Scala and Play 2 in Haiku!

Just got Scala and Play Framework 2 working on Haiku!

Scala and Play 2 in Haiku

Scala and Play 2 in Haiku

Posted in Uncategorized | 3 Comments

Can’t do what?

Ho boy! I’ve just come across this issue while working on a new Java JSon library. One of my tests cases failed on something that I was not expecting it to.

Basically, it happens that one can inject all sorts of objects in a specialized Collection (and I’m guessing that the same is true for all generics) through the Java Reflection API.

package BreakItNow;

import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.List;

public class BreakItNow {

	public List<ObjectOne> list = new ArrayList<ObjectOne>();
	public static void main(String... args) throws Exception {
		BreakItNow bin = new BreakItNow();
		// Not a problem, I can do that!
		bin.list.add(new ObjectOne());
		// Not a problem, you can't do that!
		Object o = new ObjectTwo();
		try {
		} catch (ClassCastException e) {}
		// Ho yes I can!
		Field field = BreakItNow.class.getField("list");
		for (Method m : field.getType().getDeclaredMethods()) {
			if (m.getName().equals("add") && m.getParameterTypes().length == 1) {
				m.invoke(bin.list, o);
		for (Object obj : bin.list) {
			if (obj instanceof ObjectOne)
				System.out.println(ObjectTwo.class.cast(obj).text + " <- See, I told ya!");

And the output will look like:

[BreakItNow.ObjectOne@1172e08, BreakItNow.ObjectTwo@cf2c80]
ObjectTwo <- See, I told ya!

Beautiful, right?

This happens because of Generics Type Erasure (thanks H9i) and can be fixed by making use of Generics Wrappers.

To enforce type checking and prevent this situation the above list should be created in a checked wrapper:

public List<ObjectOne> list = Collections.checkedList(new ArrayList<ObjectOne>(), ObjectOne.class);

So, it is obvious that Java engineers have chosen performance over default security. Quite often developers will simply assume that by the simple fact of having a specialized list, then their type will be enforced, which is not the case. Because of this, I would think that the security implications are quite significant since it increases the probability of creating non-secure code.

Planning and preparing ahead by using automatic tools that will enforce secure coding rules should be taken in consideration in projects of sensitive nature or in layers that require such practice.

Posted in J2EE, Java | Tagged | Leave a comment

Development vs Build driven Maven POMs

Recently, and while looking at some quite complex Maven POMs it just occurred to me that allot of the information we get to see inside of a POM file is simply not required to be there during the development process. This happens because Maven is designed to cover the full development life-cycle, meaning that it will also include the necessary configuration for a multitude of build scenarios. For example, it might contain different profiles for internationalization, clustering and much more. So, can we make it simpler, more standardized and easier to read and understand? I happen to think so.

Continue reading

Posted in maven | Leave a comment

Creating a simple, yet powerful, variable height content slider

Recently I looked for a simple way of doing a content slider for a web page on one of my side pet projects.

Having used some image sliders before (see Rich Bradshaw), I was under the impression that it would be a straight forward task.

Continue reading

Posted in CSS, CSS3, HTML5, JavaScript | 1 Comment

vert.x Web App Tutorial in Java

The Vert.X Tutorial includes examples for several different languages except Java.

I’ve done a quick implementation using Java of the vToon tutorial found here. The source code is available on github.

Posted in Java, JavaScript, Vert.X IO | Leave a comment

vert.x Event Bus – The quick intro

Cool elephants

The vert.x framework includes a very neat way of doing remote messaging. This mechanism has the name of Event Bus. Through it messages can be sent within a single verticle instance, between different instances of the same verticle and between instances of different verticles. In addition, it also allows for within browser and browser/server messaging.

The sample application presented in this post demonstrates the different options in a very simple manner.

Continue reading

Posted in Java, JavaScript, Vert.X IO | Leave a comment

Create your own github Maven repository

Maven works with repositories and, when using github to share projects, it does make sense to have a single place to share dependencies that are not yet available in a public place.

Recently I’ve been exploring the beauties of Vert.X IO and since then I’ve been placing all source and maven projects in github.

The Vert.X IO Maven project template initially included a local repository in it but, and as one starts working on other Vert.X IO projects, the amount of replicated jars start being quite visible.

It happens that the easy solution is to make use of github to share these jars.

Continue reading

Posted in github, maven, Vert.X IO | 2 Comments