Win a copy of OCP Java SE 8 Programmer II Exam Study Guide this week in the OCP forum!

Matt Wong

Ranch Hand
+ Follow
since Aug 18, 2017
Matt likes ...
MS IE Notepad Suse
Cows and Likes
Total received
In last 30 days
Total given
Total received
Received in last 30 days
Total given
Given in last 30 days
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Matt Wong

Well, allthough it's hard to read w/o code tags and bad translation, there seems nothing wrong with your code. Also: please explain what you expect to happen and what actualy happen instead.

A few notes:
Class.forName is no longer needed since jdbc4 - as long as the driver is in classpath it gets loaded by serviceloader when calling drivermanager

also - you connect as root w/o password - wich is only possible in a fresh clean uninitialized install of mysql/mariadb - but if this would be your problem you would get an exception on the line you connect - so this seems also not a problem

add debug lines to check if the posted code gets called as you think it is - most likely you passing in an invalid object - in the off-chance the code is run at all
4 weeks ago
To quickly reply with a classic one-liner: What you want to do is just not possible.

Longer explanation: If you somehow want to use systems default to 'loxk' the screen - it will use the systems way - long story short: if a user hasn't set a password (wich is only possible on windows, all other os enforce a user password) the lock screen won't ask for one.
4 weeks ago

jaedon nixon wrote:See but i don't completely understand the code, basically teacher hands us this and we copy it out. im getting lost when im trying to understand the code.

Sorry for going off-topics here, but I highly doubt that statement. Tearchers' there to teach you something, but each year you raise teachers can expect more done by yourself after explaining what's given to you.

As you learn programming in Java, we can assume you're told what the code does you're given and how it works. From someone in your age your teach could expect that ypu have basic knowledge in maths and algebra to under stand how a maximum is calculated and what to change to get minimum. The programming language Java is just another way to describe the algebra what someone (in this case the computer executing your code) has to do.

This may sound rough, but if you don't have the needed basics to learn programming you should stop trying it and refresh you basic skills in maths, otherwise you will end up us doin ypur homework. Each programming forum has seen lot of such failures and coutinue to. That's what separating those willing to learm and be teady to do some for it - and those who just sit there with kindof "I don't like to be here" attitude.
1 month ago
If I understand correctly, you want to lock the connection so only your client can talk to the server.
Why bother implementing this yourself? Use TLS. I posted a thread about using client certificates (wich are a bit better now, I could share my code).
Ok, so it took me a week to get a full CA up with some bouncycastle-magic - but it works now.

On top of my CA there's my root.key, a self-signed root.crt, and a root.crl to revoke the following intermediate certs.
On 2nd level are the intermediate certs with intermediate keys and crls, namely server-intermediate.key/.crt/.crl and client-intermediate.key/.crt/.crl.
On the lowest level are on one side the server cert with its key - and on the other side are the client certs with thier keys.

So now what happens on connection? Apart from some client-cert-stuff not much else than normal server-side-only TLS connections. The special key here is that the server is set to require the client to awnser with a certificate signed by the root-ca. As certificates are in a chain, the server only sends the root-ca wich it trusts - in my case only my own root. Then the client itself sends either a certificate directly signed by the root-cert - or a chain of certs wich ends up on the root-ca.
Both sides are setup to validate with CRL. So when a client connects and receives server cert chain (root is loaded as a trusted ca-cert on client) it follows the chain from top down - so firstly the server-intermediate cert is checked agains root-crl, if this passes then the server cert is checked agains server-intermediate-crl. Then the client receives the client-cert-requirement from server and responds with a chain itself. The server then does the same - and only if all certs and crls are valid by the root-cert - the connection is established.
So, to exclude someone to connect - I can decide to either no issue a client-cert in the first place (wich will be an automated process during registering) - or, if a certificate is already issued - I add its serial-number to the client-intermediate.crl - and the connection is terminated during handshake.

In the end - here's the code - if someone wants to know how to setup a CA with BC in Java - just let me know.

Oh, and I also discovered why one can't validate let's encrypt certificates with CRL - cause client-certs are not issued with CRL but only OCSP, that's why CRL check fails.
Well, one should read all the code: part 7 and 9 contain three complete compileable examples - and as they have a main(args) so args[0] refer to the first cli argument.
2 months ago
Ok, problem solved - it all starts way earlier than I thought - right at init of SSLContext:

So the main difference is the initialization of the TrustManagerFactory: instead of using init(KeyStore) one uses init(ManagerFactoryParameters) to simply wrap a PKIXBuilderParameters, wich, as a subclass of PKIXParameters, one can add a PKIXCertPathChecker.
Also: the setRevocationEnabled(boolean) method is only for provider-internal checker - and is ommited when a custom checker is set/added, and, as noted in the docs, should be set to false when using a custom checker to prevent issues with provider-internal checker.
To disable revocation checking set the flag to false and don't add a custom checker. To use default OCSP one doesn't need to do at all as it's enabled by default in JSSE. To use CRL use code above.

Strangly: as I tested this with my server I could verify with wireshark that java was loading the CRL - but somehow couldn't verify it. When I tested with google, it worked fine. So either something's wrong with Let's Encrypt - or my server. Will test it with custom CA.
Ok, so as I'm currently on to my road to implement Monopoly - I already thought about its network-layer and came up with something unusual - but straight forward: TLS and it's feature for client authentication. So, instead of username and password a user generates an RSA keypair - generates an CSR - receives an client-certificate and uses this as auth-token (all done in the background with a ton of bouncycastle-magic). As Monopoly isn't the typical game to cheat - any network-connection is - at least in terms of sniffing and modifying it.

What? Yea - imagine this: someone wants to somehow take advantage by manipulation of the data exchanged between client an server (would make any sense as I plan to check every action happens on server-side). But if someone really tries to find some bug - I'm sure one will find one. So I looked for an easy way to block of such "users" - TLS client certificate and a list wich prevents those to get a new certificate.

To make this happen - a correct validation is needed - and here it starts where Java itself has at least something built-in - but BC lacks all of it and one has to do anything itself. There's just implementations to check if a presented server-certificate is signed by a trusted root-certificate - but there's no validation (neither CRL nor OCSP) - and if you set up a server with client auth - well, there's simply no checks at all - not even if the certificate replied by the client matches with any root-certificate requested from the server.

So I dived deep into all those magic crypto stuff - and tried to build some validation code - but as nobody ever did this on the net - there're no resources google could deliver. Here's a small stub:

The last sysout for the BuilderResult shows somewhere the let's encrypt root-cert gets correctly identified - but the resulting CertPath is empty:

So, if you try to run the validation part - it fails cause the CertPath is empty and therefore no validation can happen. And if this doesn't work on the client side for server certs - how ever should it work on the server side for client-certs?
Using BC and write all validators myself may be an option (as BC is really not useable at all when not using the BC-provider but the lightweight-api) - but this could be as error-prone as the few lines I was able to put together with standard SE api.

Is it really that un-common to use Java for such things? If so - it has to be done in other languages as I guess client-auth is used in many applications. Can't imagine to be to that hard to port it to Java. Or is Java itself just not capable of such tasks and one has to write its own stub with libs like BC (let alone implement all this crypto-stuff by hand - wich WILL lead to security holes)?
About your first line: yea, and I was stupid enought to buy it (way back in DEC 2012) - on steam - it's out of the store for a long time now. Shortly: it's a garbage piece of crap. Yea, it's the original game, with some not so smart AI - but it has only local multiplayer - and only up to 4 players. Back then, if you asked the big G for a platform to play monopoly online with your friends - there was nothing out there (I guess for legal/copyright reasons) - so now you can see how old this "project" already is and for how long I still didn't accomplished my dream.
On SEP 7 2017 Ubisoft released Monopoly Plus on steam - and I have to admit: yea, even someone already created it in "table top simulator" - it's kinda neat and also supports online multiplayer (from what I've seen you YT).

I'm aware about possible legal issues when opening this to the public - so my guess is - unless I advertise it (wich I'm clearly not allowed to due to missing marketing rights wich is still hold by Hasbro) it wont get a big audience, let alone the chance to even have it as a public download - wich I also could get sued for. But that's stuff for another topic for another time. The goal is very simple: a monopoly game wich I can play over the net with my friends written by myself in Java. I doesn't even have to have an AI - although would be nice to - sometimes back in the days I already dreamed about a "get your AI in"-challenge ...

anyway - back to topic

As I still have not that much time, and currently working on some other real-life stuff, my next goal is to get up a simple "tech demo" - just consisting of a board with fields and only the logic to advance the players around it in order. If I managed to get it to this stage - evolving it to the full game shouldn't be that hard as it's just extending something already running. Maybe I can get some time at sunday to get some lines down.

About pachesi - after I searched what this means and is (sorry, I'm german native) - yea, sure I know it. The main difference: you would only follow a more ore less straight line from a fix start to a fix finish - you don't go around the same board more than once (it's not even a complete circle as you never get on any field again). Just as an exercise? Well, maybe worth it, just to get into the whole "multiple players" thing - I'll see how it could help here ...
2 months ago

Stephan van Hulst wrote:You're probably not running your code on the event dispatch thread. ALWAYS interact with Swing components on the event dispatch thread.

Beside that, you're calling setVisible way to early and keep adding components after it. setVisible should be the last call, and run by edt of course.
2 months ago
Sorry for the long delay - got not much time in last few days.

I re-thought about the Jail logic. Why not decouple it into its own class?
So when a player is advanced to jail (third double in a row, go to jail field, go to jail card), the board will call an incacerate method on the jail field - wich then delegates the incarceration to the jail-logic class wich keeps track of players incarcerated and for how many rounds. So it should be easier to check when a new turn starts for a player. Something like jailInstance.isIncacerated(currentPlayer) and if so maybe some like jailInstance.rounds(currentPlayer) to check for how many rounds. This way the actions can be split of into another flow handling the jail mechanics.

Some in this way also for the dice: To keep track how many doubles rolled in a row and re-setting it if the dice show different numbers. Otherwise, if it hits the limit, trigger the into-jail event.

Sure, maybe it's possible to design interfaces to abstract the board, the fields, the dice - link some overall relationship in - and specialize depended on the type of board played (like a board w/o jail, a game with 3 dice, maybe some "extended" or "multi-layer" types). It's hard to think abstract high-level enough when talking about implementing a game with a set of rules - but yet different types (can't remember about this two-layer style to find it quick on the net - but the extended version is called "mega monopoly", and the small one is the junior one - wich, iirc, doesn't have a jail - not sure tho). I also think it should be my goal to implement the standard version first - then, after upping my skills, maybe refactor to add such additions.

I also thought about the GUI and wich way to go. As I'm pretty good in swing I think this will be my first choice. Sure, when keeping it strictly split apart and develope a good interface - it should be easy to replace it with javafx (although this would require some re-code cause javafx applications are different from swing ones).

So long, if I'm up to some other major news I'll post again.

3 months ago
Well, sure such easy converters are possible without the need for an extra button, but it's not so easy as just add some listeners. Rather you have to sub-class the input fields to change thier internal behaviour when an input is made.
Beware to not to write some endless-loop code but look what lines are executed when specific methods called from outside.
3 months ago
please excuse my some bad english - I'm a german native

Sadly I don't have time to awnser as my other posts - as I simple didn't had enough time to think about your posts - so I'll try to make it short:

Once again, I'd like to thank anyone who took the time to read, also the ones who took even more time to reply - and to make me look at this project not just from one other side - but a few  - to discover lot of new possibilities.
I already made some changes to once pretty stiff but now really loose basic consept in my mind. I've already tried to re-arange things - threw it away and came up with also another solutions - while still tryin to think about and figure more ... one word: amazing.

To tighten this up a bit: Lot of posts made me think of a, for me really strange but productive, way to not really start all other again, but to let other points of view lighten me up.

Just for a quick example: somewhere I've wrote: "first: check if player is in jail", uhm - yea, about that - I re-thought about this whole "jail-magic"-thingy and came up with: "Wait a second - I always have to keep track of the dice if the current player rolled a double, and if so, how many times in a row?". So, from my original "nah, just take the sum of both dice into what ever type might fit" I already move to "there's a lot more just about the dice than I thought of until now". There many of such cases where I know think: "Just wait a second - this crap of b-sh*t just doesn't make sense at all! - I have to aproach it from a different way ...".

Just a quick side-note on test-driven dev: I support that, as in the past I've seen so much goin wrong with "modders" of minecraft - wich fail to just follow Java Conventions (ok, don't blame them - this fault comes back to 1) Notch who screwed up the original 2) the "forge"-team wich screwed it up even more and worse) - and just by starting up the logger throws so many RuntimeException - hiding away checked Exception - one who can read and understand the logs and StackTrace just can think: "Ok little chumps - you got this all wrong pretty hard.".
But: I'm just not used to this kind of development. To admit: I'm the one kind of "hobby dev" wich just uses an editor and the terminal to write his codes (at least after many years I've moved from just notepad to notepad2 (I like it more than notepad++) wich at least adds syntax-highlightning - and yes: I'm using vim on teh unix). I'm not afraid of learning how to use IDEs, version control repos and all that stuff - I'm just not used to it - and starting to learn this now maybe a good idea - but would throw me back half a year on this project - wich I don't want like to waste. - Hey, I can still refactor it later on, can't I?

Also I've wrapped my head around this "board and fields"-thing and - although I really like abstraction (in the past I've over-complicated some easy examples with a full over blown interface-abstract-impl-factory thing) - I, at least until now, still can't make it up so that the board itself could be a "regular" interface without any specifics like jail and free parking, but I also aware that such funcationality can be made up through "external consturcts" cleverly hidden through interfaces

[spoiler] - is thier some code to "hide" some lines? know [spoiler]-tag from BB ...
don't ask me or nail me down on it, but on some of my not-so-well-known german small-community boards I've read some clever "hidden through abstraction"-code by one of our trolls - wich, to be honest to him (I really don't know if "it" is a he or she) sometimes has his really bright moments to shine, wrote some beautiful abstract code wich opened up to one of our "abstract-interface-magicians" the possibility to write some few lines wich, if you know java8 and its tweaks, allows you to write some 3-liners wich just fit in basicly everywhere[/spoiler]

and thier factory-style implementations.
Don't get me wrong - this project will only subject specific on the game of Monopoly and its own unique styles of gameplay - I don't want to make up a "general card-board game -engine-", so at least some spaghetti code would/could/should be allowed to get this runnig without over-complicating stuff unnecessarily.

I know one who have years of experience to build such things may can get away way more cleaner - but as I'm already into Java from about the age of 12 (I'm almost 27 now) and the only one project I finally got done was a very simple and ugly prototype-like implementation of battle ships - this is "the one project" I really like finally to get into the world of "productive developing" some code - no matter what it is, whats the plan/idea behind it is and how it will come out in the end.
If this long "I've already got this done 5 years ago"-"project" finally gets to a stage where it is at least "useable", let alone the term "playable". this would be the biggest achievement in my personal dev-carrer until now - no matter how bad the code will be nor how many bugs it will have - I really want to get this done - not only for myself but also as for a service I can offer to anyone in the world wide net: "You want to play a round of Monopoly?", as, to be honest, to find free online games or cheap buyable ones is still pretty hard. And pay 15 bucks on steam for table-top-sim to play Monopoly? There just has to be another way ...

As for all other replies I didnt awnsered - be sure I've read them - and sill will - but I'm out for about a week now only get some minutes to check for replies - await my next reply around next weekend.

Additional for any mods: If the way I'm taking this thread doesn't fit the forum rules - or if something else is not the way this "board" should be used - please inform me/us - and we will alter the way this "project" will go.
I've just started here as this seems to be an international place to finally get my first real project finally to be done (wich, no offense to my german board, couldn't happen at a smaller community). May there's a special "blog like" are where this may fit better than in the regular forums - any advice is highly appreciated as I want to comply with the overall rules as much as possible.

Thank you all again, in retrospect and in advance, to get this project done.

For those who want to think a dozen steps ahead: This project is subject to also imply some sort of "AI" - so, what I'm currently refering to as "the player" (or better: the Player class) will be an interface in the end wich either is set to an implementation of a real player (wich means any action is send over network and is displayed and controlled to and by a game client controlled by a real person) or just a "bot" (an AI if you will wich makes decisions based upon maths over some dozen rules) run on the server side. Therefore I want to already encourage any game-AI-dev to prepare up for an implementation - those wich will get into the "final" realease of course will get credited (either by pseudo nick or real full name - as you wish).
There're just a few, really "open", possibilities for this game, to play it online - that's the real reason I want to get it done: not just to play it with my friends on a real board but also in the cyberspace. If you think the same way - please join up this crew and be part of it on its journey to its endeavour to achieve its goal.

So long, until next weekend (don't expect any reply from me as I'm away for the next few days), Matt out.
3 months ago
Well, simple said: an object is only eligible for garbage collection if no more active references are reachable from any live thread.

A bit more background: Unlike native applications wich can ask the OS for as many memory they want, java was designed with an upper limit how much a java snippet can request. If this limit is the jvm simple just doesn't allow any more memory and throws this error.
Also: Errors always show some abnormal jvm behaviour wich should not occur and should lead to a termination of the jvm, exceptions are logical errors a developer screwed up code.
3 months ago

Liutauras Vilda wrote:You aren't beginner, so apologies if I expand too much into details. But we have lots of readers here, so the more users (i.e. students) could possibly be on the same page, the better

Nah, don't worry - that's a really good post and really helps to think about this project in some new ways I hadn't yet thought of, for instance to look at it from a developers point of view instead of trying to adapt the real life scenario and glue into code. I was aware of SRP before - and what it mean in general - but didn't knew how helpful it can be to get a different look on specific problems to solve.

So far we can extend the example - if the GameRound is responsible to link the Players to the GameBoard, how could a player interact with a field? As noted above - when a new turn starts for a player there some actions happen (check jail, roll dice, advance, perform actions, trade). The check for jail sounds easy (as the status if a player is in jail, and if so, for how many rounds and if a player owns a "get out of jail"-card should all be properties of the Player class), but after a player rolled the dice (wich of course to prevent "getting out of sync" (in lack of a better term to say "prevent cheating") is done on server side) this somehow needs to "get done on the board". So I would consider something like this:

If we go with that - the gameboard has to manage:
1) update the field the player is on (so this may be a property of the Player class) - according to check for passing GO (not sure yet how to implement this one)
2) send out this update to connected game clients (wich infact gets managed by other classes wich just get called by the gameboard class)
3) check what action has to happen after movement
But then we're out of this SRP again as the gameboard suddenly again takes care of more than one action.
If we add another line - say

then the field class gets out of SRP as it has to check if the field is already owned by another player and what's is current status (in terms of buldings), somehow has to get back to the gameround object to access the rules object (example to check for the rule for taxes field) wich would lead to some ugly line like this:

wich then may could offer the player to choose from two options, then, depending on this decision, it could go furhter on like

wich then finaly further may lead to calculation of networth - and then - depending on the "free parking"-rule - decide where this money is payed to.

So, you see, I really have trouble to stick to this whole SRP thing and may need help to clean this up.

Unfortunately, I'm now up for a whole long 10-day shift, around 10h a day, so it may take some time until my next response if I don't find a spare minute in between.

So long for now - Matt out.
3 months ago