Do you want to know how to develop your skillset to become a Java Rockstar?

Subscribe to our newsletter to start Rocking right now!

To get you started we give you our best selling eBooks for FREE!

1. JPA Mini Book

2. JVM Troubleshooting Guide

3. JUnit Tutorial for Unit Testing

4. Java Annotations Tutorial

5. Java Interview Questions

and many more ....

Featured FREE Whitepapers

What's New Here?


Spring MVC 3: Upload multiple files

It was just another long day at office with the database not available and one of the team members lagging by a week now. So, we had to work as a team to get it delivered. In Spring 3, it looked straight forward to upload a file. However, there was little help on offer, to upload multiple files from a jsp file.               There are three basic things which need to be done to upload multiple files are: a) The JSP needs to have the input[file] elements passed as an array. <td><input name="fileData[0]" id="image0" type="file" /></td> <td><input name="fileData[1]" id="image1" type="file" /></td> b) The ModelAttribute/Model object in Spring MVC needs to have a list of MultipartFile. import java.util.List; import org.springframework.web.multipart.commons.CommonsMultipartFile; public class UploadItem { private String filename; private List<CommonsMultipartFile> fileData; c) Configure Multipart Resolver bean in dispatcher-servlet.xml[applicationContext-servlet.xml] <!-- Configure the multipart resolver --> <bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver"> </bean> d) Logic to read the files from the Model and store it in a file location in the Controller layer. @RequestMapping(method = RequestMethod.POST) public String create(UploadItem uploadItem, BindingResult result, HttpServletRequest request, HttpServletResponse response, HttpSession session) { if (result.hasErrors()) { for (ObjectError error : result.getAllErrors()) { System.err.println("Error: " + error.getCode() + " - " + error.getDefaultMessage()); } return "/uploadfile"; } // Some type of file processing... System.err.println("-------------------------------------------"); try { for(MultipartFile file:uploadItem.getFileData()){ String fileName = null; InputStream inputStream = null; OutputStream outputStream = null; if (file.getSize() > 0) { inputStream = file.getInputStream(); if (file.getSize() > 20000) { System.out.println("File Size exceeded:::" + file.getSize()); return "/uploadfile"; } System.out.println("size::" + file.getSize()); fileName = request.getRealPath("") + "/images/" + file.getOriginalFilename(); outputStream = new FileOutputStream(fileName); System.out.println("fileName:" + file.getOriginalFilename()); int readBytes = 0; byte[] buffer = new byte[10000]; while ((readBytes =, 0, 10000)) != -1) { outputStream.write(buffer, 0, readBytes); } outputStream.close(); inputStream.close(); // .......................................... session.setAttribute("uploadFile", file.getOriginalFilename()); } //MultipartFile file = uploadItem.getFileData(); } } catch (Exception e) { e.printStackTrace(); } return "redirect:/forms/uploadfileindex"; } I have extended the example which is found @ RoseIndia to dynamically create the file nodes and post them to the Controller. Just download the source-code and replace the below jsp file and make other necessary changes: Upload.jsp <%@page contentType="text/html;charset=UTF-8"%> <%@page pageEncoding="UTF-8"%> <%@ page session="false"%> <%@ taglib prefix="form" uri=""%><html> <head> <META http-equiv="Content-Type" content="text/html;charset=UTF-8"> <title>Upload Example</title> <script language="JavaScript"> var count=0; function add(type) { //Create an input type dynamically. var table = document.getElementById("fileUploadTable"); var tr = document.createElement("tr"); var td = document.createElement("td"); var element = document.createElement("input");//Assign different attributes to the element. element.setAttribute("type", "file"); element.setAttribute("value", ""); element.setAttribute("name", "fileData["+type+"]"); //Append the element in page (in span). td.appendChild(element); tr.appendChild(td); table.appendChild(tr); } function Validate() { var image =document.getElementById("image").value; if(image!=''){ var checkimg = image.toLowerCase(); if (!checkimg.match(/(\.jpg|\.png|\.JPG|\.PNG|\.jpeg|\.JPEG)$/)){ alert("Please enter Image File Extensions .jpg,.png,.jpeg"); document.getElementById("image").focus(); return false; } } return true; }</script> </head> <body> <form:form modelAttribute="uploadItem" name="frm" method="post" enctype="multipart/form-data" onSubmit="return Validate();"> <fieldset><legend>Upload File</legend> <table > <tr> <input type="button" name="Add Image" onclick="add(count++)" value="Add Image"/> </tr> <tr> <table id="fileUploadTable"> <!--td><form:label for="fileData" path="fileData">File</form:label><br /> </td> <td><input name="fileData[0]" id="image0" type="file" /></td> <td><input name="fileData[1]" id="image1" type="file" /></td--> </table> </tr> <tr> <td><br /> </td> <td><input type="submit" value="Upload" /></td> </tr> </table> </fieldset> </form:form> </body> </html>, generate getter and setter methods for the private List fileData;, and then just copy and paste the create(…) mentioned in the blog above. Note: If you are still facing issue with file upload in Spring MVC, please add a MultipartFilter. Refer here. <filter> <filter-name>multipartFilter</filter-name> <filter-class></filter-class> </filter> <filter-mapping> <filter-name>multipartFilter</filter-name> <url-pattern>/springrest/*</url-pattern> </filter-mapping> <bean id="filterMultipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver"> <property name="maxUploadSize"> <value>10000000</value> </property> </bean>   Reference: Upload multiple files in Spring MVC 3 from our JCG partner Srinivas Ovn at the Bemused blog. ...

Spring Data JDBC generic DAO implementation – most lightweight ORM ever

I am thrilled to announce first version of my Spring Data JDBC repository project. The purpose of this open source library is to provide generic, lightweight and easy to use DAO implementation for relational databases based on JdbcTemplate from Spring framework, compatible with Spring Data umbrella of projects.               Design objectivesLightweight, fast and low-overhead. Only a handful of classes, no XML, annotations, reflection This is not full-blown ORM. No relationship handling, lazy loading, dirty checking, caching CRUD implemented in seconds For small applications where JPA is an overkill Use when simplicity is needed or when future migration e.g. to JPA is considered Minimalistic support for database dialect differences (e.g. transparent paging of results)Features Each DAO provides built-in support for:Mapping to/from domain objects through RowMapper abstraction Generated and user-defined primary keys Extracting generated key Compound (multi-column) primary keys Immutable domain objects Paging (requesting subset of results) Sorting over several columns (database agnostic) Optional support for many-to-one relationships Supported databases (continuously tested):MySQL PostgreSQL H2 HSQLDB Derby …and most likely most of the othersEasily extendable to other database dialects via SqlGenerator class. Easy retrieval of records by IDAPI Compatible with Spring Data PagingAndSortingRepository abstraction, all these methods are implemented for you: public interface PagingAndSortingRepository<T, ID extends Serializable> extends CrudRepository<T, ID> { T save(T entity); Iterable<T> save(Iterable<? extends T> entities); T findOne(ID id); boolean exists(ID id); Iterable<T> findAll(); long count(); void delete(ID id); void delete(T entity); void delete(Iterable<? extends T> entities); void deleteAll(); Iterable<T> findAll(Sort sort); Page<T> findAll(Pageable pageable); } Pageable and Sort parameters are also fully supported, which means you get paging and sorting by arbitrary properties for free. For example say you have userRepository extending PagingAndSortingRepository<User, String> interface (implemented for you by the library) and you request 5th page of USERS table, 10 per page, after applying some sorting: Page<User> page = userRepository.findAll( new PageRequest( 5, 10, new Sort( new Order(DESC, "reputation"), new Order(ASC, "user_name") ) ) ); Spring Data JDBC repository library will translate this call into (PostgreSQL syntax): SELECT * FROM USERS ORDER BY reputation DESC, user_name ASC LIMIT 50 OFFSET 10 …or even (Derby syntax): SELECT * FROM ( SELECT ROW_NUMBER() OVER () AS ROW_NUM, t.* FROM ( SELECT * FROM USERS ORDER BY reputation DESC, user_name ASC ) AS t ) AS a WHERE ROW_NUM BETWEEN 51 AND 60 No matter which database you use, you’ll get Page<User> object in return (you still have to provide RowMapper<User> yourself to translate from ResultSet to domain object. If you don’t know Spring Data project yet, Page<T> is a wonderful abstraction, not only encapsulating List<User>, but also providing metadata such as total number of records, on which page we currently are, etc. Reasons to useYou consider migration to JPA or even some NoSQL database in the future.Since your code will rely only on methods defined in PagingAndSortingRepository and CrudRepository from Spring Data Commons umbrella project you are free to switch from JdbcRepository implementation (from this project) to: JpaRepository, MongoRepository, GemfireRepository or GraphRepository. They all implement the same common API. Of course don’t expect that switching from JDBC to JPA or MongoDB will be as simple as switching imported JAR dependencies – but at least you minimize the impact by using same DAO API. You need a fast, simple JDBC wrapper library. JPA or even MyBatis is an overkill You want to have full control over generated SQL if needed You want to work with objects, but don’t need lazy loading, relationship handling, multi-level caching, dirty checking… You need CRUD and not much more You want to by DRY You are already using Spring or maybe even JdbcTemplate, but still feel like there is too much manual work You have very few database tablesGetting started For more examples and working code don’t forget to examine project tests. Prerequisites Maven coordinates: <dependency> <groupId>com.blogspot.nurkiewicz</groupId> <artifactId>jdbcrepository</artifactId> <version>0.1</version> </dependency> Unfortunately the project is not yet in maven central repository. For the time being you can install the library in your local repository by cloning it: $ git clone git:// $ git checkout 0.1 $ mvn javadoc:jar source:jar install In order to start your project must have DataSource bean present and transaction management enabled. Here is a minimal MySQL configuration: @EnableTransactionManagement @Configuration public class MinimalConfig { @Bean public PlatformTransactionManager transactionManager() { return new DataSourceTransactionManager(dataSource()); } @Bean public DataSource dataSource() { MysqlConnectionPoolDataSource ds = new MysqlConnectionPoolDataSource(); ds.setUser("user"); ds.setPassword("secret"); ds.setDatabaseName("db_name"); return ds; } } Entity with auto-generated key Say you have a following database table with auto-generated key (MySQL syntax): CREATE TABLE COMMENTS ( id INT AUTO_INCREMENT, user_name varchar(256), contents varchar(1000), created_time TIMESTAMP NOT NULL, PRIMARY KEY (id) ); First you need to create domain object User mapping to that table (just like in any other ORM): public class Comment implements Persistable<Integer> { private Integer id; private String userName; private String contents; private Date createdTime; @Override public Integer getId() { return id; } @Override public boolean isNew() { return id == null; } //getters/setters/constructors/... } Apart from standard Java boilerplate you should notice implementing Persistable<Integer> where Integer is the type of primary key. Persistable<T> is an interface coming from Spring Data project and it’s the only requirement we place on your domain object. Finally we are ready to create our CommentRepository DAO: @Repository public class CommentRepository extends JdbcRepository<Comment, Integer> { public CommentRepository() { super(ROW_MAPPER, ROW_UNMAPPER, "COMMENTS"); } public static final RowMapper<Comment> ROW_MAPPER = //see below private static final RowUnmapper<Comment> ROW_UNMAPPER = //see below @Override protected Comment postCreate(Comment entity, Number generatedId) { entity.setId(generatedId.intValue()); return entity; } } First of all we use @Repository annotation to mark DAO bean. It enables persistence exception translation. Also such annotated beans are discovered by CLASSPATH scanning. As you can see we extend JdbcRepository<Comment, Integer> which is the central class of this library, providing implementations of all PagingAndSortingRepository methods. Its constructor has three required dependencies: RowMapper, RowUnmapper and table name. You may also provide ID column name, otherwise default "id" is used. If you ever used JdbcTemplate from Spring, you should be familiar with RowMapper interface. We need to somehow extract columns from ResultSet into an object. After all we don’t want to work with raw JDBC results. It’s quite straightforward: public static final RowMapper<Comment> ROW_MAPPER = new RowMapper<Comment>() { @Override public Comment mapRow(ResultSet rs, int rowNum) throws SQLException { return new Comment( rs.getInt("id"), rs.getString("user_name"), rs.getString("contents"), rs.getTimestamp("created_time") ); } }; RowUnmapper comes from this library and it’s essentially the opposite of RowMapper: takes an object and turns it into a Map. This map is later used by the library to construct SQL CREATE/UPDATE queries: private static final RowUnmapper<Comment> ROW_UNMAPPER = new RowUnmapper<Comment>() { @Override public Map<String, Object> mapColumns(Comment comment) { Map<String, Object> mapping = new LinkedHashMap<String, Object>(); mapping.put("id", comment.getId()); mapping.put("user_name", comment.getUserName()); mapping.put("contents", comment.getContents()); mapping.put("created_time", new java.sql.Timestamp(comment.getCreatedTime().getTime())); return mapping; } }; If you never update your database table (just reading some reference data inserted elsewhere) you may skip RowUnmapper parameter or use MissingRowUnmapper. Last piece of the puzzle is the postCreate() callback method which is called after an object was inserted. You can use it to retrieve generated primary key and update your domain object (or return new one if your domain objects are immutable). If you don’t need it, just don’t override postCreate(). Check out JdbcRepositoryGeneratedKeyTest for a working code based on this example. By now you might have a feeling that, compared to JPA or Hibernate, there is quite a lot of manual work. However various JPA implementations and other ORM frameworks are notoriously known for introducing significant overhead and manifesting some learning curve. This tiny library intentionally leaves some responsibilities to the user in order to avoid complex mappings, reflection, annotations… all the implicitness that is not always desired. This project is not intending to replace mature and stable ORM frameworks. Instead it tries to fill in a niche between raw JDBC and ORM where simplicity and low overhead are key features. Entity with manually assigned key In this example we’ll see how entities with user-defined primary keys are handled. Let’s start from database model: CREATE TABLE USERS ( user_name varchar(255), date_of_birth TIMESTAMP NOT NULL, enabled BIT(1) NOT NULL, PRIMARY KEY (user_name) ); …and User domain model: public class User implements Persistable<String> { private transient boolean persisted; private String userName; private Date dateOfBirth; private boolean enabled; @Override public String getId() { return userName; } @Override public boolean isNew() { return !persisted; } public User withPersisted(boolean persisted) { this.persisted = persisted; return this; } //getters/setters/constructors/... } Notice that special persisted transient flag was added. Contract of from Spring Data project requires that an entity knows whether it was already saved or not (isNew()) method – there are no separate create() and update() methods. Implementing isNew() is simple for auto-generated keys (see Comment above) but in this case we need an extra transient field. If you hate this workaround and you only insert data and never update, you’ll get away with return true all the time from isNew(). And finally our DAO, UserRepository bean: @Repository public class UserRepository extends JdbcRepository<User, String> { public UserRepository() { super(ROW_MAPPER, ROW_UNMAPPER, "USERS", "user_name"); } public static final RowMapper<User> ROW_MAPPER = //... public static final RowUnmapper<User> ROW_UNMAPPER = //... @Override protected User postUpdate(User entity) { return entity.withPersisted(true); } @Override protected User postCreate(User entity, Number generatedId) { return entity.withPersisted(true); } } "USERS" and "user_name" parameters designate table name and primary key column name. I’ll leave the details of mapper and unmapper (see source code). But please notice postUpdate() and postCreate() methods. They ensure that once object was persisted, persisted flag is set so that subsequent calls to save() will update existing entity rather than trying to reinsert it. Check out JdbcRepositoryManualKeyTest for a working code based on this example. Compound primary key We also support compound primary keys (primary keys consisting of several columns). Take this table as an example: CREATE TABLE BOARDING_PASS ( flight_no VARCHAR(8) NOT NULL, seq_no INT NOT NULL, passenger VARCHAR(1000), seat CHAR(3), PRIMARY KEY (flight_no, seq_no) ); I would like you to notice the type of primary key in Peristable<T>: public class BoardingPass implements Persistable<Object[]> { private transient boolean persisted; private String flightNo; private int seqNo; private String passenger; private String seat; @Override public Object[] getId() { return pk(flightNo, seqNo); } @Override public boolean isNew() { return !persisted; } //getters/setters/constructors/... } Unfortunately we don’t support small value classes encapsulating all ID values in one object (like JPA does with @IdClass), so you have to live with Object[] array. Defining DAO class is similar to what we’ve already seen: public class BoardingPassRepository extends JdbcRepository<BoardingPass, Object[]> { public BoardingPassRepository() { this("BOARDING_PASS"); } public BoardingPassRepository(String tableName) { super(MAPPER, UNMAPPER, new TableDescription(tableName, null, "flight_no", "seq_no") ); } public static final RowMapper<BoardingPass> ROW_MAPPER = //... public static final RowUnmapper<BoardingPass> UNMAPPER = //... } Two things to notice: we extend JdbcRepository<BoardingPass, Object[]> and we provide two ID column names just as expected: "flight_no", "seq_no". We query such DAO by providing both flight_no and seq_no (necessarily in that order) values wrapped by Object[]: BoardingPass pass = repository.findOne(new Object[] {"FOO-1022", 42}); No doubts, this is cumbersome in practice, so we provide tiny helper method which you can statically import: import static; //... BoardingPass foundFlight = repository.findOne(pk("FOO-1022", 42)); Check out JdbcRepositoryCompoundPkTest for a working code based on this example. Transactions This library is completely orthogonal to transaction management. Every method of each repository requires running transaction and it’s up to you to set it up. Typically you would place @Transactional on service layer (calling DAO beans). I don’t recommend placing @Transactional over every DAO bean. Caching Spring Data JDBC repository library is not providing any caching abstraction or support. However adding @Cacheable layer on top of your DAOs or services using caching abstraction in Spring is quite straightforward. See also: @Cacheable overhead in Spring. Contributions ..are always welcome. Don’t hesitate to submit bug reports and pull requests. Biggest missing feature now is support for MSSQL and Oracle databases. It would be terrific if someone could have a look at it. Testing This library is continuously tested using Travis (). Test suite consists of 265 tests (53 distinct tests each run against 5 different databases: MySQL, PostgreSQL, H2, HSQLDB and Derby. When filling bug reports or submitting new features please try including supporting test cases. Each pull request is automatically tested on a separate branch. Building After forking the official repository building is as simple as running: $ mvn install You’ll notice plenty of exceptions during JUnit test execution. This is normal. Some of the tests run against MySQL and PostgreSQL available only on Travis CI server. When these database servers are unavailable, whole test is simply skipped: Results : Tests run: 265, Failures: 0, Errors: 0, Skipped: 106 Exception stack traces come from root AbstractIntegrationTest. Design Library consists of only a handful of classes, highlighted in the diagram below:JdbcRepository is the most important class that implements all PagingAndSortingRepository methods. Each user repository has to extend this class. Also each such repository must at least implement RowMapper and RowUnmapper (only if you want to modify table data). SQL generation is delegated to SqlGenerator. PostgreSqlGenerator. and DerbySqlGenerator are provided for databases that don’t work with standard generator. License This project is released under version 2.0 of the Apache License (same as Spring framework).   Reference: Probability distribution for programmers from our JCG partner Tomasz Nurkiewicz at the NoBlogDefFound blog. ...

Effective Logging in Java/JEE – Mapped Diagnostic Context

It all started when i was sitting with a colleague to resolve some application issue, when i noticed something interesting. He was merging the code and my eyes caught the attention of this class “org.apache.log4j.MDC”. This led to few discoveries on the way which  follow here: What is MDC? MDC stands for Mapped Diagnostic Context. It helps you to distinguish inter-leaving logs from multiple sources. Let me explain in detail. When we have multiple user-requests coming in for a given servlet, each request of an user is serviced using a thread. This leaves multiple users logging to the same log file and the log   statements get inter-mixed. Now, to filter out logs of a particular user, we need to append the user-id to the log statements so that we can grep(search) them in the log file, to make some sense of it. An obvious way of logging, is to append the user-id in the log statements i.e.” logged something “); A non-invasive way of logging is to use MDC. With MDC, you put the user-id in a context-map which is attached to the thread (of each user request) by the logger. MDC is thread-safe and uses a Map internally to store the context information.[Courtesy : Kalyan Dabburi] How to use MDC? a. Configure the information, which needs to be logged (user-id in this case) in the log4j.xml as part of ConversionPattern. log4j.appender.consoleAppender.layout.ConversionPattern = %d %i - %m - %X{user-id}%n b. In your respective class, before you start processing the user request, place the actual user-id in the context(MDC). MDC.put("user-id","SKRS786"); c. Remove the context information from MDC at the end of the processing. MDC.remove("user-id"); Resources :Logback implementation Log4J implementationWhat is NDC ? Which one to use MDC or NDC? NDC stands for Nested Diagnostic Context. It is a stack-based implementation of attaching context information. For all purposes, use MDC over NDC, as MDC is memory efficient. For a detailed comparison, click here. Which logging framework to use? Log4J or SLF4J or logback? For all new application development, use logback. logback is a run-time implementation of SLF4J. If you have an existing application with Log4J, it is still worth-while to switch to logback. For a detailed explanation, click here. To understand the evolution of logging in Java and JEE world, refer to this article by Micheal Andrews.   Reference: Effective Logging in Java/JEE from our JCG partner Srinivas Ovn at the Bemused blog. ...

Android TextView with custom fonts

While developing an android app I found that everytime I was trying to use a custom font on a TextView I copied the same lines:                   TextView textview = (TextView) findViewById(; textview.setTypeface(...) Obviously, that’s unnecessary and repetitive. Why not just create a custom view? And more, why not adding the font through xml code? public class CustomTextView extends TextView {private Context mContext; private String mFont; public CustomTextView(Context context) { super(context, null); mContext = context; init(); }public CustomTextView(Context context, AttributeSet attrs) { super(context, attrs); mContext = context; TypedArray a = context.getTheme().obtainStyledAttributes( attrs, R.styleable.CustomButtom, 0, 0); try { mFont = a.getString(R.styleable.CustomButtom_font); } finally { a.recycle(); } init(); } private void init() { if (mFont != null) { setTypeface(FontsUtils.get(mFont)); } }}We just have to extend from TextView and read from the attribute set the font string declared on its styleable resource. Just create an attrs.xml (or use an existing one) and add the following: <declare-styleable name="CustomTextview"> <attr name="font" format="string" /> </declare-styleable> Now, you could declare on your xml layout like this: <LinearLayout android:id="@+id/comments" android:layout_width="match_parent" android:layout_height="wrap_content" > < android:layout_width="wrap_content" android:layout_height="wrap_content" android:text="@string/no_comments" /> </LinearLayout>   Reference: Android TextView with custom fonts from our JCG partner Javier Manzano at the Javier Manzano’s Blog blog. ...

Probability distribution for programmers

This is one of these very simple programming puzzles I came across recently: given a function returning random integers from 0 to 4 inclusive with equal probability, write a function returning random integers from 0 to 6 inclusive. Of course the solution should also return equally distributed numbers. So let’s start from an input function sample definition:             def rand4() = (math.random * 5).toInt Your task is to implement rand6() by only using rand4(). Give yourself few minutes and continue reading. The first approach is pretty straightforward but happens to be completely broken: def rand6() = rand4() * 3 / 2 As simple as that. In ideal solution each output value from 0 to 6 should appear with the probability of 1/7. Can you tell from the code above, what’s the probability of rand6() returning 2 or 5? That’s right, it’s no more than 0, you’ll never get these values. I hope it’s clear why. So let’s go for something more sophisticated: def rand6() = (rand4() + rand4()) % 7 Looks better, but still pretty far. The code above has two major flaws. First of all the results of rand4() + rand4() expression range from 0 to 8 but we need 0 to 6. The obvious solution is to use % 7 operation. However this results in 0 and 1 being returned twice as often because 7 and 8 are overflowing to 0 and 1. So what about this: def rand6(): Int = { val rand8 = rand4() + rand4() if(rand8 > 6) rand6() else rand8 } I hope the recursion (which can easily be turned into loop, but I leave that work to the Scala compiler) is not obscuring the intent – if the sum of two rand4() invocations is above expected result, we simply discard it and call rand6() again. However there is still one subtle but striking bug, quoting Wikipedia on uniform distribution. The sum of two independent, equally distributed, uniform distributions yields a symmetric triangular distribution. If you don’t quite get the above, have a look at this live demo in JavaScript using <canvas/> illustrating what Wikipedia means:This program simply places pixels at random (X, Y) positions on each panel. In the first panel I use one Math.random() * 300 call scaled to fit whole canvas. As you can see the distribution is more or less uniform. But we can’t tell that about second and third panels. On the second panel I am using the sum of two uniformly distributed variables, in principle: (Math.random() + Math.random()) * 150). Even though this expression can return anything between 0 and 300, the points are very biased toward the middle of the canvas (triangular distribution). The same behaviour is emphasized on the third panel where ten invocations of Math.random() are used. The correct answer The approach I’m taking is based on the observation that rand4() is capable of producing two random least significant bits. So let’s start from implementing rand3() with known semantics: def rand3(): Int = rand4() match { case 4 => rand3() case x => x } rand3() returns uniformly distributed values from 0 to 3 doing so by rejecting 4 output of rand4(). How will that help us? Well, we now have two random bits, each one being either 0 or 1 with 50% probability. We can easily widen it for larger sequences, e.g. rand15() and rand7(): def rand15() = (rand3() << 2) + rand3() def rand7() = rand15() >> 1 You should be rather comfortable with the bit fiddling above. Having the ability to produce two random bits I can easily generate 4 and 3. Now rand6() is a no-brainer: def rand6() = rand7() match { case 7 => rand6() case x => x } Just to make this lesson a little bit more interesting, let’s implement randN(n: Int) on top of rand4(). randN() should return uniformly distributed natural values from 0 to n. I’ll begin by implementing helper method atLeastKrandBits(k: Int) returning… at least K random bits: def atLeastKrandBits(k: Int): Int = k match { case 0 => 0 case 1 => rand3() >> 1 case 2 => rand3() case b => (atLeastKrandBits(k - 2) << 2) + rand3() } Alternative implementation with foldLeft(): def atLeastKrandBits(k: Int) = (0 to (k + 1) / 2).foldLeft(0){ (acc, _) => (acc << 2) + rand3() } …or if you really hate those to maintain your code: def atLeastKrandBits(k: Int) = (0 /: (0 to (k + 1) / 2)){ (acc, _) => (acc << 2) + rand3() } Having any of the implementations above randN(n: Int) is simple: def randN(n: Int) = { val bitsCount = java.lang.Integer.highestOneBit(n) val randBits = atLeastKrandBits(bitsCount) if(randBits > n) randN(n) else randBits } Conclusions You might ask yourself a question: why should I even care? If you fail to understand probability distribution your application might produce random output that’s actually quite easy to predict. It’s not a big deal if you are writing a game and enemies are more likely to appear at some places on the map (but the players will discover and abuse it!) But if you need random numbers for security reasons or you rely on uniform distribution e.g. for load-balancing purposes – any bias might become fatal.   Reference: Probability distribution for programmers from our JCG partner Tomasz Nurkiewicz at the Java and neighbourhood blog. ...

OAuth 2.0 Bearer Token Profile Vs MAC Token Profile

Almost all the implementation I see today are based on OAuth 2.0 Bearer Token Profile. Of course its an RFC proposed standard today. OAuth 2.0 Bearer Token profile brings a simplified scheme for authentication. This specification describes how to use bearer tokens in HTTP requests to access OAuth 2.0 protected resources. Any party in possession of a bearer token (a ‘bearer’) can use it to get access to the associated resources (without demonstrating possession of a cryptographic key). To prevent misuse, bearer tokens need to be protected from disclosure in storage and in transport. Before dig in to the OAuth 2.0 MAC profile lets have quick high-level overview of OAuth 2.0 message flow. OAuth 2.0 has mainly three phases.       1. Requesting an Authorization Grant. 2. Exchanging the Authorization Grant for an Access Token. 3. Access the resources with the Access Token. Where does the token type come in to action ? OAuth 2.0 core specification does not mandate any token type. At the same time at any point token requester – client – cannot decide which token type it needs. It’s purely up to the Authorization Server to decide which token type to be returned in the Access Token response. So, the token type comes in to action in phase-2 when Authorization Server returning back the OAuth 2.0 Access Token. The access token type provides the client with the information required to successfully utilize the access token to make a protected resource request (along with type-specific attributes). The client must not use an access token if it does not understand the token type. Each access token type definition specifies the additional attributes (if any) sent to the client together with the ‘access_token’ response parameter. It also defines the HTTP authentication method used to include the access token when making a protected resource request. For example following is what you get for Access Token response irrespective of which grant type you use. HTTP/1.1 200 OKContent-Type: application/json;charset=UTF-8Cache-Control: no-storePragma: no-cache{'access_token':'mF_9.B5f-4.1JqM','token_type':'Bearer','expires_in':3600,'refresh_token':'tGzv3JOkF0XG5Qx2TlKWIA'} The above is for Bearer – following is for MAC. HTTP/1.1 200 OKContent-Type: application/jsonCache-Control: no-store{'access_token':'SlAV32hkKG','token_type':'mac','expires_in':3600,'refresh_token':'8xLOxBtZp8','mac_key':'adijq39jdlaska9asud','mac_algorithm':'hmac-sha-256'} Here you can see MAC Access Token response has two additional attributes. mac_key and the mac_algorithm. Let me rephrase this – ‘Each access token type definition specifies the additional attributes (if any) sent to the client together with the ‘access_token’ response parameter’. This MAC Token Profile defines the HTTP MAC access authentication scheme, providing a method for making authenticated HTTP requests with partial cryptographic verification of the request, covering the HTTP method, request URI, and host. In the above response access_token is the MAC key identifier. Unlike in Bearer, MAC token profile never passes it’s top secret over the wire. The access_token or the MAC key identifier is a string identifying the MAC key used to calculate the request MAC. The string is usually opaque to the client. The server typically assigns a specific scope and lifetime to each set of MAC credentials. The identifier may denote a unique value used to retrieve the authorization information (e.g. from a database), or self-contain the authorization information in a verifiable manner (i.e. a string consisting of some data and a signature). The mac_key is a shared symmetric secret used as the MAC algorithm key. The server will not reissue a previously issued MAC key and MAC key identifier combination. Now let’s see what happens in phase-3. Following shows how the Authorization HTTP header looks like when Bearer Token been used. Authorization: Bearer mF_9.B5f-4.1JqM This adds very low overhead on client side. It simply needs to pass the exact access_token it got from the Authorization Server in phase-2. Under MAC token profile, this is how it looks like. Authorization: MAC id='h480djs93hd8',ts='1336363200',nonce='dj83hs9s',mac='bhCQXTVyfj5cmA9uKkPFx1zeOXM=' This needs bit more attention. id is the MAC key identifier or the access_token from the phase-2. ts the request timestamp. The value is a positive integer set by the client when making each request to the number of seconds elapsed from a fixed point in time (e.g. January 1, 1970 00:00:00 GMT). This value is unique across all requests with the same timestamp and MAC key identifier combination. nonce is a unique string generated by the client. The value is unique across all requests with the same timestamp and MAC key identifier combination. The client uses the MAC algorithm and the MAC key to calculate the request mac. This is how you derive the normalized string to generate the HMAC. The normalized request string is a consistent, reproducible concatenation of several of the HTTP request elements into a single string. By normalizing the request into a reproducible string, the client and server can both calculate the request MAC over the exact same value. The string is constructed by concatenating together, in order, the following HTTP request elements, each followed by a new line character (%x0A):The timestamp value calculated for the request. The nonce value generated for the request. The HTTP request method in upper case. For example: ‘HEAD’, ‘GET’, ‘POST’, etc. The HTTP request-URI as defined by [RFC2616] section 5.1.2. The hostname included in the HTTP request using the ‘Host’ request header field in lower case. The port as included in the HTTP request using the ‘Host’ request header field. If the header field does not include a port, the default value for the scheme MUST be used (e.g. 80 for HTTP and 443 for HTTPS). The value of the ‘ext’ ‘Authorization’ request header field attribute if one was included in the request (this is optional), otherwise, an empty string.Each element is followed by a new line character (%x0A) including the last element and even when an element value is an empty string. Either you use Bearer of MAC – the end user or the resource owner is identified using the access_token. Authorization, throttling, monitoring or any other quality of service operations can be carried out against the access_token irrespective of which token profile you use.   Reference: OAuth 2.0 Bearer Token Profile Vs MAC Token Profile from our JCG partner Prabath Siriwardena at the Facile Login blog. ...

Fluent Object Creation

Many posts have been written on this subject (overwhelmingly many) but I just wanted to contribute my two-cents and write a short post about how I use the Fluent Object Creation pattern or object builders in Java to instantiate Value Objects. Value Objects are abstractions that are defined by their state (value) rather than their address in memory. Examples of value objects are things like money, a number, a coordinate, etc. They are used not to describe Business Objects but rather descriptions of concrete indivisible entities. Also, they make great candidates for adding them to collections and maps. In Java, Value Objects should be declared final and provide no setter methods, basically making it’s state immutable after creation, this is a very important   requirement. Declaring them final makes them unable to serve as parent objects. This is done by design since value objects should model small and concrete entities. The reason being is that we should be able to create and compare multiple copies of these objects, which is always done by state not by reference. In addition, you should declare proper equals() and hashCode() methods to qualify for a proper value object. In C++, the same principles apply. In C++ you should make use of the Copy Constructor and overload the assignment and comparison operators. The Fluent Object Creation pattern makes value object instantiation elegant and clean. There are many benefits that can be gained by using fluent object creation as we will see shortly. The end result of applying this pattern from the API user’s perspective will look like the following: Money fiveEuros = new Money.Builder() .currency(Currency.EURO) .value(5.0L) .countryOfOrigin("Spain") .type("Coin") .reverse("Map of Europe") .obverse("Map of Spain") .addColor("Bronze") .addColor("Silver") .year("1880") .build();I think you would agree that this pattern flows a lot more smoother as opposed to this: Money fiveEuros = new Money(); fiveEuros.setCurrency(Currency.EURO); fiveEuros.setValue(5.0L); fiveEuros.countryOfOrigin("Spain"); fiveEuros.type("Coin"); fiveEuros.reverse("Map of Europe"); fiveEuros.obverse("Map of Spain");List<String> colors = new ArrayList<String>(); for(String color: new String[] {"Bronze", "Silver"}) { colors.add(color); }fiveEuros.setColors(colors); fiveEuros.setYear("1880");Which seems broken and has lots of typing and repetition. This is an example of building a pretty big value object in my opinion, most of tend to be very small. Before we talk about the benefits of creating objects this way, let’s have a look at the structure of this pattern: public final class Money { private Long value; private String countryOfOrigin; private Currency currency; private String type; private String reverse; private String obverse; private List<String> colors; private Date year; private Money() { }// -- getters, hashCode, equals -- //// Static inner Builder class public static class Builder { private Money _temp = new Money(); public Builder value(Long val) { _temp.value = val; return this; } public Builder countryOfOrigin(String countryOfOrigin) { _temp.contryOfOrigin = countryOfOrigin; return this; } public Builder currency(Currency c) { _temp.currency = c; return this; } public Builder type(String t) { _temp.type = t; return this; } public Builder reverse(String r) { _temp.reverse = r; return this; }public Builder obverse(String o) { _temp.obverse = o; return this; }public Builder addColor(String c) { if(_temp.colors == null) { _temp.colors = new ArrayList<String>(); } _temp.colors.add(c); return this; }public Builder year(String y) { if(y == null || y.isEmpty()) { _temp.year = new Date(); } else { _temp.year = DateFormat.parse(y); } return this; } public Money build() { // Validate object if(Strings.isNullOrEmpty( || _temp.currency == null) { throw new IllegalArgumentException("Coin currency and value required"); } return _temp; } } } This is also a matter of taste, but I prefer the static inner class approach. I like the canonical nature of referring to the builder as Money.Builder. Also making it static is required since the builder instance needs to live independently of the enclosing class. I like this pattern because it has the following benefits:Greater object encapsulation: I can easily enforce object construction using builders by making the Money constructor private (this is just stylistic). This completely hides all of the intricacies of creating this object: list creation, date parsing, etc. From the user’s perspective, what we end up with is an object that is simple to instantiate. My illustration is a very simple one, but imagine more complex object graphs. Code readability: Using this pattern to create objects, makes unit tests and code very easy to read and follow. Less typing in the long run: Even though you have to add an extra builder method for every added attributes, the amount of typing you save in the long run makes it worth while.Conclusion Using the fluent creation pattern is more work up front, but the benefits of having it pays off at the end. It makes instantiating objects very elegant and clean. You don’t have to use it with Value Objects, most of the benefit of using Fluent Object Creation is when you need to build pretty complex object graphs, but I wanted to show that it can also suit small value objects.   Reference: Fluent Object Creation from our JCG partner Luis Atencio at the Reflective Thought blog. ...

Apache Camel Cheatsheet

                      Polling an empty directory (and send an empty message with null body) : from('file://temp?sendEmptyMessageWhenIdle=true') Stop a route : .process(new Processor() { public void process(Exchange exchange) throws Exception { getContext().stopRoute('ROUTE_ID'); } }) Access a property of the object in the body : admitting the object has a method named ‘getMydata()’ : new ValueBuilder(simple('${body.mydata}')).isEqualTo(...) Define an aggregator : .aggregate(simple('${}.substring(0,15)'), genericAggregationStrategy) .completionPredicate(header(Exchange.BATCH_COMPLETE) .isEqualTo(Boolean.TRUE))'${}.substring(0,15)' : flag to differenciate messages (here, the returned string is common to all messages, we aggregate them all) Exchange.BATCH_COMPLETE : predicate indicating the end of polling (all files parsed for example) genericAggregationStrategy : above, an example of an aggregator grouping all messages’ contents in a list :public class GenericAggregationStrategy implements AggregationStrategy { @SuppressWarnings('unchecked') public Exchange aggregate(Exchange oldExchange, Exchange newExchange) { if (oldExchange == null) { ArrayList<Object> list = new ArrayList<Object>(); list.add(newExchange.getIn().getBody()); newExchange.getIn().setBody(list); return newExchange; } else { Object oldIn = oldExchange.getIn().getBody(); ArrayList<Object> list = null; if(oldIn instanceof ArrayList) { list = (ArrayList<Object>) oldIn; } else { list = new ArrayList<Object>(); list.add(oldIn); } list.add(newExchange.getIn().getBody()); newExchange.getIn().setBody(list); return newExchange; } } } Manually trigger an aggregation’s completion (whatever it is) : Send a message with the header Exchange.AGGREGATION_COMPLETE_ALL_GROUPS = true It is possible to do from('bean:...'), knowing that the bean will be polled permanently (like with ‘file’) and re-instanciated each time.Modify the message’s body on a route, using : .transform(myExpression) with myExpression : public class MyExpression implements Expression { public <T> T evaluate(Exchange exchange, Class<T> type) { MyBean newData = ...; return exchange.getContext().getTypeConverter() .convertTo(type, newData); } } Using JaxB :on a route : .[un]marshal().jaxb('my.business_classes.package')with a configurable DataFormat : .[un]marshal(jaxbDataFormat) with :// indicate to Jaxb to not write XML prolog : JaxbDataFormat jaxbDataFormat = new JaxbDataFormat('my.business_classes.package'); jaxb.setFragment(true); General concepts for threads management :a from(...) = a thread except for from('direct:...') wich creates a ‘named route’ with a unique identifier only callable by another route (in the same thread than the caller). The component .resequence().batch() creates a new thread to rethrow the messages.Define a shutdown strategy : getContext().setShutdownStrategy(new MyShutdownStrategy(getContext())); With : public class MyShutdownStrategy extends DefaultShutdownStrategy { protected CamelContext camelContext; private long timeout = 1; private TimeUnit timeUnit = TimeUnit.SECONDS; public SpiralShutdownStrategy(CamelContext camelContext) { this.camelContext = camelContext; }@Override public long getTimeout() { return this.timeout; }@Override public TimeUnit getTimeUnit() { return this.timeUnit; }@Override public CamelContext getCamelContext() { return this.camelContext; }/** * To ensure shutdown * */ @Override public void suspend(CamelContext context, List<RouteStartupOrder> routes) throws Exception { doShutdown(context, routes, getTimeout(), getTimeUnit(), false, false, false); }/** * To ensure shutdown * */ @Override public void shutdown(CamelContext context, List<RouteStartupOrder> routes, long timeout, TimeUnit timeUnit) throws Exception { doShutdown(context, routes, this.timeout, this.timeUnit, false, false, false); }/** * To ensure shutdown * */ @Override public boolean shutdown(CamelContext context, RouteStartupOrder route, long timeout, TimeUnit timeUnit, boolean abortAfterTimeout) throws Exception { super.shutdown(context, route, this.timeout, this.timeUnit, false); return true; } } Stop a batch : .process(new Processor() { public void process(Exchange exchange) throws Exception { context.stop(); } }); Calling a method of a bean from a route:method’s return is always affected to message’s body. For example :public void myMethod(Exchange e) : Will not modify the body public boolean myMethod(Exchange e) : the boolean (or whatever primitive type) will be set in the body public Object myMethod(Exchange e) : the Object will be placed in the body (even if null) public Message myMethod(Exchange e) : the Message will be placed in the body (better avoid this) public List<Object> myMethod(Exchange e) : the list will be set in the body : useful to use with .split(), each object will be sent in a new message public List<Message> myMethod(Exchange e) : the list will be set in the body : a .split() will create a new message for each element (better avoid, see upper)configurable method’s parameters :public void myMethod(Exchange e) : the complete Exchange will be passed public void myMethod(Object o) : Camel will try to convert the body in the required parameter’s class public void myMethod(@Body File o, @Header('myHeader') String myParamHeader) : Camel will inject each parameter as specifiedExceptions management on routes :in a global way (to be declared before all routes) : onException(MyException.class, RuntimeCamelException.class).to(...) truly handle Exception and not bubble it in routes (and logs) : onException(...).handled(true).to(...) continue process in a route after an Exception : onException(...).continued(true).to(...)...An exception is ‘handled’ or ‘continued’ local way (in a route) : from(...) .onException(...).to('manage_error').log('FAIL !!').end() .to('continue_route')...For writing file, only the header Exchange.FILE_NAME is necessary. Reorder messages with component .resequence :uses an expression to compute the new order of messages, from a unique Comparable ‘key’ (number, String or custom Comparator) two ways :.batch() : batch mode. Waits the reception of ALL the messages befor reorder them. ATTENTION : a new thread is created to rethrow messages. .stream() : streaming mode. Uses a gap detection between the messages’ keys to re-send them. It is possible to configure a maximal capacity and a timeout.Split the body with a token : .split(body().tokenize('TOKEN')) Knowing that the TOKEN will be deleted from content. For example, if receiving a message containing : ‘data1TOKENdata2TOKENdata3′, messages created will be : ‘data1′, ‘data2, ‘data3′. So avoid this when treating XML data, prefer ‘tokenizeXML()’. Dynamic access to body’s data :Lightweight ‘script’ language : Simple Expression Language Read files data : File Expression LanguageSending mails : from('direct:mail') .setHeader('To', constant(mailTo)) .setHeader('From', constant(mailFrom)) .setHeader('Subject', constant(mailSubject)) .to('smtp://${user}@${server}:${port}?password=${password}'); With attachment : .beanRef(MAIL_ATTACHER, 'attachLog'); //with public class MailAttacher { public void attachLog(Exchange exc) throws Exception { File toAttach = ...; exc.getIn().addAttachment(toAttach.getName(), new DataHandler(new FileDataSource(toAttach))); // if needed exc.setProperty(Exchange.CHARSET_NAME, 'UTF-8'); } } Useful Exchange’s properties :Exchange.AGGREGATED_* : aggregations management Exchange.BATCH_* : treated messages management Exchange.FILE_* : File messages management Exchange.HTTP_* : web requests management Exchange.LOOP_* : loops management Exchange.REDELIVERY_* : exceptions management Exchange.SPLIT_* : splitted contents managementLoop a route : from('direct:...') .loop(countExpression) .to('direct:insideLoop') .end() Where ‘countExpression’ is an Expression used to dynamically compute the loop count (evaluated entering the loop). It is preferable to move the loop’s code in a new route if the process is complex. Headers management : Message’s headers are defined at its creation. When using a ‘.split()’, all subsequent messages will have the same headers from the original message (so be careful when managing files). In an aggregation, custom headers will have to be managed manually to be preserved in the rest of the route. Intercept a message and execute a route parallely (to be declared before routes) : interceptSendToEndpoint('ENDPOINT_TO_INTERSEPT').to(...)...   Reference: Apache Camel Cheatsheet from our JCG partner Paul-Emmanuel at the Developpef blog. ...

Caveats With MySQL Pagination

We’ve all done pagination – it’s sensible for both lists in the UI and for processing data in batches. “SELECT (columns) FROM table LIMIT X, Y”. Possibly “SELECT (columns) FROM table ORDER BY some_column LIMIT X, Y”. What’s the caveat? Especially when working with an ORM and when processing batches, where order doesn’t matter, you are likely to omit the ORDER BY clause. You would expect the results to be ordered by the primary key. And they are in most cases (though it is not guaranteed), but when you EXPLAIN the query, you can see that the index is not used for the query – a full table scan is performed to fetch the results, which is slow. Note that if we omit the LIMIT clause, again a full table scan is used, but this is something you’d rarely do – i.e. a query with no WHERE clause and no pagination. So, rule #1: always include an ORDER BY clause in order to use the index. For lists in the UI you’d usually order by some column – date modified, name, etc. That also performs a full table scan, unless you have an index on that column. So, rule #2: always have an index on the column you ORDER BY Kind of obvious things, but they may be silent performance issues lurking in your project. And now onto something not so obvious, that surprised me. When using LIMIT X, Y, MySQL scans the whole table (up until X+Y), regardless of the index. Note that even if the “type” (in the result of EXPLAIN) is not ALL (full table scan), but “index”, MySQL may still scan most of the rows – check the “rows” column. But it can also be misleading (in case of LIMIT it shows that rows = everything, but stops when it fills the result with the desired number of rows). So if you have LIMIT 100000, 50 MySQL will scan 100050 rows. This makes the query slow (the query time reflects that – the larger the offset, the longer the query). This is due to MySQL not maintaining an index on the row number. It cannot use the primary key, because even if it is auto_increment, it has gaps. Luckily, in huge tables you normally have a WHERE clause which forces the use of an index and reduces the number of rows to scan. Also, in a UI you will rarely find yourself querying for the 100000th record. But anyway it is something to consider, especially in the case of batch processing jobs which need to go through the whole table. You do that in batches, because 1. ORMs may store everything in memory and just kill your application 2. the transaction will become really long. So, rule #3: when performing batch operations on tables with a lot of rows, do not use LIMIT. Use WHERE id > X and id < Y (or BETWEEN) This does not guarantee that each batch will be the same size, but that doesn’t matter. The rules above are “rule of thumbs”, rather than “must dos”, but it’s good to have them in mind. The bottom-line here is that you should analyze your performance, find specifically slow queries, then EXPLAIN them and see how they can be optimized and what would be the impact of the optimization. P.S. Here’s a presentation on the low level details of MySQL engines regarding indexes.   Reference: Caveats With MySQL Pagination from our JCG partner Bozhidar Bozhanov at the Bozho’s tech blog blog. ...

How to shoot yourself in foot with ThreadLocals

It will start nicely. Like most of the stories. You discover a new concept and are amazed by it’s powers. And then equipped with this new hammer suddenly everything starts to look like a nail. From what we have experienced in past months, java.lang.ThreadLocal makes one hell of a hammer. I guess it all boils down to the very concept of how ThreadLocal works. It’s easiest to grasp the concept via the scoping analogy. In the very same way your Spring beans can be for example container, session or request scoped. ThreadLocal equips you with the possibility to declare objects in Thread scope.    You can set any object to ThreadLocal and this object will have both global and local scope in the thread accessing this object. It might be complex to grasp at first but let me explain:Values stored in ThreadLocal are globally accessible to the thread. Meaning that if you have access to ThreadLocal reference within your code, then the values stored in it can be accessed from anywhere inside that thread. If a thread calls methods from several classes, then all the methods can see the ThreadLocal variable set by other methods (because they are executing in same thread). The value need not be passed explicitly. It’s like how you would use global variables. Values stored in ThreadLocal are local to the thread, meaning that each thread will have it’s own ThreadLocal variable. A thread cannot access/modify other thread’s ThreadLocal variables.So here we have a reason to celebrate – we have a truly powerful concept in our hands. It is often the easiest way to render a stateful class thread-safe. And encapsulate non-thread-safe classes so that they can safely be used in multithreaded environments. In addition to simplicity, using ThreadLocal to store a per-thread-singleton or per-thread context information has a valuable information included – by using a ThreadLocal, it’s clear that the object stored in the ThreadLocal is not shared between threads, simplifying the task of determining whether a class is thread-safe or not. Which we have found is not an easy task when you have a codebase of 1,000,000 lines at hand. On the other hand, this powerful concept creates numerous problems in wrong hands. Like any other abused design concept. In the past months we have most often faced two problems:ThreadLocal gives you the opportunity to use the variables without explicitly passing them down through the method invocation chain. Which could be useful on certain occasions. But you guys out there who have created a n-layer architecture to abstract away different communication interfaces. And then grab HttpServletRequest from ThreadLocals in your DAO objects … what were you smoking when making this decision? It took a few hours and a second pair of eyes when we were digging up this particular case. But anyhow – be careful when using the powers of globalization. You end up creating unexpected dependencies within your code. And as you might remember – this is not a wise thing to do.It is darn easy to introduce a memory leak to your code when using a ThreadLocal. Which serves as a nice demonstration about the complexities surrounding classloaders. If you are deploying your code in an application server then your application classes are loaded/unloaded with a different classloader than the one used by the application server itself. Which is not bad per se. But now considering that modern application servers also pool threads instead of creating a new one on each HttpRequest, we have built the foundation to a problem.If one of the application classes stores a value in ThreadLocal variable and doesn’t remove it after the task at hand is completed, a copy of that Object will remain with the Thread (from the application server thread pool). Since lifespan of the pooled Thread surpasses that of the application, it will prevent the object and thus a ClassLoader being responsible for loading the application from being garbage collected. And we have created a leak, which has a chance to surface in a good old java.lang.OutOfMemoryError: PermGen space form. So should we avoid using ThreadLocal considering the harm it can cause? Maybe not so fast Joshua Bloch has said half a decade ago: “Can you cause unintended object retention with thread locals? Sure you can. But you can do this with arrays too. That doesn’t mean that thread locals (or arrays) are bad things. Merely that you have to use them with some care. The use of thread pools demands extreme care. Sloppy use of thread pools in combination with sloppy use of thread locals can cause unintended object retention, as has been noted in many places. But placing the blame on thread locals is unwarranted.” I tend to agree to Mr. Bloch and do not think ThreadLocal is an evil creation. But I also do think it is a concept which many fail to understand properly. Inspiration for this article was mainly gathered during sleepless hours of tracing down some nasty bugs. But while writing, following resources proved to be beneficial as well:Veera Sundar blogpost explaining scoping Javin Paul summary about ThreadLocal leaks Joshua Bloch opinion on ThreadLocals  Reference: How to shoot yourself in foot with ThreadLocals from our JCG partner Nikita Salnikov Tarnovski at the Plumbr Blog blog. ...
Java Code Geeks and all content copyright © 2010-2015, Exelixis Media Ltd | Terms of Use | Privacy Policy | Contact
All trademarks and registered trademarks appearing on Java Code Geeks are the property of their respective owners.
Java is a trademark or registered trademark of Oracle Corporation in the United States and other countries.
Java Code Geeks is not connected to Oracle Corporation and is not sponsored by Oracle Corporation.
Do you want to know how to develop your skillset and become a ...
Java Rockstar?

Subscribe to our newsletter to start Rocking right now!

To get you started we give you our best selling eBooks for FREE!

Get ready to Rock!
To download the books, please verify your email address by following the instructions found on the email we just sent you.