Win a copy of AWS Security this week in the Cloud/Virtualization forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Jeanne Boyarsky
  • Junilu Lacar
  • Henry Wong
Sheriffs:
  • Ron McLeod
  • Devaka Cooray
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Frits Walraven
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Piet Souris
  • salvin francis
  • fred rosenberger

SecurityException

 
Ranch Hand
Posts: 590
Eclipse IDE Chrome Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I was having a search through the forum about the SecurityException in the DB interface. The general consensus seems to be that this should be a checked exception. Assuming I make it checked, what should I do with this when I catch it in my Business class?

The best I can come up with at the moment is to simply create a generic checked BusinessException and rethrow the SecurityException wrapped by a BusinessException.

I think a generic exception is the best that can be done here as a SecurityException means nothing to the client, where I have a thin client and it knows nothing about locking\unlocking. So if a SecurityException gets thrown in the context of a thin client, there's nothing the client can do other than either something along the lines of :

* terminating
* telling the user an error occurred and that they should contact support
* telling the user an error occurred and that they should try again

I was looking at the test class that Roel created to test the business service - this code is not expecting a checked SecurityException to be thrown, or any Exception that looks like it would wrap a SecurityException.

So either he made the SecurityException an unchecked exception or he swallows up the SecurityException in his Business class. Or this is not the exact test class he used with his application?
 
Ranch Hand
Posts: 170
Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Roel did it a runtime exception. not sure about Roberto but i wouldn't be
surprised if he did it too...

here i had a little discussion with roel about that:
https://coderanch.com/t/539841/java-developer-SCJD/certification/Methods-implemented-server
 
Sean Keane
Ranch Hand
Posts: 590
Eclipse IDE Chrome Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Jonathan. I think the reasons I read on other threads for making this a checked exception was that any exceptions listed in the interface provided by Oracle should be checked exceptions.

But I think it's a more convincing argument to make this a run time exception because it really is not something a client can recover from. As I was playing through the example in my previous post it's obvious you can't do anything useful with the exception on the client side.
 
Bartender
Posts: 2292
3
Eclipse IDE Spring Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Howdy, y'all.

Well, my assignment didn't include this exception, but if I had to, I'd do it a RuntimeException. Simply because, to me, it indicates wrong API usage.
 
Sheriff
Posts: 11604
178
Hibernate jQuery Eclipse IDE Spring MySQL Database AngularJS Tomcat Server Chrome Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Same here: the interface I had to implement didn't mention a SecurityException, so that's why my test program doesn't mention one But in my opinion SecurityException should be a runtime exception, because like Roberto already said: it's wrong API usage and that's why I throw an IllegalStateException (just like passing an invalid String[] to the update method, but then an IllegalArgumentException is thrown).
 
Ranch Hand
Posts: 159
IntelliJ IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I implemented the SecurityException as a checked exception and explained why. I also explained why I thought it could be an unchecked exception. I think in the end it's just your choice and as long as they see you put some effort to at least discuss it in your choices.txt it's fine.
 
Sean Keane
Ranch Hand
Posts: 590
Eclipse IDE Chrome Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Dennis Grimbergen wrote:I implemented the SecurityException as a checked exception and explained why. I also explained why I thought it could be an unchecked exception. I think in the end it's just your choice and as long as they see you put some effort to at least discuss it in your choices.txt it's fine.



That is how I started off thinking - to make it checked. But I couldn't see how I could do anything useful with it on the client side. What do you do when you catch the checked SecurityException?
 
Jonathan Elkharrat
Ranch Hand
Posts: 170
Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Sean Keane wrote:

Dennis Grimbergen wrote:I implemented the SecurityException as a checked exception and explained why. I also explained why I thought it could be an unchecked exception. I think in the end it's just your choice and as long as they see you put some effort to at least discuss it in your choices.txt it's fine.



That is how I started off thinking - to make it checked. But I couldn't see how I could do anything useful with it on the client side. What do you do when you catch the checked SecurityException?



on the client side? then you must have implemented a "fat" client..

there's nothing you can do, it's like RemoteException. i guess you just rollback
and notify the user something went wrong..
 
Sean Keane
Ranch Hand
Posts: 590
Eclipse IDE Chrome Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Jonathan Elkharrat wrote:

Sean Keane wrote:

Dennis Grimbergen wrote:I implemented the SecurityException as a checked exception and explained why. I also explained why I thought it could be an unchecked exception. I think in the end it's just your choice and as long as they see you put some effort to at least discuss it in your choices.txt it's fine.



That is how I started off thinking - to make it checked. But I couldn't see how I could do anything useful with it on the client side. What do you do when you catch the checked SecurityException?



on the client side? then you must have implemented a "fat" client..

there's nothing you can do, it's like RemoteException. i guess you just rollback
and notify the user something went wrong..



Well when would a SecurityException be thrown in your application and what did you do when you caught it?

Regardless of whether you have a fat\thin client. If a SecurityException is thrown on the server side, then the operation the client was expecting to happen I am guessing will not happen. So what happens on the client side?
 
Jonathan Elkharrat
Ranch Hand
Posts: 170
Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i did it a runtime exception.
as mentionned Roel, it's only thrown if you misuse your API (or have a really nasty bug in your lock/unlock)
 
Sean Keane
Ranch Hand
Posts: 590
Eclipse IDE Chrome Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Jonathan Elkharrat wrote:i did it a runtime exception.
as mentionned Roel, it's only thrown if you misuse your API (or have a really nasty bug in your lock/unlock)



Ooops, apologies, I misread your update! My question was to Dennis as he had made SecurityException checked - so I was wondering what he did with the exception when he caught it. I thought you were saying you made it a checked exception too. But you didn't.

So, still wondering what you'd actually do when you catch the SecurityException. You mentioned one of the three possible actions I listed in my original post - i.e. tell user to try again. But if there is a fatal flaw in the system, do you really want a client to continue operating?
 
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Everybody,
I might be a bit late on this one, but, my assignement says specifically

Any unimplemented exceptions in this interface must all be created as member classes of the
suncertify.db package...

So, I would think that since SecurityException already exists in the Java API, as a subclass of RuntimeException, we (at least I..) should be using
the one given by Sun/Java... Which also helps us avoid the dilemma of Runtime vs checked and/or wrapped etc...
Any thoughts about this ?
 
Roel De Nijs
Sheriff
Posts: 11604
178
Hibernate jQuery Eclipse IDE Spring MySQL Database AngularJS Tomcat Server Chrome Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That security exception has nothing to do with the one you need to use, because the one in Java API is about the use of security managers, which you do not use. So I strongly advice to create your own SecurityException and NOT use the one from the Java API.
 
Alex Iordanoglou
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for the tip Roel, I will definitely follow your advice and document it of course in my choices.txt: ...and because Roel suggested so... just kidding
However, to my defence, the SecurityException is defined in the mere java.lang package, not some exotic package e.g. java.secure.genius, so, this fact plus the fact that it is a subclass of
RuntimeException which suits us in our case as discussed here, could suggest that we could use that on instead of making our own.
 
Roel De Nijs
Sheriff
Posts: 11604
178
Hibernate jQuery Eclipse IDE Spring MySQL Database AngularJS Tomcat Server Chrome Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That's true, but the javadoc of the exception says "Thrown by the security manager to indicate a security violation." which is in my opinion not applicable to the interface requirements of the assignment. But who am I? The interface I had to implement didn't have a SecurityException at all
 
Ranch Hand
Posts: 101
Netbeans IDE Oracle Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I also used the one provided in the standard API. Has anybody used in his/her final submission?
 
Roel De Nijs
Sheriff
Posts: 11604
178
Hibernate jQuery Eclipse IDE Spring MySQL Database AngularJS Tomcat Server Chrome Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Oladeji Oluwasayo wrote:Has anybody used in his/her final submission?


I can't remember someone using the SecurityException from standard API.
 
brevity is the soul of wit - shakepeare. Tiny ad:
Devious Experiments for a Truly Passive Greenhouse!
https://www.kickstarter.com/projects/paulwheaton/greenhouse-1
    Bookmark Topic Watch Topic
  • New Topic