Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

SecurityException

 
Sean Keane
Ranch Hand
Posts: 582
Chrome Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I was having a search through the forum about the SecurityException in the DB interface. The general consensus seems to be that this should be a checked exception. Assuming I make it checked, what should I do with this when I catch it in my Business class?

The best I can come up with at the moment is to simply create a generic checked BusinessException and rethrow the SecurityException wrapped by a BusinessException.

I think a generic exception is the best that can be done here as a SecurityException means nothing to the client, where I have a thin client and it knows nothing about locking\unlocking. So if a SecurityException gets thrown in the context of a thin client, there's nothing the client can do other than either something along the lines of :

* terminating
* telling the user an error occurred and that they should contact support
* telling the user an error occurred and that they should try again

I was looking at the test class that Roel created to test the business service - this code is not expecting a checked SecurityException to be thrown, or any Exception that looks like it would wrap a SecurityException.

So either he made the SecurityException an unchecked exception or he swallows up the SecurityException in his Business class. Or this is not the exact test class he used with his application?
 
Jonathan Elkharrat
Ranch Hand
Posts: 170
Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Roel did it a runtime exception. not sure about Roberto but i wouldn't be
surprised if he did it too...

here i had a little discussion with roel about that:
http://www.coderanch.com/t/539841/java-developer-SCJD/certification/Methods-implemented-server
 
Sean Keane
Ranch Hand
Posts: 582
Chrome Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Jonathan. I think the reasons I read on other threads for making this a checked exception was that any exceptions listed in the interface provided by Oracle should be checked exceptions.

But I think it's a more convincing argument to make this a run time exception because it really is not something a client can recover from. As I was playing through the example in my previous post it's obvious you can't do anything useful with the exception on the client side.
 
Roberto Perillo
Bartender
Posts: 2271
3
Eclipse IDE Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Howdy, y'all.

Well, my assignment didn't include this exception, but if I had to, I'd do it a RuntimeException. Simply because, to me, it indicates wrong API usage.
 
Roel De Nijs
Sheriff
Posts: 9838
103
AngularJS Chrome Eclipse IDE Hibernate Java jQuery MySQL Database Spring Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Same here: the interface I had to implement didn't mention a SecurityException, so that's why my test program doesn't mention one But in my opinion SecurityException should be a runtime exception, because like Roberto already said: it's wrong API usage and that's why I throw an IllegalStateException (just like passing an invalid String[] to the update method, but then an IllegalArgumentException is thrown).
 
Dennis Grimbergen
Ranch Hand
Posts: 159
IntelliJ IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I implemented the SecurityException as a checked exception and explained why. I also explained why I thought it could be an unchecked exception. I think in the end it's just your choice and as long as they see you put some effort to at least discuss it in your choices.txt it's fine.
 
Sean Keane
Ranch Hand
Posts: 582
Chrome Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Dennis Grimbergen wrote:I implemented the SecurityException as a checked exception and explained why. I also explained why I thought it could be an unchecked exception. I think in the end it's just your choice and as long as they see you put some effort to at least discuss it in your choices.txt it's fine.


That is how I started off thinking - to make it checked. But I couldn't see how I could do anything useful with it on the client side. What do you do when you catch the checked SecurityException?
 
Jonathan Elkharrat
Ranch Hand
Posts: 170
Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sean Keane wrote:
Dennis Grimbergen wrote:I implemented the SecurityException as a checked exception and explained why. I also explained why I thought it could be an unchecked exception. I think in the end it's just your choice and as long as they see you put some effort to at least discuss it in your choices.txt it's fine.


That is how I started off thinking - to make it checked. But I couldn't see how I could do anything useful with it on the client side. What do you do when you catch the checked SecurityException?


on the client side? then you must have implemented a "fat" client..

there's nothing you can do, it's like RemoteException. i guess you just rollback
and notify the user something went wrong..
 
Sean Keane
Ranch Hand
Posts: 582
Chrome Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Jonathan Elkharrat wrote:
Sean Keane wrote:
Dennis Grimbergen wrote:I implemented the SecurityException as a checked exception and explained why. I also explained why I thought it could be an unchecked exception. I think in the end it's just your choice and as long as they see you put some effort to at least discuss it in your choices.txt it's fine.


That is how I started off thinking - to make it checked. But I couldn't see how I could do anything useful with it on the client side. What do you do when you catch the checked SecurityException?


on the client side? then you must have implemented a "fat" client..

there's nothing you can do, it's like RemoteException. i guess you just rollback
and notify the user something went wrong..


Well when would a SecurityException be thrown in your application and what did you do when you caught it?

Regardless of whether you have a fat\thin client. If a SecurityException is thrown on the server side, then the operation the client was expecting to happen I am guessing will not happen. So what happens on the client side?
 
Jonathan Elkharrat
Ranch Hand
Posts: 170
Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i did it a runtime exception.
as mentionned Roel, it's only thrown if you misuse your API (or have a really nasty bug in your lock/unlock)
 
Sean Keane
Ranch Hand
Posts: 582
Chrome Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Jonathan Elkharrat wrote:i did it a runtime exception.
as mentionned Roel, it's only thrown if you misuse your API (or have a really nasty bug in your lock/unlock)


Ooops, apologies, I misread your update! My question was to Dennis as he had made SecurityException checked - so I was wondering what he did with the exception when he caught it. I thought you were saying you made it a checked exception too. But you didn't.

So, still wondering what you'd actually do when you catch the SecurityException. You mentioned one of the three possible actions I listed in my original post - i.e. tell user to try again. But if there is a fatal flaw in the system, do you really want a client to continue operating?
 
Alex Iordanoglou
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Everybody,
I might be a bit late on this one, but, my assignement says specifically
Any unimplemented exceptions in this interface must all be created as member classes of the
suncertify.db package...
So, I would think that since SecurityException already exists in the Java API, as a subclass of RuntimeException, we (at least I..) should be using
the one given by Sun/Java... Which also helps us avoid the dilemma of Runtime vs checked and/or wrapped etc...
Any thoughts about this ?
 
Roel De Nijs
Sheriff
Posts: 9838
103
AngularJS Chrome Eclipse IDE Hibernate Java jQuery MySQL Database Spring Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That security exception has nothing to do with the one you need to use, because the one in Java API is about the use of security managers, which you do not use. So I strongly advice to create your own SecurityException and NOT use the one from the Java API.
 
Alex Iordanoglou
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for the tip Roel, I will definitely follow your advice and document it of course in my choices.txt: ...and because Roel suggested so... just kidding
However, to my defence, the SecurityException is defined in the mere java.lang package, not some exotic package e.g. java.secure.genius, so, this fact plus the fact that it is a subclass of
RuntimeException which suits us in our case as discussed here, could suggest that we could use that on instead of making our own.
 
Roel De Nijs
Sheriff
Posts: 9838
103
AngularJS Chrome Eclipse IDE Hibernate Java jQuery MySQL Database Spring Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That's true, but the javadoc of the exception says "Thrown by the security manager to indicate a security violation." which is in my opinion not applicable to the interface requirements of the assignment. But who am I? The interface I had to implement didn't have a SecurityException at all
 
Oladeji Oluwasayo
Ranch Hand
Posts: 101
Java Netbeans IDE Oracle
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I also used the one provided in the standard API. Has anybody used in his/her final submission?
 
Roel De Nijs
Sheriff
Posts: 9838
103
AngularJS Chrome Eclipse IDE Hibernate Java jQuery MySQL Database Spring Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Oladeji Oluwasayo wrote:Has anybody used in his/her final submission?

I can't remember someone using the SecurityException from standard API.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic