Monthly Archives: May 2009


抄自Rod Johnson’s ‘Expert+One-on-One+J2EE+Design+And+Development’






测试J2EE程序面临的主要问题[Rod Johnson]

Testing enterprise applications poses many challenges:

Enterprise applications usually depend on resources such as databases, which will need to be considered in any testing strategy.

Testing web applications can be difficult. They don’t expose simple Java interfaces that we can test, and unit testing is complicated by the dependence of web tier components on a web container.

Testing distributed applications is difficult. It may require numerous machines and may be hard to simulate some causes of failure.

J2EE components – especially EJBs – are heavily dependent on server infrastructure.

      A J2EE application may involve many architectural layers.
We must test that each layer works correctly, as well as perform acceptance testing of the application as a whole.

What ‘Expert One-on-One J2EE Design’ Covers?

What this Book Covers

This book covers:

      How to make key J2EE architectural choices, such as whether to use EJB and where to implement business logic

      J2EE web technologies, and effective use of the Model-View-Controller (MVC) architectural pattern in web applications

      How to use EJB 2.0 effectively, including the implications of the introduction of EJBs with local interfaces

      How to choose an application server

      OO development practices important to J2EE applications

      Using JavaBeans in J2EE applications, and how this can help develop maintainable and portable applications

      Using XML and XSLT in J2EE applications

      J2EE transaction management

      How to access relational databases efficiently in J2EE applications

      How to use generic infrastructure code to solve common problems and ensure that application code focuses on business logic in the problem domain

      How to test J2EE applications, and especially web applications

      How to design J2EE applications for satisfactory performance, and how to improve the performance of existing applications

      Packaging and deploying J2EE applications

      Aspects of leading application servers, such as BEA WebLogic and Oracle 9 Application Server, which may affect how we design J2EE applications

      Understanding the implications of fundamental design choices for scalability

Spring 2.5中 的 UrlFilenameViewController 确实有bug

正如所说,spring 2.5中,这个类在解析路径时会把context path带进去!

我的解决办法是,自己做一个UrlFilenameViewController类,在这个类中照抄spring 2.0 UrlFilenameViewController的代码(如果下不到源代码,反编译一下也可以,我就是通过反编译搞到代码的)

MessageFormat with ”

		MessageFormat.format("Hi, {0} {1}", "朱", "元璋");  //Hi, 朱 元璋
		MessageFormat.format("Hi, '{0}' {1}", "朱", "元璋"); //Hi, {0} 元璋
                MessageFormat.format("Hi', {0} {1}", "朱", "元璋"); //Hi, {0} {1}
		MessageFormat.format("Hi, {0} {1}", "'朱'", "元璋"); //Hi, '朱' 元璋

learn java5 annotation

Java Annotation Facility:

    1.a syntax for declaring annotation types

    2.a syntax for annotating declarations

    3.APIs for reading annotations

    4.a class file representation for annotations annotation processing tool



	  public @interface Test { }


Annotation Declaration

    1.Annotation type declarations are similar to normal interface declarations   

    2.An at-sign (@) precedes the interface keyword.

    3.Each method declaration defines an element of the annotation type.

    4.Method declarations must not have any parameters or a throws clause.

    5.Return types are restricted to primitives, String, Class, enums, annotations, and arrays of the preceding types.

    6.Methods can have default values.


Annotating Declarations

	   public static void m5() { }

Annotation Processing Tool

    You can write code to process the declarations where declared.


    	 for (Method m : Class.forName(object).getMethods()) {
         if (m.isAnnotationPresent(Test.class)) {               
             Test a = f.getAnnotation(Test.class);
			 System.out.println(m.getName() +" is annotated with value of " +  a.value());



Java Security Architecture Notes

1.Two aspects

    a. Secure the Java platform itself, such as bytecode verification, class loading protection

    b. Provide services and tools for java applications, such as cryptography, authentication.


2.Secure the Java platform

    2.1 Old Mechanism(JAVA 1): Sandbox

        Forget about it

    2.2.New Mechanism(Since JAVA 2)

        Think about it in a general way of security: "Can a principal access a resource?"

        The concepts in java security apply to this generic approach:

            a.Who is the principle?  CodeBase — a set of java codes who try to visit the resources, "file:/home/sys/" for example

            b.What are the resources? Classes, File Systems, and so on…

            c.How are the resources organized? Permission — a set of resources

            d.How to decide whether codes from a code base can have a specified permission?  Policy.

              For example           

                    grant codeBase "file:/home/sysadmin/" {

                        permission "/tmp/abc", "read";


            e.Any Exception to this mechanism? Yes, privileged blocks can access resources even if they are not permitted     



3.Policy Implementation

    3.1 Default implementation

        a. Global policy files: $java.home/lib/security/, and so on

        b. Runtime policy files, adding to or replacing the global configuration: java SomeApp       

    3.2 Other implementation           

        You can set it via ‘policy.provider=PolicyClassName’ in




Appendix 1.Resources


    b.Policy Implementation: