Region Best Practices post on David Giammona’s Blog

January 26, 2009

David Giammona, whose blog has somehow escaped my notice until today, has written an excellent whitepaper on best pratices for sharing data and intitating navigation within regions. You can read about it here

Cuil seach not so cool

July 28, 2008

Not really on-topic to my usual ADF postings, but I read a news article today about a new search engine ( that was supposed to be a challenger to Google. I did a search or two, and really liked the layout of the search results. Then I did what everyone does with a search engine (search for his or her own name) and searched on “John Stegeman Jdeveloper” – that’s when I started to dislike the engine.

Here’s a few of the pictures that were included next to various results:

who is that guy?

this one shows up next to a blurb about one of my blog posts on Steve M’s blog.. Steve has more hair than that!

I’m not Don Burleson!

I’ve got a few years on him…

Another one next to a Steve M blog post…

I guess I don’t like cuil that much after all

How not to ask a question

July 7, 2008

Well, I’m back to the blog after a long hiatus. Much like Tom Kyte, I seem to be getting much grouchier lately. No, it isn’t age, the weather, or the fact that <insert name of sports team here> didn’t win the <insert name of major sporting event here>, it’s the fact that quality of the questions over on the JDeveloper Forum seem to be going downhill lately. Yes, there are some people who still take their time to post well thought-out questions that include versions, a description of what they are trying to do, what they have tried, what they found when googling, etc.; however, there seems to be a growing number who:

  • Obviously haven’t or are too lazy to click the “search” button or use Google to find the solution.
  • Clearly think their time is too valuable to waste over posting more than one sentence plus the obligatory “PLZZZ its URGENT.”
  • Post to the wrong forum. The OA Framework people seem to be pretty notorious for this.
  • Don’t want to try to solve the problem themselves. Sometimes, I’ll drop a hint for such questioners, but it’s usually firmly ignored.
  • (had to come back and update this post about this one) Post their question as a reply to another question from 3 years ago asking the original poster (who often hasn’t posted anything in the intervening 3 years) “did you solve this?”

Now, I know we all don’t have scads of free time, but it seems to me just common courtesy to invest at least some time in researching and debugging on your own before posting a question and similarly investing some time in phrasing a proper question with details, use case, etc? The people who are answering questions on the forum are usually doing so on their own time and really do want to help, but I am finding that I’m less and less motivated to answer questions when I see more and more people commiting blunders like this. I’m guessing that I’m starting to sound like an old f*rt on the forums now. Sure, it’s fun posting sarcastic replies (depending upon my mood at the time), but I really do start to notice my blood pressure going up nowadays.

Is it just me?

Using a custom login module in JDeveloper 11g TP2

December 18, 2007

It’s been a while since I’ve posted here – working on client projects and attending/presenting at a conference here or there takes up a bit of time.

Now that things have cooled off a bit for the holidays, I took the opportunity to attempt migrating a JDeveloper ADF BC/ADF Faces application to the 11g  TP2 release of JDeveloper. The migration was, for the most part, pretty smooth… that is, until I tried to run the application. The application uses a custom Login Module to handle authentication; I tried setting up JDeveloper 11g the same way I set up only to (eventually) discover that JDev 11g doesn’t use JAAS, but uses something new called “JPS;” of course, there’s no documentation yet.

I tried my usual best effort of munging about with the jps-config.xml file with no success. Then, out of frustration more than anything, I stumbled upon the “ADF Security Wizard” lurking up there in the “Tools” menu. The nice thing about this wizard is that it (on step 6 of 9) provides a nice dialog box for configuring login modules for the application. Furthermore, it creates an application-specific jps-config.xml in your application directory, and does not modify the global one in the oc4j config directory. Whoo hoo! No more manually editing system-jazn-data.xml every time I need to switch to a different application with a differing login strategy

Happy Christmas to all!

Don’t mix glue and SQL

May 23, 2007
This post isn’t really related to ADF in particular, but it is of benefit. I’ve seen a number of posts (well, OK 2 of them) on the Oracle JDeveloper forum in the past week where someone “glues” literals into their SQL statements like this:

String sqlStmt = “select x from y where username='” + userName + “‘”;

stmt = new PreparedStatement(sqlStmt, 0);


Now, anyone who reads Ask Tom is already falling out of their chair. The real problem is in the first line of code; first of all, imagine what happens if someone puts this string into userName: x’ or ‘1’ = ‘1

Can you say “SQL Injection?” The second problem with this approach is that for each value of userName, this generates a unique SQL statement, which Oracle has never seen before, and must hard parse. Hard parsing in Oracle, well in most any database, really, is an operation that takes lots of CPU and inherently limits scalability. If you run this query a lot with different values of userName, you’ll bring the system to it’s knees. What the query should do is use binds, like this:

String sqlStmt = “select x from y where username= :1”;

stmt = new PreparedStatement(sqlStmt, 0);

stmt.setString(1, userName);



Now, no matter what that pesky user puts in userName, this code does not expose the security risks as the first one. Additionally, the SQL is the same from call to call (it never changes) – therefore you don’t have the hard parsing problem, either. Now to make the code even better, we could cache the prepared statement and bind/execute on subsequent calls, but I’ll leave that one to you.

I just don’t get Ruby on Rails

May 11, 2007

In addition to all of the cool toys (robots and helicopters) shown at the Java Toy Show (general session of JavaOne 2007 on Friday morning), a NetBeans guy from Sun got up and did a demo of Netbeans 6.0 and JRuby on Rails (a scripting-languaged based web application framework). He created a Ruby on Rails application, created persistence classes from a database using a wizard, created a simple web page showing the database information, and ran it all from within the IDE. Judging by the audience reaction, people were impressed. My reaction, on the other hand, was, as we used to say as kids, “big whoop.” Haven’t we been doing this in JDeveloper for, I dunno, 8 years or something?

The fun side of JavaOne 2007

May 10, 2007

There’s more to JavaOne than listening to presentations. You could…

View a 3D world:

Watch (and buy for around $300 US) a fully Java-programmable robot with MP3 and MPEG video playback:

Use the Java real-time API’s to write a control program for a race car and try to have it be the fastest around the track (without falling off):

I have some video clips of the robot dancing to some music and the race car doing fine, until it falls off the banked turn, but I need to figure out how to post them. More to come…