| Time |
S |
Nick |
Message |
| 00:36 |
|
|
kobain joined ##javaee |
| 00:37 |
|
|
raoul- joined ##javaee |
| 00:56 |
|
|
sfisque joined ##javaee |
| 01:00 |
|
|
sfisque1 joined ##javaee |
| 01:25 |
|
|
Maziz joined ##javaee |
| 02:20 |
|
|
cavemanlg joined ##javaee |
| 02:52 |
|
|
cavemanlg joined ##javaee |
| 03:06 |
|
|
SoniEx2 joined ##javaee |
| 03:06 |
|
SoniEx2 |
at least here I can post this: https://github.com/SoniEx2/NBX-API |
| 03:06 |
|
SoniEx2 |
and ask how can I stop writing derpy code? |
| 03:06 |
|
Quest |
sure you can, if its related to java |
| 03:07 |
|
SoniEx2 |
aka I sometimes write "x==y ? true : false" |
| 03:07 |
|
Quest |
so.. |
| 03:09 |
|
SoniEx2 |
the "? true : false" isn't needed? |
| 03:09 |
|
Quest |
what are you trying to do? |
| 03:09 |
|
SoniEx2 |
a file format? |
| 03:09 |
|
Quest |
its like if x is equal to y ? then do this : otherwise do this |
| 03:10 |
|
SoniEx2 |
no sometimes I write "x==y ? true : false" |
| 03:10 |
|
Quest |
then? |
| 03:10 |
|
Quest |
why do you write it? |
| 03:10 |
|
Quest |
what do you mean? |
| 03:10 |
|
SoniEx2 |
well it's like saying "true ? true : false" or "false ? true : false" |
| 03:12 |
|
Quest |
x==y is a condition. if its true . that is , if x IS EQUAL to y. the left part of : happens, other wise the right part |
| 03:13 |
|
SoniEx2 |
let me explain a bit better |
| 03:13 |
|
SoniEx2 |
https://github.com/SoniEx2/NBX-API/commit/9be68492918113e6c02265d4a9aed88c3ad6de09#L0L16 |
| 03:14 |
|
sfisque1 |
if( x == true ) { return true; } else { return false; } // W1N!!!11one |
| 03:14 |
|
Quest |
read() == 1 ? true : false, (byte) read(), (byte) read(), ? |
| 03:14 |
|
SoniEx2 |
"read() == 1 ? true : false" |
| 03:14 |
|
SoniEx2 |
see? |
| 03:14 |
|
SoniEx2 |
I derped there |
| 03:14 |
|
Quest |
ok. let me tell. |
| 03:15 |
|
sfisque1 |
ack. stick that in a BufferedReader or BufferedInputStream. you get two smacks for R/W per byte |
| 03:16 |
|
* Quest |
hands over to sfisque1 |
| 03:16 |
|
SoniEx2 |
also yes I suck at coding |
| 03:16 |
|
SoniEx2 |
I'm trying to get better at it tho... |
| 03:17 |
|
sfisque1 |
fair enough :-D |
| 07:00 |
|
|
sl33k joined ##javaee |
| 08:15 |
|
|
sl33k1 joined ##javaee |
| 08:16 |
|
|
sl33k joined ##javaee |
| 08:17 |
|
|
sl33k joined ##javaee |
| 08:18 |
|
|
sl33k joined ##javaee |
| 08:19 |
|
|
sl33k joined ##javaee |
| 08:20 |
|
|
sl33k joined ##javaee |
| 08:21 |
|
|
sl33k joined ##javaee |
| 08:22 |
|
|
sl33k joined ##javaee |
| 08:29 |
|
|
sl33k1 joined ##javaee |
| 08:38 |
|
|
sl33k joined ##javaee |
| 08:40 |
|
|
sl33k joined ##javaee |
| 08:41 |
|
|
sl33k joined ##javaee |
| 08:41 |
|
|
sl33k joined ##javaee |
| 08:43 |
|
|
sl33k joined ##javaee |
| 08:44 |
|
|
sl33k joined ##javaee |
| 08:45 |
|
|
sl33k joined ##javaee |
| 08:47 |
|
|
sl33k joined ##javaee |
| 08:47 |
|
|
sl33k joined ##javaee |
| 08:48 |
|
|
sl33k joined ##javaee |
| 08:49 |
|
|
sl33k joined ##javaee |
| 08:49 |
|
|
sl33k joined ##javaee |
| 08:50 |
|
|
sl33k joined ##javaee |
| 10:57 |
|
|
l1ght joined ##javaee |
| 11:43 |
|
|
neuro_sys_ joined ##javaee |
| 13:35 |
|
|
kobain joined ##javaee |
| 13:43 |
|
|
Naros joined ##javaee |
| 14:18 |
|
|
Quest joined ##javaee |
| 14:21 |
|
|
SoniEx2 joined ##javaee |
| 14:39 |
|
* javanewb |
yawns |
| 14:42 |
|
Quest |
javanewb, whats up? |
| 15:21 |
|
|
onr joined ##javaee |
| 15:25 |
|
javanewb |
me barely |
| 15:26 |
|
Quest |
hm |
| 15:32 |
|
onr |
neuro_sys: o degil de mecidiyekoy tarafi nasil |
| 15:33 |
|
Quest |
onr, english? |
| 15:33 |
|
onr |
Quest: anlamadim? |
| 15:34 |
|
Quest |
I only understand ENGLISH |
| 15:35 |
|
onr |
Quest: mi no ingles |
| 15:35 |
|
|
Naros left ##javaee |
| 15:35 |
|
|
Naros joined ##javaee |
| 16:17 |
|
|
caverdude joined ##javaee |
| 16:17 |
|
caverdude |
hello |
| 16:17 |
|
Quest |
he |
| 16:20 |
|
SoniEx2 |
have you guys messed with my file format yet? |
| 16:21 |
|
Quest |
not too much |
| 16:24 |
|
|
sfisque joined ##javaee |
| 16:29 |
|
Quest |
http://stackoverflow.com/questions/17814166/multiple-exception-throws-and-re-throws-several-times-with-nested-exceptions any comments by any one? I am new to exceptions |
| 16:30 |
|
Naros |
Let me read the post before i answer |
| 16:30 |
|
Quest |
sure |
| 16:31 |
|
Naros |
Alright, lets talk exceptions for a minute. |
| 16:31 |
|
Naros |
The idea behind them isn't to necessarily try to parse or do anything with the exception's string message that you can get from getMessage(). |
| 16:31 |
|
Quest |
MSG for all : we need a recruit. contract based who knows javascript and css at a high degree |
| 16:32 |
|
Quest |
Naros, ok |
| 16:32 |
|
Naros |
The idea is to catch the exception and then based on the exception thrown, do something application specific. |
| 16:32 |
|
Quest |
hm |
| 16:32 |
|
Naros |
a try block could catch multiple exceptions of different types perhaps |
| 16:33 |
|
Naros |
and each exception caught could do something entirely different |
| 16:33 |
|
Quest |
ya. may be log something if user tries to mess with priviliegs |
| 16:33 |
|
Naros |
perhaps, or it adds the correct message in whatever framework you use to inform the user about what happened. |
| 16:33 |
|
Quest |
oh. i just simply need a try catch with multiple catch blocks. all will run? |
| 16:33 |
|
Quest |
ok |
| 16:33 |
|
whartung |
IMHO, this is the absolutely wrong way to use exception. |
| 16:34 |
|
Quest |
whartung, usually the chatch block is a response to the error/problem |
| 16:35 |
|
sfisque |
sort of |
| 16:35 |
|
Quest |
Naros, you were saying...? |
| 16:35 |
|
Naros |
whartung: he needs to at least understand how to use them first imo. |
| 16:35 |
|
sfisque |
try/catch is when you know or expect some forms of exception and can handle them gracefully |
| 16:35 |
|
whartung |
doesn't matter, exceptions are for exceptional behavior -- and user privilege is not exceptional behavior, it's endemic |
| 16:36 |
|
Naros |
I'm not talk about privileges. |
| 16:36 |
|
whartung |
but Quest is |
| 16:36 |
|
Naros |
here is a crude example |
| 16:36 |
|
Naros |
http://pastebin.com/iTwEsHqw |
| 16:36 |
|
Quest |
whartung, you have a point. but using exceptions in this scenario molding them to our use, is a smart thing Naros told. what do you think whartung |
| 16:37 |
|
Naros |
my first point is that he shouldn't care necessarily (other than maybe logging) what getMessage() gives him in the exceptions |
| 16:38 |
|
sfisque |
what appears in that pastebin is an anti-pattern. you're using exceptions to handle logic dispatch |
| 16:38 |
|
Naros |
from a controller's perspective, you handle exceptional behavior and give the user some reasonable reason on the UI that doesn't give them too much information but that isn't misleading or non-informative as well. |
| 16:38 |
|
whartung |
Exception fall in to the "don't test for something you can't handle". There's a reason why the majority of my exceptions are RuntimeExceptions. Most of the time, most of the code, can not handle the exception, and it blows out all the way to the top level where it's reported and logged. They're not used for logic flow except very rarely. |
| 16:38 |
|
Naros |
sfisque: how would you change it? |
| 16:38 |
|
whartung |
an Exception is "the database imploded" |
| 16:39 |
|
sfisque |
instead of gating on exception, gate on a method that tests the priv/perm and dispatch on that |
| 16:39 |
|
whartung |
Exceptions are for "WTF, this is WAY wrong" |
| 16:39 |
|
sfisque |
instead of try/catch, ... if( hasPermission() ) { doIt() } else { youCantDoThat(); } |
| 16:40 |
|
sfisque |
even better would be to wrap the functionality in "guarded" objects (take a look at java security) and guard the objects based on perm/privs in the user credentials |
| 16:40 |
|
whartung |
right, exactly what sfisque said |
| 16:41 |
|
sfisque |
the try block would be for something catastrophic like , the perm collection is null when you expect it to be at the very least initialized as an empty collection. |
| 16:41 |
|
Quest |
why you agreed with Naros yesterday then? sfisque |
| 16:41 |
|
sfisque |
or the db disappeared, like whartun says |
| 16:41 |
|
whartung |
that said, I HAVE done deep, deep security checks at the lowest level. At a level that "should never happen", i.e. when Customer X asks for Customer Y's data, I make sure that X == Y, and if not, we don't discuss it, we go "WTF" and toss an exception, because it should NEVER happen, and it's a critical error someone got that deep. |
| 16:41 |
|
Naros |
Right but at least in my world, I have two options to handle things like that. |
| 16:42 |
|
Naros |
either you allow it to bubble up to Struts2 where you have to handle a mapping of exception class to jsp |
| 16:42 |
|
Naros |
or you catch it and allow to do some flow control back to the INPUT jsp |
| 16:42 |
|
sfisque |
you're missing the subtlies between "calling methods and catching exceptions" and "using execptions as dispatch logic" |
| 16:42 |
|
sfisque |
one is part of the lang, the other is an anti-pattern |
| 16:42 |
|
whartung |
absolutely catch them at the edge, so format them nice, ensure they're logged, keep the stack trace out of the users browser. But that's presentation |
| 16:43 |
|
whartung |
again, what sfisque says |
| 16:43 |
|
Naros |
whartung: and what my pastebin was is controller/presentation |
| 16:43 |
|
whartung |
at the edge for services, we have a Result pattern |
| 16:43 |
|
Quest |
I do need a flow controll thought. from dao to jsp |
| 16:44 |
|
Naros |
Quest: correct but their suggestion isn't to rely on exceptions to necessarily control that. |
| 16:44 |
|
sfisque |
it is a shame that uml is not taught earlier in various programs. forcing devs to take the 10k foot view would be instrumental |
| 16:44 |
|
Naros |
Instead you control it program flow of conditional checks. |
| 16:44 |
|
whartung |
a Result contains all sorts of fascinating information -- the service result, any warnings or messages encountered, possibly extra data. It's a rich model. "Here's your new bleem, but by the way, this happened while we created it in case you care" kind of structure |
| 16:45 |
|
Naros |
whartung: right which somewhat goes back to the SaveResult concept I mentioned to Quest the other day. |
| 16:45 |
|
whartung |
but we mostly do this on the edge, for the end user, we don't use it deep in the logic, it's too burdensome |
| 16:45 |
|
whartung |
yea, it's a good idea. |
| 16:45 |
|
Naros |
But for very simple things, I find it overkill imo |
| 16:45 |
|
whartung |
yes |
| 16:45 |
|
Quest |
Naros use of exception was smart (though they might not be made for testing things like privileges or conditions. if you say so) . so what strategy do you all propose? |
| 16:45 |
|
whartung |
it is |
| 16:45 |
|
sfisque |
aye. we do alot of "catch log rethrow" in our product ... it's clumsy at times, but allows for good forensics in the logs when bad things happen |
| 16:46 |
|
Naros |
Quest: I'd argue the strategy highly depends on the test case. |
| 16:46 |
|
whartung |
yea, I do it all the time, converting checked exception to runtime exceptions. |
| 16:46 |
|
Quest |
by all i mean Naros whartung sfisque |
| 16:47 |
|
Naros |
There are times where I fully support my pastebin for very simplistic cases and there are other strategies as whartung mentioned where it's advantegous to use a SaveResult like concept that gives you a journal of all the things that took place, both good & bad. |
| 16:47 |
|
whartung |
catch (IOException io) { throw new RuntimeException("something when wrong with file " + file, io); } |
| 16:48 |
|
whartung |
the key take away here |
| 16:48 |
|
whartung |
is there is no one answer |
| 16:48 |
|
Naros |
catch(OptimisticLockException ole) { LOG.warn(ole.getMessage()); throw new ConcurrentRecordMoficiationError(ole); } |
| 16:48 |
|
Naros |
Exactly what whartung said. |
| 16:48 |
|
whartung |
it's nuanced, "it depends". You can't just take all of these tips as law and spread them everywhere. |
| 16:49 |
|
Naros |
welcome to the world of programming :P |
| 16:49 |
|
Quest |
hm |
| 16:49 |
|
sfisque |
aye. obviously, scale/scope are important. for a small "toy" app, just catching the exception is "quick and dirty" but i think whartung (and myself) are trying to promote the concept that "don't adopt potentially bad habits" while you're learning |
| 16:49 |
|
whartung |
you discovered this at once and made that post, you started to try it out and went "hey, wait a minute…" |
| 16:49 |
|
Naros |
reminds me of newbie game developers writing C++ thinking everything fits in shiny OO classes. pfft. it doesn't quite work that way in the real world. |
| 16:49 |
|
whartung |
that's a warning that something isn't quite right |
| 16:49 |
|
Quest |
thats why I made a long question and even got -1 for it. so I can explain scope |
| 16:50 |
|
whartung |
it's too big a question for SO |
| 16:50 |
|
sfisque |
aye SO are kind of "anal" at times |
| 16:50 |
|
whartung |
because "it depends" |
| 16:50 |
|
Quest |
whartung, sfisque Naros , so what do you guys suggest in this specific scenarios (which may be encountered many times in other apps and by users) |
| 16:51 |
|
Naros |
Quest: the answer is that it will depend on what the service business case is :) |
| 16:51 |
|
whartung |
I suggest you do whatever you want, and decide if you like it. If you do stick with it, if you don't, change it now armed with new information about what you don't like about what you did. |
| 16:51 |
|
Quest |
Naros, as I wrote. checking privs |
| 16:51 |
|
sfisque |
for something small, a simple utility class that handles security (or a thirdparty thing like spring sec) where you can just "ask the permission question" and then dispatch execution based on the outcome (int, boolean, etc.) |
| 16:51 |
|
Naros |
Then it isn't appropriate as others had said for checking privs. |
| 16:51 |
|
Quest |
whartung, well, in the first place, i dont know the options i have |
| 16:52 |
|
sfisque |
for something bigger, leveraging a full api (JAAS, JAAC, JavaSec, etc.) would save you much work |
| 16:52 |
|
whartung |
of course you do. You may not know them al, you know some. you know about IF statements. What's to know? |
| 16:52 |
|
Quest |
Naros, then what is appropriate |
| 16:52 |
|
whartung |
that's all computer languages are: loops, math and if statements. |
| 16:52 |
|
sfisque |
as for your DAO calls, you definitely need to trap exceptions (like the db disappeared, the table differs from your bean, etc.) |
| 16:52 |
|
whartung |
everything else is sugar |
| 16:52 |
|
sfisque |
pretty much W |
| 16:52 |
|
Quest |
Naros, it couuld be any check of a method returning a boolean. not just privs |
| 16:53 |
|
sfisque |
as i once said in an interview, ultimately, every computer product is just "moving bits around in memory". doesnt matter if it's accounting software, graphics software, or networking software |
| 16:53 |
|
whartung |
remember, it's software -- you can always change it. |
| 16:53 |
|
whartung |
my favorite line regarding that sfisque |
| 16:53 |
|
Naros |
Quest: this is what I believe they're advocating http://pastebin.com/eevJTshS |
| 16:54 |
|
whartung |
is a friend who was working with 3D renderers (back when folks wrote 3D renderers) |
| 16:54 |
|
whartung |
and he said "The best thing about 3D is that if it looks right, it IS right!" -- So simple! lol |
| 16:54 |
|
sfisque |
that's like 300 years ago, in internet years |
| 16:54 |
|
sfisque |
ROFL |
| 16:54 |
|
Naros |
Do you see how we've decoupled the permissions check from exception handling ? |
| 16:54 |
|
Naros |
Exception handling is being used for those critical exception cases only. |
| 16:55 |
|
sfisque |
yes naros. that is the ticket :-D |
| 16:55 |
|
whartung |
right exaclty |
| 16:55 |
|
sfisque |
Quest, memorize that block of code. that is about 90% of EE |
| 16:55 |
|
sfisque |
:P |
| 16:55 |
|
Quest |
whartung, sfisque you commented that exception nesting will be bad in my case. but what alternative you propose |
| 16:55 |
|
Naros |
UserSecurityContext is just a helper class with all the security stuff inside it allowing me to pass whatever parameters to evaluate some condition to be true/false. |
| 16:56 |
|
whartung |
your framework should provide you the equivalent of "UserSecurityContext" |
| 16:56 |
|
whartung |
whatever you're using |
| 16:56 |
|
whartung |
JEE has one "for free" |
| 16:56 |
|
Naros |
Yep |
| 16:56 |
|
whartung |
I don't know what spring has |
| 16:56 |
|
whartung |
but they all work the same |
| 16:56 |
|
Naros |
Spring security's is the PermissionEvaluator but it interacts with annotations |
| 16:56 |
|
sfisque |
if you're catching exceptions from two (or more) different inheritence chains (i.e. IOException vs. SQLException, etc.) do not collapse them. they indicate two (or more) VERY DIFFERENT failure points |
| 16:56 |
|
whartung |
and I won't discuss how they work, it's not germane to this |
| 16:57 |
|
Naros |
so he'd just annotate the method execute() instead |
| 16:57 |
|
sfisque |
aye, what Naros says |
| 16:57 |
|
whartung |
I never cared for annotations for security, but that's me. |
| 16:57 |
|
Naros |
saves tons of boilerplate code :) |
| 16:57 |
|
whartung |
it's rarely that straightforward :) |
| 16:57 |
|
Naros |
aye |
| 16:58 |
|
sfisque |
they can be very powerful, BUT you have to either leverage CMAA or write alot of leverage code |
| 16:58 |
|
* Quest |
tries to catchup with the chat as a new bie |
| 16:58 |
|
Naros |
hehe, sorry Quest, we got off on a slight tanget. |
| 16:58 |
|
Quest |
no problem at all. iam enjoying and learning |
| 16:58 |
|
Naros |
sfisque is saying don't do something like this |
| 16:58 |
|
sfisque |
i'm a big fan of letting the container manage AA and just testing the user credential objects |
| 16:58 |
|
Naros |
try { ... } catch(SQLException e) { throw new IOException(e); } |
| 16:59 |
|
Naros |
you're wrapping sql exception into an io exception |
| 16:59 |
|
sfisque |
right, which obfuscates the failure point |
| 16:59 |
|
Naros |
makes no sense to do that |
| 16:59 |
|
sfisque |
it can make for a VERY LONG night of forensics |
| 17:00 |
|
sfisque |
i tripped across something like that in the product. needless to say, "we" had words the next morning when i was very tired and irate |
| 17:00 |
|
Naros |
but there are times where such a case is helpful in the service tier |
| 17:00 |
|
Naros |
if the framework you're writing doesn't want to expose a SQLException. |
| 17:00 |
|
sfisque |
aye, but if it's bubbled up that far, it should have been handleed gracefully along the way |
| 17:00 |
|
Naros |
but instead perhaps some ApplicationPersistenceException |
| 17:00 |
|
|
k5_ joined ##javaee |
| 17:01 |
|
sfisque |
either getting logged and rethrown or somesuch |
| 17:01 |
|
Naros |
at least where the name and reason are logically bound, not wrapping SQLException in an IOException |
| 17:01 |
|
Naros |
those are two different beasts. |
| 17:01 |
|
sfisque |
aye. if you're "handling it" and then bubbling up some more info to the next tier, then it can be very germain |
| 17:02 |
|
Naros |
precisely. |
| 17:02 |
|
sfisque |
but just grabbing and rethrowing an unrelated exception can be "mucho fun" to track down later |
| 17:02 |
|
Naros |
especially at 4am when the admin calls you that the app crashed and u gotta figure out why :/ |
| 17:02 |
|
* sfisque |
sighs knowingly |
| 17:03 |
|
Naros |
but there is nothing wrong with playing them, getting used to how they work and adhering to best practices once you have an understanding. |
| 17:04 |
|
Naros |
them being exceptions |
| 17:05 |
|
whartung |
once it's wrapped by a RuntimeException (of any kind), let it go. |
| 17:05 |
|
Quest |
so whartung sfisque Naros , what strategy do you each would go for it you were me? (ignoring spring security) |
| 17:05 |
|
sfisque |
i've yet to try out the new "multi-exception catching". i'm eager to get my hands on that to collapse some big catch "switch" statements we have |
| 17:05 |
|
sfisque |
naros already described it |
| 17:05 |
|
Naros |
Quest: http://pastebin.com/eevJTshS <-- this |
| 17:05 |
|
whartung |
I'd do what Naros did in that pastebin |
| 17:05 |
|
sfisque |
a utility security bean that can be used to gate the execution |
| 17:06 |
|
Quest |
Naros, there would be so many calls and exceptions. how to put all and flow to jsp |
| 17:06 |
|
Quest |
its nested |
| 17:06 |
|
whartung |
I'd do it at the controller layer before invoking the business logic. Some like this stuff deep down, I prefer is locked by gates. |
| 17:06 |
|
whartung |
no, there aren't so many calls. |
| 17:07 |
|
whartung |
you have request -> controller -> business logic -> DAO -> result -> JSP. |
| 17:07 |
|
whartung |
the DAO's don't care. The business logic MAY not care. the Controller cares, a lot. |
| 17:07 |
|
sfisque |
aye. the only time yo'd have to gate deeper,is if you have service -> service calls |
| 17:07 |
|
Quest |
whartung, one service may call many daos methods and even other services. each method may give false ./exception |
| 17:07 |
|
whartung |
so what? |
| 17:07 |
|
whartung |
false exception? what does that mean? |
| 17:07 |
|
sfisque |
or if you're exposing your service via @Remote, @Webservice, or similar facility |
| 17:08 |
|
whartung |
right, but you can use facades for that (and, mostly, should) |
| 17:08 |
|
whartung |
IMHO |
| 17:08 |
|
Naros |
Quest: the point here is that generally a business logic / service method is often a 1:1 to what the request being invoked does. |
| 17:08 |
|
sfisque |
right but the gating still has to be there because you're still potentially going service -> service (in the @Remote case) |
| 17:09 |
|
Quest |
hm |
| 17:09 |
|
sfisque |
again, consider two web apps with one EJB service layer shared in the container via @Remote |
| 17:09 |
|
Naros |
so guarding the controller that wraps this business logic method is often sufficient enough and all the permission checks needed should be done there. |
| 17:09 |
|
Quest |
whartung, i meant no permission by false/exception |
| 17:09 |
|
whartung |
sure, simply put the gating needs to be put on the edges of the services |
| 17:09 |
|
Naros |
but there are cases where gating inside the service methods is necessary. |
| 17:09 |
|
Naros |
What whartung said :P |
| 17:10 |
|
sfisque |
aye, as we've all been saying along... "it depends" :-D |
| 17:10 |
|
Naros |
And then its just as simple as once again, using the UserSecurityContext bean internally. |
| 17:10 |
|
whartung |
basically quest, there's no reason for the business logic to check this stuff. Let the controller check it. |
| 17:10 |
|
Naros |
if it fails you could throw an application specific AccessDeniedException perhaps. |
| 17:10 |
|
Quest |
hm |
| 17:11 |
|
Quest |
whartung, so controller checks if //servcie call somesServiceMethod() returns positive / negative result. and controller acts accordingly? |
| 17:12 |
|
sfisque |
the ONLY case i can see where you need the security deeper (Like at the DAO layer) is if your security is data granular (as in you have to impose security on a per "entity instance" case), but that's fairly advanced and not relevent to learning the basics atm |
| 17:12 |
|
whartung |
public ResultThing service(Request req) { if (user.hasPrivilege("doting")) { businessLogic.doThing(); } else { return SendThemToTheDeniedPageResultThing(); } } |
| 17:13 |
|
whartung |
exactly sfisque |
| 17:15 |
|
whartung |
You're over thinking this stuff Quest. Just Do It. Anything. try it out, see if you like it, try blindly do it wrong and completely fail, then come back and fix it. It's software. You make music by playing the piano -- so go play, and see if it sounds good. You only develop a good ear by playing a lot of music, and writing a lot of code. |
| 17:16 |
|
Quest |
http://pastebin.com/16siG49V whartung Naros sfisque ? |
| 17:17 |
|
Naros |
whartung: would you suggest in your SendThemToTheDeniedPageResultThing using instanceof comparitor or isAssignableFrom? |
| 17:17 |
|
Quest |
well i would have key value pair for the arraly list but a hashmap. that tells, (issue, message) |
| 17:17 |
|
Naros |
nvm, have a better idea |
| 17:18 |
|
Quest |
(userIsADMIN, "true") |
| 17:18 |
|
Quest |
whartung, you are correct. |
| 17:18 |
|
Quest |
i overthink on strategies. I shouldnt |
| 17:19 |
|
Quest |
I read too much, ask too much, and get disturbed too much. |
| 17:19 |
|
Quest |
:) |
| 17:19 |
|
Naros |
whartung: http://pastebin.com/1tBbTP1j <-- something like this seem approriate to you and sfisque ? |
| 17:20 |
|
Naros |
In the struts world it blurs a few lines |
| 17:20 |
|
Naros |
but i think it feels acceptable. |
| 17:20 |
|
Quest |
by the way is this paste sane? http://pastebin.com/i0Nahpw1 |
| 17:20 |
|
sfisque |
yah. it appears fine. |
| 17:21 |
|
whartung |
yea I can't speak to whatever framework he's using for the MVC |
| 17:21 |
|
whartung |
other than that Naros looks fine |
| 17:21 |
|
Quest |
whartung, iam using spring |
| 17:21 |
|
whartung |
yea I don't know spring |
| 17:21 |
|
Quest |
oh. ok. Naros use struts2 |
| 17:22 |
|
sfisque |
i would shy away from "role" based authorities. keeping the authorities as "perms" rather than "roles" wills ave you much headache |
| 17:22 |
|
Naros |
Quest: right and my examples are using Struts2 but i think u can make a relationship between the ideas pretty easily. |
| 17:22 |
|
Naros |
^^^^^^^^^^^^^^ |
| 17:22 |
|
whartung |
yea, privs are better than roles -- finer grained |
| 17:22 |
|
Naros |
I can't stress sfisque's suggesteion enough |
| 17:22 |
|
sfisque |
semantically speaking a "role" is just a bucket filled with a bunch of "perms" |
| 17:23 |
|
Naros |
that's why we designed it around authorization objects that grant granular access to a piece of a larger puzzle. |
| 17:23 |
|
Naros |
you can then mix/match and make some pretty complex security models that way |
| 17:23 |
|
sfisque |
because if the "role" changes, all you need to do is alter the collection of perms and the code does not gyrate |
| 17:23 |
|
Naros |
yeppers |
| 17:23 |
|
whartung |
yup |
| 17:24 |
|
sfisque |
that's another headache i'm dealing with. the product was written (before i came on board) with BOTH perm and role based authorizations wired into the code.... Weeeeeeeeeeeeee NOT |
| 17:25 |
|
whartung |
yea, my most hated one is the "isAdmin" role check. that's plain laziness |
| 17:25 |
|
Quest |
Naros, throws AccessDeniedException . 1. how about i just make my own ResultServiceException extends Exception ? 2. no use try catchs at all (other than db disappeared things) and use http://pastebin.com/i0Nahpw1 |
| 17:25 |
|
Quest |
sfisque, i agre |
| 17:26 |
|
Naros |
Quest: http://pastebin.com/1tBbTP1j <--- |
| 17:26 |
|
Naros |
oh wait. |
| 17:26 |
|
Naros |
i see your point, let me fix |
| 17:26 |
|
Naros |
ok http://pastebin.com/kHF81zXh (revised) |
| 17:26 |
|
Quest |
:) |
| 17:27 |
|
Naros |
No need for throwing exceptions. The idea is unless it's absolutely neccessary, you just return some ServiceResult implementation. |
| 17:27 |
|
Naros |
The ServiceResult implementation is your VO (Value Object) that glues the controller and business method together. |
| 17:28 |
|
Naros |
In my case, I just allowed the VO to dictate the control flow of the controller upon return. |
| 17:28 |
|
Quest |
Naros, what if service method checks for multiple permistions. cant return multiples strings/objects. 2. what if ijust dont use try catch in controller |
| 17:28 |
|
Quest |
silly question though |
| 17:29 |
|
Naros |
If you need 3 or 3000 permissions to run a method, the return result is always the same. AccessDeniedServiceResult, right? |
| 17:29 |
|
Naros |
again this is assuming you absolutely need or want permission checks in the service methods |
| 17:29 |
|
Quest |
each dao method at the lowest part of flow, would give a error message string that the priviliage is not true. that has to be passed to controller m then view |
| 17:29 |
|
Naros |
often doing it in the controller is sufficient. |
| 17:30 |
|
Naros |
DAO shouldn't care about permissions is what we were saying earlier. |
| 17:30 |
|
Quest |
am.. I may have to output each error to the user |
| 17:30 |
|
Quest |
e.g you dont have read acces to x and y. no write acces to z |
| 17:30 |
|
Quest |
now. daos would check these small things |
| 17:31 |
|
Quest |
Naros, this is driving me crazy :) |
| 17:31 |
|
Naros |
Hm |
| 17:33 |
|
Naros |
There is no reason you couldn't have a special implementation of a service result where you could store a field/permission pair where access wasn't granted |
| 17:34 |
|
Naros |
MultiAccessDeniedServiceResult(List<FieldPermissionFailure> failures) { ... } |
| 17:34 |
|
Naros |
then use that in the controller to make pretty messages where applicable. |
| 17:35 |
|
Naros |
Your default implementation could just as easily allow you to provide that level of detail if necessary. |
| 17:35 |
|
Quest |
<Naros> There is no reason you couldn't have a special implementation of a service result where you could store a field/permission pair where access wasn't granted <--- thats most important i think as user has to be told in red color that you lack priviliage on certain things. |
| 17:35 |
|
Quest |
one error list would be easy |
| 17:36 |
|
Quest |
in that case , how to pass each error from dao to controller |
| 17:36 |
|
Naros |
Should be being passed from service to controller, not the DAO |
| 17:36 |
|
Quest |
2. in case of a text box, or a placement of that error. I would need to know what error is it and where to place it on page |
| 17:37 |
|
* Quest |
knows that he is complicating things...... but they are too |
| 17:37 |
|
Naros |
Your FieldPermissionFailure object could contain all that information to allow you to piece the UI together however necessary. |
| 17:37 |
|
Naros |
field name, error message, other contextual information |
| 17:37 |
|
Quest |
Naros, hm. so service checks all daos booleans and maintain a list of key values of errors? then pass to controller. the controller to view |
| 17:37 |
|
Quest |
? |
| 17:38 |
|
Quest |
Naros, hm. and the access granted will print out "" . empty strings. that is no string |
| 17:38 |
|
Quest |
hm. |
| 17:38 |
|
Quest |
makes sense. so key value pairs is the way to go? |
| 17:38 |
|
Naros |
The controller validates permissions (through whatever means you define). If unsucessful, it returns a service result to the controller and you do whatever you need to fit the UI needs. If the validation on permissions passes inside the controller, you do your business logic, returning a different service result to the controller. |
| 17:38 |
|
Naros |
sorry, let me fix that |
| 17:39 |
|
Naros |
The service validates permissions (through whatever means you define). If unsucessful, it returns a service result to the controller and you do whatever you need to fit the UI needs. If the validation on permissions passes inside the controller, you do your business logic, returning a different service result to the controller. |
| 17:39 |
|
Naros |
Final version: The service validates permissions (through whatever means you define). If unsucessful, it returns a service result to the controller and you do whatever you need to fit the UI needs. If the validation on permissions passes inside the service you do your business logic, returning a different service result to the controller. |
| 17:39 |
|
Naros |
but again that is if you NEED permission checks in your service method |
| 17:40 |
|
Quest |
what object type should the service return to controller? |
| 17:40 |
|
Naros |
How you organize the data you hand off between tiers is entirely up to you & your use case needs. |
| 17:40 |
|
Quest |
what you suggest? |
| 17:41 |
|
Quest |
I would be coding now, be back with some demos. |
| 17:41 |
|
whartung |
stop |
| 17:41 |
|
whartung |
start over |
| 17:41 |
|
whartung |
what kind of security do you need quest? |
| 17:41 |
|
Quest |
hm.. |
| 17:41 |
|
Quest |
whartung, do you really want to know? iam sure you will pull out your hair soon |
| 17:41 |
|
Quest |
whartung, this kind of. http://stackoverflow.com/questions/17793414/spring-3-hibernate-4-user-authentication-and-authorization-privileges |
| 17:41 |
|
Naros |
lol |
| 17:42 |
|
Naros |
maybe whartung can give u some guidance, i must jet for a meeting & lunch. |
| 17:42 |
|
whartung |
all of this can be done at the controller |
| 17:42 |
|
Quest |
I think its time for me to code. I have gotten enough vission. and great guidance from Naros whartung sfisque (thanks ) |
| 17:43 |
|
Quest |
whartung, if you can paste up a psudeo code of 10 - 15 lines. (IF you want). it would elaborate greate. i would be back from dinner. |
| 17:44 |
|
* Quest |
waves |
| 17:56 |
|
|
caverdude joined ##javaee |
| 17:58 |
|
Quest |
whartung, back , passing the privis from dao (lowest level)to controller and then to view seemed to be a problem though. but i guess i would figure out something. going off again. |
| 18:02 |
|
sfisque |
you don't have to pass them around. your method can merely do an "exist" query, to reduce the weight of the round trip ( select 1 from UserPerm where user_id = thisUser.userId AND perm_id = [desired permission] ) |
| 18:02 |
|
sfisque |
you either get back 1 or a null resultset |
| 18:03 |
|
Quest |
sfisque, well, true or false would also work better.. no? |
| 18:03 |
|
whartung |
most of these permissions can be coded in the database and enforced by joins in the SQL |
| 18:04 |
|
sfisque |
aye but not all db's suport boolean |
| 18:04 |
|
Quest |
whartung, ya. but if i asnwer/ comment on that. the discusion will go lengthy |
| 18:04 |
|
sfisque |
lolz |
| 18:04 |
|
whartung |
all dbs support 1 and 0 |
| 18:04 |
|
sfisque |
to put it simply, if the question is, "can i load this data" then it's a join, if the question is "do i have this permission" then a simple exist query will do fine |
| 18:05 |
|
Quest |
so I should use chars instand of booleans? |
| 18:05 |
|
sfisque |
depends. most ORMs will coerce a Number into a boolean (non zero = true) |
| 18:05 |
|
whartung |
but you can use limits that are registered with the DB as filters in the join |
| 18:05 |
|
whartung |
for example |
| 18:05 |
|
whartung |
if you have a user |
| 18:05 |
|
* Quest |
uses postgres |
| 18:05 |
|
whartung |
and they subscribe to forums |
| 18:05 |
|
sfisque |
case in point, Oracle has no boolean, but hibernate will coerce a number into a boolean if the entity requires |
| 18:05 |
|
Quest |
future may be oracledb or db2 |
| 18:05 |
|
Quest |
by the way ^ |
| 18:06 |
|
whartung |
then join the subscription list against the forum list and ta da, list of "valid" forums. |
| 18:06 |
|
whartung |
EZ |
| 18:06 |
|
sfisque |
db2.... u have my condelnces |
| 18:07 |
|
Quest |
so you suggest db2 , ok |
| 18:07 |
|
sfisque |
the neat thing about oracle, you can embed java in it as stored procedures and use that to reduce round tripping (but again, you have to be careful not to blur the tiers badly) |
| 18:07 |
|
Quest |
hm. so using 1/0 chars instead of booleans in db would make fewer space |
| 18:08 |
|
sfisque |
i would go with Number in the db and Boolean in the entity |
| 18:08 |
|
sfisque |
Number(1) |
| 18:08 |
|
Quest |
sorry? data type/ |
| 18:08 |
|
sfisque |
char and Character are very costly in java |
| 18:08 |
|
Quest |
really? |
| 18:08 |
|
sfisque |
same with short |
| 18:08 |
|
Quest |
even more that n Strings |
| 18:09 |
|
Quest |
even more than ints? |
| 18:09 |
|
sfisque |
String has native optimizations in the jvm. int performs much better than short |
| 18:09 |
|
whartung |
we handle booleans at the bean layer -- we don't let the JPA play with it |
| 18:09 |
|
Quest |
now iam surprised |
| 18:10 |
|
whartung |
we store them all as numbers, (Integers in our beans) and make the setters/getters Boolean |
| 18:10 |
|
sfisque |
make a simple Main that instantiates each type a few million times and dump time stamps to stdout |
| 18:10 |
|
Quest |
i always prefered shorts and chars, bytes. for small things. thought it would make less load |
| 18:10 |
|
Quest |
whartung, well my ids are in longs |
| 18:10 |
|
sfisque |
in C, it make sense. java, it's kind of built around 32/64 bit boundaries are optimal |
| 18:11 |
|
Quest |
k |
| 18:11 |
|
sfisque |
because ultimately everything is an object (ever since auto-boxing was wired in) |
| 18:11 |
|
Quest |
hm. 4 months of project deadlin. one man. lots of refactoring |
| 18:11 |
|
sfisque |
supposedly in J10 or so, they are phasing out all of the primitives and making everything pure objects |
| 18:11 |
|
Quest |
auto boxing is still a load |
| 18:12 |
|
sfisque |
should be a wild ride for the firmware guys |
| 18:12 |
|
sfisque |
who do javacard stuff |
| 18:12 |
|
Quest |
javacard? |
| 18:12 |
|
sfisque |
firmware java |
| 18:12 |
|
Quest |
credit card you mean? |
| 18:12 |
|
Quest |
oh. no one here |
| 18:12 |
|
sfisque |
javacard is VERY small formfactor java |
| 18:12 |
|
Quest |
but we do need a javascript and css guy now. |
| 18:12 |
|
Quest |
sfisque, whartung you know of any? |
| 18:12 |
|
sfisque |
things like one-wire, credit card chips, embedded sensors |
| 18:13 |
|
Quest |
hm |
| 18:13 |
|
sfisque |
what locale Q? |
| 18:13 |
|
Quest |
that wont matter |
| 18:13 |
|
Quest |
its page based payment. |
| 18:13 |
|
whartung |
timezone synergy helps though... |
| 18:13 |
|
Quest |
you give a page, you get payment. same with the second page |
| 18:13 |
|
Quest |
whartung, timezone synergy. thats a company? |
| 18:13 |
|
sfisque |
gotcha. i'll check if any of my collegeus need some side work |
| 18:14 |
|
Quest |
okie dokie. I though you guys might know JS |
| 18:14 |
|
whartung |
no, it's ensuring that the folks you're working with aren't 12 hours away and asleep when you have a question |
| 18:14 |
|
Quest |
whartung, oh. that wont be a problem either |
| 18:14 |
|
sfisque |
lol, like in chenai or mumbai |
| 18:14 |
|
whartung |
yea, it is a problem Quest |
| 18:14 |
|
* Quest |
i like shanghai though |
| 18:15 |
|
whartung |
is your team willing to be up at 1am to support your contractor? or is it ok for him to lose a day of work? |
| 18:15 |
|
Quest |
whartung, well I only would breif requirments to him. he can proceed later as time suites him |
| 18:15 |
|
sfisque |
shanghai, that term describes my city :-D |
| 18:15 |
|
Quest |
am. we do that most of the time. fix up a breifing time. dev time relies on the dev |
| 18:15 |
|
Quest |
sfisque, are you....... from shanghai? |
| 18:16 |
|
sfisque |
no, i'm in pdx... home of shanghai tunnels in the 19th century |
| 18:16 |
|
whartung |
pdx? |
| 18:16 |
|
sfisque |
drink too much, wake up on a ship out at sea |
| 18:16 |
|
sfisque |
portland |
| 18:16 |
|
whartung |
ah |
| 18:16 |
|
whartung |
yea |
| 18:16 |
|
Quest |
you must be having satelight internet then |
| 18:16 |
|
Quest |
:) |
| 18:17 |
|
Quest |
any ways. |
| 18:17 |
|
Quest |
any one from U.S? |
| 18:17 |
|
sfisque |
lolz. well, i'm in a cafe atm, i have comercial cable isp at home (5 static IPs) |
| 18:17 |
|
* sfisque |
waves |
| 18:17 |
|
Quest |
oh really. which city |
| 18:18 |
|
sfisque |
portland |
| 18:18 |
|
Quest |
thats in u.s? |
| 18:18 |
|
Quest |
ok |
| 18:18 |
|
sfisque |
well, NJ originally |
| 18:18 |
|
Quest |
new jersy |
| 18:18 |
|
Quest |
hm. |
| 18:18 |
|
sfisque |
yes. edison |
| 18:18 |
|
Quest |
our headoffice is in us |
| 18:18 |
|
Quest |
so I can call you by voip anytime |
| 18:18 |
|
Quest |
sfisque, do you do JS ? |
| 18:19 |
|
sfisque |
i try not to. i find JS infuriating with all the browser specific stuff and whatnot |
| 18:19 |
|
sfisque |
i do enough to get by |
| 18:19 |
|
Quest |
well thats why jQuery stepped in |
| 18:19 |
|
whartung |
Let the "UX Experts" deal with that |
| 18:19 |
|
* sfisque |
nods with whartung |
| 18:20 |
|
Quest |
hm ok. |
| 18:20 |
|
Quest |
thats why i didnt voted to get my hands dirty and asked the company to outsource |
| 18:20 |
|
sfisque |
you would be surprised at how jquery dojo and the rest still have "browser version" issues |
| 18:20 |
|
Quest |
:) |
| 18:20 |
|
Quest |
sfisque, really. hm i thought contrary by word of mouth. |
| 18:21 |
|
Quest |
but no doubt it would be better than legacy JS |
| 18:21 |
|
whartung |
see that's the thing Quest |
| 18:21 |
|
sfisque |
80/20 rule. it's removes 80% of the boilerplate stuff, but you can still stumble over edge cases |
| 18:21 |
|
whartung |
just because Jquery may "handle it" doesn't mean you (the developer) aren't responsible for it anyway. |
| 18:21 |
|
Quest |
hm.. |
| 18:22 |
|
whartung |
"I can't do X because JQuery won't let me" Like I care…fix it. |
| 18:22 |
|
sfisque |
and we've discovered a nice "feature" of jquery that has scalability issues with very complex tables of data |
| 18:22 |
|
Quest |
I better by implementing what you guys guided me... see you soon |
| 18:23 |
|
sfisque |
but on that note, i have to go fetch one of my spawnlings... ttyl |
| 18:47 |
|
* Naros |
has returned. |
| 18:49 |
|
Naros |
the only issue I have with relying permission wise on DB queries is how does one differentiate between (1) no data exists but you have permissions and (2) you don't have permission so no data gets returned. |
| 18:50 |
|
whartung |
you change the filter and be explicit on your request |
| 18:51 |
|
Naros |
Aye, just saying it isn't just enough to rely on the result from a DB alone. |
| 18:51 |
|
whartung |
depends on the context |
| 18:52 |
|
Naros |
like most things :P |
| 18:52 |
|
whartung |
joining to the privileges at the SQL level saves a lot of code in Java, especially for something glide this use case. |
| 18:52 |
|
whartung |
like all things |
| 18:52 |
|
whartung |
I never said this was a universal solution to all problems |
| 18:52 |
|
whartung |
and I shouldn't have to qualify every suggestion with that. |
| 18:55 |
|
Naros |
lets hope not - well going back to my source code review |
| 19:04 |
|
onr |
"saves a lot of code in Java" |
| 19:06 |
|
* Naros |
questions onr. |
| 19:10 |
|
* onr |
QuestionFactoryFactories. |
| 19:12 |
|
Naros |
factories that provide factories? hehe, fun |
| 19:19 |
|
Quest |
onr, so you can speak english ? :) |
| 19:37 |
|
onr |
Quest: anlamadim ne diyon olm? |
| 19:39 |
|
|
xll11 joined ##javaee |
| 19:43 |
|
Quest |
onr, i only understand english dear |
| 19:46 |
|
|
caverdude joined ##javaee |
| 20:00 |
|
onr |
Quest: then learn some other language |
| 20:03 |
|
Quest |
onr, i have. java :) |
| 20:05 |
|
onr |
you babbler |
| 20:05 |
|
Quest |
:) |
| 20:05 |
|
|
sfisque joined ##javaee |
| 20:07 |
|
|
k5__ joined ##javaee |
| 20:40 |
|
|
k5_ left ##javaee |
| 21:03 |
|
|
cavemanlg joined ##javaee |
| 21:06 |
|
|
Maziz joined ##javaee |
| 21:19 |
|
|
caverman joined ##javaee |
| 22:39 |
|
pdurbin |
hmm. maybe I'm doing exceptions wrong, then. :) |
| 22:43 |
|
whartung |
I like exceptions for exceptional situations. |
| 22:45 |
|
pdurbin |
whartung: how does this grab you? I'm throwing a lot of exceptions: https://github.com/IQSS/dvn/blob/1ba5287953f0dd1485a1e111d451d53441ccb007/src/DVN-web/src/edu/harvard/iq/dvn/api/datadeposit/MediaResourceManagerImpl.java |
| 22:50 |
|
whartung |
I would never shroud the real exception, you don't know what interesting things it may tell you. |
| 22:50 |
|
pdurbin |
sure |
| 22:51 |
|
whartung |
other than that it looks ok |
| 22:51 |
|
pdurbin |
\o/ |
| 22:52 |
|
pdurbin |
whartung: thanks |
| 22:52 |
|
whartung |
I wold make SwordError and SwordServer as runtime exceptions |
| 22:53 |
|
sfisque |
swordapp? is there a corresponding daggerapp, maceapp, and flailapp? |
| 22:53 |
|
whartung |
it's a whole suite of applications sfisque |
| 22:54 |
|
|
caverman joined ##javaee |
| 22:56 |
|
|
cavemanlg joined ##javaee |
| 22:58 |
|
pdurbin |
whartung: well, SwordError gets displayed as an Atom doc to an AtomPub client |
| 22:59 |
|
whartung |
I'm just saying I would make them runtime exceptions rather than checked exception, then you can get rid of those "throws …" clauses. |
| 22:59 |
|
pdurbin |
hmm. ok. I'll look into that |
| 23:00 |
|
whartung |
checked exceptions are "here's something I can't handle, but I'm forcing you to" whether you can handle it or not. |
| 23:00 |
|
pdurbin |
sfisque: halberdapp is a type of swordapp ;) |
| 23:01 |
|
pdurbin |
whartung: well, the client does need to know it can't do what it's trying to do... |
| 23:01 |
|
whartung |
oh, it'll know... |
| 23:01 |
|
pdurbin |
i.e. if the client is trying to look up a non existent item |
| 23:01 |
|
whartung |
but if it doesn't care, then it can ignore the problem for something else to deal with |
| 23:03 |
|
whartung |
For example, why don't you catch OutOfMemoryException anywhere? everything can Throw that -- at any time |
| 23:03 |
|
sfisque |
or hit them with the sword |
| 23:03 |
|
pdurbin |
whartung: I see your point :) |
| 23:03 |
|
sfisque |
i thought OOM was an Error and not an Exception |
| 23:03 |
|
sfisque |
which is a very different beast |
| 23:03 |
|
whartung |
you can catch errors :) |
| 23:03 |
|
sfisque |
sort of |
| 23:04 |
|
sfisque |
as long as the JVM isn't in a spurious state |
| 23:04 |
|
whartung |
thats a differnet issue |
| 23:05 |
|
sfisque |
not necessarily. according to the spec, Error is supposed to be considered a spurious state and you should not assume the jvm can handle any recovery functionality in your code |
| 23:05 |
|
sfisque |
i.e. OOM - the jvm cannot execute your recovery code because there's no heap left |
| 23:07 |
|
whartung |
either way it's orthogonal to the overall point |
| 23:07 |
|
sfisque |
aye, but fun to conjecture about :P |
| 23:14 |
|
|
SoniEx2 joined ##javaee |
| 23:20 |
|
pdurbin |
yep |
| 23:21 |
|
|
SoniEx2|2 joined ##javaee |
| 23:35 |
|
|
joshua_jandyco joined ##javaee |
