Page tree
Skip to end of metadata
Go to start of metadata

On this page:

Target audience:

Users of the extension providing JEE analysis support.

Summary: This document provides information about the extension providing JEE analysis support.

Extension ID

com.castsoftware.jee

Description

This extension provides support for JEE.

What's new?

Please see the following pages for information about new features/changes, fixed bugs, changes that will impact results etc.:

Technology support

Please also see JEE - Technology support notes for additional information.
Language / FrameworkSupportedSupported Versions

Java JDK

(tick)
  • 1.1 - 1.14 and 5-13
Presentation layer frameworks


Java Server Faces (JSF)(tick)
  • 1.2
  • 2.0, 2.1

This includes the support of the following third-party JSF libraries:

  • Richfaces
  • IceFaces
  • MyFaces (Apache)
  • PrimeFaces
JSP(tick)
  • 1.1, 1.2
  • 2.0

Note:

Apache Struts

(tick)
  • 1.0, 1.1 (including Tiles 1.0 and STXX 1.0 - 1.2)
  • 2.0 - 2.5
Struts Validator(tick)
  • 1.2, 1.3
STXX(tick)
  • 1.0, 1.1, 1.2
Persistence layer frameworksHibernate(tick)
  • 2.x
  • 3.1, 3.2, 3.3, 3.4, 3.5, 3.6
  • 4.0, 4.1, 4.2, 4.3-5.x
JPA(tick)
  • 1.0
  • 2.0, 2.1
EJB(tick)
  • 2.0, 2.1
  • 3.x (only @Stateless, @Stateful, @Local and @Remote annotations are supported)
Other frameworks



Spring IoC(tick)
  • 1.2.x
  • 2.x
  • 3.x
  • 4.x
  • 5.x

WSDL

(tick)
  • 1.1

CDI

(tick)
  • 1.0, 1.1, 1.2
Spring Batch(tick)-
Project LombokLombok(tick)
  • 1.18.12

Java 9 support

Private Methods in Interface

From Java 9 onward, users can write private methods in interfaces using the private access modifier as shown in following sample of code. These methods are now supported by the JEE Analyzer:

public interface DBLogging {
    String MONGO_DB_NAME = "ABC_Mongo_Datastore";
    String NEO4J_DB_NAME = "ABC_Neo4J_Datastore";
    String CASSANDRA_DB_NAME = "ABC_Cassandra_Datastore";
    default void logInfo(String message) {
        log(message, "INFO");
    }
     default void logWarn(String message) {
        log(message, "WARN");
    }
     default void logError(String message) {
        log(message, "ERROR");
    }
     default void logFatal(String message) {
        log(message, "FATAL");
    }
     private void log(String message, String msgPrefix) {
        // Step 1: Connect to DataStore
        // Step 2: Log Message with Prefix and styles etc.
        // Step 3: Close the DataStore connection
    }
    // Any other abstract, static, default methods
}

Module concept 

  • Starting with Java 9, new concepts of modules are introduced directly in-between packages and class loaders. It encapsulates packages and the classes there in.
  • A specific module-info.java is used for module declaration and a new syntax has been introduced for this purpose.
Currently we do not support this new concept - support will be provided in a future release. However, the JEE analyzer has been modified to ignore module-info.java files to avoid syntax errors when this type of file is present in the source code.

Java 10 support

Local-Variable Type Inference (JEP 286)

Java 10 extends type inference to declarations of local variables with initializers and introduces the use of 'var' for the purpose of local-variable type inference. This makes local variable definitions clear and concise. See the examples below.

Pre JAVA 10 : local variable type inference
/* before Java 10, the type of the local variables were to be specified explicitly */

ArrayList<String> list = new ArrayList<>();

for( Iterator<String> iter=list.iterator() ; iter.hasNext() ; ) {
	// do something here
}

for ( String ele : list ) {
    int len = ele.length(); 
}

Since JAVA 10 : local variable type inference
/* Since java 10, local variable type inferenence is implicit from the initialization expression */

var list = new ArrayList<String>(); 

for( var iter=list.iterator() ; iter.hasNext() ; ) {
	// iter infers type from its assigned value
}

for ( var ele : list ) {
	// 'ele' is resolved to the enclosed type of the iterable (String here)
    var len = ele.length(); 
}

Enlighten will also display the resolved types as seen below

Java 11 support

Local-Variable Syntax for Lambda Parameters (JEP 323)

This JEP will allow "var" to be used when declaring the formal parameters of implicitly typed lambda expressions. This aligns the syntax of lambdas with Java 10's local-variable type inference. Instead of writing this:

Pre JAVA 11 : lambda definition
(x, y) -> x.process(y)

We’ll be able to write this in Java 11:

Since JAVA 11 : local variable type inference for lambda parameters
(var x, var y) -> x.process(y)

Annotations can also be applied to the lambda formal parameters:

Since JAVA 11
(@CustomAnnot var m, var n) -> m.processUDT(n)

Enlighten's code viewer will display the resolution of var for lambdas. A sample is shown below:

The new APIs introduced in Java 11 will also be resolved in Enlighten. For example, here are some of the new String APIs:

Analysis configuration for Java JDK 9 - 13

By default, AIP Console/CAST Management Studio will not specifically offer JDK 9 - 13 options in the Java Version configurations setting (see JEE - Analysis configuration). Instead, the CAST will assume that that latest version of the JDK has been used to compile the application source code - and in this case, "Latest" includes support for Java 9 - 13.

Function Point, Quality and Sizing support

This extension provides the following support:

  • Function Points (transactions): a green tick indicates that OMG Function Point counting and Transaction Risk Index are supported
  • Quality and Sizing: a green tick indicates that CAST can measure size and that a minimum set of Quality Rules exist
Function Points
(transactions)
Quality and Sizing
(tick)(tick)

CAST AIP compatibility

This extension is compatible with:

CAST AIP releaseSupported
8.3.x(tick)
8.2.x(error)
8.1.x(error)
8.0.x(error)
7.3.x(error)

Supported DBMS servers

This extension is compatible with the following DBMS servers:

DBMS serversSupported
CSS/PostgreSQL(tick) 
Oracle(tick) 
Microsoft(tick) 

Prerequisites

(tick)An installation of any compatible release of CAST AIP (see table above)

Required third-party software

The following section lists any third-party software that may be required to successfully deliver source code and run an analysis with the JEE Analyzer extension:

Install on workstation running DMTInstall on workstation running CMS

Nothing required

The CAST Delivery Manager Tool (DMT) only requires the location of the JEE application for extraction and packaging.

Nothing required

Dependencies with other extensions

Some CAST AIP extensions require the presence of other CAST AIP extensions in order to function correctly. The JEE Analyzer extension requires that the following other CAST AIP extensions are also installed:

  • Web services linker service (internal technical extension)
Note that when using the CAST Extension Downloader to download the extension and the Manage Extensions interface in CAST Server Manager to install the extension, any dependent extensions are automatically downloaded and installed for you. You do not need to do anything.

Download and installation instructions

Please see:

Application qualification information

Please see: JEE - Application qualification specifics

Prepare and deliver the source code

Please see: JEE - Prepare and deliver the source code

Analysis configuration and execution

Please see: JEE - Analysis configuration and execution and all child pages:

What analysis results can you expect?

Please see: JEE - Analysis results

Structural rules

The vast majority of rules provided for the JEE Analyzer are embedded in CAST AIP - see JEE - Structural rules for more information. In addition, some rules are also provided with the extension:

1.2.24https://technologies.castsoftware.com/rules?sec=srs_jee&ref=||1.2.24
1.2.23https://technologies.castsoftware.com/rules?sec=srs_jee&ref=||1.2.23
1.2.22https://technologies.castsoftware.com/rules?sec=srs_jee&ref=||1.2.22
1.2.21https://technologies.castsoftware.com/rules?sec=srs_jee&ref=||1.2.21
1.2.20https://technologies.castsoftware.com/rules?sec=srs_jee&ref=||1.2.20
1.2.19https://technologies.castsoftware.com/rules?sec=srs_jee&ref=||1.2.19
1.2.18https://technologies.castsoftware.com/rules?sec=srs_jee&ref=||1.2.18
1.2.17https://technologies.castsoftware.com/rules?sec=srs_jee&ref=||1.2.17
1.2.16https://technologies.castsoftware.com/rules?sec=srs_jee&ref=||1.2.16
1.2.15https://technologies.castsoftware.com/rules?sec=srs_jee&ref=||1.2.15
1.2.14https://technologies.castsoftware.com/rules?sec=srs_jee&ref=||1.2.14
1.2.13https://technologies.castsoftware.com/rules?sec=srs_jee&ref=||1.2.13
1.2.12-funcrelhttps://technologies.castsoftware.com/rules?sec=srs_jee&ref=||1.2.12-funcrel
1.2.11-funcrelhttps://technologies.castsoftware.com/rules?sec=srs_jee&ref=||1.2.11-funcrel
1.2.10-funcrelhttps://technologies.castsoftware.com/rules?sec=srs_jee&ref=||1.2.10-funcrel
1.2.9-funcrelThis extension is withdrawn.
1.2.8-funcrelhttps://technologies.castsoftware.com/rules?sec=srs_jee&ref=||1.2.8-funcrel
1.2.7-funcrel https://technologies.castsoftware.com/rules?sec=srs_jee&ref=||1.2.7-funcrel
1.2.6-funcrel https://technologies.castsoftware.com/rules?sec=srs_jee&ref=||1.2.6-funcrel
1.2.5-funcrel https://technologies.castsoftware.com/rules?sec=srs_jee&ref=||1.2.5-funcrel
1.2.3-funcrelhttps://technologies.castsoftware.com/rules?sec=srs_jee&ref=||1.2.3-funcrel
1.2.2-funcrelhttps://technologies.castsoftware.com/rules?sec=srs_jee&ref=||1.2.2-funcrel
1.2.1-funcrelhttps://technologies.castsoftware.com/rules?sec=srs_jee&ref=||1.2.1-funcrel
1.2.0-funcrelhttps://technologies.castsoftware.com/rules?sec=srs_jee&ref=||1.2.0-funcrel
1.2.0-beta1https://technologies.castsoftware.com/rules?sec=srs_jee&ref=||1.2.0-beta1
1.2.0-alpha3https://technologies.castsoftware.com/rules?sec=srs_jee&ref=||1.2.0-alpha3
1.2.0-alpha2https://technologies.castsoftware.com/rules?sec=srs_jee&ref=||1.2.0-alpha2
1.2.0-alpha1https://technologies.castsoftware.com/rules?sec=srs_jee&ref=||1.2.0-alpha1

Current known limitations

Quality Rules

Avoid static field of type collection (7562)

When calculating a snapshot for applicationusing JSE 5.0, the Quality Rule "Avoid static field of type collection (7562)" does not list as "Very High Risk Objects" classes that are or inherit from a Generic collection. The Quality Rule lists only the non generic form of collections. For example static attributes of type java.util.Collection<E> will not be reported as a violation.

Persistence: Avoid table and column names that are too long (portability) (7706)

Situation:

  • JEE application using the Java Persistence API (JPA), e.g. in the form of Hibernate.
  • A table or column name is not specified in the annotations of the JPA entity.

Symptoms: The JPA entity is not listed as a "Very High Risk" object in the results.

No link bookmarks generated

When Java Methods are defined inside a JSP file, no link bookmarks are generated (bookmarks can be seen in CAST Enlighten or in the Dynamic Link Manager). Example of a Java Method defined in a JSP file:

<%@ page language="Java" %> 
<%! 
public void myMethod(String message)
{ System.out.println(message); } 
%> 


  • No labels