known as coding by convention) is a software design paradigm which seeks to decrease the number of decisions that developers need to make, gaining simplicity, but not necessarily losing flexibility.

What I propose is that you not only praise the advantages this paradigm brings to you as a developer, but that you apply the same principles to the software you create and then empower the users and support staff that will use it.

Read more »

Defining an agile methodology for orthodox environments

posted 19-Mar-2012 | 2 comments

My company designs and develop mobile and web based banking solutions. Our customers (banks for the most part) are highly bureaucratized, orthodox (ie. like to have everything pre-defined and pre-approved) and risk adverse, and therefore change and the disruption of the status quo is not a normal sight within most of them.

Most banking IT departments are used to the good old waterfall development cycle (believe it or not). Additionally, when they purchase a tailor made system (or a highly customizable product based deployment) they prefer to know in advance exactly what the system will do, how will it do it and how long will it take to deploy it (even if they don’t know what they want themselves).

I believe this happens a lot in provider/customer relationships, and not only in the finantial sector.

But during real life software development projects at banks, as it happens on almost all software projects:

  • Changes are inevitable
  • Users don’t realize what they want until they see the system working
  • Developers don’t understand what the user needs until they see the user’s face looking at the actual system

So an agile methodology seems to be in order, right? But how to couple both worlds…

Read more »

Stronger anti cross-site scripting (XSS) filter for Java web apps

posted 17-Mar-2012 | 34 comments

Jul/4/2012: Updated the wrapper code to pre-compile the patterns (making them static) to improve performance by avoiding their re-compilation on each run.

Here is a good and simple anti cross-site scripting (XSS) filter written for Java web applications. What it basically does is remove all suspicious strings from request parameters before returning them to the application. It’s an improvement over my previous post on the topic.

You should configure it as the first filter in your chain (web.xml) and it’s generally a good idea to let it catch every request made to your site.

Read more »

Auditing and logging, separating debugging from security trails

posted 14-Mar-2012 | one comment

I bet that when you are about to start coding a new software piece, specially if it’s for a corporate customer, you don’t even question yourself whether to generate an activity log or not, it’s a mandatory commodity nowadays.

What’s not so obvious is that there are at least two major uses for an activity trail in almost all systems:

  1. Analyzing errors and technology problems.
  2. Keeping a record of users activities.

In my experience most developer generated log information is oriented towards solving the first issue (analyzing errors). And even if you include context information in the log about the user, his actions and consequences; your typical log has several disadvantages towards solving the second problem.

Read more »

List all classes in a package (even from a JAR file)

posted 13-Mar-2012 | 8 comments

I recently had the need to list all the classes available within a given list of packages, to execute them via reflection as part of a plugin architecture in a new product we are developing.

This proved to be a little more hard than it should, since Javas provided reflection utilities don’t have any metadata regarding the contents of a package available in your classpath.

Read more »