|
|
Konstantin Ignatyev 
|
Do not work harder, work smarter! |
 |
| Home |
| Articles |
| Presentations |
| Projects |
| Personal |
| Annoyances |
|
|
|
last update: 2005-10-21
- Lack of Java libraries repository;
- Stupid API methods.
- Classloading
- Static calls via instance variable.
- web application security gap
- Java Web Start and Applets
- Stupid RMI
Ttere is no CPAN like repository for Java. Comprehensive Java Archive Network -CJAN would enormously benefit Java community and industry... 
java.lang.Boolean. getBoolean ( String name) and java.lang.Integer.getInteger ( String nm) and alike.
Those methods are so counter intuitive and so against OO design that it is shame to see them in the core package of language, that pretends to be very OO oriented..
The methods above are in Java since jdk 1.0 and I could speculate that they were introduced without much consideration as Perl type conveniences, and were never removed for the backward compatibility sake.
But thing get worse with JDK 1.4:String[] java.lang.String.split( String regexp )
It went unnoticed but I consider such functions in the core Java design as rapid deterioration of Java and tells a lot about people in charge. Regular expression in String class seem convenient, so, what is wrong? This function defies OO design with no apparent reason. Splitting strings with regular expressions is definitely widely used but it is not only way to split strings. For instance splitting at fixed offsets is widely used too, so that way of splitting would require method signature like split( int[] offsets ). But String class in Java is defined as final and therefore it is not possible to subclass and override split function. This lead to inferior and confusing design....
Another sign of deterioration: hype about NIO, that was advertised as NewIO. What the idiot came up with such a name! Meaningful and permanent parts of any system must NOT carry names like New and Old, just because what was new will inevitable be Old!!!
That was later played down and Sun pretended that they meant Non-Blocking IO package, but truth already was known, smart people do not influence Java course.
Classloading:
Classloading architecture is the worst part of Java environment. More ...
Ability to call static methods via instance variable:
Try to compile and run the following:
public class TestT{
static class T1{
static void t1Static(){
System.out.println( "TestT$T1.t1Static" );
}
}
static class T2 extends T1{
static void t1Static(){
System.out.println( "TestT$T2.t1Static" );
}
}
public static void main( String[] args ){
T1 t2 = new T2();
t2.t1Static();
}
}
the output is: TestT$T1.t1Static - it is very confusing even in the full accordance with Java spec. Such syntax should be simply deprecated and then removed from Java language. Only syntax like TestT.T1.t1Static() should be allowed.
Web application security gap
While evaluating JOSSO ( Java Open Single Sign On ) solution I suddenly realize that servlet security spec( at least 2.3) has a gap and inconsistency.
I am talking about role-ref element in web.xml which is defined for servlet but not for security-constraint.
What I was trying to do: define a mapping from SSO defined role: lets say 'Administrator' to the webapp specific role 'myappadmin'.
I seem to be able to do it for servlet by:
<servlet>
<servlet-class>xxxx.xxx</servlet-class>
<servlet-name>xx</servlet-name>
<security-role-ref>
<role-name>myappadmin</role-name>
<role-link>Administrator</role-link>
</security-role-ref>
</servlet>
<security-role>
<role-name>Administrator </role-name>
</security-role>
I do not see anything like that for:
<security-constraint>
<web-resource-collection>
<url-pattern>/protected/*</url-pattern>
</web-resource-collection>
..........
</security-constraint>
That does not look consistent.
Java Web Start and Applet
Really strange support for Applets in Java Web Start, it supports them, almost... it forces them to be applications via Applet Launcher. They cannot be page components with JWS anymore.
<Quote>: The Java Web Start software has support for launching Java Applets. This support provides easy migration of existing code to Java Web Start technology.
An Applet is launched using the applet-desc element instead of the application-desc element. </Quote>
This is very frustrating because it does not allow using JWS cache for easy and quick subsequent applet starts. Applet, Object, and Embed tags are really mess: OBJECT tag allows controlling 2nd tier cache, but does not work in Mozilla on *nix and EMBED does not support cache control...
That is really frustrating because frameworks like Thinlets and SwixML + Hessian RPC protocol (see also )make Applets very very attractive.
Stupid RMI
I think that RMI should not have been invented at first place. But if they did introduce it why do not make it at least decent protocol. For example when a RMI interface or DAO declares a collection as a member we have to manually take care and make sure that client sidelibrary has the same collection implementation class as server ( or mess with RMI remote classloader - wish you good luck). Hell, why do not replace an unknown implementation of the collection with a compatible implementation from rt.jar? Look: for examle RMI interface declares Set as a type of return value type. Why the hell client application should be concerned about server side implementation of that Set? If server side developer wants to propagate true collection type to the client he-or-she will declare MySmartSet as a return type.