What's New Here?

gradle-logo

Specifying Gradle Build Properties

(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = "//connect.facebook.net/en_GB/all.js#xfbml=1&appId=629802223740065"; fjs.parentNode.insertBefore(js, fjs); }(document, "script", "facebook-jssdk"));Properties are a valuable tool for easily customizing Gradle builds and the Gradle environment. I demonstrate some of these approaches for specifying properties used in a Gradle build in this post. Gradle supports both project properties and system properties. The main difference between the two that is of interest in this post is how each is accessed. Project properties are more conducive to direct access by name while system properties are accessed via normal Java/Groovy system properties access methods. Passing Project Properties from Command-Line with -P One of the easiest approaches for passing properties to a Gradle build is to specify project properties with -P from the command line. Properties passed into the build with -P are readily accessible in the build as project properties and, if their naming structure allows, can be accessed directly like variables. Passing System Properties from Command-Line with -D As is the case with other Java applications, one can pass system properties to Gradle builds with -D. Although these system properties provided to the Gradle build via the -D option are always available to the Gradle build via the normal Java mechanism for obtaining system properties, Gradle makes it possible to specify Project Properties as system properties. This is done by placing the prefix org.gradle.project. before the name of the property desired in the build. For example, if one wanted to specify a system property named name.first with -D that would be available to the Gradle build as if it was provided with -P, the person could provide it to the Gradle build on the command line as org.gradle.project.name.first and the Gradle build would see it as a project property named name.first. Passing System Properties via Environmental Variable Any Java or Groovy application (including a Gradle build) can access environmental variables via System.getenv(String). However, Gradle allows environment variables to be accessed within the build like other project properties if the environmental variable is prefixed with ORG_GRADLE_PROJECT_. For example, if one wanted a project property in the Gradle build to be called name.last and wanted to supply it to the build via environment variable, that person could declare the environment variable ORG_GRADLE_PROJECT_name.last and its value would be available to the Gradle build as a project property with name name.last. gradle.properties Properties can also be provided to a Gradle build via a properties file named gradle.properties. Any properties specified with systemProp. at the beginning of their property name are seen as system properties in the Gradle build and other properties (without their names beginning with “systemProp.”) are seen as Gradle project properties. For example, if my gradle.properties file had a property name.last=Marx and a property systemPropr.name.first=Dustin, the name.last property would be seen and accessed in the Gradle build like any project property while the name.first property would be seen and accessed in the Gradle build like any system property. Demonstration / Example Each of these types of properties-specifying mechanisms can be demonstrated with a simple example. The Gradle build shown next attempts to print out various properties that are specified in different ways. build-properties.gradle task displayProperties << { displaySystemProperties() displayGradleProjectProperties() }def displaySystemProperties() { println "\n=== System Properties ===" println "Favorite Movie (1994): ${System.properties['movie.favorite.1994']}" println "Favorite Movie (1996): ${System.properties['movie.favorite.1996']}" println "Favorite Movie (1997): ${System.properties['movie.favorite.1997']}" println "Favorite Movie (1981): ${System.properties['movie.favorite.1981']}" println "Favorite Movie (2012): ${System.properties['movie.favorite.2012']}" println "Favorite Movie (2013): ${System.properties['movie.favorite.2013']}" }def displayGradleProjectProperties() { println "\n=== Gradle Project Properties ===" println "Favorite Movie (1994): ${getProjectProperty('movie.favorite.1994')}" println "Favorite Movie (1996): ${getProjectProperty('movie.favorite.1996')}" println "Favorite Movie (1997): ${getProjectProperty('movie.favorite.1997')}" println "Favorite Movie (1981): ${getProjectProperty('movie.favorite.1981')}" println "Favorite Movie (2012): ${getProjectProperty('movie.favorite.2012')}" println "Favorite Movie (2013): ${getProjectProperty('movie.favorite.2013')}" }def String getProjectProperty(String propertyName) { String movieTitle = "null" if (hasProperty(propertyName)) { movieTitle = this.properties[propertyName] } return movieTitle } Some of the properties to be passed to this script will be provided on the command-line with -P, some will be provided on the command line with -D, one will be provided via environment variable, and two will be provided via gradle.properties file in the same directory as the build. That gradle.properties file is shown next. gradle.properties movie.favorite.2013=Star Trek into Darkness systemProp.movie.favorite.2012=Skyfall With the gradle.properties file in place, the other two interesting parts of the example are the setting of the environment variable. The example here is in DOS, but the same thing could be done with slightly different syntax in Linux environments. The DOS/Windows command is: set ORG_GRADLE_PROJECT.movie.favorite.1981="Raiders of the Lost Ark" For this demonstration, I’ll run the Gradle build script with -D and -P parameters: gradle -b build-properties.gradle displayProperties -Pmovie.favorite.1996="Independence Day" -Dmovie.favorite.1997=Gattaca -Dorg.gradle.project.movie.favorite.1994="Shawshank Redemption" When running the above-listed Gradle build script with the indicated gradle.properties file in place, with the indicated environment variable specified, and with the command just shown, the output looks that shown in the next screen snapshot.The screen snapshot indicates how properties are seen/accessed in the Gradle build depending on their source and naming convention. In short, the output demonstrates the following “rules” of property availability in a Gradle build:Command-line -P properties are “project properties” Command-line -D properties are, with one exception, “system properties” Command-line -D properties that begin with org.gradle.project. are “project properties” Properties specified in gradle.properties are, with one exception, “project properties” Properties specified in gradle.properties that begin with systemProp. are “system properties” Properties specified via environment variable are, with one exception, “system properties” Properties specified via environment variables that begin with ORG_GRADLE_PROJECT_ are “project properties”Conclusion Gradle provides numerous approaches for specifying properties that can be used to customize the Gradle build.   Reference: Specifying Gradle Build Properties from our JCG partner Dustin Marx at the Inspired by Actual Events blog. ...
software-development-2-logo

Detecting and Fixing XSS using OWASP tools

(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = "//connect.facebook.net/en_GB/all.js#xfbml=1&appId=629802223740065"; fjs.parentNode.insertBefore(js, fjs); }(document, "script", "facebook-jssdk"));Much have been written about XSS vulnerabilities scanning. In this article we will try to go a little further and show how to fix them. To illustrate the whole process, going from initial detection to providing a fix, we will use a very simple app consisting of two JSP pages: one is a payment form for credit card transactions and contains some XSS exploitable code. The other one has such code fixed: the later is just a patched version of the former. We will see how an attacker could trick users, exploiting the present XSS vulnerability, to collect their credit card data.(Download vulnerable app)XSS Attacks The goal of XSS attacks is to have a injected script executed by the user web browser. In most cases, user is not even aware of what is going on. For further information about XSS please have a look at OWASP XSS Attack Description. Let us have a look at our sample app. The vulnerable JSP (xss_html.jsp) contains the following code fragment: <% final String amount = request.getParameter("amount"); Enumeration pNames = request.getParameterNames(); while (pNames.hasMoreElements()){ final String pName = pNames.nextElement(); final String pVal = request.getParameter(pName); %> <input type="hidden" name="<%=pName%>" />" value="" />;</pre> <table> <tbody> <tr> <td>Credit card</td> <td><input type="text" maxlength="16" name="cc" size="16" value="" /></td> </tr> <tr> <td>Exp Date (mm/yy)</td> <td><input type="text" maxlength="2" name="expMonth" size="2" value="" /> /<input type="text" maxlength="2" name="expYear" size="2" value="" /></td> </tr> <tr> <td>CVV2</td> <td><input type="text" maxlength="2" name="expMonth" size="2" value="" /> /<input type="text" maxlength="2" name="expYear" size="2" value="" /></td> </tr> <tr> <td colspan="2"><input id="button1" type="submit" name="button1" value="Pay" /></td> </tr> </tbody> </table> The form receives amount to charge as an HTTP Request parameter, collects credit card data form user and them charges her (of course, such last step is not included, you can try with any non-real credit card data). Users could be redirected here from any ecommerce site using a URL such as http://……/XSS_Vulnerable/xss_html.jsp?amount=12.25 (again, nobody would choose such a path for a payment gateway pretending to be a trusted one). But let us see what happens if an attacker tricks someone into loading a malicious URL as the one included in index.jsp instead when the user press Pay button (Firefox 24.0 for Linux):Just an alert, but injected Javascript code could have created an image or some other kind of link, so the attacker would have been able to collect the data by just looking at Apache access logs. Indeed, some browsers are able to identify such threats and will not execute injected scripts, as shown (Chromium 28.0 for Linux).XSS Detection Fortunately, there are a lot of tools that perform XSS threats scanning so, for the most common issues, there is no need to look at every line of code in every web page when trying to locate such vulnerabilities. One of those tools is OWASP Zed Attack Proxy Object (ZAP). Although it would not be fair to say it is just a XSS scanner, as it provides many many more interesting features. ZAP can be used as a proxy (indeed, it is based on older Paros Proxy) being able to scan all pages accesed during the session. However, we are just going to introduce the URL( http://……/XSS_Vulnerable/xss_html.jsp?amount=12.25) and press the Attack button (we are using ZAP 2.2.2). To avoid several warnings and making scanning faster we disabled all scan types except for XSS.Starting from provided URL ( http://……/XSS_Vulnerable/xss_html.jsp?amount=12.25) ZAP has made several checks adding javascript code to be injected. The tab at the bottom shows one successful attempt of a XSS attack. ZAP has replaced the numeric value of amount parameter by and URL encoded javascript code (as seen in URL field) which is just “><script>alert(1);</script> in plain text (as seen in Evidence field). Moreover, in the tab above, where HTTP response is shown, the result of the XSS attack is clearly shown: the injected code in amount parameter first closes the double quotes (“) around value for amount field and closes HTML input (>). Afterwards, it adds the script alert(1); (<script>alert(1);</script>). The resulting HTML code to be executed by web browser contains: <input type="hidden" name="amount" value=""><script>alert(1);</script>" /> XSS Fix Although there is not a single fix for all XSS attacks, all of them are based on input validation, where “input” could be any from HTTP Request parameters, HTTP Headers values or even names… all depends on what the code uses as input. In our sample app, a HTTP Request parameter is being used to write HTML code. OWASP provides OWASP Enterprise Security API (ESAPI) in several languages, including, of course Java. ESAPI includes much more functionality related to security, from XSS and CSRF to crypto. To fix our XSS vulnerability, we are just using a ESAPI encoder (ESAPI 2.1.0). The fix is based on writing the received amount parameter HTML encoded instead of as just received. This way, the user web browser will not execute the javascript code, as it will be seen as the value of the amount parameter. The fix requires just HTML encoding the amount parameter (see xss_html_esapi.jsp) as follows: <form method="POST" name="sendForm" id="sendForm" onsubmit="return sendPaymentRequest()"><% final String amount = request.getParameter("amount"); Enumeration<String> pNames = request.getParameterNames(); while (pNames.hasMoreElements()){ final String pName = pNames.nextElement(); final String pVal = request.getParameter(pName);final org.owasp.esapi.Encoder esapiEnc = DefaultEncoder.getInstance(); final String encPVal = esapiEnc.encodeForHTML(pVal);%> <input type="hidden" name="<%=pName%>" value="<%=encPVal%>" /> <% } %><table> Running ZAP against fixed JSP (xss_html_esapi.jsp) does not report XSS Vulnerabilities.   Reference: Detecting and Fixing XSS using OWASP tools from our JCG partner Sergio Molina at the TODOdev blog. ...
primefaces-logo

Primefaces DataTable Lazy Loading with pagination, filtering and sorting using JPA Criteria, @ViewScoped

(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = "//connect.facebook.net/en_GB/all.js#xfbml=1&appId=629802223740065"; fjs.parentNode.insertBefore(js, fjs); }(document, "script", "facebook-jssdk"));Primefaces datatable lazy pagination works, but I was really frustrated after searching for a full example using Criteria in the web. So I’ve mixed solutions fromhttp://stackoverflow.com/questions/13972193/how-to-query-data-for-primefaces-datatable-with-lazy-loading-and-pagination http://www.primefaces.org/showcase/ui/datatableLazy.jsf http://www.javacodegeeks.com/2012/04/lazy-jsf-primefaces-datatable.htmlTo put all together in a complete example using:    Primefaces 4.0 TomEE 1.6.0+ Criteria JPAWith:Filtering Sorting Pagination Using @ViewScoped Managed BeansSo let’s go: xhtml snippet <?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:f="http://java.sun.com/jsf/core" xmlns:h="http://java.sun.com/jsf/html" xmlns:ui="http://java.sun.com/jsf/facelets" xmlns:p="http://primefaces.org/ui"> <h:body> <h:form id="am"><p:dataTable var="element" value="#{inventoryManagerMB.model}" lazy="true" paginator="true" rows="10" paginatorTemplate="{RowsPerPageDropdown} {FirstPageLink} {PreviousPageLink} {CurrentPageReport} {NextPageLink} {LastPageLink}" rowsPerPageTemplate="10,50,100" id="sites"> <p:column sortBy="id" filterBy="id" filterMatchMode="contains" headerText="ID"> <h:outputText value="#{element.id}" /> </p:column> <p:column sortBy="name" filterBy="name" filterMatchMode="contains" headerText="Name"> <h:outputText value="#{element.name}" /> </p:column> <p:column sortBy="siteType.name" filterBy="siteType.name" filterMatchMode="contains" headerText="Type"> <h:outputText value="#{element.siteType.name}" /> </p:column> <p:column sortBy="ip" filterBy="ip" filterMatchMode="contains" headerText="IP"> <h:outputText value="#{element.ip} " /> </p:column> <p:column sortBy="description" filterBy="description" filterMatchMode="contains" headerText="Description"> <h:outputText value="#{element.description}" /> </p:column> </p:dataTable> </h:form> </h:body> </html> ManagedBean @ManagedBean @ViewScoped public class InventoryManagerMB implements Serializable {private static final long serialVersionUID = -1201944101993687165L;@EJB private InventoryManagerEJB inventoryManagerEJB; private LazyDataModel<Site> model;@PostConstruct public void init() { try { this.model = new LazyDataModel<Site>(){ private static final long serialVersionUID = 1L; @Override public List<Site> load(int first, int pageSize, String sortField, SortOrder sortOrder, Map<String, String> filters) { List<Site> result = inventoryManagerEJB.getResultList(first, pageSize, sortField, sortOrder, filters); model.setRowCount(inventoryManagerEJB.count(sortField, sortOrder, filters)); return result; } }; }public LazyDataModel<Site> getModel() { return model; }public void setModel(LazyDataModel<Site> model) { this.model = model; } (...) EJB @Stateless public class InventoryManagerEJB { @Inject private BaseService baseService;public List<Site> getResultList(int first, int pageSize, String sortField, SortOrder sortOrder, Map<String, String> filters) { List<Site> all = new ArrayList<Site>(); all.addAll(this.baseService.getSiteDAO().getAll(first,pageSize,sortField,sortOrder,filters)); return all; }public int count(String sortField, SortOrder sortOrder, Map<String, String> filters) { return this.baseService.getSiteDAO().getAll(-1,-1,null,null,filters).size(); } } BaseService @ApplicationScoped public class BaseService implements Serializable{ private static Logger log = Logger.getLogger(BaseService.class); /* * persistence */ private static final long serialVersionUID = 588696475267901772L;@PersistenceContext private EntityManager entityManager;private SiteDAO siteDAO;@PostConstruct public void init() { siteDAO = new SiteDAO(entityManager); }public SiteDAO getSiteDAO() { return siteDAO; } SiteDAO public class SiteDAO extends GenericDAO<Site>{public SiteDAO(EntityManager entityManager) { super(entityManager); }public Collection<Site> getAll(int first, int pageSize, String sortField, SortOrder sortOrder, Map<String, String> filters) { CriteriaBuilder cb = entityManager.getCriteriaBuilder(); CriteriaQuery<Site> q = cb.createQuery(Site.class); Root<Site> site = q.from(Site.class); Join<Site,SiteType> siteType = site.join(Site_.siteType); q.select(site);Path<?> path = getPath(sortField, site, siteType); if (sortOrder == null){ //just don't sort }else if (sortOrder.equals(SortOrder.ASCENDING)){ q.orderBy(cb.asc(path)); }else if (sortOrder.equals(SortOrder.DESCENDING)){ q.orderBy(cb.asc(path)); }else if (sortOrder.equals(SortOrder.UNSORTED)){ //just don't sort }else{ //just don't sort } //filter Predicate filterCondition = cb.conjunction(); for (Map.Entry<String, String> filter : filters.entrySet()) { if (!filter.getValue().equals("")) { //try as string using like Path<String> pathFilter = getStringPath(filter.getKey(), site, siteType); if (pathFilter != null){ filterCondition = cb.and(filterCondition, cb.like(pathFilter, "%"+filter.getValue()+"%")); }else{ //try as non-string using equal Path<?> pathFilterNonString = getPath(filter.getKey(), site, siteType); filterCondition = cb.and(filterCondition, cb.equal(pathFilterNonString, filter.getValue())); } } } q.where(filterCondition); //pagination TypedQuery<Site> tq = entityManager.createQuery(q); if (pageSize >= 0){ tq.setMaxResults(pageSize); } if (first >= 0){ tq.setFirstResult(first); } return tq.getResultList(); }private Path<?> getPath(String field, Root<Site> site, Join<Site, SiteType> siteType) { //sort Path<?> path = null; if (field == null){ path = site.get(Site_.name); }else{ switch(field){ case "id": path = site.get(Site_.id); break; case "name": path = site.get(Site_.name); break; case "siteType.name": path = siteType.get(SiteType_.name); break; case "ip": path = site.get(Site_.ip); break; case "description": path = site.get(Site_.description); break; } } return path; }private Path<String> getStringPath(String field, Root<Site> site, Join<Site, SiteType> siteType) { //sort Path<String> path = null; if (field == null){ path = site.get(Site_.name); }else{ switch(field){ case "id": path = null; break; case "name": path = site.get(Site_.name); break; case "siteType.name": path = siteType.get(SiteType_.name); break; case "ip": path = site.get(Site_.ip); break; case "description": path = site.get(Site_.description); break; } } return path; } } Entity @Entity @Table(uniqueConstraints=@UniqueConstraint(columnNames={"name"})) public class Site implements Serializable { /** * */ private static final long serialVersionUID = 8008732613898597654L; @Id @GeneratedValue(strategy = GenerationType.AUTO) private Long id; @Nameable @Column(nullable=false) private String name; private String ip; private String description; @ManyToOne @JoinColumn(name="siteTypeId") private SiteType siteType;(...) } That’s it. Enjoy.   Reference: Primefaces DataTable Lazy Loading with pagination, filtering and sorting using JPA Criteria, @ViewScoped from our JCG partner Leonardo Shikida at the Leo’s Notepad blog. ...
gradle-logo

The Gradle Interface: Gradle Build Metadata

(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = "//connect.facebook.net/en_GB/all.js#xfbml=1&appId=629802223740065"; fjs.parentNode.insertBefore(js, fjs); }(document, "script", "facebook-jssdk"));As I’ve shown in previous posts such as “Identifying Gradle Conventions” and “Evolving Gradle Build from Ant Build: Importing Ant Build File“, significant information about a Gradle build can be gleaned by accessing Gradle’s APIs via Groovy. In this post, I look demonstrate accessing basic Gradle build details via the Gradle interface. The org.gradle.api.invocation.Gradle interface is accessible in the Gradle build file via simply “gradle” [which implicitly corresponds to getGradle() in Groovy parlance]. The next Gradle build script listing shows a subset of the metadata information available via the Gradle interface.     build-gradle-interface.gradle // build-gradle-interface.gradle apply plugin: 'java'println "Class: ${this.getClass().canonicalName}" println "Gradle: ${gradle.getClass().canonicalName}" println "Ant: ${ant.getClass().canonicalName}" println "Root Project: ${rootProject.getClass().canonicalName}"println "\n=== Gradle ===" println "\tgradleVersion = ${gradle.gradleVersion}" println "\tgradleHomeDir = ${gradle.gradleHomeDir}" println "\tgradleUserHomeDir = ${gradle.gradleUserHomeDir}"println "\n=== Gradle.startParameter ===" def startParameter = gradle.startParameter println "\tcurrentDir = ${startParameter.currentDir}" println "\tprojectDir = ${startParameter.projectDir}" println "\tgradleUserHomeDir = ${startParameter.gradleUserHomeDir}" println "\tbuildFile = ${startParameter.buildFile}" println "\tprojectProperties = ${startParameter.projectProperties}" println "\tsystemPropertiesArgs = ${startParameter.systemPropertiesArgs}" println "\ttaskNames = ${startParameter.taskNames}" When I run the Gradle build above and specify that the “jar” task (a task provided by the Java plugin) should be run, the output appears as follows:The above build listing and associated screen snapshot indicate that the Gradle interface provides metadata such as version of Gradle, the Gradle installation’s home directory, and the Gradle user’s directory. The Gradle interface also provides access to an instance of StartParameter that provides further build start-up metadata details such as project directory, current directory, the name of the build file, project properties, system properties, and names of tasks that were specified for execution. There is significantly more information that can be gleaned about a Gradle build from the Gradle interface and this post only shows a subset of that information.   Reference: The Gradle Interface: Gradle Build Metadata from our JCG partner Dustin Marx at the Inspired by Actual Events blog. ...
java-logo

Java 8 Friday Goodies: Lambdas and XML

(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = "//connect.facebook.net/en_GB/all.js#xfbml=1&appId=629802223740065"; fjs.parentNode.insertBefore(js, fjs); }(document, "script", "facebook-jssdk"));At Data Geekery, we love Java. And as we’re really into jOOQ’s fluent API and query DSL, we’re absolutely thrilled about what Java 8 will bring to our ecosystem. We have blogged a couple of times about some nice Java 8 goodies, and now we feel it’s time to start a new blog series, the… Java 8 Friday Every Friday, we’re showing you a couple of nice new tutorial-style Java 8 features, which take advantage of lambda expressions, extension methods, and other great stuff. You’ll find the source code on GitHub. Java 8 Goodie: Lambdas and XML There isn’t too much that Java 8 can do to the existing SAX and DOM APIs. The SAX ContentHandler has too many abstract methods to qualify as a @FunctionalInterface, and DOM is a huge, verbose API specified by w3c, with little chance of adding new extension methods. Luckily there is a small Open Source library called jOOX that allows for processing the w3c standard DOM API through a wrapper API that mimicks the popular jQuery library. jQuery leverages JavaScript’s language features by allowing users to pass functions to the API for DOM traversal. The same is the case with jOOX. Let’s have a closer look: Assume that we’re using the following pom.xml <?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion><groupId>org.jooq</groupId> <artifactId>java8-goodies</artifactId> <version>1.0-SNAPSHOT</version><dependencies> <dependency> <groupId>org.jooq</groupId> <artifactId>joox</artifactId> <version>1.2.0</version> </dependency> </dependencies><build> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-compiler-plugin</artifactId> <version>2.3.2</version> <configuration> <fork>true</fork> <maxmem>512m</maxmem> <meminitial>256m</meminitial> <encoding>UTF-8</encoding> <source>1.8</source> <target>1.8</target> <debug>true</debug> <debuglevel>lines,vars,source</debuglevel> </configuration> </plugin> </plugins> </build> </project> Let’s assume we wanted to know all the involved artifacts in Maven’s groupId:artifactId:version notation. Here’s how we can do that with jOOX and lambda expressions: $(new File("./pom.xml")).find("groupId") .each(ctx -> { System.out.println( $(ctx).text() + ":" + $(ctx).siblings("artifactId").text() + ":" + $(ctx).siblings("version").text() ); }); Executing the above yields: org.jooq:java8-goodies:1.0-SNAPSHOT org.jooq:joox:1.2.0 org.apache.maven.plugins:maven-compiler-plugin:2.3.2 Let’s assume we only wanted to display those artifacts that don’t have SNAPSHOT in their version numbers. Simply add a filter: $(new File("./pom.xml")) .find("groupId") .filter(ctx -> $(ctx).siblings("version") .matchText(".*-SNAPSHOT") .isEmpty()) .each(ctx -> { System.out.println( $(ctx).text() + ":" + $(ctx).siblings("artifactId").text() + ":" + $(ctx).siblings("version").text()); }); This will now yield org.jooq:joox:1.2.0 org.apache.maven.plugins:maven-compiler-plugin:2.3.2 We can also transform the XML content. For instance, if the target document doesn’t need to be a POM, we could replace the matched groupId elements by an artifical artifact element that contains the artifact name in Maven notation. Here’s how to do this: $(new File("./pom.xml")) .find("groupId") .filter(ctx -> $(ctx).siblings("version") .matchText(".*-SNAPSHOT") .isEmpty()) .content(ctx -> $(ctx).text() + ":" + $(ctx).siblings("artifactId").text() + ":" + $(ctx).siblings("version").text() ) .rename("artifact") .each(ctx -> System.out.println(ctx)); The above puts new content in place of the previous one through .content(), and then renames the groupId elements to artifact, before printing out the element. The result is: <artifact>org.jooq:joox:1.2.0</artifact> <artifact>org.apache.maven.plugins:maven-compiler-plugin:2.3.2</artifact> More goodies next week What becomes immediately obvious is the fact that the lambda expert group’s choice of making all SAMs (Single Abstract Method interfaces) eligible for use with lambda expressions adds great value to pre-existing APIs. Quite a clever move. But there are also new APIs. Last week, we have discussed how the existing JDK 1.2 File API can be improved through the use of lambdas. Some of our readers have expressed their concerns that the java.io API has been largely replaced by java.nio (nio as in New I/O). Next week, we’ll have a look at Java 8′s java.nnio API (for new-new I/O ! ) and how it relates to the Java 8 Streams API.   Reference: Java 8 Friday Goodies: Lambdas and XML from our JCG partner Lukas Eder at the JAVA, SQL, AND JOOQ blog. ...
java-logo

Java 8 Friday Goodies: java.io finally rocks!

(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = "//connect.facebook.net/en_GB/all.js#xfbml=1&appId=629802223740065"; fjs.parentNode.insertBefore(js, fjs); }(document, "script", "facebook-jssdk"));At Data Geekery, we love Java. And as we’re really into jOOQ’s fluent API and query DSL, we’re absolutely thrilled about what Java 8 will bring to our ecosystem. We have blogged a couple of times about some nice Java 8 goodies, and now we feel it’s time to start a new blog series, the… Java 8 Friday Every Friday, we’re showing you a couple of nice new tutorial-style Java 8 features, which take advantage of lambda expressions, extension methods, and other great stuff. You’ll find the source code on GitHub. Java 8 Goodie: java.io with Lambdas Interacting with the file system has been a bit of a pain in Java. CTMMC shows us an example of how to copy a file with Java. While some issues still remain, at least, we can now use lambdas and the new Streams API to traverse the file system and list files! Here is the FileFilterGoodies example that we’ve pushed to our GitHub repository: public class FileFilterGoodies {public static void main(String args[]) { listRecursive(new File(".")); }/** * This method recursively lists all * .txt and .java files in a directory */ private static void listRecursive(File dir) { Arrays.stream(dir.listFiles((f, n) -> !n.startsWith(".") && (f.isDirectory() || n.endsWith(".txt") || n.endsWith(".java")) )) .forEach(unchecked((file) -> { System.out.println( file.getCanonicalPath() .substring(new File(".") .getCanonicalPath() .length()));if (file.isDirectory()) { listRecursive(file); } })); }/** * This utility simply wraps a functional * interface that throws a checked exception * into a Java 8 Consumer */ private static <T> Consumer<T> unchecked(CheckedConsumer<T> consumer) { return t -> { try { consumer.accept(t); } catch (Exception e) { throw new RuntimeException(e); } }; }@FunctionalInterface private interface CheckedConsumer<T> { void accept(T t) throws Exception; } } The output of the above programme is: \jOOQ's Java 8 Goodies.iml \LICENSE.txt \out \out\production \out\production\jOOQ's Java 8 Goodies \out\production\jOOQ's Java 8 Goodies\org \out\production\jOOQ's Java 8 Goodies\org\jooq \out\production\jOOQ's Java 8 Goodies\org\jooq\java8 \out\production\jOOQ's Java 8 Goodies\org\jooq\java8\goodies \out\production\jOOQ's Java 8 Goodies\org\jooq\java8\goodies\io \out\production\jOOQ's Java 8 Goodies\org\jooq\java8\goodies\io\FileFilterGoodies$CheckedConsumer.class \out\production\jOOQ's Java 8 Goodies\org\jooq\java8\goodies\io\FileFilterGoodies.class \README.txt \src \src\org \src\org\jooq \src\org\jooq\java8 \src\org\jooq\java8\goodies \src\org\jooq\java8\goodies\io \src\org\jooq\java8\goodies\io\FileFilterGoodies.java Now, that’s really awesome, isn’t it? Let’s decompose the above listRecursive() method: // With this method, we wrap the File[] array // into a new Java 8 Stream, which has awesome // new methods. Arrays.stream(// The Java 1.2 File.listFiles() method luckily // accepts a @FunctionalInterface, which can be // instantiated using a lambda expression // ... // In this example, we'll just ignore the fact // that listFiles can return null dir.listFiles((f, n) -> !n.startsWith(".") && (f.isDirectory() || n.endsWith(".txt") || n.endsWith(".java")) ))// Each Stream (and also java.util.List) has this // awesome forEach method, that accepts a Consumer .forEach(// Unfortunately, Java 8 Consumers don't allow // throwing checked exceptions. So let's quickly // wrap it (see details below) ... unchecked(// ... and pass another lambda expression to it, // which prints the local path and recurses (file) -> { System.out.println( file.getCanonicalPath() .substring(new File(".") .getCanonicalPath() .length()));if (file.isDirectory()) { listRecursive(file); } })); More goodies next week Stay tuned for next week, when we show you how Java 8 improves using XML with jOOX   Reference: Java 8 Friday Goodies: java.io finally rocks! from our JCG partner Lukas Eder at the JAVA, SQL, AND JOOQ blog. ...
spring-logo

Consuming Spring-hateoas Rest service using Spring RestTemplate and Super type tokens

(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = "//connect.facebook.net/en_GB/all.js#xfbml=1&appId=629802223740065"; fjs.parentNode.insertBefore(js, fjs); }(document, "script", "facebook-jssdk"));Spring-hateoas provides an excellent way for applications to create REST based services which follow the HATEOAS principle. My objective here is not to show how to create the service itself, but to demonstrate how to write a client to the service. The sample service that I am going to use is the ” the-spring-rest-stack” written by Josh Long( @starbuxman). The specific subproject that I am going to use is the hateoas one here. If this subproject is run using “mvn jetty” command, a REST based endpoint to list the details of a user is available at http://localhost:8080/users/2 where “2″ is the id of the user and gives a result of the following structure: { "links": [{ "rel": "self", "href": "http://localhost:8080/users/2" }, { "rel": "customers", "href": "http://localhost:8080/users/2/customers" }, { "rel": "photo", "href": "http://localhost:8080/users/2/photo" }], "id": 2, "firstName": "Lois", "profilePhotoMediaType": null, "lastName": "Lane", "username": "loislane", "password": null, "profilePhotoImported": false, "enabled": true, "signupDate": 1370201631000 } To get to a specific customer of this user, the endpoint is at http://localhost:8080/users/2/customers/17, which gives an output of the following structure: { "links": [{ "rel": "self", "href": "http://localhost:8080/users/2/customers/17" }, { "rel": "user", "href": "http://localhost:8080/users/2" }], "id": 17, "signupDate": 1372461079000, "firstName": "Scott", "lastName": "Andrews", "databaseId": 17 } Now for a consumer of these two services, the result can be represented by a java type called Resource in the Spring-hateoas project and is a generic class with the following signature: public class Resource<T> extends ResourceSupport {protected Resource() { this.content = null; }public Resource(T content, Link... links) { this(content, Arrays.asList(links)); }... So the consumer of the above two services will get back the following two types: Resource<User> user = .... //call to the serviceResource<Customer> customer = ... //call to the service The issue now is that since the “user” and “customer” above are parameterized types, if I were to bind the types using Jackson as the json processor, I would be doing something along the following lines: ObjectMapper objectMapper = new ObjectMapper(); Resource<Customer> customer = objectMapper.readValue(customerAsJson, Resource.class); Resource<User> user = objectMapper.readValue(userAsJson, Resource.class); The above will not work however, the reason is because of the lost type information of the parameterized Resource due to Java type erasure, Jackson wouldn’t know to create an instance of Resource<User> or Resource<Customer> The fix is to use a Super Type Token, which is essentially a way to provide the type information for libraries like Jackson and I have blogged about it before here. With this, a working code to map the json to the appropriate parameterized type would look like this: ObjectMapper objectMapper = new ObjectMapper(); Resource<Customer> customer = objectMapper.readValue(customerAsJson, new TypeReference<Resource<Customer>>() {}); Resource<User> customer = objectMapper.readValue(userAsJson, new TypeReference<Resource<User>>() {}); Spring’s client abstraction to deal with Rest based services is RestTemplate, and this can deal with a variety of message formats(xml, json, atom etc) using an abstraction called HttpMessageConverter to deal with the specifics of binding for each of the message formats. Spring RestTemplate provides its own implementation of Super Type token to be able to bind different message formats to parameterized types, along the lines of Jackson’s TypeReference, it is called the ParameterizedTypeReference. ParameterizedTypeReference can be used to cleanly bind Rest responses for User and Customer to Java types this way: RestTemplate restTemplate = new RestTemplate(); ResponseEntity<Resource<User>> responseEntity = restTemplate.exchange("http://localhost:8080/users/2", HttpMethod.GET, null, new ParameterizedTypeReference<Resource<User>>() {}, Collections.emptyMap()); if (responseEntity.getStatusCode() == HttpStatus.OK) { Resource<User> userResource = responseEntity.getBody(); User user = userResource.getContent(); } RestTemplate restTemplate = new RestTemplate(); ResponseEntity<Resource<Customer>> responseEntity = restTemplate.exchange("http://localhost:8080/users/2/customers/17", HttpMethod.GET, null, new ParameterizedTypeReference<Resource<Customer>>() {}, Collections.emptyMap()); if (responseEntity.getStatusCode() == HttpStatus.OK) { Resource<Customer> customerResource = responseEntity.getBody(); Customer customer = customerResource.getContent(); } In conclusion, ParameterizedTypeReference provides a neat way of dealing with the parameterized types and is incredibly useful in consuming the Spring Hateoas based REST services.   Reference: Consuming Spring-hateoas Rest service using Spring RestTemplate and Super type tokens from our JCG partner Biju Kunjummen at the all and sundry blog. ...
java-logo

GC impact on throughput and latency

(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = "//connect.facebook.net/en_GB/all.js#xfbml=1&appId=629802223740065"; fjs.parentNode.insertBefore(js, fjs); }(document, "script", "facebook-jssdk"));One type of the problems each and every Java application out there has to wrestle with is related to garbage collection. When the garbage collector works, it represents a wonderful invention. When it does not – or when the way GC is doing its housekeeping becomes unpredictable – then you have a friend who has turned into a foe. This post is about garbage collection pause times. Or more precisely – why should you care about the pauses. Some posts ago, I explained throughput and latency via mr Apple CEO Tim Cook planning for the iPad demand and building factories. I will stick to the same illustrative story:We have a factory line producing one iPad per second. Each second, every second. So the throughput of the line is 86,400 iPads/day It takes four hours to complete an iPad from the start where the casing is molded to the finish when the acceptance tests on the iPad have been concluded. So the latency of the line is four hours.The system above and the calculations are based on the assumption that the factory line is operational 24 hours a day, each day, every day. But all factory lines tend to need maintenance which is equivalent to garbage collection running inside the JVM. As an example – lets take small maintenance tasks, which can be handled without much interruptions. Examples could involve adding oil to the machinery or picking up excess trash from the floor next to the molding equipment. Those operations are similar to minor GC’s within the JVM – it is maintenance you have to deal with, but the implementation is so clever that the performance of the system is not affected. But in the very same factory mr. Tim Cook is going to face long-lasting maintenance tasks as well. Those tasks involve stopping the whole production line and are equivalent to the Full GC runs, where the JVM needs to stop servicing the threads in order to do some important housekeeping tasks. Now, lets assume that after months of uninterrupted service, our hypothetical factory line gets jammed and the tech team takes four hours to resolve the issue. During this period the line is stopped. How do we measure the effect? As always, the impact can be measured by two different means:Impact on throughput. The four-hour stop means we have 14,400 seconds during which no iPads are completed. Throughput-wise it means we have reduced the system’s capacity in this particular day from 86,400 to 72,000. Which means approximately ~16.5% loss in throughput. Impact on latency. Now, if we took an iPad which was still on the line when the interruption occurred, it took not four but eight hours to complete. This represents a 100% increase in worst-case latency.If you recall then mr. Cook did not care about latency. What was important for him was the overall throughput during a longer period, so mr. Cook would decide to optimize his processes in a way that the impact on throughput would be minimized. Similar decisions need to be made in software development as well. If you have a Java EE application responsible for order processing, then a GC pause spanning four seconds would definitely reduce the throughput of your system. But for most of us it will not be a major issue. On the other hand, the users who were trying to accomplish things during the four-second stop-the-world-i-have-cleaning-to-do pause would get a perception that our systems are sluggish. And operating a service which is perceived by users as sluggish is a darn good way to go out of business. The morale of the story? Pick your goals wisely and make sure you do not confuse throughput with latency. Then make sure you understand how GC can affect either of those by monitoring your GC logs, looking for unexpected Full GCs and tuning your application and/or GC to minimize their impact.   Reference: GC impact on throughput and latency from our JCG partner Nikita Salnikov Tarnovski at the Plumbr Blog blog. ...
eclipse-logo

PMI Facelift

(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = "//connect.facebook.net/en_GB/all.js#xfbml=1&appId=629802223740065"; fjs.parentNode.insertBefore(js, fjs); }(document, "script", "facebook-jssdk"));The Project Management Infrastructure (PMI) is still, frankly, a little too ugly for my liking. A proper facelift with the help of a graphics designer and somebody who knows a thing or two about designing websites is still required (and planned). Having said that, we’re taking a small step forward. Over the weekend, I will release an update to the look and feel of the PMI. This will address a couple of deficiencies that have been bothering me for a while. Perhaps the biggest problem with the existing implementation is that it is impossible to provide reasonable links to a particular page. The implementation detail that causes that deficiency is also responsible for the rather odd “go back” functionality which not-so-very-helpfully switches you to the main page when you navigate back to a project page. With this change, go back will return you back to where you came from. The “Discover”, “Engage”, “Participate”, and “Explore” tabs will disappear in favour tabs labelled “View”, “Downloads”, “Who’s Involved”, “Documentation”, “Developer Resources”, and “Contact Us”. If you’re logged in as a project committer, you also see an “Edit” tab (you may also see a “Revisions” tab). The “View” page is the default page for project information. On this page, you’ll see the project description, logo, and some other basic project information (the project’s lifetime commits chart will also appear here).Providing a good project description is a great way to help a potential new recruit for your community understand the nature of the project. A short paragraph of two-to-five sentences works great here. If you do feel a need to provide a more lengthy description, note that there is a means of providing a summary; use that functionality. The “Downloads” page shows, well…, downloads. You can provide helpful free-form text download information at the top of this page, as well as collection of links.Included with the links is the “Big Button Download” (“Downloads URL”). You can provide anything you want here; either a direct link to a file download, or a link to a page with more download options. Marketplace, Update site, and arbitrary download-related links can also be provided. The “Who’s Involved” page lists the people involved in the project, including project leads, committers, and mentors. For top-level projects, you’ll also see PMC members and council representatives.Generation of “Who’s Involved” page is completely automatic based on our database’s understanding of the composition of the project team. At some point in the not-too-distant-future, we’ll include company information on this page (see bug 403494). The “Documentation” page, like the “Downloads” page starts with a free-form text field that projects can use to include whatever sort of information makes sense.This page also includes the project scope, related projects, activity charts, tables of releases and reviews, and links. Note that the project scope contents can be changed by any project committer: tweaking the text is okay, but if the meaning of the scope needs to change, you must engage in a Restructuring Review. The “Developer Resources” page is where potential contributors and adopters find the source code and build information for your project. Again, you can provide a bit of free-form text as you see fit to best help the reader understand something that may need a bit more explanation. A summary of the the project’s contribution guidelines, along with a pointer to more information might be helpful, for example.The Source and Build information is collected into collapsible sections; some projects list a lot of repositories, so providing a means of quickly collapsing them seemed prudent. Finally, the “Contact” page provide pointers to the project’s forums, and mailing lists.After the rollout, I expect to make additional tweaks based on feedback (and update the documentation). Also included with this release, are some similar changes for release records, new form-based support for providing project proposals, and project lead election workflow. As always, your feedback is welcome. Naturally, bug reports are the best way to provide feedback.   Reference: PMI Facelift from our JCG partner Wayne Beaton at the Eclipse Hints, Tips, and Random Musings blog. ...
javafx-logo

JavaFX Custom Control – Nest Thermostat Part 1

(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = "//connect.facebook.net/en_GB/all.js#xfbml=1&appId=629802223740065"; fjs.parentNode.insertBefore(js, fjs); }(document, "script", "facebook-jssdk"));Tow weeks ago, I decided to spend some time watching some of the JavaOne talks about JavaFX, thanks to this excellent post from Hendrik Ebbers. I have to say I’ve learned so much already, just watching theses video (even if I have not finished yet) ! Gerrit’s Talk on “Use the Force, Luke” or Tips and Tricks for Using the Capabilities of JavaFX boost me to link my (basic) inkscape and design skill to my JavaFX knowledge. I decided I will take some time trying to create a complete custom JavaFX control as described by Gerrit in its talk using inkscape and CSS. It will be I think a good way to learn CSS! Here is the real life object I will try to reproduce in JavaFX. This is a Thermostat created by Nest.So As described by Gerrit, I first made an Inkscape prototype to understand how the image is built. First import the image in inkscape and then start by the external part of the image and go to the center details. I used a lot the object alignment and distribution as well as the duplicate (Ctrl+d) and Gradient with color picker. On the next image you can see the steps I had and the final image I built.The final result is close from the original even if I did not managed to do some of the effects. For example I had some trouble with the external circle gradient that is not symmetric. So I decided to get the brighter part and make it symmetric ! Here is a full comparison between my inkscape version (left) and the original one (right) :I have to say the using the gradient by getting the real image in Inscakep and picking color with the color pick tool was really a simple and powerful way to reproduce the light effects. Thanks again to Gerrit for this really instructive talk. Next step is to import the global shape in JavaFX using CSS mostly, as presented in the Talk.For those who are interested in making custom control you should really click here.UPDATE 1 : I’ve reworked my inkscape version because something was not right about the light effect, and I’ve found, my external circle gradient was not aligned with the light direction, it was orthogonal with it !!! Here is the new screenshot!UPDATE 2 : For those willing to take a look at the inkscape file, here it is !   Reference: JavaFX Custom Control – Nest Thermostat Part 1 from our JCG partner Laurent Nicolas at the Mr LoNee blog. ...
Java Code Geeks and all content copyright © 2010-2014, Exelixis Media Ltd | Terms of Use
All trademarks and registered trademarks appearing on Java Code Geeks are the property of their respective owners.
Java is a trademark or registered trademark of Oracle Corporation in the United States and other countries.
Java Code Geeks is not connected to Oracle Corporation and is not sponsored by Oracle Corporation.

Sign up for our Newsletter

15,153 insiders are already enjoying weekly updates and complimentary whitepapers! Join them now to gain exclusive access to the latest news in the Java world, as well as insights about Android, Scala, Groovy and other related technologies.

As an extra bonus, by joining you will get our brand new e-books, published by Java Code Geeks and their JCG partners for your reading pleasure! Enter your info and stay on top of things,

  • Fresh trends
  • Cases and examples
  • Research and insights
  • Two complimentary e-books
Get tutored by the Geeks! JCG Academy is a fact... Join Now
Hello. Add your message here.