Here are some of the bad coding practices yous should avoid spell working for a Java EE application or Java Web application inwards general, which runs on a Web Server similar Tomcat or Enterprise Server similar JBoss, WebLogic, or IBM WebSphere:
1) Calling System.exit() from a Web application
It is never a goodness see for a spider web application to effort to near downwards the application container. Influenza A virus subtype H5N1 telephone telephone to System.exit() is in all probability role of leftover debug code or code imported from a non-J2EE application. You tin bathroom farther read my article "Don't exercise System.exit() on Java spider web application" to larn to a greater extent than about.
2) Storing Non-Serializable Object Stored inwards Session
Influenza A virus subtype H5N1 Java EE application tin bathroom brand exercise of multiple JVMs inwards guild to meliorate application reliability as well as performance. In guild to brand the multiple JVMs seem equally a unmarried application to the end-user, the Java EE container tin bathroom replicate an HttpSession object across multiple JVMs hence that if i JVM becomes unavailable some other tin bathroom measuring inwards as well as accept its house without disrupting the catamenia of the application.
In guild for session replication to work, the values the application stores equally attributes inwards the session must implement the Serializable interface.
Example 1: The next degree adds itself to the session, exactly because it is non serializable, the session tin bathroom no longer endure replicated, as well as yous volition encounter errors inwards your server log file.
public degree DataTransferObject {
String name;
String value;
public void addToSession(HttpSession session) {
session.setAttribute("dto", this);
}
}
3) Creating Threads
Thread administration inwards a spider web application is forbidden yesteryear the Java EE touchstone inwards some circumstances as well as is e'er highly error-prone. Managing threads is hard as well as is probable to interfere inwards unpredictable ways amongst the conduct of the application container.
Even without interfering amongst the container, thread administration ordinarily leads to bugs that are hard to abide by as well as diagnose similar deadlock, race conditions, as well as other synchronization errors.
If yous are novel into Java EE world, I advise yous bring together a hands-on course of didactics like The Java EE Course - construct a Java EE app from scratch on Udemy to sympathise the fundamentals as well as basic guidelines required for creating Java EE application. This volition non alone preclude yous from committing these mistakes exactly too salvage a lot of time.
4) Socket Based Communication
Socket-based communication inwards spider web applications is prone to error. The Java EE touchstone permits the exercise of sockets alone for the role of communication amongst legacy systems when no higher-level protocol is available. Authoring your ain communication protocol requires wrestling amongst hard safety issues, including:
Many of the same issues apply to a custom implementation of a touchstone protocol. While in that place are ordinarily to a greater extent than resources available that address safety concerns related to implementing a touchstone protocol, these resources are too available to attackers.
Btw, Java EE8 has introduced some novel server force technologies, yous tin bathroom see courses)How to gear upwardly a JNDI connectedness puddle inwards Tomcat? (tutorial) How to shipping electronic mail from a Java Program? (tutorial) How to configure HTTPS on Tomcat server? (tutorial) Data Access Object Design Pattern inwards Java? (pattern) Difference betwixt JAX-RS as well as Jersey? (answer) Top five spider web log Java EE developer should follow (blogs) 5 Java EE Online Training Courses for Java Developers (courses) 10 Spring MVC Annotations Java dev should larn (annotations) Top five Courses to larn Spring Boot inwards 2019 (courses)
Thanks for reading this article hence far. If yous similar this article as well as then delight portion amongst your friends as well as colleagues. If yous receive got whatever questions or feedback as well as then delight drib a note.
1) Calling System.exit() from a Web application
It is never a goodness see for a spider web application to effort to near downwards the application container. Influenza A virus subtype H5N1 telephone telephone to System.exit() is in all probability role of leftover debug code or code imported from a non-J2EE application. You tin bathroom farther read my article "Don't exercise System.exit() on Java spider web application" to larn to a greater extent than about.
2) Storing Non-Serializable Object Stored inwards Session
Influenza A virus subtype H5N1 Java EE application tin bathroom brand exercise of multiple JVMs inwards guild to meliorate application reliability as well as performance. In guild to brand the multiple JVMs seem equally a unmarried application to the end-user, the Java EE container tin bathroom replicate an HttpSession object across multiple JVMs hence that if i JVM becomes unavailable some other tin bathroom measuring inwards as well as accept its house without disrupting the catamenia of the application.
In guild for session replication to work, the values the application stores equally attributes inwards the session must implement the Serializable interface.
Example 1: The next degree adds itself to the session, exactly because it is non serializable, the session tin bathroom no longer endure replicated, as well as yous volition encounter errors inwards your server log file.
public degree DataTransferObject {
String name;
String value;
public void addToSession(HttpSession session) {
session.setAttribute("dto", this);
}
}
3) Creating Threads
Thread administration inwards a spider web application is forbidden yesteryear the Java EE touchstone inwards some circumstances as well as is e'er highly error-prone. Managing threads is hard as well as is probable to interfere inwards unpredictable ways amongst the conduct of the application container.
Even without interfering amongst the container, thread administration ordinarily leads to bugs that are hard to abide by as well as diagnose similar deadlock, race conditions, as well as other synchronization errors.
If yous are novel into Java EE world, I advise yous bring together a hands-on course of didactics like The Java EE Course - construct a Java EE app from scratch on Udemy to sympathise the fundamentals as well as basic guidelines required for creating Java EE application. This volition non alone preclude yous from committing these mistakes exactly too salvage a lot of time.
4) Socket Based Communication
Socket-based communication inwards spider web applications is prone to error. The Java EE touchstone permits the exercise of sockets alone for the role of communication amongst legacy systems when no higher-level protocol is available. Authoring your ain communication protocol requires wrestling amongst hard safety issues, including:
- In-band versus out-of-band signaling
- Compatibility betwixt protocol versions
- Channel security
- Error handling
- Network constraints (firewalls)
- Session management
Many of the same issues apply to a custom implementation of a touchstone protocol. While in that place are ordinarily to a greater extent than resources available that address safety concerns related to implementing a touchstone protocol, these resources are too available to attackers.
Btw, Java EE8 has introduced some novel server force technologies, yous tin bathroom see courses)
Thanks for reading this article hence far. If yous similar this article as well as then delight portion amongst your friends as well as colleagues. If yous receive got whatever questions or feedback as well as then delight drib a note.
No comments:
Post a Comment