Spring, What is it and how can I benefit from using it?

Most people i speak to on the IRC chats have no idea what Spring is, all they know is that it is a Java J2EE programming framework.

I will today try to simplify the situation Spring in essence is mainly a configurable Dependency Injection (DI) framework, this means that you can initialise objects without actually knowing how to,

example:

public Class Service {
    private ModelObject modelObject;

    public Service(ModelObject modelObject)  {
        this.modelObject = modelObject;
    }

   public void useModelObject() {
     ....
    }
}

This works by passing in the predefined ModelObject when the class is instantiated, so there is a config file in XML which details how to declare each object so the framework can pass it in. This means you invert the dependency

model so that if the “ModelObject” was actually declared as an Interface it would be able to take ANY class passed in on the configuration that implemented the declared interface.

This leads nicely to the SOLID programming principle where D means Dependency Inversion principle.

  

SOLID is an excellent way to make sure your new Class is good OO design.

1. Single Responsibility Principle – Every object should have a single responsibility, and that responsibility should be encapsulated by the class

2. Open/Closed Principle – When you get a request for a new feature you should be able to add this without changing any old code by using subclases and new implmentations

3. Liskov Substitution Principle – This means that you should be able to use any subclass in the same place the parent class is used (it honours the method signatures of the parent)

4. Interface Segregation Principle – avoid getting your classes included into other classes, if you break this one it is considered bad design

5. Dependency Inversion Principle – Decouple your software modules, to achieve that you need to isolate dependencies for code reusage

Anyway back to Spring, so we have all our objects declared in the config as well as all the database configuration and the database drivers etc. This means that we have a lot of independent classes which are

sat all on their own and so is easy to test using unit tests. (this is a good thing) This is the main power of Spring, you can drop out and drop in classes and change them by just changing the configuration file.

  

A project i worked on used Spring to add security so that even if anyone tried to access data they shouldn’t then it still protected them, by having the Domain (Model) objects behind an assembler which checks which information is

allowed to be passed to the Domain Transfer Object (DTO), so if you are admin you can see the person’s email addresses but if not then they don’t even come out of the database so the information is just not there rather than being hidden.

  

This of course stops nasty hackers from siphoning off your users details and selling them to fraudsters as has happened with Sony, Amazon, SipGate and many other companies around the globe.

Why you should not use Skype

Skype, The wonderful Internet phone service. What could possibly be wrong, its secure, it works and sounds great.

The problem is not the service offered, more how it is implemented.

Way back at the start of the internet some companies developed software to facilitate peer to peer fileshare, eDonkey, and Kazaa were two of the big players, RIAA then went after the software developers so Kazaa to divert the wrath of the courts developed Skype to use the same technology as the file sharing network.

 

Back to the present…..

Skype is now huge, everyone uses it, this is good as it now means that the technology used by it is working as good as ever or even better as there are so many people using it.

So what is so wrong with the image here, Well Sarah User is a housewife who uses Skype to keep in touch with family in other countries, she pays the low broadband fee and gets 1GB of bandwidth per month and then she has slowed down internet and surcharges for using too much data. She leaves Skype running so that family and friends can call her without having to pay fees.

But underneath the covers a nasty situation is brewing, as part of the Skype network, Sarah’s internet line is being used to send other people’s phone calls as they bounce calls between logged in users.

On top of that to prevent drop outs they also use 3 streams for each call discarding the slower packets when they arrive. 

The Skype Network

 

Sarah now has run out of bandwidth for the month and is paying for other peoples calls.

 

VOIP on the other hand is a direct connection protocol, First of all the phones log into the VOIP provider’s registration server, and when a call is set up it is direct between all users and not via anyone else so you are not losing your internet connection to any other users.

VOIP provider

 

There are many VOIP services out there and you can even get adapters that you can plug your normal house phone into and redirect all your calls through the internet.

Some providers are

3CX  and VoIP Unlimited

 

You can even if you are interested get a FREE VoIP server called Asterisk, this can with the right hardware in the system interface with ISDN lines or normal phone lines,

as well as a built in answerphone and IVR (the system where you get a message like “Press 1 for sales, press 2 for accounts, press 3 to be redirected to the legal department”)

Generic toString() for Java

I found myself needing to retroactively add a toString() method to about 300 classes so that the AOP logging could track the data being passed in to DAOs etc.

So what to do? Spend a day or two trying to shoehorn this into the system class by class ? or work out a way to use one method in all classes?

Obviously wanting more time for blogging , shopping for shoes and doing my make-up  I chose the latter.

So I need to get a toString() that works. the default one for Object prints the class name and the instance id

uk.co.myorg.model.AuditLog@56f967c6

This doesn’t help so we had to move cleverer. either go through a whole class doing a StringBuilder with lines like

result.append(this.getName());

result.append(“\n”);

this was the long way around, so I decided to delve into reflection and do it in a clever way.

    @Override
public String toString() {
StringBuilder result = new StringBuilder();
try {
result.append(this.getClass().getName());
result.append(“\n————————————\n”);
Class c = this.getClass();
Field fieldList[] = c.getDeclaredFields();
for(Field entry: fieldList) {
result.append(entry.getName());
result.append(“:”);
result.append(entry.get(this));
result.append(“\n”);
}
} catch (Exception e) {

}
return result.toString();
}

Now this is nice and compact, and does what it says on the tin.

I now need to have an abstract class that every single class i use extends, oh well not much work saved but a nice concept.

Wireless Internet

Several years ago I wrote an article to post in the Reading Chamber of Commerce magazine but for some reason they did not publish, So i will attempt to recreate the article here and update it for current information.

Everyone has heard of Wi-Fi,  Motorway services provide it for free, but what are the risks with it. Back in 1997 I took my laptop with a pcmcia wireless network card ran up a piece of software called stumblr and drove round the IDR (Inner Distribution Road) in Reading heading out down Queens Road and back in by Kings Road (the legal/financial area)

In all I found 64 wireless hotspots, 32 of them strangely enough were wide open and unprotected by any security at all.

At the time every company was getting wifi for their employees to use in the office on their laptops, but no-one was securing the connection with WEP (Wireless Encryption Protocol)

As many know, this has since been cracked and even WPA-2 one of the latest encryption methods is crackable in minutes by even a mobile smartphone. It at least deters the opportunist.

People have a problem understanding how Wireless works, they are connected to WiFi but they still cannot get onto the internet, take for instance Wired connections they will plug in the cable and if it doesn’t work they will look at the network configuration or the router to determine what is not working, With wifi, they keep figuratively plugging and unplugging the cable by disconnecting and reconnecting the WiFi.

The WiFi connection you set up with the WPA key is the same as the Cable you plug into your PC. After that you have what is called the TCP/IP protocol  this is what allows you to connect out to the internet, but at its core the internet is machines connected together using an internet address called IPV4  you may recognise it as numbers like 192.168.1.2

but how do you connect to sites like http://www.google.com, We use a system called DNS (Domain Name Services) which is like a large Telephone Book allowing you to look up http://www.google.com and get its phone number (IP address).

There are small ranges allocated for non-routable connections and they are seperated into classes, don’t worry about those they just detail how many digits at the start do not change.

Class A: 10.x.x.x

Class B: 172.16.0.0 – 172.32.255.255

Class C: 192.168.x.x

Well most WiFi systems automatically allocate anyone connecting with an address to allow them to access the internet, To start securing the network you need to stop this happening, TURN OFF DHCP – this is the mechanism used to automatically issue internet addresses, or if you need this on because you have a large network, you could also lock the WiFi to only allow connections from certain machines, whilst this can cause more administration to the IT team it will make the network more secure.

How does this work? Well every network card ever created has an allocated “MAC” address (Media Access Control)  This is a series of digits which uniquely identify any piece of hardware, and most modern routers allow what is called Mac locking meaning if you don’t have the correct network card you cannot connect,  Interestingly enough the new IPV6 which is already starting to replace the old IPV4 due to us running out of addresses on the IPV4 network almost is a mac address and I have seen where some providers are allocating the IPV6 address based on the Mac Address of the connected hardware.

If you exclusively use Mac Locking then you can actually have your WiFi without a password as unless they are on the list they can’t come in.

Further to that all WiFi routers also Broadcast their Ident so you can see the name of the hotspot, You can also turn this off, so unless you know its name you cannot manually connect.

added to that, all routers need to have their default password and name changed and if possible change the ip address it uses.

A hacker will start looking for the router address to be able to try and gain access to the rest of the network by looking for 192.168.1.1 or 192.168.1.254 as this is where they usually reside. Change the default address say go for 192.168.4.20 for the router, so its completely out of the normal addressing range. All of this will help you to secure your network and deter hackers from stealing your ideas and installing nasty software in your connection

So The Suggestions are

• MAC lock the router
• Use WPA-2 or better security on the router
• Change the router password and default ip address
• Switch off the WiFi Beacon

All of these steps will increase your security in the office, and also at home, many people will implement security at the office that is second to none but they will still have a completely open Netgear router on default IP and password at home,

A last thought, A hacker logs into your network, downloads child porn, plants it on your computer then calls the police. What would that mean to you?

Hello world!

Welcome to my little corner of the internet, I thought after so many years reading other people’s blogs, and getting advice on programming problems and such

I should start my own blog to detail my technical stuff and maybe discuss life in general.

 

So welcome to what I hope doesn’t end up like other attempts in the past which have dwindled off after about 2 weeks.