David Giammona, whose blog has somehow escaped my notice until today, has written an excellent whitepaper on best pratices for sharing data and intitating navigation within regions. You can read about it here
Not really on-topic to my usual ADF postings, but I read a news article today about a new search engine (www.cuil.com) that was supposed to be a challenger to Google. I did a search or two, and really liked the layout of the search results. Then I did what everyone does with a search engine (search for his or her own name) and searched on “John Stegeman Jdeveloper” – that’s when I started to dislike the engine.
Here’s a few of the pictures that were included next to various results:
who is that guy?
this one shows up next to a blurb about one of my blog posts on Steve M’s blog.. Steve has more hair than that!
I’m not Don Burleson!
I’ve got a few years on him…
Another one next to a Steve M blog post…
I guess I don’t like cuil that much after all
Well, I’m back to the blog after a long hiatus. Much like Tom Kyte, I seem to be getting much grouchier lately. No, it isn’t age, the weather, or the fact that <insert name of sports team here> didn’t win the <insert name of major sporting event here>, it’s the fact that quality of the questions over on the JDeveloper Forum seem to be going downhill lately. Yes, there are some people who still take their time to post well thought-out questions that include versions, a description of what they are trying to do, what they have tried, what they found when googling, etc.; however, there seems to be a growing number who:
- Obviously haven’t or are too lazy to click the “search” button or use Google to find the solution.
- Clearly think their time is too valuable to waste over posting more than one sentence plus the obligatory “PLZZZ its URGENT.”
- Post to the wrong forum. The OA Framework people seem to be pretty notorious for this.
- Don’t want to try to solve the problem themselves. Sometimes, I’ll drop a hint for such questioners, but it’s usually firmly ignored.
- (had to come back and update this post about this one) Post their question as a reply to another question from 3 years ago asking the original poster (who often hasn’t posted anything in the intervening 3 years) “did you solve this?”
Now, I know we all don’t have scads of free time, but it seems to me just common courtesy to invest at least some time in researching and debugging on your own before posting a question and similarly investing some time in phrasing a proper question with details, use case, etc? The people who are answering questions on the forum are usually doing so on their own time and really do want to help, but I am finding that I’m less and less motivated to answer questions when I see more and more people commiting blunders like this. I’m guessing that I’m starting to sound like an old f*rt on the forums now. Sure, it’s fun posting sarcastic replies (depending upon my mood at the time), but I really do start to notice my blood pressure going up nowadays.
Is it just me?
It’s been a while since I’ve posted here – working on client projects and attending/presenting at a conference here or there takes up a bit of time.
Now that things have cooled off a bit for the holidays, I took the opportunity to attempt migrating a JDeveloper 10.1.3.3 ADF BC/ADF Faces application to the 11g TP2 release of JDeveloper. The migration was, for the most part, pretty smooth… that is, until I tried to run the application. The application uses a custom Login Module to handle authentication; I tried setting up JDeveloper 11g the same way I set up 10.1.3.3 only to (eventually) discover that JDev 11g doesn’t use JAAS, but uses something new called “JPS;” of course, there’s no documentation yet.
I tried my usual best effort of munging about with the jps-config.xml file with no success. Then, out of frustration more than anything, I stumbled upon the “ADF Security Wizard” lurking up there in the “Tools” menu. The nice thing about this wizard is that it (on step 6 of 9) provides a nice dialog box for configuring login modules for the application. Furthermore, it creates an application-specific jps-config.xml in your application directory, and does not modify the global one in the oc4j config directory. Whoo hoo! No more manually editing system-jazn-data.xml every time I need to switch to a different application with a differing login strategy
Happy Christmas to all!
String sqlStmt = “select x from y where username='” + userName + “‘”;
stmt = new PreparedStatement(sqlStmt, 0);
Now, anyone who reads Ask Tom is already falling out of their chair. The real problem is in the first line of code; first of all, imagine what happens if someone puts this string into userName: x’ or ‘1’ = ‘1
Can you say “SQL Injection?” The second problem with this approach is that for each value of userName, this generates a unique SQL statement, which Oracle has never seen before, and must hard parse. Hard parsing in Oracle, well in most any database, really, is an operation that takes lots of CPU and inherently limits scalability. If you run this query a lot with different values of userName, you’ll bring the system to it’s knees. What the query should do is use binds, like this:
String sqlStmt = “select x from y where username= :1”;
stmt = new PreparedStatement(sqlStmt, 0);
Now, no matter what that pesky user puts in userName, this code does not expose the security risks as the first one. Additionally, the SQL is the same from call to call (it never changes) – therefore you don’t have the hard parsing problem, either. Now to make the code even better, we could cache the prepared statement and bind/execute on subsequent calls, but I’ll leave that one to you.
In addition to all of the cool toys (robots and helicopters) shown at the Java Toy Show (general session of JavaOne 2007 on Friday morning), a NetBeans guy from Sun got up and did a demo of Netbeans 6.0 and JRuby on Rails (a scripting-languaged based web application framework). He created a Ruby on Rails application, created persistence classes from a database using a wizard, created a simple web page showing the database information, and ran it all from within the IDE. Judging by the audience reaction, people were impressed. My reaction, on the other hand, was, as we used to say as kids, “big whoop.” Haven’t we been doing this in JDeveloper for, I dunno, 8 years or something?
There’s more to JavaOne than listening to presentations. You could…
View a 3D world: