I am the founder and CEO of Data Geekery GmbH, located in Zurich, Switzerland. With our company, we have been selling database products and services around Java and SQL since 2013. Ever since my Master's studies at EPFL in 2006, I have been fascinated by the interaction of Java and SQL. Most of this experience I have obtained in the Swiss E-Banking field through various variants (JDBC, Hibernate, mostly with Oracle). I am happy to share this knowledge at various conferences, JUGs, in-house presentations and on our blog. Lukas is a DZone MVB and is not an employee of DZone and has posted 255 posts at DZone. You can read more from them at their website. View Full User Profile

J2eeBasedPreAuthenticatedWeb- AuthenticationDetailsSource… WAT??

10.17.2012
| 3062 views |
  • submit to reddit

WAT? This hilarious talk about the incredible quirks of JavaScript had been going around on Twitter and other media. In case you haven’t already, take a look at it here:

https://www.destroyallsoftware.com/talks/wat

Speaking of WAT, let’s talk about Spring Security. Spring has undertaken great effort to replace the clumsy, verbose parts of J2EE to replace them with straightforward and intuitive APIs. In Spring Security, you will find great features like the eraseCredentialsAfterAuthentication property, which keeps you from accidentally letting credentials lie around. Accidentally. What, like printing them to the standard out, or to the HTML document?? If this happens to you accidentally, then you might have a lot of other problems, too. Frameworks helping people to avoid such accidents remind me of PHP and this interesting post about how fundamentally broken PHP is:

http://me.veekun.com/blog/2012/04/09/php-a-fractal-of-bad-design/

If you’ve ever heard about PHP’s abominable “magic quotes”, you’ll understand what I mean.

More examples

There’s more. Spring has incredibly specialised API types, such as:

  • J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource
  • PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails
  • PreAuthenticatedGrantedAuthoritiesAuthenticationDetails
  • GrantedAuthorityFromAssertionAttributesUserDetailsService
  • MutableGrantedAuthoritiesContainer
  • MethodSecurityMetadataSourceBeanDefinitionParser
  • AbstractUserDetailsServiceBeanDefinitionParser

Wow. I didn’t know Java identifiers were even allowed to be that long. And there’s more. Consider the package names (line break introduced artificially for improved readability):

org.springframework.security.web
   .authentication.preauth.websphere
   .WebSpherePreAuthenticatedWebAuthenticationDetailsSource

Note the repetition of concepts in both package and class names:

  • 2x “web”
  • 4x “authentication” (out of which 2x “pre-authenticated”)
  • 2x “websphere

For all of you who weren’t aware that the class browsing frame in the regular Javadoc frameset has a horizontal scrollbar, I invite you to navigate through the incredible verbosity of Spring Security:

http://static.springsource.org/spring-security/site/docs/3.1.x/apidocs/index.html

</rant>

 

 

Published at DZone with permission of Lukas Eder, author and DZone MVB. (source)

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)

Tags:

Comments

Oliver Plow replied on Thu, 2012/10/18 - 2:43am

I agree with you. The problem is that polymorphism in OOP is widely not understood. Code like cat.catMakeMiou and dog.dogMakeWouff instead of cat.makeNoise and dog.makeNoise is fairly common. Especially Spring is full of it. Being able to write boilerplate code with Spring and all those tools and frameworks is what counts today. OOP/OOD was yesterday ...

Mike Dzone replied on Thu, 2012/10/18 - 9:06am

Just another reason to stay away from Spring!

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.