• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

update and delete SecurityException question.

 
Elchin Asgarli
Ranch Hand
Posts: 222
Chrome Eclipse IDE Google Web Toolkit
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
My update and delete methods in DB interface contains following statement: " Throws SecurityException if the record is locked with a cookie other than lockCookie. "

Does this mean that if the record is not locked at all, the deletion/update should be performed? How did you guys who passed the exam do it?
 
Roberto Perillo
Bartender
Posts: 2271
3
Eclipse IDE Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Elchin Asgarli wrote:Does this mean that if the record is not locked at all, the deletion/update should be performed? How did you guys who passed the exam do it?


If you the record is not locked, you can throw an IllegalStateException. If client A tries to update/delete a record that was locked by client B, then you can throw a SecurityException (which must also be created by you).
 
Elchin Asgarli
Ranch Hand
Posts: 222
Chrome Eclipse IDE Google Web Toolkit
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Roberto Perillo wrote:
Elchin Asgarli wrote:Does this mean that if the record is not locked at all, the deletion/update should be performed? How did you guys who passed the exam do it?


If you the record is not locked, you can throw an IllegalStateException. If client A tries to update/delete a record that was locked by client B, then you can throw a SecurityException (which must also be created by you).


Currently I throw SecurityException in both cases, when record is not locked at all, or it is locked by another cookie. Is that correct? Or would it go against "must" requirement?
 
Roberto Perillo
Bartender
Posts: 2271
3
Eclipse IDE Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Elchin Asgarli wrote:Currently I throw SecurityException in both cases, when record is not locked at all, or it is locked by another cookie. Is that correct? Or would it go against "must" requirement?


Hum... no. Not at all. But I'd say that, if a client tries to update a record without locking it first, an IllegalStateException would be more appropriate.
 
Kenneth Logan
Greenhorn
Posts: 21
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
then you can throw a SecurityException (which must also be created by you).


I'm confused. There is a java.lang.SecurityException. Can I use it or do I need to create my own exception? I noticed the java.lang.SecurityException is a RuntimeException. If I create my own, do I need to make it a Checked Exception?

Thanks,
Kenneth
 
Elchin Asgarli
Ranch Hand
Posts: 222
Chrome Eclipse IDE Google Web Toolkit
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Kenneth, welcome to JavaRanch!

Yes, you do need to create your own SecurityException, and it needs to be a checked Exception. java.lang.SecurityException has nothing to do with this assignment.
 
Kenneth Logan
Greenhorn
Posts: 21
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Elchin. Good thing I looked at this before I started wrapping things up in my assignment! This is weird because the JarSubmissionTest in the FAQ does not look for the SecurityException class.



Should this include that class?

Thanks again,
Kenneth
 
Elchin Asgarli
Ranch Hand
Posts: 222
Chrome Eclipse IDE Google Web Toolkit
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Indeed it does not, I have no idea why.. Roel, why?

I did not use this test myself, since I was afraid that my assignment can be different from Roel's, so I checked my requirements manually. Maybe his assignment was indeed different, or he simply forgot to check for that, but nevertheless did include it in his code.

From my point view, I can say that I implemented it as a checked exception, and I passed, thus even thought I don't know my points(holla at Oracle for new policy ), I did not violate any must requirement, so it must be ok this way.
 
Kenneth Logan
Greenhorn
Posts: 21
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I wanted to make sure I wasn't violating the "must" requirement of creating this interface. So that's why I posted this question. Sounds like I'd be safer to go ahead and implement it
 
Roel De Nijs
Sheriff
Posts: 10662
144
AngularJS Chrome Eclipse IDE Hibernate Java jQuery MySQL Database Spring Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Elchin Asgarli wrote:Indeed it does not, I have no idea why.. Roel, why?

That's an easy one: my assignment didn't have a SecurityException, so no need to add it in my test case. And that's why I mention My assignment was URLyBird 1.3.1, so if you have another assignment, make sure you make the necessary changes to the test case before using it. and that's something Kenneth clearly didn't do
 
Kenneth Logan
Greenhorn
Posts: 21
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That's an easy one: my assignment didn't have a SecurityException


and that's something Kenneth clearly didn't do


Roel,

Well, it's not that I didn't do it. It's that your assignment either didn't have a SecurityException or you used java.lang.SecurityException. I am not clear on the specific differences of URLyBird versions. From what I read so far, the FAQ only mentioned the signature of the unlock method - not any others.

Kenneth
 
Elchin Asgarli
Ranch Hand
Posts: 222
Chrome Eclipse IDE Google Web Toolkit
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Kenneth Logan wrote:From what I read so far, the FAQ only mentioned the signature of the unlock method - not any others.


Well, I think that is the main way to figure out which version do you have. I personally had version 1.1.1, which one does your signature match to?
 
Kenneth Logan
Greenhorn
Posts: 21
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
which one does your signature match to?

Looks like I have 1.1.1 version as well. But I am curious if anyone has implemented their assignment using java.lang.SecurityException. Simply because the assignment says "Any unimplemented exceptions in this interface MUST all be created as member classes of the suncertify.db package." [under the Server section]. But it also goes to say, "Use of functionality provided by the core Java classes will be preferred to your own implementation of that functionality, unless there is a specific advantage to providing your own implementation." [under the correctness section]. So I interpret this to mean SecurityException is already defined in the core API, therefore, I do not need to create this class. But once again, I just do not want to fail because of this interpretation.

Thanks,
Kenneth
 
Roel De Nijs
Sheriff
Posts: 10662
144
AngularJS Chrome Eclipse IDE Hibernate Java jQuery MySQL Database Spring Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In my opinion you simply can't use the existing SecurityException if you have a read of its javadoc: Thrown by the security manager to indicate a security violation. and you don't use a security manager, so you should not use it
 
Kenneth Logan
Greenhorn
Posts: 21
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
So this would be a case where it makes sense to create my own, simply because the java core API uses a SecurityManager to throw their exception, yet I will not be using a SecurityManager. That makes sense. *sigh of relief*

Next problem: ... Since I'm using my own SecurityException, why does it make more sense to use a Checked Exception rather than a Runtime Exception for this case?

Kenneth
 
Roel De Nijs
Sheriff
Posts: 10662
144
AngularJS Chrome Eclipse IDE Hibernate Java jQuery MySQL Database Spring Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In my opinion it should never be a checked exception, but a runtime one Because when using a checked one, your code must handle it (at some place), but when you got this exception it means your code has a bug, because in a well developed (and tested) application this exception should never be thrown.
 
Kenneth Logan
Greenhorn
Posts: 21
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Roel,

Thank you. I also agree. Because I was looking at my bookRoom method and when I was catching this exception, I was unfamiliar what to do with it. I don't think I want to display this to the user. Rather, this is a programmer's error -- so in my opinion, I also believe it should be a RuntimeException.

Thanks again!
Kenneth
 
Elchin Asgarli
Ranch Hand
Posts: 222
Chrome Eclipse IDE Google Web Toolkit
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The thing is Data class is meant to be used by other programmers as well(otherwise why those unnecessary methods such as add/delete etc.), so they can make mistakes, thus SecurityException should be a checked exception IMHO.
 
Roel De Nijs
Sheriff
Posts: 10662
144
AngularJS Chrome Eclipse IDE Hibernate Java jQuery MySQL Database Spring Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Elchin Asgarli wrote:The thing is Data class is meant to be used by other programmers as well(otherwise why those unnecessary methods such as add/delete etc.), so they can make mistakes, thus SecurityException should be a checked exception IMHO.

You are of course allowed to have your own opinion, but for me you just gave the main reason why it should be runtime exception. If you make it a checked one, you will have to clutter your code with catching an exception which will never be thrown in a production environment! If the other developers don't read your javadoc carefully or they made a mistake, the wrong use of your api (data class) will show up during tests in different environments (developement, testing, user acceptance,...) and should never occur in production environent. And if it does, user will have to wait until a bug fix is released.
If I may ask, how did you handle this exception? Are you showing some kind of message to the user, like "Dear user, sorry but we made a big mistake: we let a major bug slip through several environments - dvl, tst, ua - into production environment, probably due to lack of testing. You will not be able to make any action at all and the program is quiet useless now. Sorry for this inconvenience. We are working on a bug fix (highest priority) to solve the bug as soon as possible. Kind regards, the development team"?
 
Elchin Asgarli
Ranch Hand
Posts: 222
Chrome Eclipse IDE Google Web Toolkit
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Roel De Nijs wrote:If I may ask, how did you handle this exception?

What about a scenario with fat client? That is where client will be required to lock the record manually before modifying it (thus he can take his time to edit, and know that nothing will happen in a meantime). Thus imagine a scenario where you have a "save" button, and if you do that without acquiring the lock first, you will get an error message saying "Please lock the record before modifying it".

I had a business layer, so it was catching the SecurityException from Data class and saying something like "Cannot book the record, please contact the system admin". In practice it will never happen. In theory it can happen if there is another software modifying the record, and the user (more proficient user, since he is allowed to modify/insert/delete records) is taking his time, so he locked the record, and keeps it.

So this is the reason I thought that this exception could be thrown in production too, and it can be a normal event.
 
Roel De Nijs
Sheriff
Posts: 10662
144
AngularJS Chrome Eclipse IDE Hibernate Java jQuery MySQL Database Spring Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Elchin Asgarli wrote:What about a scenario with fat client? That is where client will be required to lock the record manually before modifying it

I don't agree. With a fat client methods similar to the ones you had to implement will be exposed to the client, but it would still be the developer who is responsible for calling the lock-method prior to performing an update. And as a developer you'll have to try to keep the time a record is locked as short as possible. The GUI will look similar to a gui which is using a thin client (just a search and a book button). The only difference between thin and fat client will be that with a thin client all business logic is on the server, with a fat client business logic will be partly at the client.

Elchin Asgarli wrote:In theory it can happen if there is another software modifying the record, and the user (more proficient user, since he is allowed to modify/insert/delete records) is taking his time, so he locked the record, and keeps it.

I didn't have an interface with this SecurityException, but I thought this exception should only be thrown if a thread (client) tries to update a record without having the lock on that record. The result of the scenario you describe here will be just that the record will be locked for a long time, so all other threads (which want to lock this record) will have to wait until this more proficient user will unlock it. And then all waiting threads will start competing to lock the record, but I don't see why you should throw a SecurityException.
 
Elchin Asgarli
Ranch Hand
Posts: 222
Chrome Eclipse IDE Google Web Toolkit
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Roel De Nijs wrote:
I don't agree. With a fat client methods similar to the ones you had to implement will be exposed to the client, but it would still be the developer who is responsible for calling the lock-method prior to performing an update. And as a developer you'll have to try to keep the time a record is locked as short as possible. The GUI will look similar to a gui which is using a thin client (just a search and a book button). The only difference between thin and fat client will be that with a thin client all business logic is on the server, with a fat client business logic will be partly at the client.
I didn't have an interface with this SecurityException, but I thought this exception should only be thrown if a thread (client) tries to update a record without having the lock on that record. The result of the scenario you describe here will be just that the record will be locked for a long time, so all other threads (which want to lock this record) will have to wait until this more proficient user will unlock it. And then all waiting threads will start competing to lock the record, but I don't see why you should throw a SecurityException.


What if client side is made as a web-interface, thus over a stateless protocol? And think of scenario where there will be an administrative client, which will be modifying/adding/deleting booking records. Administrative interface is required to have a lock button, which would lock the record, so that administrator can modify it without thinking that someone can book it. In this case clients that can only book should be immediately notified with a message and not left waiting, especially with web-interface.

P.S. In my assignment it was specifically mentioned that project could be later also put on the web if the customer likes it.
 
Roel De Nijs
Sheriff
Posts: 10662
144
AngularJS Chrome Eclipse IDE Hibernate Java jQuery MySQL Database Spring Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Elchin Asgarli wrote:What if client side is made as a web-interface, thus over a stateless protocol?

Makes no difference at all. Your web interface has a lockCookie to identify itself and update/delete the record it has locked. In fact, Andrew Monkhouse has a web version of Denny's DVD. You'll can find it here.

Elchin Asgarli wrote:And think of scenario where there will be an administrative client, which will be modifying/adding/deleting booking records. Administrative interface is required to have a lock button, which would lock the record, so that administrator can modify it without thinking that someone can book it. In this case clients that can only book should be immediately notified with a message and not left waiting, especially with web-interface.

And how are you immediately notifying clients? Not via this SecurityException, because your application code will not make it until that point: each thread wanting to lock a record will go into wait state (because it was already locked by this administrative interface). If you want to notify clients immediately, you'll use an application lock, so nothing can be done until administrator has finished (an approach which we currently use in the application I'm developing and maintaining).
 
Elchin Asgarli
Ranch Hand
Posts: 222
Chrome Eclipse IDE Google Web Toolkit
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes, but that is if your client stays as a thin client. Now imagine a scenario with a thick client, where user will be required to, for example, enter a name, or other details when booking a record. So user will have to lock the record, modify it, and then commit the changes. And at the same time, in administrative interface, you want the possibility if being able to forcefully unlock, thus make existing locks invalid. For this case, users could have a SecurityException, and that would tell them that something was modified, so they should renew locks.

Indeed you are right about the scenarios I gave before, SecurityException should not be thrown. It is needed for being able to forcefully remove locks.

P.S. Andrew has a book for SCWCD? Cool! Its just that how come I didn't see it while preparing for SCWCD...

 
Roel De Nijs
Sheriff
Posts: 10662
144
AngularJS Chrome Eclipse IDE Hibernate Java jQuery MySQL Database Spring Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If your administrative interface is able to forcefully unlock records, the SecurityException can indeed be thrown. But that's the only scenario I can think of where it makes sense to throw such an exception.

Elchin Asgarli wrote:P.S. Andrew has a book for SCWCD?

I believe he worked on it as a technical editor, so he is not the author of the book. Just like I was a technical reviewer of the SCJP 6 Practice Exams book, written by Kathy Sierra & Bert Bates
 
Sean Keane
Ranch Hand
Posts: 588
Chrome Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Roel De Nijs wrote: In fact, Andrew Monkhouse has a web version of Denny's DVD. You'll can find it here.


Super link! Didn't know that existed, I plan to go on and do some other certs like SCWCD, so this will be useful, cheers .

Roel De Nijs wrote: I believe he worked on it as a technical editor, so he is not the author of the book. Just like I was a technical reviewer of the SCJP 6 Practice Exams book, written by Kathy Sierra & Bert Bates


What was the book that Andrew worked on as a technical editor? Does it actually use the Denny DVD example in the book? If so, that's great, it'll give me a head start!
 
Sean Keane
Ranch Hand
Posts: 588
Chrome Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I just had a look at Andrews site http://andrewmonkhouse.com/published.php

Maybe it was the Head First Servlets and JSP book? http://www.amazon.com/Head-First-Servlets-JSP-Brain-Friendly/dp/0596516681
 
Roel De Nijs
Sheriff
Posts: 10662
144
AngularJS Chrome Eclipse IDE Hibernate Java jQuery MySQL Database Spring Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sean Keane wrote:What was the book that Andrew worked on as a technical editor? Does it actually use the Denny DVD example in the book? If so, that's great, it'll give me a head start!

Like his site indicates it is the Head First Servlets & JSP (his picture is in it at the technical editors page) and no, this book does not use Denny's DVD. The only book (as far as I know) that uses Denny's DVD is his own SCJD book.
 
Consider Paul's rocket mass heater.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic