Tim Holloway

Saloon Keeper
+ Follow
since Jun 25, 2001
Tim likes ...
Android Eclipse IDE Tomcat Server Redhat Java Linux
Merit badge: grant badges
Long-time moderator for the Tomcat and JavaServer Faces forums. Designer and manager for the mousetech.com enterprise server farm, which runs VMs, a private cloud and a whole raft of Docker containers.
These days, doing a lot of IoT stuff with Arduinos and Raspberry Pi's.
Jacksonville, Florida USA
Cows and Likes
Total received
In last 30 days
Total given
Total received
Received in last 30 days
Total given
Given in last 30 days
Forums and Threads
Scavenger Hunt
expand Rancher Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Tim Holloway

If you are trying to connect directly to a database from a web client. you're effectively re-creating the sort of webapps that cause the SQL Slammer worm to trash major Internet applications years ago. Don't connect directly to a database from an Internet client

If you are trying to connect to a database from a webserver such as NodeJS, then the best bet is to use an API library. To the best of my (limited) knowledge, there's no universal database interface like JDBC for JavaScript on any JavaScript framework.

So we'd need to know what you are trying before we can give any advice.
23 minutes ago
HOW do you make a cookie secure when it's HTTP-only??? That sounds like an innate contradiction.

HTTP is inherently insecure because it is unencrypted and easily read by any man-in-the-middle. That's the whole purpose for HTTPS.

Cookies are not magic. They're sent as lines of header text in the HTTP requests and responses. So anyone can intercept and abuse a cookie any time they want.

I don't know what security manager you're using and PLEASE don't tell me it's something some "genius" has cooked up, because unless that genius is a full-time security professional, my experience is that DIY security systems can be broken by non-technical persons in under 15 minutes about 90% of the time.

If you're using the security system that's built into the JEE standard and thus into all JEE webapp servers (including Tomcat and jetty), then proper app security requires that when you log in, your transport should be HTTPS and the login session key is transmitted in the jsessionid cookie. To avoid exploits, the value of this cookie is changed to an unpredictable new value as part of the login process (which is why you should NEVER cache jsessionid). The value of jsessionid contains no session information itself, only acting as a hash key to the webapp server's Map of jsessionid/HttpSession.

Aside from that, though, many modern-day webapp clients will scream in rage if you attempt to request via HTTP instead of HTTPS and in most cases, the HTTP URL will be rewritten as HTTPS. HTTP is simply not adequate for the open Internet these days.
5 hours ago
MVC is a GUI paradigm. But not all webapp functions are GUI-based. I can upload data from a collection device via ReST to a server and it's not MVC, though it has data and, a dispatcher (Controller). The data isn't a Model, because it isn't maintained as a back-and-forth basic for a View, since there is no View.

I've never gotten into React, but my impression has always been that it is primarily a client-side View Management system, which means that it's essentially allowing you to split Controller logic across both client and server.
5 hours ago
Welcome to the Ranch, Kate!

Netbeans is not a programming language nor is it a GUI framework. It's an Intelligent Design Environment (IDE), which means that it's an application whose sole purpose is to assist you in designing, implementing and testing applications. When an application moves into production, the IDE goes away.

Part of what an IDE may provide is "wizards" that can help in automatically generating application code and resources, but when all is said and done, your application isn't an "Netbeans" application, it is (in your case) a Java Swing application.

So I'm linking this thread to our Swing forum, since you can get a lot of help on Swing there even from people who don't use NetBeans.
1 day ago
Recommended practice or not, those of us who lean towards the autistic side don't like eye contact to begin with. And autism and computers go together like dosas and chutney.
2 days ago
Well, personally, I don't put much credence in certs, and too many certs to me is more an indication that you're a professional cert-taker than professionally competent. Then again, there are VERY few certs that I consider to indicate true competence as opposed to cram-and-regurgitate skills and they are mostly related to hardware and real-time OS proficiency, not software design and development.

I think that one of the better ways to indicate competence is to create or join an open-source software project. That way you can highlight your skills as used in a practical environment, which is what employers really want to see.

Being an active participant in forums (such as the CodeRanch) doesn't hurt either.

Of course, the gold standard is occupational networking, where respected people in the field will spontaneously recommend you, but in an anti-social field like IT, that's the hardest.
2 days ago

Ajit Goel wrote:
I am getting a null pointer exception on the line where the system expects the dependency to be injected.

And which line is that? It's not immediately obvious to bleary-eyed me. And welcome to the Ranch, Ajit!

My experience with mocking is that you should strive to mock as little as possible. Try and use ordinary tests as much as possible and isolate the logic that needs a mocked service to the absolute minimum of code. If at all possible, inject a simulated object in place of a mocked object. You can do a lot of this by internally refactoring private (or package-scope private) methods in the class to be tested without unduly affecting external users (and after all, you're supposed to have thoroughly tested the internal methods!)

Depending on the mocking framework you use, making a mocked object do anything useful can be difficult. Mockito, I learned to my pain, basically wants to treat every method call to the mocked object as a dummy do-nothing call with the mock object keeping no internal state. When asked to return data, it will return null unless you add a lot of gnarly support code, and even then basically it wants to be both stateless and independent of calling parameter values.

So I don't have a specific answer for you, unfortunately, but maybe these guidelines will help.
2 days ago
Welcome to the Ranch, John!

One of the most popular media-conversion and play applications available is the open-source mplayer/ffmpeg system. It is extremely powerful and can convert pretty much all of the popular formats and quite  a few of the obscure ones. It's command-line based and the manual on it is pretty thick, but you'll find plenty of documentation on its use on the Internet. I've used it, plus a few other tools to take an over-the-air digital TV broadcast stream and make a playable DVD out of it, including a video table of contents.

A GUI open-source program that I have used in the past is "ProjectX". It's written in Java and it's not as all-powerful as mplayer, but what it does it does well and it completely puts the lie to the old claim that Java is "slow".
3 days ago
Then you're using the wrong Path method. Java supports a Universal (Unix-like) path notation where the separator is always a forward ("real") slash, and never a backslash (Windows) colon (Legacy Macintosh), '>' (Primos) or possibly non-terminal dot (IBM zOS). It's specifically to assist in "write-once/run-anywhere" and it's the format that I always promote. Since I have spent literally years as a full-time developer using Windows on the Desktop to produce apps to run on Linux and Solaris and I didn't want to have to debug code that worked differently on the desktop than in production.

Although as far as that goes, if you cannot resolve to an OS-independent form, use [\\/] as the path separator in the regex.
Then you'd just regex against the full path and not bother to rip out the filename part.

But I don't assume that's necessary, since upon more closely reviewing the problem description, it actually reads more like files in the form:

rootfolder/dynamic folders/test/test001.xml
rootfolder/dynamic folders/test/test002.xml
rootfolder/dynamic folders/test/test003.xml
rootfolder/dynamic folders/test/testabcd.xml

Welcome to the ranch, Ajit!

If I'm not mistaken, AppConfig is a properties resource that would have been populated on application startup. Thereafter, reading the actual property value would be a simple Map lookup and that's about as fast as you can get.

But before you go "optimizing" simply because you need to be "efficient" in a "high traffic website", I'd first recommend that you measure the performance profile of the app to see where the actual bottlenecks are. In general, database operations and HTTP (network) operations would be taking massively larger amounts of both wall-clock and CPU time. As in millions of more time.

These days, the most inefficient parts of most systems isn't the code, it's the programmer. It's fast and cheap to order more hardware, but time and money spent on human resources is not.
5 days ago

Carey Brown wrote:Tim, the OP made a typo in his problem description, "test" is a directory and not part of a file name.

Ah well, just changes the regex a little.

Carey Brown wrote:So for Velan it might be something like this:

I think that the cleaner solution (assuming that regexes are ever "clean"!) is more like this:

That's the concept at least. Any resemblance between that and actual working Java regex code can be considered entirely accidental.
When id doubt, check it out. Eclipse did indeed fail a hyphen in package name component. I'm not sure that was always the case, since I'm thinking (or at least hallucinating) that at least one major open-source library had hyphens in package name components. But apparently, no more.

TLDs are problematic, since the explosion (.info, .sale, whatever) and academic projects definitely allow creativity. Though I recommend using the school and course ID as parts of the package path. However some schools are better known as ".com"s or ".org"s as ".edu"s. It was fairly easy to grab a domain name back in the olden days, and of course, a lot of institutions have the same initials.
6 days ago
Welcome the the Ranch, Velan!

I'm not sure that you want  to "list" files so much as enumerate them or collect their names/paths. To "list" files in Linux, a command line would suffice:

Traditionally, to enumerate and/or collect in Java, you'd use the file list() method with a filter that gives a yes/no indication for each file scanned to indicate whether it matched your selected pattern.

Alternatively these days, there are evil things you can do with Lamba expressions to the same effect, but I'll leave the details to others.