Skip to main content

Programming

Java Application Development Tutorial

I’ve been meaning to write a small tutorial for building web applications. Now it’s time! Let’s define the steps and choose some solutions for developing back-end java web application.

I will give my design recommendations and list a technologies I would use. You may have your own opinion and you may share it in comment. Over time, this post may change since my favourites are also changing over time.

Self-Hosted Web Analytics Solution for AngularJS

There are situations when you need to analyze user’s experience but can’t use a third-party web analytics solutions like Google Analytics or Yandex Metrika. For example, if your production environment is PCI DSS compliant. In this case you have to deploy self-hosted analytics engine and inside your environment and configure user actions tracking in your application.

One of the possible solutions is the piwik as analytics engine + Angulartics or angular-piwik for tracking events inside AngularJS application. In addition to web analytics features, piwik offers a log analytics.

piwik screenshot
Piwik Demo

Another option is to use Open Web Analytics (OWA) and write a plugin for Angulartics. OWA Demo

Loading Indicators for AngularJS

Modern web application should be user friendly and notify the User when time consuming operation is on the way, e.g. uploading file or downloading data. There are a some solutions for AngularJS which are fairy easy to integrate.

First one is Angular Loading Bar. It can be attached to your application with almost zero configuration and does not affect application design. It attaches the interceptor to $http service and displays a thin progressbar on the top edge of the page. Demo

Another component is angular-busy. It is more customizable and can show a spinner with backdrop above any page element. Just wrap it with <div cg-busy="..."/>. But it may require some customization. Demo

Also, there are some examples how to add loading indicator to ui-router.

Tags Input Control for AngularJS

Stay DRY! Don’t waste your time implementing tags input control for AngularJS yourself! There is an excellent AngularJS module for that called “ngTagsInput”. It’s also supports autocomptetion, validations,custom styles and templates. See the demos.

It took me just 10 minutes to add that type of control to my application.

All you need to do is:

  1. Add NPM or Bower dependency
    npm install ng-tags-input --save
    bower install ng-tags-input --save
  1. Include script and CSS to your html page. If you’re using some dependency injection pre-processor like gulp-inject or gulp-ng-inject you don’t need it.

    <script src="angular.js"></script>
    <script src="ng-tags-input.js"></script>
    <link rel="stylesheet" type="text/css" href="ng-tags-input.css">
    
  2. declare module dependency:

    angular.module('myApp', ['ngTagsInput'])
        .controller('MyCtrl', function($scope, $http) {
            $scope.tags = [
                { text: 'just' },
                { text: 'some' },
                { text: 'cool' },
                { text: 'tags' }
            ];
            $scope.loadTags = function(query) {
                 return $http.get('/tags?query=' + query);
            };
        });
    
  3. Add input control to html

    <body ng-app="myApp" ng-controller="MyCtrl">
        <tags-input ng-model="tags">
            <auto-complete source="loadTags($query)"></auto-complete>
        </tags-input>
    </body>
    

Pretty simple, isn’t it? The only thing to consider is handling of the tags model. $scope.tags will be an array of objects on the form {text:value}. You may need to transfer them to array of strings:

var tagValues = $scope.tags.map(function(input) {return input.text;});

Web Security Resources

Here are some useful links to security resources:

  • OWASP to 10 v.2013– A list of the 10 Most Critical Web Application Security Risks.
  • OWASP: list of website security attacks
  • OWASP: list of website vulnerabilities
  • OWASP Development Guide – The OWASP Developer Guide 2014 is a dramatic re-write of one of OWASP’s first and most downloaded projects. The focus moves from countermeasures and weaknesses to secure software engineering. The Developer Guide 2014 is a “first principles” book - it’s not specific to any one language or framework, as they all borrow ideas and syntax from each other. There are highly specific issues in different languages, such as PHP configuration settings or Spring MVC issues, but we need to look past these differences and apply the basic tenets of secure system engineering to application security.
  • OWASP Testing Guide (version 4 PDF)
  • OWASP Enterprise Security API / ESAPI 2.x on GitHub – ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications. The ESAPI libraries are designed to make it easier for programmers to retrofit security into existing applications. The ESAPI libraries also serve as a solid foundation for new development.
  • OWASP Resources on GitHub
  • Offensive Security Exploit Database Archive
  • CVE – CVE is a dictionary of publicly known information security vulnerabilities and exposures.
  • National Vulnerability Database – NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics.

Booting Spring Webapp

Spring Boot is an excellent tool to bootstrap java application. Most of the references mention how to create a standalone java application, optionally with embedded web server (tomcat or jetty). But Spring Boot supports also creating web applications intended to run within servlet container.

Recalling Testing Principles

If you are involved in software development then recalling a basic testing principles once again is not a waste of time. So here are the principles:

  1. A necessary part of a test case is a definition of the expected output or result.
  2. A programmer should avoid attempting to test his or her own program.
  3. A programming organization should not test its own programs.
  4. Any testing process should include a thorough inspection of the results of each test.
  5. Test cases must be written for input conditions that are invalid and unexpected, as well as for those that are valid and expected.
  6. Examining a program to see if it does not do what it is supposed to do is only half the battle; the other half is seeing whether the program does what it is not supposed to do.
  7. Avoid throwaway test cases unless the program is truly a throwaway program.
  8. Do not plan a testing effort under the tacit assumption that no errors will be found.
  9. The probability of the existence of more errors in a section of a program is proportional to the number of errors already found in that section.
  10. Testing is an extremely creative and intellectually challenging task.

I recommend reading a book “The Art of Software Testing” by Glenford j. Myers, Tom Badgett and Corey Sandler (ISBN: 978-1-118-03196-4).

Base64 Variants in Java 8

You most likely used Base64 encoding. It’s about encoding any sequence of data as a printable string (digits, lower case and upper case letters). But Base64 has variations. E.g., not every Base64 variant allows safe transfer of any data as URL parameters. For that purpose there is a special dialect of Base64: Url-safe encoding.