The Online Open Platform for users to create test and quiz

When googling disadvantages of hibernate, you would find lots of discussions and arguments as to what works and what not in hibernate. This is year 2011 and Hibernate 3.2 has been released . An an ORM framework it has matured a lot . I will sum down my experience of working with hibernate so far

1. If it is a small project with few tables , I think there is no need for a full fledge ORM framework like hibernate. You can very well using Spring with JDBC and keep complexity to minimum.

But this is a classic mistake made by teams initially. You assume that the project will have only 3-4 tables and few updates and inserts, but as and when you gather requirements, dive deep into design , add more features, it starts to get bigger.

At later stage you wishes you had started with ORM framework else you might have to write all the inserts, updates and selects which is a huge waste of time ,considering all this can be configured easily by hibernate.

2. Performance : A lot is being talked about hibernate performance. We have used Spring and hibernate with one of the biggest deployment in clinical applications and I can tell you, I have not seen any issues or so because of hibernate.

Yes we had to fix the hqls at few places but that is a normal tuning process.

3. Hibernate is slow because it uses run time reflection:  People who had faced performance issues with reflection in early ears were skeptical about hibernate’s use of reflection. But not anymore. You should not worry about performance loss due to reflection. From hibernate’s doc

Modern JVMs implement reflection extremely efficiently and the overhead is minimal compared to the cost of disk access or IPC. Developers from other traditions (eg. Smalltalk) have always relied upon reflection to do things that C/C++ needs code-generation for.

In the very latest versions of Hibernate, “reflection” is optimized via the CGLIB runtime bytecode generation library. This means that “reflected” property get / set calls no longer carry the overhead of the Java reflection API and are actually just normal method calls. This results in a (very) small performance gain.

Read more…

A lot has been said and discussed about hibernate performance.I will not go into details and benchmarks but I will share some practical insights.

Our application was developed using Spring framework 2.5 , spring webflow and hibernate 3.0. We had Oracle application server (not the oracle weblogic ) and oracle database 10g

Caching : Second level caching was done using ehcache. The caching strategy was read-only which is the simplest and best-performing cache strategy

Stored Procedures : Procs were used at couple of places. These procs had business logic and were communicating with another database through DB Link.

Native queries : We did not use any native queries.

We have used Spring and hibernate with one of the biggest deployment in applications and I can tell you, I have not seen any issues or so because of hibernate.

Yes we had to fix the hqls at few places but that is a normal tuning process.

I cannot share much details here neither the performance statistics but will be happy to answer your questions.

While with Oracle for several years there had been many instances when the database performance had not been optimal. This had nothing to with the configuration of the sever but more with tuning of database. Here are some tips which I had been using

Make sure that database statistics is upto-date. As this is one of the factor which can influence explain plan. We can gather statistics by executing following command:

EXEC DBMS_STATS.gather_schema_stats(‘TDWDBA’);

Where TDWDBA is the schema name.

Design by Contract essentially mean that a class has to fulfill certain responsibilities and are inside a boundary. This is done by use of interface. If you have a class which implements an interface (as is done in Java) , it has been designed by contract. The contract here is the methods which this class has to implement.

Going further down , if a class method getMyDetails(long ssnId)
we can put a assert statement like
assert ssnId != null;

Maven surefire plugin is used to run unit tests during test phase of build lifecycle . The reports are generated in .txt or .xml file. These files are generated at ${basedir}/target/surefire-reports

Surefire runs unit tests during build phase, not integration tests which are executed during package phase. But you can include integration tests also to be run

Below is the configuration for surefire plugin in your pom.xml

<profile>
<id>itest</id>
<build>
<plugins>
<plugin>
<artifactId>maven-surefire-plugin</artifactId>
<version>${maven.surefire.report.version}</version>
<configuration>
<includes>
<include>**/*IntTest.java</include>
<include>**/*IntTests.java</include>
</includes>
</configuration>
</plugin>

</plugins>
</build>
</profile>

When working with hibernate, one of the most used methods would be session.get or session.load.
Let us see what the difference between these tow

Take a look at this code :

Session hSession = this.getCurrentSession();

hSession.beginTransaction();
User u = (User)hSession.get(User.class, 8);
u.setLoginName(“skillguru”);
u.setPassword(“forgetmenot”);
hibernateSession.getTransaction().commit();

session.get() makes a hit to the database to get the data if the obejct does not
exist in the application.
Session.load gets the proxy for the instance, hence saving a database trip.But if there was no such object in the database then the method session.load() throws an exception whereas session.get() returns null.
Both the methods will return the instance or a proxy for the instance, if the instance or
proxy is already associated with the session.Only difference is that the session.load()
will throw an exception if the persistent entity does not exist in the database

In this post we will share some notes about Security. Cryptography in J2ee architect Certification .

Security

Select from a list security restrictions that Java 2 environments normally impose on applets running in a browser. The Java 2 security model is policy-based and has superseded the sandbox/trusted approach of Java 1.1. In Java 1.1 remote code (applets, for example) that was not trusted was constrained to the sandbox. If the remote code was signed and trusted then it could access local resources.

Cryptography, Digital signatures and Certificates can be used to increase the security of a system. Java offers a number of interfaces for related services. Firewalls are also important for protecting the gateway between trusted and untrusted networks.

Code Source:A combination of a set of signers (certificates) and a code base URL.By default, Java 2 uses a policy file to associate permissions with code sources

Security Policy File: permission is the right to access a protected resource or guarded object. For Java 2 permissions are specified in the security policy file. Only one policy is in effect at a time. A policy file consists of a number of grant entries. Each grant entry describes the permissions (one or multiple) granted to a code source.

Policy class: You can use java.security.Policy to create your own security policy.

java.security package : The following are some of the classes in the java.security package:

CodeSource – This class extends the concept of a codebase to encapsulate not only the location (URL) but also the certificate(s) that were used to verify signed code originating from that location.

KeyStore – This class represents an in-memory collection of keys and certificates. It manages keys and trusted certificates.

MessageDigest – The MessageDigest class provides applications the functionality of a message digest algorithm, such as MD5 or SHA.

Permission – Abstract class for representing access to a system resource.

Policy – This is an abstract class for representing the system security policy for a Java application environment (specifying which permissions are available for code from various sources).

ProtectionDomain – The ProtectionDomain class encapulates the characteristics of a domain, which encloses a set of classes whose instances are granted the same set of permissions.

Security – Centralizes all security properties and common security methods.

Given an architectural system specification, identify appropriate locations for implementation of specified security features, and select suitable technologies for implementation of those features.

Exposure to threats can be mitigated by using:

Authentication, Authorization (ACLs), Protecting Messages, Auditing

Web tier authentication (This is the usual location for this)

• Basic HTTP – the web server authenticates a principal with user name & password from Web client
• Form-based – lets developers customize the authentication user
• HTTPS mutual authentication – the client and server use X.509 certificates to establish identity over a SSL channel. Read more…

There are multiple ways to read properties file in Spring

Let us say you have database user name , password etc configured in jdbc.properties and would like to inject the values at run time.

Here is what will go in applicationContext.xml

<bean id=”dataSource” destroy-method=”close”>
<property name=”driverClass” value=”${jdbc.driverClass}”/>
<property name=”jdbcUrl” value=”${jdbc.url}”/>
<property name=”user” value=”${jdbc.user}”/>
<property name=”password” value=”${jdbc.password}”/>
<property name=”minPoolSize” value=”${jdbc.minPoolSize}”/>
<property name=”maxPoolSize” value=”${jdbc.maxPoolSize}”/>
</bean>

and this will be your properties file

jdbc.driverClass=oracle.jdbc.driver.OracleDriver
jdbc.url=jdbc:oracle:thin:@abc.com:1521:ORAC
jdbc.user=hello
jdbc.password=hello
jdbc.minPoolSize=1
jdbc.maxPoolSize=10

At run time, the properties file value will be injected  into the applicationContext.xml