User suexec asked ##java about accessing an EJB from a JSP template.
User dreamreal (i.e., your author) put together a simple application (rather imaginatively called “suexec-war” ) to explore the possibilities. The application was built from Adam Bien‘s minimalistic Java EE 7 Maven archetype, deployed into Wildfly 10.0.
It turns out that to the best of my understanding, injection of an EJB into a JSP is simply unsupported. The JSP can use JNDI to acquire an EJB via JNDI (see source) but the CDI injection never worked.
Next, I wrote a simple servlet (called, of all things, TestServlet.java). Here, the @EJB MyEJB ejb worked like a charm.
To render, I used the Handlebars template library just for kicks; Freemarker (or even JSP itself) would have worked just as well, but I wanted to play with something different.
The process would have been the same no matter what templating library was chosen: you’d take the values you wanted to render and store them somewhere such that the rendering engine could access them. In my case, I could have built a composite object (or even asked Handlebars to call the greet() method itself, using the ejb value) but I was aiming for simplicity rather than optimal behavior, following whaley’s “Make it work, make it pretty, make it fast” principle (from “Suffering-oriented programming” )- this is rough code, meant to serve more as a smoke test than an actual example of a great application, so I left off at “make it work,” leaving even “make it pretty” to others.
Comments and improvements welcomed.
Category: java coding
What you want to have to develop Java
Recently a user asked what they would need to know to develop a “small web application” using Java, including a database.
This is not a good question, really, but IRC user surial gave a lot of relevant information that’s worth preserving and adding to. This is not what surial said – if you’re interested in the actual content, see the channel logs – but this is a paraphrase that attempts to build on surial’s information.
What you need to develop in Java
Java
If you’re going to develop in Java, you obviously (hopefully) need Java itself. You want the JDK, not the JRE (the JDK includes the JRE.) You can use the official Oracle JDK, OpenJDK (from Red Hat, if only for more than Linux support), or Zulu – and this is not likely to be an exhaustive list by any means.
The Oracle JDK is different from OpenJDK only in some of the libraries included. Notably, the JPEG encoder is closed source, so OpenJDK’s JPEG support is not part of OpenJDK itself. Other builds may not have the same problem.
If in doubt, use Oracle’s JDK. There’s nothing wrong with OpenJDK, but when people mention the JDK, they usually mean the official JDK in terms of features and support.
One word about versions: use Java 8. Older versions have already been end-of-lifed, even though they’re still available through archives.
An Editor
Want to start a war? Make a firm recommendation for a development environment, and insult the other environments. The truth is, Java uses text as source; use what works for you.
Popular choices for development environments are IDEA (with both commercial and free versions, although people think of the commercial versions first), Eclipse (also with commercial and free versions, where people think of the free versions first), and Netbeans (with free versions and probably some commercial versions hanging out somewhere.)
All three are quite capable in their own ways. Eclipse is famous for having a perspectives-driven approach, where IDEA and Netbeans are more traditional. They all have free versions; try them out and see what works for you.
Of course, there’s nothing preventing you from using any other editor, either: Sublime Text, Atom, Brackets, vim, emacs, or anything else that can generate text.
A Build System
Strictly speaking, you don’t have to have a build tool. You could always compile manually, by typing javac, after all, and save yourself some work by maybe using a batch file.
Or, if you’re using a Java IDE like IDEA, Eclipse, or Netbeans, you could always use the IDE to build your project. In practice, your IDE will be compiling your project if only to run local tests and tell you about issues in your code, after all.
However… what you should be using is one of Maven, Gradle, SBT, or Kobalt (probably in order of desirability, and as with the other lists in this article, this is not exhaustive).
These build systems allow you to write a configuration that describes your build in such a way that the build is portable to other systems, including integration servers and, well, other users. If you rely on a batch file, you’re hoping that their filesystem and operating system match yours; if you rely on an IDE, you’re hoping that others use the same tools you do.
They don’t. Even if they do, they don’t.
A build system includes the ability to manage dependencies (the libraries your application might use) and other such things, and will also provide the ability to run tests automatically as part of your build process.
Each build system’s configuration can either be loaded by an IDE, or can export an IDE configuration, so you can use any IDE without worrying about the project.
In real terms: use Maven unless you have some process that you need fine-grained control over; if you do need fine-grained control over your build, use Gradle. If you’re using Scala, use SBT. If you’re interested in a new build tool’s development, try Kobalt. Don’t use Ant, make, or CMake, and for goodness’ sake don’t use javac directly after “Hello, World.” You’re not a barbarian.
Talking to a Database
If you’re working with a relational database (and you probably are, if you’re working with persistent data), you have a few ways to go: SQL (where you use JDBC to talk to the database in its own variant of SQL), object-relational mapping (where you use a library that manages data as if it were represented natively as Java objects), or a bridge between the two, where you sort of get objects but you are still thinking relationally.
Examples of ORM libraries: Hibernate and EclipseLink. You can use the JPA standard with either, although Hibernate has a native API that’s arguably more powerful. (EclipseLink probably does, too, but your author has no experience with EclipseLink’s native API, if it has one.) Note also that object-relational mapping is… imperfect. You’re gaining a lot by using Java’s data structures… and you’re losing some because those structures usually don’t map perfectly to a relational model.
Examples of others: jOOQ (“the easiest way to write SQL in Java,” according to their website), JDBI (“convenient SQL for Java”), and Spring Data (a flexible abstraction in front of nearly any persistence mechanism) – your mileage with each may vary, but they all seem to be pretty highly regarded.
Libraries
The Java ecosystem is one of Java’s greatest strengths. The nice thing about having a build tool is that it’s trivially easy to leverage the Java ecosystem, by simply specifying the “address” of a library, and then having the library and its dependencies included in your build by virtue of your build tool’s dependency management.
So: which libraries do you want to use?
There’s no real answer to that: “the ones you need” are probably the best candidates, and generally experience is how you learn which ones you need. Google searches for “java json parser” will give you workable answers for JSON parsing in Java, although they might not be the best answers – feel free to ask the ##java channel or its bot for suggestions on functionality.
However, here are some common libraries that many projects use without worrying about technical debt:
- Guava (generalized utility library)
- Lombok (annotations to reduce boilerplate with no runtime dependencies)
- TestNG or JUnit (testing frameworks)
Quickstarts
If you need to get your project moving quickly, ##java has at least two quickstart projects ready for use, with a small amount of work.
If you want a Gradle project, see https://bitbucket.org/marshallpierce/java-quickstart.
For a Maven quickstart, see https://github.com/jottinger/starter-archetype.
Byte Order Marks (BOM)
The so-called Byte Order Mark is a special unicode character that has no visual representation. The point of it, is to start your text data with this pseudocharacter; it serves as a way to identify “Endianness” – that the text is encoded with UTF-16 (Little Endian), or UTF-16 (Big Endian), or UTF-8.
Java handles it kinda weirdly; this post describes how it works.
The BOM is the bytes: 0xFE 0xFF. That means:
| Encoding | First bytes in the stream |
|---|---|
| UTF-16, Little Endian | FF FE |
| UTF-16, Big Endian | FE FF |
| UTF-8 | EF BB BF |
You can use these to identify streams.
In Java, the BOM is left in the stream data. So, if you for example have a UTF-8 text file that starts with a BOM, and you read it into a String, your string starts with the BOM character. It doesn’t show up when you print it, but it still ‘counts’, in the sense that the .length() call on your string counts the BOM as 1 character, and a string that starts with a BOM is not equal to one that doesn’t start with it, even if they are otherwise the same. You probably want to filter it out!!
The only exception is the special encoding UTF-16. This encoding will, if it’s there, consume the BOM and use it to configure itself as Little Endian or Big Endian. If there is no BOM, it defaults to big endian. Note that this ‘consume the BOM’ behaviour does not apply to the encodings UTF-16LE and UTF-16BE. They read the BOM as normal.
NB: Esoteric note: The unicode character 0xFF 0xFE is intentionally defined as not valid, so that the BOM can be used unambiguously as indicating the endianness of a UTF-16 stream. However, in java, reading this special invalid character does not throw an exception. You can therefore read the byte data: FF FE 41 00, which is the string "A" encoded with a BOM as UTF-16 Little Endian using the encoding UTF-16BE. This produces garbage, but does not throw an exception.
External Program Invocation in Java
Users who wish to shell out a Java program may be tempted to use Runtime.exec(), which yields a Process. They probably should use zt-exec instead. However, for those who think that using a separate library for something so “simple” is overkill, please read on.
General Notes
Java does not invoke a shell – Java uses execve(). This means that variables like ~, %HOME%, and “$JAVA_HOME” will not be expanded, nor will you be able to use shell built-ins such as cd or while. However, Java can invoke a bash or cmd shell, which can then be fed input and output. For more information on shelling out to an actual shell, please see “Invoking A Shell.”
Invocation with Runtime
Runtime is the most accessible way to execute an external process. Processes are started with Runtime.exec(String), Runtime.exec(String[]), and variants based off of Runtime.exec(String) that accept an environment variable array and an optional directory. The only method that should be used from Runtime.exec() is the String[] variant. Each part of the String[] reflects a separate argument, with the 0th being the command to be run. For the functionality of an environment variable array and a directory, please see “Invocation with ProcessBuilder“.
No variant of Runtime.exec(String) should be used because Runtime.exec(String) splits the incoming string on spaces. This may not sound bad, as the shell also splits on spaces. Take the following:
sed 's/a b/c d/gi' "My Documents/foo.txt"
A shell would interpret this as ["sed", "s/a b/c d/gi", "My Documents/foo.txt"]
Runtime.exec(String) would interpret this as: ["sed", "'s/a", "b/c", "d/gi'", "\"My", "Documents/foo.txt\""]
Always use the Runtime.exec(String[]) variant.
After performing the invocation with Runtime, please see “Using Process“.
Invocation with Process Builder
ProcessBuilder takes a String... or a List<string> as its command argument. Each part of the String[] reflects a separate argument, with the 0th being the command to be run. In order to manipulate the environment, ProcessBuilder.environment() returns a mutable Map<String,String> of environment variables. This should be modified (it is not a read-only view, as pointed out by the summary javadoc). Setting the directory can be done with a .directory() call.
Other common operations are setting standard output to a file, with redirectOutput(File), and merging standard input and standard output, with redirectErrorStream(true). Starting the process can be done by calling .start().
After performing this invocation, please see “Using Process“.
Invoking a Shell
This must be done by actually starting the shell process, and then the shell will interpret variables as normal. Done with ProcessBuilder, with the following algorithm:
List<String> parameters = new ArrayList<>();
if(System.getProperty("os.name").toLowerCase().contains("windows")) {
parameters.add("cmd");
parameters.add("/C");
} else {
parameters.add("/bin/bash");
parameters.add("-c");
}
This will start the OS-specific shell: cmd.exe on Windows, bash on other systems. Other shells may be substituted on linux by changing “bash” to the appropriate shell in the above. Those familiar with cmd may want to switch /C to /X – this is improper unless streams are redirected, with ProcessBuilder.inheritIO().
Note that Windows’
PowerShellapparently introduces some difficulties. Apparently how it is invoked is different enough that these instructions aren’t enough.
Using Process
After a Process is obtained with either of the above methods, the process has been started and will run until its natural death. However, there are several common pitfalls.
You must cull the process with Process.waitFor(), even if you do not want all input and output from the process. Otherwise, the process will exist as a zombie until the parent process (the JVM) exits.
You do not have to read the output from the process, but if you read either stdout or stderr, you must read both. On some systems, if there is output in stderr, stdout is blocked until this output is consumed. This must be done in a multithreaded fashion if these streams are not joined.
If you want to terminate the process before finishing, you can call Process.destroy() – this sends the process-equivalent of the KILL signal to the process, not TERM, so use cautiously.
Putting it all together, the following is a sample of shelling out to an external process:
import java.io.IOException;
import java.io.InputStream;
import java.util.concurrent.Executors;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Future;
import java.util.concurrent.Callable;
public class Example {
public static void main(String[] args) throws Exception {
ExecutorService service = Executors.newSingleThreadExecutor();
Process p = Runtime.getRuntime().exec(new String[]{"echo", "Hello world"});
new Thread(new ErrorConsumer(p.getErrorStream())).start();
//java is the center of the universe
Future output = service.submit(new OutputConsumer(p.getInputStream()));
p.waitFor();
System.out.println(output.get());
}
private static class ErrorConsumer implements Runnable {
private final InputStream toDiscard;
public ErrorConsumer(final InputStream toDiscard) {
this.toDiscard = toDiscard;
}
@Override
public void run() {
byte[] buf = new byte[1024];
try {
while (toDiscard.read(buf) != -1) ;
} catch (IOException e) {
e.printStackTrace();
}
}
}
private static class OutputConsumer implements Callable</string><string> {
private final InputStream toRead;
public OutputConsumer(final InputStream toRead) {
this.toRead = toRead;
}
@Override
public String call() throws Exception {
StringBuilder sb = new StringBuilder();
byte[] buf = new byte[1024];
int read;
while ((read = toRead.read(buf)) != -1) {
sb.append(new String(buf, 0, read));
}
return sb.toString();
}
}
}
Editor’s note: this code may or may not work as expected. It runs, but may block on some operations – consider yourself warned, prepare to hit
^C, and use it as a point of emphasis on why you should be using zt-exec, shown immediately below…
Or, with zt-exec:
import org.zeroturnaround.exec.ProcessExecutor;
import java.io.IOException;
import java.util.concurrent.TimeoutException;
public class Example2 {
public static void main(String[] args)
throws InterruptedException, TimeoutException, IOException {
String output = new ProcessExecutor()
.command("echo", "Hello World")
.readOutput(true)
.execute()
.outputUTF8();
System.out.println(output);
}
}
Programmatic Reload of Logback Configurations
Logback has the capability to programmatically and explicitly load various configurations. This can be useful when you need to adjust logging levels at runtime, and it’s actually pretty easy to do, as well.
You’d want to use something like this for a long-running application, or one that has an extensive load process: imagine a production environment, where you want to see details that would be hidden by convention.
For example, imagine you track a given method invocation, but your production logs don’t include the tracking, because it’s too verbose. But if a problem occurs, you want to be able to see the invocation. Changing the logging configuration and redeploying (or restarting) is an option, but it’s expensive and embarrassing, when all you really need to do is see more information.
The core operative code looks like this:
LoggerContext context = (LoggerContext) LoggerFactory.getILoggerFactory();
context.reset();
JoranConfigurator configurator = new JoranConfigurator();
configurator.setContext(context);
configurator.doConfigure(this.getClass().getResourceAsStream("/logback.xml"));
Note that doConfigure can throw a JoranException if the configuration is invalid somehow.
I built a project (called logback-reloader) to demonstrate this. The project has a LogThing interface, which provides a simple doSomething() method along with an accessor for a Logger; the doSomething() method simply issues a series of calls to generate log entries at different levels.
public interface LogThing {
Logger getLog();
default void doSomething() {
getLog().trace("trace message");
getLog().debug("debug message");
getLog().warn("warn message");
getLog().info("info message");
getLog().error("error message");
}
}
I then created two different implementations – ‘FineLogThing’ and ‘CoarseLogThing’ which are identical except that they’re named differently (so that I can easily tune the logging levels).
It would have been easy to use a single implementation and declare two components with Spring, but then I’d be deriving the logger from the Spring name and not the package of the classes. This was just a short path to completion, not necessarily a great design.
Why Spring? Because I’m using Spring at work, and I wanted my test code to be reusable.
Then I created a custom Appender (InMemoryAppender) to provide easy access to logged information. I wanted to do this because I wanted to programmatically check that the logging levels were being changed; the idea is that my custom appender actually maintains a list of logged entries internally so I can query it later. The reason the logged entries is a static List is because Spring doesn’t maintain the Appenders – logback does – so again, this was a short path to completion, not necessarily a “great design.”
So to put it together, I created a TestNG test that had two tests in it. The only difference in the tests is that one uses “logback.xml” – the default configuration, loaded by default but explicitly included here to remove dependency on order of execution in the tests – and the other uses “logback-other.xml“. (I could have parameterized the tests as well – again, shortest path, not “great design.”)
Our default logback configuration is pretty simple, albeit slightly longer than I’d like:
<configuration>
<appender name="MEMORY" class="com.autumncode.logger.InMemoryAppender"></appender>
<logger name="com.autumncode.components.fine" level="TRACE"></logger>
<logger name="com.autumncode.components.coarse" level="INFO"></logger>
<root level="WARN">
<appender -ref ref="MEMORY"></appender>
</root>
</configuration>
Note that it’s
appender-ref, no spaces. The Markdown implementation from this site’s software is inserting the space before the dash.
The “other” logback configuration is almost identical. The only difference is in the level for the coarse package:
<configuration>
<appender name="MEMORY" class="com.autumncode.logger.InMemoryAppender"></appender>
<logger name="com.autumncode.components.fine" level="TRACE"></logger>
<logger name="com.autumncode.components.coarse" level="TRACE"></logger>
<root level="WARN">
<appender -ref ref="MEMORY"></appender>
</root>
</configuration>
Here’s the first test:
@Test
public void testBaseConfiguration() throws JoranException {
LoggerContext context = (LoggerContext) LoggerFactory.getILoggerFactory();
context.reset();
JoranConfigurator configurator = new JoranConfigurator();
configurator.setContext(context);
configurator.doConfigure(this.getClass().getResourceAsStream("/logback.xml"));
appender.reset();
fineLogThing.doSomething();
assertEquals(appender.getLogMessages().size(), 5);
appender.reset();
coarseLogThing.doSomething();
assertEquals(appender.getLogMessages().size(), 3);
}
This verifies that the coarse logger doesn’t include as many elements as the fine logger, because the default logback configuration has a more coarse logging granularity set for its package.
The other test is almost identical, as stated: the only differences are in the logback configuration file and the number of messages the coarse logger is expected to have created.
So there you have it: a simple example of reloading logback configuration at runtime.
It’s worth noting that this isn’t “new information.” It’s actually shown pretty well at sites like “Obscured by Clarity,” for example. The only contribution here is the building of a project with running code, as well as loading the configuration from the classpath as opposed to from a filesystem.
The case of EnumSet
A few days ago ##java happened to discuss sets and bit patterns and things like that, I happened to mention EnumSet and that I find it useful. The rest of the gang wanted to know how it actually measures up, so this is a short evaluation of how EnumSet stacks up for some operations. We are going to look at a few different things.
EnumSet classes
There are two different versions of EnumSet:
* RegularEnumSet when the enum has less than 64 values
* JumboEnumSet used when the enum has more than 64 values
Looking at the code, it is easy to see that RegularEnumSet stores the bit pattern in one long and that JumboEnumSet uses a long[]. This of course means that JumboEnumSets are quite a lot more expensive, both in memory usage and cpu usage (at least one extra level of memory access).
Memory usage
I created a little program to just hold one million Sets with a few values in each of them.
Note: the enumproject.zip was built by your editor, not your author – any problems with it are the fault of dreamreal and not ernimril. Note that the project is mostly for source reference and not actually running the benchmark.
List<Set<Token>> tokens = new ArrayList<> ();
for (int i = 0; i < 1_000_000; i++) {
Set<Token> s = new HashSet<> ();
s.add (Token.LF);
s.add (Token.CR);
s.add (Token.CRLF);
tokens.add (s);
}
Heap memory usage for this program was about 250 MB according to JVisualVM.
Changing the new HashSet<> (); into EnumSet.noneOf (Token.class); we instead get 70 MB of heap memory usage.
Using the SmallEnum instead causes the HashSet to still use about 250MB, but drops the EnumSet usage down to 39 MB. I find it quite nice to save that much memory.
CPU performance
I constructed two simple tests, shown below, that calls a few methods on a Set that is either EnumSet or HashSet, depending on run. The enums have a few Sets that contain different allocations of the enum and the isX-methods only do return xSet.contains(this);
@Benchmark
public void testRegular() throws InterruptedException {
SmallEnum s = SmallEnum.A;
boolean isA = s.isA ();
boolean isB = s.isB ();
boolean isC = s.isC ();
boolean res = isA | isB | isC;
}
@Benchmark
public void testJumbo() throws InterruptedException {
Token t = Token.WHITESPACE;
boolean isWhitespace = t.isWhitespace ();
boolean isIdentifier = t.isIdentifier ();
boolean isKeyword = t.isKeyword ();
boolean isLiteral = t.isLiteral ();
boolean isSeparator = t.isSeparator ();
boolean isOperator = t.isOperator ();
boolean isBitOrShiftOperator = t.isBitOrShiftOperator ();
boolean res =
isWhitespace | isIdentifier | isKeyword | isLiteral |
isSeparator | isOperator | isBitOrShiftOperator;
}
I did the benchmarking using jmh in order to find out how fast this is.
Using HashSet:
Benchmark Mode Cnt Score Error Units
EnumSetBenchmark.testJumbo thrpt 20 46787074.985 ± 2373288.078 ops/s
EnumSetBenchmark.testRegular thrpt 20 124474882.016 ± 2165015.166 ops/s
Using EnumSet:
Benchmark Mode Cnt Score Error Units
EnumSetBenchmark.testJumbo thrpt 20 112456096.790 ± 320582.588 ops/s
EnumSetBenchmark.testRegular thrpt 20 563668720.636 ± 594323.541 ops/s
This is of course quite a silly test and one can argue that it does not do very much useful, but it still gives us quite a good indication that performance gains are there. Using EnumSet is 2.4 times faster for jumbo enums, but 4.5 times faster for small (regular) enums for this kind of operation.
I do not claim that your usage will notice the same speedup, but it might be worth checking out.
Final thoughts
Does it really matter if you use EnumSet or Set? In most cases: no, the enum will only be one field and not part of memory usage or cpu consumption, but depending on your use case it can be a nice memory saver while also being faster. I recommend that you use it.
Expected Exceptions from JUnit
Use JUnit’s expected exceptions sparingly, from the JOOQ blog, says not to use JUnit‘s “expected exceptions” feature. (Or, more accurately, to use it “sparingly.”) It’s good advice, but it’s also largely limited to JUnit (with one main exception).
What they’re addressing is the transition from this pattern:
@Test
public void testValueOfIntInvalid() {
try {
ubyte((UByte.MIN_VALUE) - 1);
fail();
}
catch (NumberFormatException e) {}
}
To this pattern:
@Test(expected = NumberFormatException.class)
public void testValueOfShortInvalidCase1() {
ubyte((short) ((UByte.MIN_VALUE) - 1));
}
They have four reasons that this doesn’t actually get you anything:
- We’re not really gaining anything in terms of number of lines of code
- We’ll have to refactor it back anyway
- The single method call is not the unit
- Annotations are always a bad choice for control flow structuring
Of these, “The single method call is not the unit” is by far the strongest point.
We’re not really gaining anything in terms of number of lines of code
It’s a matter of opinion, but we generally are gaining something in terms of the code. The refactored test has one line of actual code: ubyte((short) ((UByte.MIN_VALUE) - 1));. Everything around it is window dressing. The original test has the try/catch code, which adds a lot of noise – and discards the “error condition,” which is the actual metric for success (it fails the test if there’s no error.)
Is this a big deal? … No, it’s not. But it’s also not a point worth making.
We’ll have to refactor it back anyway
Here’s where JUnit itself messes things up. The authors actually have a really good point, if you’re locked into JUnit:
In the annotation-driven approach, all I can do is test for the exception type. I cannot make any assumptions about the exception message for instance, in case I do want to add further tests, later on. Consider this:
try { ubyte((UByte.MIN_VALUE) - 1); fail("Reason for failing"); } catch (NumberFormatException e) { assertEquals("some message", e.getMessage()); assertNull(e.getCause()); ... }
Ah, JUnit. JOOQ is making the assertion (see what I did there?) that they can’t examine Reason for failing or some message with the annotation.
They’re right… if you’re locked into JUnit. TestNG can, of course, look at the message and validate it. If the message doesn’t fit the regex, then the test fails, just as expected (and desired).
@Test(expectedExceptions={NumberFormatException.class},
expectedExceptionsMessageRegExp="Reason for failing")
public void testThings() {
...
The single method call is not the unit
Here’s what JOOQ says:
The unit test was called
testValueOfIntInvalid(). So, the semantic “unit†being tested is that of theUBytetype’svalueOf()behaviour in the event of invalid input in general. Not for a single value, such asUByte.MIN_VALUE - 1.
They’re running yet again into a limitation of JUnit. The actual point they’re making is correct, but TestNG provides a @DataProvider mechanism, where you’d actually give the test a signature of testValueOfIntInvalid(int) and pass in a set of integers. That means you can test a range and corner cases, with a single appropriate test.
People have written a data-provider-like feature for JUnit (see junit-dataprovider) – which only highlights how JUnit is affecting the choices made by the JOOQ team.
Annotations are always a bad choice for control flow structuring
Hard to argue with this one: Java has excellent control flow, even if it’s verbose at times. However, the annotation is direct enough (with TestNG, at least) that you aren’t really violating control flow: you’re saying “this is a test, it has these execution rules, and this is how you measure success.” With JUnit, you don’t have the same control.
JUnit.next
According to JOOQ, the next generation of JUnit (junit-lambda) fixes things a little, by offering a lambda solution to exceptions:
Exception e = expectThrows(NumberFormatException.class, () ->
ubyte((UByte.MIN_VALUE) - 1));
assertEquals("abc", e.getMessage());
That’s admirable, but they’re still behind TestNG by a few generations – and there’s still no data factory mechanism.
In Conclusion
Their closing statement is actually really good:
Annotations were abused for a lot of logic, mostly in the JavaEE and Spring environments, which were all too eager to move XML configuration back into Java code. This has gone the wrong way, and the example provided here clearly shows that there is almost always a better way to write out control flow logic explicitly both using object orientation or functional programming, than by using annotations.
It’s worth noting that the statement was actually driven by a lack of features in JUnit (when compared to TestNG) but the point remains.
Using SQL's "IN" in JDBC
In SQL, the IN operator is used to restrict columns to one of a set of values. Using IN in JDBC, though, is sometimes problematic because of the way different databases handle prepared statements.
With JDBC, prepared statements use ? to serve as markers for values in a SQL statement. Thus, you might see:
PreparedStatement ps=connection.prepareStatement("SELECT * FROM FOO WHERE BAR = ?");
This serves to help prevent SQL injection attacks; assigning a value of "'' or 1==1'" would check that actual value against BAR rather than return all rows.
The parameter number of each ? is an index, starting from 1, so to set the value against which to compare BAR we might see:
ps.setParameter(1, "BAZ");
The IN operator in SQL allows selection from a set of values. Thus, we might see:
SELECT * FROM FOO WHERE BAR IN ('BAZ', 'QUUX', 'CORGE')
If BAR is one of BAZ, QUUX, or CORGE, then the row matches the query and will be returned.
It would make sense to see a PreparedStatement declared as:
PreparedStatement ps=connection.prepareStatement("SELECT * FROM FOO WHERE BAR IN (?)");
However, this doesn’t work. (It gives you only one element to use for the IN selector.) You have two choices: you can write SQL against your specific database, or you can generate custom SQL for the query.
Let’s look at the most general form (the SQL customization) first, since that’s going to be supported best. We are assuming a simple table, created with:
create table if not exists information (id identity primary key, info integer)
Note that we’re presuming H2 at this stage. In PostgreSQL, an equivalent statement would be create table if not exists information (id serial primary key, info integer). With MySQL… oh, who cares, nobody should use MySQL.
Given an array of data to use for the IN clause of Integer[] data = {3, 4, 6, 11};, we can construct a viable (and general) SQL query like this:
StringJoiner joiner = new StringJoiner(
",",
"select * from information where info in (",
")");
for (Object ignored : data) {
joiner.add("?");
}
String query = joiner.toString();
try (PreparedStatement ps = conn.prepareStatement(query)) {
for (int c = 0; c < data.length; c++) {
ps.setObject(c + 1, data[c]);
}
try (ResultSet rs = ps.executeQuery()) {
showResults(rs);
}
}
This code isn’t complicated, although it looks like a lot for what it does. It first creates a SQL statement with a placeholder for every element in the data array, then sets each placeholder to the corresponding value in data, and then runs the query. The SQL has to be regenerated for every case where data has a different length. (We could potentially reuse the statement if data always has the same length.)
You can also generalize this, depending on your database. It requires custom SQL, though, and the code to use the SQL differs by database as well.
H2
For H2, we can use the ARRAY_CONTAINS function. Our SQL statement will look like "select * from information where array_contains(?, info)", and the code to use this statement looks like this:
try (PreparedStatement ps = conn.prepareStatement(query)) {
ps.setObject(1,data);
try (ResultSet rs = ps.executeQuery()) {
showResults(rs);
}
}
H2 can use setObject() and use that as the input for the ARRAY_CONTAINS function; this way, we have one placeholder and we don’t have to generate custom SQL for every different size of the input array.
PostgreSQL
In PostgreSQL, we can use the ANY function. Our SQL looks like "select * from information where info = ANY(?)". Our code to use the statement:
try (PreparedStatement ps = conn.prepareStatement(query)) {
Array array=conn.createArrayOf("INTEGER", data);
ps.setArray(1, array);
try (ResultSet rs = ps.executeQuery()) {
showResults(rs);
}
}
MySQL
This is offered somewhat tongue-in-cheek, for a few reasons: one is that I genuinely dislike MySQL, another is that the SQL technique offered here probably isn’t needed very often in the first place (so doing an exhaustive solution is overkill), and the third is ironic: this site is hosted in WordPress, and uses MySQL as the backend database. Irony ftw, right?
Conclusion
We’ve shown a few possibilities for restricting the results of queries, using a general-purpose restriction (IN, with custom SQL generated for every query, still protected from SQL injection attacks), and custom SQL queries for both H2 and PostgreSQL. These are definitely not the only possibilities; feel free to show how you’d do it, or discuss potential optimizations. Some sample code for these examples can be found at https://github.com/jottinger/jdbc_contains – note that some of the code might require modification for each database, and the project doesn’t describe how to create the PostgreSQL database. (The project was written largely to prove the mechanisms described here, and wasn’t meant to be a one-size-fits-all solution.)
A set of testing tools
Petri Kainulainen posted “12 Tools That I Use for Writing Unit and Integration Tests,” which does a pretty good job of describing a set of testing tools and approaches, including solutions in the following categories:
- Running Tests
- Mock and Stub frameworks
- Writing Assertions
- Testing Data Access
- Testing Spring
It’s not comprehensive (nor does it claim to be), with no mention of things like TestNG, Arquillian, Liquibase or Flyway, or testing CDI in general (see Arquillian), but that doesn’t mean it’s not a good start on an interesting idea. What tools would you suggest for testing?
Bypassing subclass method overrides
Someone in ##java recently asked a question that may come up with beginners to OOP: How to invoke a method of a superclass from the outside. For example, if ChildClass extends BaseClass and overrides BaseClass.method(), how can one invoke the method of the superclass, bypassing the override in ChildClass?
This is not a very good idea from an OOP standpoint, because the child class might not expect the parent’s behavior to be invoked, but it’s still a very interesting question. It turns out there actually is a way to do this, too.
We will work with the following class setup:
public class Test {
public static class BaseClass {
public String method() {
return "BaseClass.method()";
}
}
public static class ChildClass extends BaseClass {
@Override
public String method() {
return "ChildClass.method()";
}
}
}
In Java bytecode, normal (not static, not an interface) method calls are made via the invokevirtual instruction. (As an example, invokevirtual is used when doing a simple obj.method() call.) However, this obviously will not work for super.method() instructions in code – the overridden method, not the superclass’ method, would be called. For this purpose, the JVM has another invoke instruction called invokespecial: it is used to invoke an instance method of an exact class, without respecting overridden method definitions.
Sadly, the verifier complains when we try to do load a class that does this; it throws a VerifyError with the message Illegal use of nonvirtual function call. The invokespecial instruction on a method can only be used from a direct subclass or the class itself, in the places where you would expect super.method() to work (inner classes use a bridge method). It’s probably better this way, too – if this was possible without some security checks, this could probably be easily exploited.
Method handles to the rescue! With the introduction of the MethodHandles API in Java 7, we have all sorts of nifty ways to bypass such measures through a bit of reflection. This API is also protected by access checks – here throwing IllegalAccessExceptions when we try to create our invokespecial handle.
Editor’s note: Java 7 has been end-of-lifed as of this writing – you should be using Java 8 by now, unless you have specific requirements holding you back to an older version of Java.
This is fairly easy to bypass by using normal reflection to create an instance of MethodHandles.Lookup that has a “Lookup Class”, meaning the permissions of a class, that is in fact allowed to invokespecial our target method BaseClass.method(). There are two candidates for this: the direct subclass of BaseClass, in our example ChildClass (for those super.method() calls mentioned above), and BaseClass itself (for some constructor business). For convenience we will use BaseClass as getting the direct child class requires a few more lines of code:
Constructor<Methodhandles.Lookup> methodHandlesLookupConstructor = MethodHandles.Lookup.class.getDeclaredConstructor(Class.class); methodHandlesLookupConstructor.setAccessible(true); MethodHandles.Lookup lookup = methodHandlesLookupConstructor.newInstance(BaseClass.class);
Now the fun begins! We can use MethodHandles.Lookup.findSpecial() to create a MethodHandle that points towards our target method. We don’t need to worry about access checks here due to the constructor code above:
MethodHandle handle = lookup.findSpecial(
BaseClass.class, "method", MethodType.methodType(String.class), BaseClass.class);
Done! Working example:
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.reflect.Constructor;
public class Test {
public static void main(String[] args) throws Throwable {
ChildClass obj = new ChildClass();
System.out.println(obj.method()); // prints ChildClass.method()
System.out.println(invokeSpecial(obj)); // prints BaseClass.method()
}
static String invokeSpecial(BaseClass obj) throws Throwable {
// create the lookup
Constructor<MethodHandles.Lookup> methodHandlesLookupConstructor =
MethodHandles.Lookup.class.getDeclaredConstructor(Class.class);
methodHandlesLookupConstructor.setAccessible(true);
MethodHandles.Lookup lookup = methodHandlesLookupConstructor.newInstance(BaseClass.class);
// create the method handle
MethodHandle handle = lookup.findSpecial(
BaseClass.class, "method", MethodType.methodType(String.class), BaseClass.class);
return (String) handle.invokeWithArguments(obj);
}
public static class BaseClass {
public String method() {
return "BaseClass.method()";
}
}
public static class ChildClass extends BaseClass {
@Override
public String method() {
return "ChildClass.method()";
}
}
}