February 28, 2011

Java Bug hangs the JVM

I'm not sure about publishing bugs, but I guess it's already out there and there is also a patch available. The problem is in java.lang.Double and the handling of maximum doouble value, i.e. 2.2250738585072012e-308. The following code will send the older JVM to an infinitive loop.

Ok, but is this really a problem? Yes, it is for Java server connected to Internet. Let's imagine a Bank Server written in Java and exposed/available from the Internet. And you can be quite certain there will some fields taking double as input. These html fields are all Strings, but when processing at the server they are parsed to Double. And this is a typical exploit scenario a hacker can use for hanging the server/DoS attack.

The solution is either patching your current JVM version or upgrading to the latest JVM, i.e. Java 6 Update 24.


http://blogs.oracle.com/security/2011/02/security_alert_for_cve-2010-44.html

This bug is foremost for server application, since desktop application can always be restarted, but if you want to upgrade your desktop java version, please go to http://java.com/.

February 23, 2011

Best Practice Aspect-Oriented Programming with JBoss AOP

In my recent project I have been working with JBoss AOP. There have been some pitfalls, I have fallen into and in this blog I will share those you.

First of all. Do not choose aspect-oriented programming to solve everyday Java problems. Example of good cases are:
  • Logging
  • Caching
  • Security
  • Error Handling
But why does AOP does not suites to solve common Java problem? Lets look at an example with Spring and AspectJ.

The Logic class:
The Aspect class: Boilerplate XML configuration files

And now call it
The problem with the code above, is that in FooPojo there is no hint at all, that other code will be called. This can be very confusing for a junior programmer and also to a much more skilled programmer that is not familiar with AOP. So how to make AOP more clearer and more understandable? The answer is to look at other framework and how they have solved it. Take for example Spring. They use AOP very heavily under the hood, to solve common tasks as marking classes as transactional (@Transactional). And in J2EE, Oracle uses also Annotation, e.g. in JAX-WS they have the method Annotation @WebMethod, to signal that a method is a Web Service method. So lets copy that pattern, to write your own Annotation, as marker in the code that you want to apply apsect-oriented programming to. Our own Annotation, to trigger Aspect:
Our Aspect. Here we use interface implementation. This solution works on JBoss 4.3.0 - 5.1.0:

The JBoss AOP configuration file, META-INF/jboss-aop.xml

Now lets create a Test class, that we annotate with our own Annotation:

And a Unit Test to verify it is working.

And here is the maven pom.xml

To make the example complete, we also need to supply a log4j configuration file.


To run/debug this inside Eclipse we need to copy the argLine from the maven pom file to the unit test file configuration.



For more about JBoss AOP Maven plugin , see http://community.jboss.org/wiki/JBossAOPMavenPlugin.