David Sharpe

Ranch Hand
+ Follow
since Jun 15, 2009
Merit badge: grant badges
For More
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
1
Received in last 30 days
0
Total given
0
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by David Sharpe

If anyone's interested, I majorly revised this question and posted it on StackOverflow here. It's might be too broad for SO, but I hope not!
I'm not sure, unfortunately. I am not directly responsible for that. I asked the person who was, and he says he's not sure (yet) either. Our security requirements for the communication between the one remote client and my application are quite simple. There is only one remote client of my application, so the intention was for both of us to hold some kind of client certificate. I'm not sure communication will even happen over SSL, because it's all internal. I'm sorry I'm not more knowledgable.

Maybe I'm overthinking this. My API should just be:



Where Message encapsulates the "thing" and the "user".

I still seems a bit wrong though; it seems that Stateless or not, HTTP or not, there is still an implicit "session" here. For example, the call to the EJB is transactional (container-managed): there is only one transaction for each call. It seems that the transaction has a sort of session or scope, so I thought I could devise something to emulate this for the "user" variable, maybe even attach a variable to the transaction if that's not a horrible idea.

I was going to suggest using EJBContext and its getCallerPrincipal() method, but you mentioned not you don't use container managed auth/auth.



That's right. The remote client that is calling my EJB has performed authentication (it might even be container managed, I don't know), and my application trusts the remote client.

You said you don't want to use Producer because a stateless bean has no notion of sessions. While that is true, you don't need to worry about it. You can inject an instance of a class annotated with @SessionScoped (use the version from javax.enterprise.context, not javax.faces.bean though) and the EJB container should take care of injecting the correct value.



This surprises me. javax.enterprise.context.SessionScoped:

Specifies that a bean is session scoped.

The session scope is active:

  • during the service() method of any servlet in the web application, during the doFilter() method of any servlet filter and when the container calls any HttpSessionListener, AsyncListener or ServletRequestListener.


  • The session context is shared between all servlet requests that occur in the same HTTP session. The session context is destroyed when the HTTPSession times out, after all HttpSessionListeners have been called, and at the very end of any request in which invalidate() was called, after all filters and ServletRequestListeners have been called.



    The Javadoc seems to state that the session scope is active only during HTTP sessions. The remote client is using Java RMI, so there is no HTTP session.

    I see that isn't clear in my original post, which I cannot edit. I'll emphasize it here for other readers: the remote client is invoking my EJB using Java RMI, so there is no HTTP session.
    I am working with a case where a remote client is invoking my Stateless EJB:



    The remote client passes in the user ID of the user making the request so that my application can determine whether the user has permission to do the thing it is trying to do. My application is not responsible for authentication, just authorization, so we trust the remote client. To emphasize, this is not container-managed auth-auth. While the application technically has many users, as far as it's concerned there is only one user: the remote client.

    The problem is that the permissions are extremely fine-grained. Permissions are checked multiple times in multiple ways by the services interested in different aspects: "myService.addThing" will call other EJBs and validations, which may in turn call still more, and all of these modules may be interested in the user making the request so that they can check specific, fine-grained permissions.

    I need a way for these Stateless EJBs and POJOs to know who the current user is. The most straight-forward thing for me to do would be to just add a "user" parameter to many methods in the system so that it can be passed-in. I could also encapsulate "thing" and "user" in a single object to pass-around. But authorization is usually treated as a cross-cutting concern, so it feels wrong to add a "user" parameter to so many methods. Is there some conventional way I can inject the user into any EJB or POJO that needs it? I was thinking of something like a Producer, but as a Stateless EJB has no concept of session I don't see how that could work. I also don't think a Stateful EJB is suitable because I don't need to maintain conversational state with the remote client: it's mostly fire-and-forget.
    By the beard of Zeus! I'm being flown out for a face-to-face interview.
    12 years ago
    Thanks for the advice, everyone. It helped. I wrote the exam remotely, so I had access to whatever resources I wanted. I used Eclipse and a web browser. I emailed my program in when I finished. Here are some of the data structures and methods I used:

  • java.lang.BufferedReader
  • String.split(String)
  • String.substring(int, int)
  • java.lang.ConcurrentHashMap
  • enum


  • My concurrency knowledge was not up to snuff, but they listed it as an "extended objective", so I hope what I wrote was enough to show them I am serious.
    12 years ago
    Thanks for the fast feedback, Joanne and Fred. It is greatly appreciated.

    Fred: That is somewhat reassuring. I will keep this in mind.

    Joanne: I know a bit about concurrency, but I am trying to anticipate how it might apply to this problem. I suppose concurrency could be used to read and "analyse" multiple files at once, for example.
    12 years ago
    Hello, I am trying to prepare for an interview code quiz. I do not have the details of the problem, but they have given me a vague outline. They have left me to prepare as I see fit, so I decided it would be fair to ping you guys and girls for suggestions.

    I will be given two hours to develop a program in Java. The program will parse text from a file (or other source) and analyse it somehow. They have suggested that I familiarize myself with java.io.Reader, standard data structures, and concurrency mechanisms.

    To prepare, I reviewed the Java Practices website entries for parsing text and reading and writing text files. I am wondering what else I can do to prepare.

    Does anyone have any ideas how
  • I might be expected to "analyse" the text? Maybe something simple like counting word frequency?
  • Concurrency might be involved?
  • 12 years ago
    Thanks for the help, Gerardo. I reread your post a few times, and I have some ideas to try in my own program now. (Paragraphs are great and all, but code, even pseudocode, is so much more precise.) Right now, I think I have my "Controller" embedded in "Configuration" (which might be my "Model"). I'm not completely sure I want to change that, but it's good to be able to make a conscious choice on the matter.

    Sunny, you're right to imagine that "Configuration" is doing some operations in a separate thread: that's exactly what it's doing. I'm making some assumptions here, but from your wording I picture taking Gerado's inner class ("Controller") and making it a separate class completely, one that would instantiate the GUI and "Configuration" (the "Model") and handle communication between the two.

    John, I like your solution, and let me tell you why: it's similar to what I'm doing ("Mirror, mirror, on the wall..."). When I said "please note that this design allows the GUI to be substituted with anything that provides the right accessor methods", I was really thinking of an interface, but I questioned the utility of an interface that would never be reused.

    On one hand, I like the "registerGUI(GUI)" method you suggest since it acknowledges that two-way communication will be necessary, but that does leave me in the awkward place of allowing an "AwesomeGUIBehaviour" object to be initialized without a GUI, thus forcing "if (myGui == null) throw new YouForgotToSetAGuiException()" handling in AwesomeGUIBehaviour's code for robustness.

    Thanks for the advice so far, everyone. I think I'll use John's interface and consciously choose not to use Gerardo's and Sunny's "Controller", but at least I won't be ignorant that I made a decision. If I do as Gerardo indicates and instantiate "Configuration" within "GUI", e.g. config = new Configuration(this), sure I'll be using a partially initialized "GUI" object, but that's a compromise I'm willing to make, lacking a preferable option.

    Sunny X Narula wrote:This is a design problem not a general java problem.



    What would you recommend? OO, Patterns, UML and Refactoring?
    14 years ago
    Thanks for the advice, Campbell. I took it and opted to omit the "Head First" book. I also found "The Design of Everyday Things" in my library, and "The Best Software Writing I" too (albeit as an online resource--ugh).

    In the end, I ordered only "Core Java" and "Effective Java". I shopped around for better prices, including considering previous editions. In the case of "Effective Java" the first edition was written in 2001, and 20 new tips have been added, so I figured it was worth it (although you can find the previous edition for about $5). In the case of "Core Java", the previous edition isn't that old (2004), but they've made some obvious improvements: like putting multithreading in volume 1 (fundamentals) instead of 2 (advanced) (once again though, you can find the previous edition for around $5).

    Thanks for the recommendations, they were a big help.


    p.s. If you are looking for bargains (or rare books), these online bookstore aggregators are great:
    http://www.vialibri.net/
    http://www.bookfinder.com/
    http://www.bookfinder4u.com/
    14 years ago
    Thanks John, I'm thinking about your suggestions now. I agree with your point about tight coupling. An inner class would definitely work in this scenario, but isn't that more tightly coupled than my current solution?

    John de Michele wrote:



    This works for me to some extent, but the communication between the GUI and the Configuration is two-way. To me, your pseduocode implies that the GUI will call Configuration methods, but not necessarily vice versa.

    I'll show a bit more source code, stripped-down of course:

    (I've named variables such that a graphical solution is implied, but please note that this design allows the "GUI" to be substituted with anything that provides the right accessor methods, e.g. "boolean doOperationA()". A text GUI could quickly be made, for instance.)

    So you see, John, in my current mindset, it's impossible to make the Configuration independent of the GUI because the GUI is the Configuration's data/state source. I did say "in my current mindset": you're right to indicate that if my division of labour/assignment of responsibilities is off, then I'll have to rethink things considerably.

    When I tried to make Configuration more independent, I ended-up putting more domain logic in the GUI:

    So now the Configuration no longer needs to access the GUI for this information. This still leaves the problem of having the Configuration report back to the GUI when certain events occur (e.g. "Operation A is complete."), but I could use an observer pattern (i.e. the Configuration will announce to its listeners). Overall though, it doesn't feel any better.

    Gerardo, thanks for replying. That's similar to what I'm currently doing, but I worry about passing the Configuration constructor a partially initialized GUI object. I might be worrying unnecessarily, as long as I don't do work in the constructor.

    Ah, my carpool is waiting. See you tomorrow.
    14 years ago
    Thanks for the input, John. You may be right, but have you considered what construction would look like in that case?

    Furthermore, for the sake of robustness, I might be tempted to do this:

    Or something like that. It looks alright, but it'd need to be pasted into every Beta method that depends on Alpha, which most of them do.

    As I said, you may be right, it might be better than many alternatives, but (1) it puts the onus on the user of the class, and (2) it allows an object to be constructed without actually being "good to go".

    I suppose if I wanted "good to go" handling, I could do something like this:

    Instead of throwing an exception... bah. I'm probably worrying too much. It's not as if anyone is going to reuse my classes. I'm just trying to write good code, and this awkward design has me feeling I've made some conspicuous mistakes.
    14 years ago
    I've run into a problem with co-dependent classes. Have a look:



    To declare an Alpha object, I need a Beta object, and vice versa. I thought I might try:



    But I realized I'm passing a partially initialized Alpha object to Beta's constructor, which kinda scares me.

    I could set Alpha and Beta after construction using methods, e.g. "alpha.setBeta(beta)" and "beta.setAlpha(alpha)", but that seems like a kludge.

    Maybe you need some more context to offer advice? Alpha is actually my GUI class (contains checkboxes and buttons). Beta is my so-called Configuration class (handles the logic). It doesn't make much sense to initialize a GUI without the underlying logic, and it doesn't much much sense to initialize a Configuration without a GUI (or some interface) to get data from.

    Examples:
  • When the GUI's "Start" button is clicked, the GUI will call "configuration.start()".
  • When the Configuration needs to know the status of something, it might call "gui.isResourceAvailable()".


  • Am I making any sense? It's difficult to generalize. I want to improve my design.
    14 years ago
    Thanks for replying, Sebastian. I'm a junior programmer. I just obtained a BSc. in Computer Science (we mostly used C++, but I've been using Java for the past 8 months).

    All right, Campbell, I'll start skimming some reviews.

    ~1.5 hour time lapse~

    Excerpt: It's not my cup of tea, but if you do a lot of texting, or have a Twitter account, I'm betting you'll love this book.

    Another excerpt: Should I expect the ladies to saunter over at parties and say, "I couldn't help noticing that you're agile, how about coming back to my place"?

    I skimmed the 38 reviews in the "Beginning Java" section, stopping only to peruse the 9s and 10s. "Head First Java" certainly stands out (29/30).

    I also skimmed the 55 reviews in the "Advanced Java" section. Even if "Effective Java" is too much Java for me, I think I'm bound to pick it up sooner or later (40/40). "Java Puzzlers" looks like a fun read (18/20).

    Finally, I skimmed "Marginalia", "Project management, Process and Best Practices", and "Miscellaneous Java".

    The revised proposed list:
  • Core Java, Volume I (CDN$ 45.35)
  • Effective Java (CDN$ 41.57)
  • The Java Tutorial (CDN$ 41.57)
  • Head First Java (CDN$ 39.66)
  • Java Puzzlers (CDN$ 34.01)
  • The Best Software Writing I (CDN$ 18.87)
  • The Design of Everyday Things (CDN$ 13.51)

  • Total: CDN$ 234.54

    (I think I won't buy a unit test book until I assess the material available free online [potentials are "JUnit in Action", "JUnit Recipes", and/or "Test Driven: TDD and Acceptance TDD for Java Developers"].)

    Of course, on account of expense and realistic reading time, I'm going to prune that list. There's a problem though: "The Design..." and "The Best..." are so inexpensive I don't really care to prune them, and it's hard to choose between "Core...", "Effective...", "Tutorial...", and "Head...".

    How 'bout:
  • Core Java, Volume I (CDN$ 45.35)
  • Effective Java (CDN$ 41.57)
  • Head First Java (CDN$ 39.66)
  • The Best Software Writing I (CDN$ 18.87)
  • The Design of Everyday Things (CDN$ 13.51)

  • Total: CDN$ 158.96

    "Core Java" will be my reference book, "Head First" will be my beginner's book, and "Effective Java" is required reading.
    14 years ago


    I'm about to order some books, but I thought I might get some valuable feedback here, so I'm holding off for a couple days.

  • Effective Java: It's supposed to be very good.
  • Core Java, Volume I: I've used this a few times, but I'm losing my copy. It seems very thorough.
  • The Java Tutorial: I know most or all of the material is available online, but I like the presentation.
  • Design Patterns Explained: Available at my school library, so I don't have to buy GoF's (which, heretically, isn't available at my library).
  • Applying UML and Patterns: OOA/D & ID: Available at my school library.


  • I could also use a book on JUnit, or unit testing in general. My next job might want me to write some unit tests.

    Apologies for the terse request, but circumstances urge brevity.
    14 years ago