John Melton's Weblog
Java, Security and Technology

Java Testing: What do you use?

No Gravatar

This post is a generic post about what tools I use for testing in Java. Some of these are dependent on the frameworks that you use, some are generic across all of Java. I’ll probably update this post with future tools as I use them. What do you use? Just add it in the comments.

JUnit: The mother of all testing in Java. This unit test framework is on version 4 now, and is very stable and extremely effective. In my opinion, it is the single most effective tool to increase the quality of a developer’s code. (TestNG would be a similar framework here) [ ]

Cactus: This is a framework for testing server-side java code both with a real container or a mock container. [ ]

StrutsTestCase: This framework allows developers to test code that utilizes the struts framework [ ]

Checkstyle: This tool checks your code against a set of coding standards. []

Findbugs: This is a static analysis tool to find bugs in Java programs. [ ]

Emma: This tool reports on test case coverage for your unit tests. [ ]

JDepend: This tool gives you quality metrics for your java code. [ ]

PMD: PMD is another bug-finding utility for scanning your java code. [ ]

5 easy steps to AJAX

No Gravatar

In talking with other developers, I’ve found many to be confused by AJAX, and what it is, even though it’s quite a simple concept. The name is shorthand for Asynchronous JavaScript + XML. (originally defined by Jess James Garrett here.) It really represents an entire group of technologies in it’s most complex form, but it really doesn’t have to be that complex.

Essentially, the most important component is the Asynchronous part. That’s handled by the XmlHttpRequest object. In general, HTTP is a request-response protocol, meaning that a browser (on behalf of a user clicking on or typing in a link) makes a request to a web server which then creates a response that it sends back to the browser, and the browser then renders that (typically marked up text) back to the user in a visual way. However, if you’ve only got to update one small part of a page, say 500 bytes of a 100 KB page, it’s wasteful to retrieve the other 99.5 KB that’s going to remain the same. That’s where AJAX comes in. What you can do with AJAX is a request-response for only the 500 bytes, then use the browsers’ DOM model to dynamically insert the response back into the page, and the 99.5 KB never changes! Obviously, updates like this are a small subset of what AJAX can do, but turns out to be a large majority of what people use it for.

Let’s see an example in 5 easy steps:

1) Create the AJAX object for the browser and instantiate it:

function getAJAXObject() {
    var aj;
    var browser = navigator.appName;
    if(browser == "Microsoft Internet Explorer"){
        aj = new ActiveXObject("Microsoft.XMLHTTP");
        aj = new XMLHttpRequest();
    return aj;

var ajax = getAJAXObject();

2) Create the function to send the request to the server:

function sendRequest(name) {'get', ''+name);
    ajax.onreadystatechange = receiveResponse;

3) Create the function to receive/process the response from the server:

function receiveResponse() {
    if(http.readyState == 4){
        var response = http.responseText;
        var update = new Array();

        if(response.indexOf('|' != -1)) {
            update = response.split('|');
            document.getElementById(update[0]).innerHTML = update[1];

4) Create some back-end server code to accept the request and send the response:

String name = request.getParameter("name");
out.println("username|" + name);

5) Create the link to call the requesting function and the placeholder for the response:

<div id="username">

<a href="sendRequest('abc')">

That’s really all there is to it. Now, you can see how quick and easy it is to roll your own AJAX functionality in an application. There are some great frameworks out there for perform ajax functionality that are heavily used in the java community. If you’d like to use one of those, here are a few to get you started:
Google Web Toolkit

Google Maps drag-n-drop

No Gravatar

This is IT! This is the feature I’ve requested from every major mapping group for the last 2-3 years. Finally! Google maps has added a feature that lets you drag and drop the directions that they provide you with. This is fantastic. I had started using yahoo’s mapping site more because I like their driving directions implementation for more than 2 stops better than google’s, but this feature makes me switch right back.

Google Description

Java 5 Generics

No Gravatar

Here’s a quick example of the difference between Java 1.4 Iterators and Java 5 generics.

Here’s 1.4:

List myList = new ArrayList();

myList.add(new Person("John Melton"));
myList.add(new Person("Bill Mares"));

for (Iterator it=myList.iterator(); it.hasNext(); ) {
    Person person = (Person);

Now the Java 5 generics version:

List<Person> myList = new ArrayList<Person>();

myList.add(new Person("John Melton"));
myList.add(new Person("Bill Mares"));

for (Person person : myList) {

See – very pretty. You just add those fun angle brackets (<>) to denote generics, and the code is cleaned up quite a bit. In my experience, the returns on beauty only get greater the more code you write. There’s also some great templating features with generics to make generic processing procedures very flexible. I love the syntactic sugar … mmmm.

Happy coding!

Papers / Reports / Presentations

No Gravatar

This post is just to put up some old docs of mine. Here’s what they are:

1. Application Penetration Testing (APT): A Taxonomy – This is a paper I wrote (and won an award for) in grad school about a taxonomy I created for tools that perform application penetration. There are some neat ideas for how it might work, IMHO. APT Taxonomy Paper

2. APT presentation – more of the same, just the ppt slides for the presentation I gave on APT. APT Presentation

3. Nimda report – a case study on the Nimda worm. Nimda Report

4. Pad testing report – a report on a horrible free piece of software called Pad. We tested it for a course on software testing to show how easy it is to break software, and man, is it easy! PAD Report

5. Pad testing presentation – same again, just pretty screenshots and pictures of the software being broken PAD Presentation