Unique ID Generation

Generating globally unique IDs in a clustered, distributed environment is a common application requirement. A simple way is to combine the following four parts together.

1. Unique to the System.currentTimeMillis()
2. Unique to the IP address
3. Unique to the object instance System.identityHashCode(this)
4. Unique within a millisecond, SecureRandom

All ints and longs will be converted to a hex string of length 8.

A open source named Java UUID Generator is available at http://jug.safehaus.org/.

Business Delegate and Session Facade

What would the cardinality generally be between the Business Delegate objects and the Session Facade?

ONE to ONE. Often, the business delegate will have the same API as the session facade.

There is a close relationship between the BD and the SF. The client layer interacts with a BD. The BD would in turn, employ the Service Locator pattern to locate the SF. It is common to see a one-to-one mapping between the BD and the SF.

Testing Glossary

• Black-box testing - testing that verifies that given input A the component or system being tested gives you expected results B.
• Boundary-value testing - testing of unusual or extreme situations that your code should be able to handle.
• Function testing - a part of system testing in which development staff confirm that their application meets the specified user requirements.
• Integration testing - testing that verifies that several portions of software work together.
• Regression testing - testing that ensures previously tested behaviors still work as expected after changes have been made to an application.
• Stress testing - testing that ensures the system performs as expected under a high volume of transactions, high number of users, and so on. Also referred to as load testing.
• White-box testing - testing that verifies specific line of code work as defined. Also referred to as clear-box testing.
• Alpha testing - a testing period in which pre-release versions of software products are released to users who need access to the product before it it officially deployed. In return, these users will report any defects to the software developers. Alpha testing is typically followed by beta testing.
• Beta testing - a similar process to alpha testing, except the software product should be less buggy.
• Code inspection - a form of technical review in which the deliverable being reviewed is source code.
• Peer view - a style of technical review in which a project artifact, or portion thereof, is inspected by a small group of experts.
• Use-case scenario testing - a testing process in which users work through use cases with the aid of a facilitator to verify that a user interface prototype fulfills the needs of its users and that the identified classes for a system fulfill the requirements described in the use cases.
• User testing - testing processes in which the user community, as opposed to developers, performs the tests.
• User-interface testing - the testing of the user interface to ensure that it follows accepted standards and meets its requirements. User-interface testing is often referred to as graphical user interface (GUI) testing.
  

Session Data in Multiframed JSPs

Update or create a session in only one frame or before accessing any frame sets. For example, assuming there is no session already associated with the browser and a user accesses a multiframed JSP files, the browser issues concurrent requests for the JSP files. Because the requests are not part of any session, the JSP files end up creating multiple sessions and all the cookies are sent back to the browser. The browser honors only the last cookie that arrives. Therefore, the client can only retrieve the session associated with the last cookie. Creating a session before accessing multiframed pages that utilize JSP files is recommended.

JSPs will, be default, create an HttpSession if it does not already exist. A developer can use <% @page session="false" %> to turn off the automatic session creation from the JSP files that will not access the session. Then if the page needs access to the session information, the developer can use <% HttpSession session = HttpServletRequest.getSession(false); %> to get the already existing session that was created by the original session creating JSP file. This action helps prevent breaking session affinity on the initial loading of the frame pages.

Web Application Session Data

• When developing new objects to be stored in the HTTP session, they should implement Serializable to ensure that they can be persisted into a database or send via the message server if clustered sessions are enabled by the system administrator.
• Maximize use of session affinity and avoid breaking affinity. Session affinity is enabled by default in WebSphere Application Server. It ensures that, except for hardware or software fail-over, requests are handled by the container which initialized that session. Session clustering may be used in addition to affinity to handle fail-over.
• Release HttpSessions when done, call HttpSession.invalidate(). Otherwise the session objects remain in memory until the session timeout expires.
• It does not make sense to protect access to session state only part of the time.
• Distributed HttpSession support does not guarantee transactional integrity of an attribute in a failover scenario or when session affinity is broken.
  

Syntactic and Semantic

Validation comes in two types:

• Syntactic -- this involves checking for the format of a field, e.g. number of characters, alpha or numeric, membership in a list, and so forth. This needs to be repeated on the server because of the issues with JavaScript being turned off, loss of synchronization between the two languages in a project.
• Semantic -- this requires domain (business) logic to perform, e.g. comparing postal code with city, and so forth.