aspose file tools*
The moose likes Developer Certification (SCJD/OCMJD) and the fly likes SecurityException Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Developer Certification (SCJD/OCMJD)
Bookmark "SecurityException" Watch "SecurityException" New topic
Author

SecurityException

Sean Keane
Ranch Hand

Joined: Nov 03, 2010
Posts: 581

I was having a search through the forum about the SecurityException in the DB interface. The general consensus seems to be that this should be a checked exception. Assuming I make it checked, what should I do with this when I catch it in my Business class?

The best I can come up with at the moment is to simply create a generic checked BusinessException and rethrow the SecurityException wrapped by a BusinessException.

I think a generic exception is the best that can be done here as a SecurityException means nothing to the client, where I have a thin client and it knows nothing about locking\unlocking. So if a SecurityException gets thrown in the context of a thin client, there's nothing the client can do other than either something along the lines of :

* terminating
* telling the user an error occurred and that they should contact support
* telling the user an error occurred and that they should try again

I was looking at the test class that Roel created to test the business service - this code is not expecting a checked SecurityException to be thrown, or any Exception that looks like it would wrap a SecurityException.

So either he made the SecurityException an unchecked exception or he swallows up the SecurityException in his Business class. Or this is not the exact test class he used with his application?

SCJP (1.4 | 5.0), OCJP (6.0), OCMJD
Jonathan Elkharrat
Ranch Hand

Joined: Dec 31, 2008
Posts: 170

Roel did it a runtime exception. not sure about Roberto but i wouldn't be
surprised if he did it too...

here i had a little discussion with roel about that:
http://www.coderanch.com/t/539841/java-developer-SCJD/certification/Methods-implemented-server


SCJP 5, SCWCD 5, SCBCD 5
Sean Keane
Ranch Hand

Joined: Nov 03, 2010
Posts: 581

Thanks Jonathan. I think the reasons I read on other threads for making this a checked exception was that any exceptions listed in the interface provided by Oracle should be checked exceptions.

But I think it's a more convincing argument to make this a run time exception because it really is not something a client can recover from. As I was playing through the example in my previous post it's obvious you can't do anything useful with the exception on the client side.
Roberto Perillo
Bartender

Joined: Dec 28, 2007
Posts: 2265
    
    3

Howdy, y'all.

Well, my assignment didn't include this exception, but if I had to, I'd do it a RuntimeException. Simply because, to me, it indicates wrong API usage.


Cheers, Bob "John Lennon" Perillo
SCJP, SCWCD, SCJD, SCBCD - Daileon: A Tool for Enabling Domain Annotations
Roel De Nijs
Bartender

Joined: Jul 19, 2004
Posts: 5266
    
  13

Same here: the interface I had to implement didn't mention a SecurityException, so that's why my test program doesn't mention one But in my opinion SecurityException should be a runtime exception, because like Roberto already said: it's wrong API usage and that's why I throw an IllegalStateException (just like passing an invalid String[] to the update method, but then an IllegalArgumentException is thrown).


SCJA, SCJP (1.4 | 5.0 | 6.0), SCJD
http://www.javaroe.be/
Dennis Grimbergen
Ranch Hand

Joined: Nov 04, 2009
Posts: 140

I implemented the SecurityException as a checked exception and explained why. I also explained why I thought it could be an unchecked exception. I think in the end it's just your choice and as long as they see you put some effort to at least discuss it in your choices.txt it's fine.


SCJP, SCWCD, SCJD
Sean Keane
Ranch Hand

Joined: Nov 03, 2010
Posts: 581

Dennis Grimbergen wrote:I implemented the SecurityException as a checked exception and explained why. I also explained why I thought it could be an unchecked exception. I think in the end it's just your choice and as long as they see you put some effort to at least discuss it in your choices.txt it's fine.


That is how I started off thinking - to make it checked. But I couldn't see how I could do anything useful with it on the client side. What do you do when you catch the checked SecurityException?
Jonathan Elkharrat
Ranch Hand

Joined: Dec 31, 2008
Posts: 170

Sean Keane wrote:
Dennis Grimbergen wrote:I implemented the SecurityException as a checked exception and explained why. I also explained why I thought it could be an unchecked exception. I think in the end it's just your choice and as long as they see you put some effort to at least discuss it in your choices.txt it's fine.


That is how I started off thinking - to make it checked. But I couldn't see how I could do anything useful with it on the client side. What do you do when you catch the checked SecurityException?


on the client side? then you must have implemented a "fat" client..

there's nothing you can do, it's like RemoteException. i guess you just rollback
and notify the user something went wrong..
Sean Keane
Ranch Hand

Joined: Nov 03, 2010
Posts: 581

Jonathan Elkharrat wrote:
Sean Keane wrote:
Dennis Grimbergen wrote:I implemented the SecurityException as a checked exception and explained why. I also explained why I thought it could be an unchecked exception. I think in the end it's just your choice and as long as they see you put some effort to at least discuss it in your choices.txt it's fine.


That is how I started off thinking - to make it checked. But I couldn't see how I could do anything useful with it on the client side. What do you do when you catch the checked SecurityException?


on the client side? then you must have implemented a "fat" client..

there's nothing you can do, it's like RemoteException. i guess you just rollback
and notify the user something went wrong..


Well when would a SecurityException be thrown in your application and what did you do when you caught it?

Regardless of whether you have a fat\thin client. If a SecurityException is thrown on the server side, then the operation the client was expecting to happen I am guessing will not happen. So what happens on the client side?
Jonathan Elkharrat
Ranch Hand

Joined: Dec 31, 2008
Posts: 170

i did it a runtime exception.
as mentionned Roel, it's only thrown if you misuse your API (or have a really nasty bug in your lock/unlock)
Sean Keane
Ranch Hand

Joined: Nov 03, 2010
Posts: 581

Jonathan Elkharrat wrote:i did it a runtime exception.
as mentionned Roel, it's only thrown if you misuse your API (or have a really nasty bug in your lock/unlock)


Ooops, apologies, I misread your update! My question was to Dennis as he had made SecurityException checked - so I was wondering what he did with the exception when he caught it. I thought you were saying you made it a checked exception too. But you didn't.

So, still wondering what you'd actually do when you catch the SecurityException. You mentioned one of the three possible actions I listed in my original post - i.e. tell user to try again. But if there is a fatal flaw in the system, do you really want a client to continue operating?
Alex Iordanoglou
Greenhorn

Joined: Oct 21, 2004
Posts: 6
Hi Everybody,
I might be a bit late on this one, but, my assignement says specifically
Any unimplemented exceptions in this interface must all be created as member classes of the
suncertify.db package...
So, I would think that since SecurityException already exists in the Java API, as a subclass of RuntimeException, we (at least I..) should be using
the one given by Sun/Java... Which also helps us avoid the dilemma of Runtime vs checked and/or wrapped etc...
Any thoughts about this ?
Roel De Nijs
Bartender

Joined: Jul 19, 2004
Posts: 5266
    
  13

That security exception has nothing to do with the one you need to use, because the one in Java API is about the use of security managers, which you do not use. So I strongly advice to create your own SecurityException and NOT use the one from the Java API.
Alex Iordanoglou
Greenhorn

Joined: Oct 21, 2004
Posts: 6
Thanks for the tip Roel, I will definitely follow your advice and document it of course in my choices.txt: ...and because Roel suggested so... just kidding
However, to my defence, the SecurityException is defined in the mere java.lang package, not some exotic package e.g. java.secure.genius, so, this fact plus the fact that it is a subclass of
RuntimeException which suits us in our case as discussed here, could suggest that we could use that on instead of making our own.
Roel De Nijs
Bartender

Joined: Jul 19, 2004
Posts: 5266
    
  13

That's true, but the javadoc of the exception says "Thrown by the security manager to indicate a security violation." which is in my opinion not applicable to the interface requirements of the assignment. But who am I? The interface I had to implement didn't have a SecurityException at all
Oladeji Oluwasayo
Ranch Hand

Joined: Sep 10, 2010
Posts: 101

I also used the one provided in the standard API. Has anybody used in his/her final submission?


OCPJP 6, OCMJD 6
Roel De Nijs
Bartender

Joined: Jul 19, 2004
Posts: 5266
    
  13

Oladeji Oluwasayo wrote:Has anybody used in his/her final submission?

I can't remember someone using the SecurityException from standard API.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: SecurityException