Tag Archives: Java/Java EE

What’s next for Sun certifications now that Oracle is in charge?

Posted on by
6

At the moment, Sun’s certification page has a preview of the upcoming JEE 6 curriculum.  I’ve saved the image here in case it disappears like the SCJP Plus information did.  The learning paths on Oracle’s site do gel with this info so I think it can be safely assumed this is the plan as of now.

Disclaimer: I have no affiliation with Oracle or Sun.  This entire post is clues/speculation based on what is on the internet.

What is the implied mapping?

Based on the information available, the following chart shows what it looks like Oracle is planning.  Below the chart, I write my evidence for each. This just addresses exam naming at the moment.  I’m sure the content will change over time.  Sun was looking toward changes anyway with the Programmer Plus exam for Java 1.7.  For those uncertain about whether to get certified now, the name is important as is the fact that the certifications have a future.

Current Certification name Future Certification name
Sun Certified Java Associate (SCJA) Same
Sun Certified Java Programmer (SCJP) Same (no word on the programmer plus yet)
Sun Certified Java Developer (SCJD) Not enough info to tell
Sun Certified Web Component Developer (SCWCD) Split into Sun Certified Servlet/JSP developer and Sun Certified JSF developer.  Add JPA to form the Master Sun Certified Enterprise Web Developer
Sun Certified Business Component Developer (SCBCD) Split into Sun Certified EJB developer and Sun Certified JPA developer.  Combine to form the Master Sun Certified Business Application Developer
Sun Certified Developer for Java Web Services (SCDJWS) Renamed to Sun Certified Web Services Developer.  Add JPA and Servlet/JSP to form the Master Sun Certified Web Services Developer
Sun Certified Mobile Application Developer (SCMAD) Not enough info to tell
Sun Certified Enterprise Architect (SCEA) Same
  1. SCJA – As Oracle uses the words associate, professional, master and expert for their own database certification, it is unlikely they would get rid of Sun’s associate exam.  While the SCJA doesn’t show up on the JEE 6 learning path, it didn’t for the JEE 5 one either.  It was treated as an optional pre-requisite to the SCJP or a standalone exam.  I see no reason t his exam would not continue for the forseeable future.
  2. SCJP – Explicitly mentioned in the JEE 6 curriculum.
  3. SCJD – Not part of JEE so no info available.
  4. SCWCD  – The JEE 6 learning path shows this split into Servlet/JSP and JSF.
  5. SCBCD  – The JEE 6 learning path shows this split into EJB and JPA.
  6. SCDJWS – The JEE 6 learning path clearly shows this as a renamed exam.
  7. SCMAD – Not part of JEE so no info available.
  8. SCEA – Explicitly mentioned in the JEE 6 curriculum.  Continues to be independent of the other exams.  (The SCJP pre-requisite has only been for training classes, not for the actual exam.)

What is implied overall?

  1. There are more exams in the new world.  More money for Oracle.
  2. Exams combine to form “master” certifications in an area.  This is good if you want to get certified on just part of an area.  Say you don’t use JSF or EJB but want the other part of the certification.
  3. The word “Sun” is still in the name.  This is good for Oracle as far as branding goes.  Keeping Sun as a brand preserves the legacy built around the certifications.  There is some precedence for this.  The Hyperion and Peoplesoft certifications still have their old parent’s names.

Interesting facts:

  1. This image is named Java-EE-6-Curriculum-Path_option2.gif.  Option 1 is not available on the web server, but is shows some thought has gone into the new certifications.  While these are class listings rather than certification details, but still give some insight into the thinking going forward.
  2. Oracle’s learning paths show the difference between JEE 5 and JEE 6. (When clicking the links, you may have to choose a country and then go back to click the link again.)  The fact that they mesh with the roadmap on Sun’s site shows good consistency.
  3. Oracle’s learning path for core Java is the same.  It still shows the programmer, developer and mobile paths.  It hasn’t been updated in a while so we can’t assume much from this.
  4. We know Oracle is planning JEE 6 exams under the Sun branding.  They are currently advertising betas for the Sun Certified EJB Developer and the Sun Certified JSP and Servlette Developer.  And no, that’s not a typo.  Oracle seems to think “Servlet” is spelled “Servlette.”

What’s next?

Only time will tell.  Until Oracle announces things, all we can do is look for clues.

GET vs POST and URL security

Posted on by
3

Is GET or POST more secure?  Like many things in computers, it depends!

Who are you trying to secure data against?

  1. The user in his/her browser
  2. People who legitimately see the URL
  3. Hackers

The user in his/her browser
This is the case that is usually discussed.   Some people will naively say they want to “secure” the data by using POST.  That way the user “can’t change the submitted data.”  Of course, this hooey.  Anything on the user’s machine is something the user can see/change.

People who legitimately see the URL
Many people have access to the URL such as in logs.  Having sensitive information in the URLs is a bad idea.  This actually happened recently at JavaRanch.  A user started a thread inquiring about a thread that linked to his but he couldn’t see the protected page.   At JavaRanch, as on many blogs, URLs look like “http://www.coderanch.com/t/493907/Ranch-Office/Could-anyone-enlighten-me-please”.  Luckily we had taken a precaution and used a shorter form of the URL for our private forum.  Otherwise information could leak out!

Similarly, social security numbers and other sensitive information should not be in a GET form submission because the information is then out of your control.  If at all possible, they should be kept on the server and never sent to the user’s machine in the first place.

Hackers
Hackers are a harder case because the hacking can be in multiple places.  For truly secure information, you have to use HTTPS.  For “medium” information, POST is still better than GET because URLs are easier to intercept than whole pages.

Conclusion

As a rule of thumb, POST is going to always be more secure than GET because it removes the “data in the URL” issue.  For some things, neither is secure enough.

process builder to run multi-platform postgres import

Posted on by
Reply

We saw how to clone a postgresql database for testing cleanly in an earlier blog post. The next step is to do so from Java so it can be part of an integration test.

How to run each of 4 DDLs:
Running a DDL file is easy which is good since we have four of them.

importDdlOrSqlFile("initialJForumSchema.ddl");
importDdlOrSqlFile("javaranchCustom.ddl");
importDdlOrSqlFile("users.ddl");
importDdlOrSqlFile("databaseChangesAfterMostRecentInstall.txt");

Ok. So maybe it is easy because all the functional code is in another method.

What is Process Builder?

Process Builder was introduced in Java 5.  The Runtime.exec JavaDoc says

ProcessBuilder.start() is now the preferred way to start a process with a modified environment.

Since I need to set two system properties, this is perfect.

How to create the Process Builder

On Windows, you just pass the command to run at the DOS prompt.  The actual command was shown in the closing a postgresql database blog post.  On UNIX/Mac/etc, you need to create a new shell and pass the command that way.  Luckily, it is easy to check for a Windows operating system:


private ProcessBuilder createProcessBuilder(String command) {
String os = System.getProperty("os.name").toLowerCase();
if (os.contains("win")) {
return new ProcessBuilder(command);
}
return new ProcessBuilder("sh", "-c", command);
}

How to set system properties

I need to set the user id and password as operating system properties so postgresql doesn’t prompt for them interactively.  Using process builder, I can call environment() to get a map of environmental properties for my process.  Then setting them is simply a matter of setting them in the map.


private void importDdlOrSqlFile(String fileName) throws Exception {
String command = importToPostgresCommand(fileName);
System.out.println(command);
ProcessBuilder processBuilder = createProcessBuilder(command);
Map<String, String> env = processBuilder.environment();
env.put("PGUSER",   SystemGlobals.getValue(DATABASE_CONNECTION_USERNAME));
env.put("PGPASSWORD",  SystemGlobals.getValue(DATABASE_CONNECTION_PASSWORD));
processBuilder.redirectErrorStream(true);
runProcess(fileName, processBuilder);
}

How to run the Process Builder

All ready to run it!   start() kicks it off.  I think read all the output from the commands via the process builder’s input stream and output it to the console.  (I do this since many commands are run and the developer can see what it is up to.)  Finally, I check the error code.  After all, if the database didn’t get created properly, there isn’t much point in having a whole pile of failing tests.


private void runProcess(String fileName, ProcessBuilder processBuilder) throws IOException, InterruptedException {
Process proc = processBuilder.start();
Scanner scanner = new Scanner(proc.getInputStream());
while (scanner.hasNext()) {
String line = scanner.nextLine();
System.out.println("importing data: " + line);
}
int exitVal = proc.waitFor();
System.out.println("Completed loading " + fileName + " Exit value: " + exitVal);
if (exitVal != 0) {
System.out.println("Please fix error in database script and re-run.");
System.exit(1);
}

}

Testing

This code was tested on multiple developer’s machines including Windows and Mac.