Keep it Simple And Secure with Java
This article goes into details of how Java as a development technology can help developers to keep their applications simple and secure. Simple mean all way – it should be simple to code, modify, maintain, fix and deliver. Also we are going to cover security aspects of Java technology.
Simple to Develop
So let us first analyze how can we make it simple to develop applications, integrate them, modify them, maintain them and deliver them with ease. Some people have misunderstanding that Java is very complicated technology for developing application. But they forget that it is one of the most systematic technology and offers features which can be used to make the work of a developer much simpler.
Simple to Develop
- Use Development Tools: Development tools like Eclipse, Jbuilder, Jdeveloper etc are much easy to use and comes with features like auto correction, word completion, and reference navigation. Also they come with inbuilt compiler so the developer need not call javac command. Such tools also offer some special features like easy to interact with repository service, project management etc. The main advantage of using such tools is that the developer need not remember the exact syntax and name of Java classes and other libraries. They can safely rely on auto correction and completion features of the tool. Developing Java applications with such tools helps in developing applications fast and simple.
- Architecture: Architecture of the application plays a vital role in the level of complexity of the application. It is very important to design the overall architecture of the application in such a way that is logical, transparent to developers, scalable and achievable. One should add more layers only for the shake of separation of code segments. Some people think more layers the application has, the better it is designed. But too many layers sometimes lead to confusion and instability of application at later stages.
- Consistency: It has been observed that most of the web pages developed over the top of J2EE framework, are doing nothing but CRUD (Create, Read, Update and Delete) operations on databases. Why cannot we develop them in such a way that they use a consistent way to perform CRUD operations? If we do it, it will be much easy for developers. The application should be designed in such a way that modules, pages, classes etc having similar functionality should achieve the functionality consistently.
- Reusability: Being almost pure object oriented programming language; Java offers great deal of reusability of code. Components like JavaBeans, custom Swing components, Ejb, RMI objects, CORBA objects are some of good examples of reusing functionality in the application. The main advantage of reusing code is that there are fewer chances of mistakes. Even if mistakes are present in the common code, it becomes easier to correct them. So the architecture of the application should facilitate reusability of code as much as possible for the purpose of simplicity. Another reason one should go for reusability is one can hire few experts to develop the core functionality (which is complicated) and then ask juniors to reuse the functionality in the application everywhere.
- Debugging Tools: Most time in multilayer architecture it becomes very complicated to spot a bug in the code. The code does not work or behave in a very different manner without any reason (developers think so, but actually that is not a fact.). In such a case an automated debugger can help a lot to spot the problem in the code and correct it. Nowadays, most modern development tools like Eclipse come with debugging facility. Such debugging facility can help developers to spot problem easily and correct them fast. Before emergence of such sophisticated debuggers for Java, people used to print values on console with output stream. That is not a good idea at all. The problem with this approach is, it will add much performance overhead to the system and also no professional client will accept your code with System.out.println().
Simple to Modify and Maintain
Some tips those should be considered to make the application well maintainable are given here.
- Stay away from hard coding: Never try to hardcode any thing in application to fix a bug or to achieve the functionality very fast. Let it take some time, but never use hard coded values and magic numbers in programming. It will make application very difficult to maintain and may lead to crashing. If using some fixed values in unavoidable, then those values should be defined as final static variables in some interface and be used globally in all classes.
- Stick to conventions: Maintain a standard coding practice through out the application. Stick to naming conventions for variables, classes, interfaces etc. This will help at the time of bug fixing.
- Scale the application: The application should be designed in such a way that there should be clear separation between logical layer (like Model View Controller architecture). There are many design patterns in use for multi-layer architecture of the application. Also many J2EE alternatives can be used to achieve logical separations between layers like jsp custom tags, Ejb etc. Modern J2EE frameworks like Struts of Spring can be used to achieve the same, but their usage is limited for particulars layers only (like Struts does not care about persistence layer).
Simple to Deliver
There are some steps, which will make it easy to deliver the application at client side.
- Follow proper package structure: Create and follow logical and meaningful package structure for Java classes. They should not be bundled together without any logical reasoning.
- Use Sql scripts: Always store queries and sql scripts to create tables, views, procedures and other database objects so that at the time of installation of application, you just need to run them on client’s machine.
- Use jar, war and ear: Make use jar (Java Archive File) files to bind library classes in a bunch like Ejb and other reusable components. For web applications make use of war files (Web Archive Files) to deliver and deploy application. And ear (Enterprise Archive File) should be used for enterprise applications (containing wars and jars together).
Now let us briefly discuss some tips on how you can take advantage of security features in Java technology
- Sign your Applets: If you are using applets in your application, better you always certify them. If applet is certified by some trustworthy company (or even certified by any company) people can trust and be assured that the downloading applet is not going to harm their computer any way. So it is always a good idea to sign the applet before delivering the application.
- Other components: Whenever you use components developed with other technologies in Java technology, make sure they are safe and secured to use. Such care should be taken in web applications which use components like Flash movies.
- Authentication Framework: Make use of some standard authentication framework or design the authentication in application in such a way that it is efficient and reliable. J2EE comes with its own authentication framework, which is standard one. Cashing techniques should be effectively used to improve efficiency of authentication process. And if you are developing web pages, you have to makes sure that you manage and check session attributes in such a way that you can keep track if user has been authenticated or not on each request coming from user. To secure business logic layer, usage of Ejb is good but a costly alternative.
- Simply Security: Security system should be reliable enough to make sure that none of the resource of the system is used without privileges but at the same time it should be simple to use for end user. I have seen many systems which are highly secured but take a long authentication process for doing simple tasks where there is no criticality at all. Also avoid using authentication calls wherever it is unnecessary because after all such calls are going to degrade performance.
After this discussion we should be in a position to convince on how simple it is to develop applications with Java technology if they are developed in a certain manner and some amount of care is taken. I have observed that most applications are suffering from complexity of maintenance of the application. This can be avoided by applying practices like avoiding hard coding, consistency of coding, standardization of conventions and scaling of application. We have also discussed how to take advantage of security features of Java to achieve application functionality. Care should be taken to ensure the application is not made over-secured that user feel it difficult to use because of security constraint.