CAST AIP 8.2.x Documentation
Page tree

Versions Compared

Old Version 6

changes.mady.by.user James Hurrell

Saved on

compared with

New Version Current

changes.mady.by.user James Hurrell

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

   
Language VersionSupportedComments

Java JDK 1.1 - 1.8

(tick)

Information about versions 1.5 - 1.8 is listed below in the "Technology support notes" section.

JSP 1.1

(tick)

JSPX documents (JSP in XML format) are not supported.

JSP 1.2

(tick)

JSP 2.0

(tick)

STRUTS Framework

(tick)
  • Struts 1.0, 1.1 (including STXX 1.0 - 1.2)
  • Struts 2.0 - 2.1

EJB 2.0

(tick)

 


EJB 2.1

(tick)


EJB 3.0

(tick)

Only @Stateless, @Stateful, @Local and @Remote annotations are supported

JPA 1.0 (part of EJB 3.0), JPA 2.0 (part of Hibernate 4.0)

(tick)

 


WSDL 1.1

(tick)


Spring IoC:

  • 1.2.x
  • 2.x
  • 3.x
(tick)


Hibernate:

  • 2.x
  • 3.1, 3.2, 3.3, 3.4, 3.5, 3.6
  • 4.0, 4.1, 4.2
(tick)

Note that Applications using Hibernate 4.3 can be analyzed but new features introduced in this release are not supported.

Struts Validator:

  • 1.2, 1.3
(tick)

 


Java Server Faces:

  • 1.2
  • 2.0, 2.1
(tick)

This includes the support of the following third-party JSF libraries:

  • Richfaces
  • IceFaces
  • MyFaces (Apache)
  • PrimeFaces

CDI:

  • 1.0, 1.1, 1.2
(tick)See section below for more information.

...

J2EE Analysis

J2EE Application

Bean Property

CDI Named Bean

Entity Java Bean

Hibernate Configuration File

Hibernate Entity

Hibernate Entity Property

Hibernate HQL Named Query

Hibernate Mapping File

Hibernate SQL Named Query

Form Validation File

Java Properties Files

Java Property Mapping

J2EE Scoped Bean

J2EE Web Application Descriptor

J2EE XML File

J2EE XML Object

JPA Embeddable

JPA Embeddable Property

JPA Entity

JPA Entity Property

JPA Named Native Query

JPA Named Query

JPA ORM Configuration File

JPA Persistence Configuration File

JPA Persistence Unit

JPA Result Set

JSF Converter

JSF Faces Config File

JSF Input Field

JSF Managed Bean

JSF Outcome

JSF Validator

JSF View ID Pattern

JSP Custom Tag

JSP Custom Tag Attribute

JSP Custom Tag Library

JSP EL Function

Message Driven Java Bean

Servlet

Servlet Attributes Scope

Servlet Mapping

Session Java Bean

Spring Bean

Spring Beans File

Spring Controller

Spring View

Struts Action

Struts Action Mapping

Struts Configuration File

Struts Form Bean

Struts Forward

Struts Interceptor

Struts Interceptor Stack

Struts Package

Struts Result

Struts Validator

STXX Pipeline

STXX Transform

STXX Transforms File

Image Removed

Tiles Configuration File

Image Removed

Tiles Definition Attribute

Image Removed

Tiles Definition

Validation Form

Validation Form Field

Validation Forms Set

XML Bean

...

Link Type

When is this type of link created?Example
MENTIONThis link is created for the taglib directive.

The caller is the JSP File where the directive is defined.

The callee is the Tag Library identified by the "uri" attribute.


Code Block
<%@ taglib uri="/examples-taglib" prefix="eg"%>


INCLUDEThis link is created for the include directive.

The caller is the JSP File where the directive is defined.

The callee is a JSP File, Static File or a JSP Mapping as specified by the "file" attribute.


Code Block
<%@ include file="URL"%>


INHERITThis link is used to describe object hierarchy. It is created for the page directive.

It is always enriched by the sub-type Extend (class to super-class).

The caller is the JSP File where the directive is defined.

The callee is a Java Class as specified by the "extends" attribute.


Code Block
<%@ page extends="com.cast.SuperClass"%>


THROWThis link is used to describe exception handling. It is created for the page directive.

The caller is the JSP File where the directive is defined.

The callee is a File (JSP or static) or a JSP Mapping as specified by the "errorPage" attribute.


Code Block
<%@ page errorPage="URL"%>


ACCESS

This link is used to describe run-time interactions. It may be enriched by the following sub-types:

  • Read
  • Write
  • Forward
  • Include

In the "example" column you will find a list of all cases when these links are created. If omitted, the caller is the JSP File where the standard or custom action is defined.


Read


Code Block
<jsp:getProperty name="clock" property="dayOfMonth"/>

The callee is the Bean Property as specified by the "property" attribute.

Write


Code Block
<jsp:setProperty name="clock" property="dayOfMonth" value="13"/>

The callee is the Bean Property as specified by the "property"attribute.>

Code Block
<eg:foo attr1="value"/>

The callee is the Tag Attribute as specified by the name of an attribute of the custom action.

Forward


Code Block
<jsp:forward page="URL"/>

The callee is a File (JSP or static) or a JSP Mapping.

Definition of a servlet mapping: the caller is the Servlet Mapping and the callee is the associated Servlet.

Definition of a property mapping: the caller is the Property Mapping and the callee is a File (JSP or static), a JSP Mapping or a Java Type.

Include


Code Block
<jsp:include page="file"/>

The callee is a File (JSP or static) or a JSP Mapping.


RELY ONThis link is used to describe typing.

Caller uses callee to define its Java type. Callee always refers to a class or interface.

In our case the caller is a Bean and the callee is its class as specified by either "class" or "beanName" attribute.

Note that for all beans created from a XML Configuration file, a link of this type is automatically created.


Code Block
<jsp:useBean id="clock" class="beans.clockBean" ... />


USEThis link is created for the jsp:useBeanstandard action.

The caller is the JSP File where the action is defined.

The callee is a Bean as specified by the "id" attribute.

This type is also used for dynamic link resolution. It covers server side objects referencing.


Code Block
<jsp:useBean id="clock" class="beans.clockBean" ... />


PROTOTYPEThis link is used as follows:

Servlet: between the servlet component and its servlet class or JSP File as specified in the application descriptor via "servlet-class" or "jsp-file" XML element.

Custom Tag: between the tag object and its class or tei-class as specified in the tag library descriptor via "tag-class" and "tei-class" xml elements.

 


USER DEFINEDThese links are entirely specified by the user in the application's additional XML configuration files.

Users can use the following string values to specify the link type:

access (Access), call (Call), catch (Catch), fire (Fire), include (Include), inherit (Inherit), issonof (Is Son Of), lock (Lock ), mention (Mention), prototype (Prototype), raise (Raise), refer (Refer), relyon (Rely On), throw (Throw) or use (Use).

The following table shows a non exhaustive list of these types of links:


 

CallerCallee
XML Configuration File
  • Java Type (class or interface)
  • Java Method
  • JSP Mapping

  • File (JSP or static)

  • Bean

Action Mapping
  • Java Type (class or interface)
  • JSP Mapping
  • File (JSP or static)
  • Bean
 



ESCALATEDWhen two objects are linked via a third object.Denoted by the square brackets around the link type in CAST Enlighten: [U]
INTERNAL ESCALATEDCreated when the calling object is not saved in the CAST Knowledge Base (i.e. a variable that is local to a function). As a result the analyzer will save the link and associate it with the parent of the calling object.Denoted by the curly brackets (or braces) around the link type in CAST Enlighten: {U}

...

Link TypeWhen is this type of link created?
FIRE

1. Traced between bean class member methods that are implicitly called by the EJB Container:

Home interface 
Bean class 
Remote interface
create(...)--F-->ejbCreate(...)<--F--create(...)
remove(...)--F-->ejbRemove(...)<--F--remove(...)


  < implemented business methods ><--F--< exported business methods >
find<method>(...)--F-->ejbFind<method>(...)  

2. Traced between bean class/home interface and server side objects. For example in this standard ejb-jar.xml file:

Code Block
<entity>
   <ejb-name>CustomerBean</ejb-name>
   ...
   <abstract-schema-name>Customer</abstract-schema-name>
   ...
   <query>
      <query-method>
         <method-name >findByFirstName</method-name>
         <method-params>
            <method-param>java.lang.String</method-param>
         </method-params>
      </query-method>
      <ejb-ql>SELECT DISTINCT OBJECT(c) FROM Customer AS c WHERE c.firstName = ?1</ejb-ql>
   </query>
</entity>

The signature of the method is created from the values of the tags <method-name> and <method-param>. The method is searched for using the home interfaces (for the findXXX) and the bean class (for the "select methods").

The abstract schema name identified by grep in the query "EJB-QL" is used to find the associated bean (the query can reference the abstract schema name of another bean). From the bean it is possible to retrieve the associated table names and then link resolution is possible.

3. Also traced between SEI.Mi (Service Endpoint Interface) and BC.Mi (Bean Class). Mi stands for methods that have the same signature in the SEI and the BC. The EJB must be a stateless session bean:

  • SEI.Mi -- Fire --> BC.Mi

4. In addition, this link type is used for implicit invocations. They are used to reflect:

  • either the life cycle events of a component (such as creation/destruction)
  • or the interaction of an external actor such as a container (for EJBs or servlets) or a web browser (for applets)

Caller always refers to a component or a class member method. Callee always refers to a class member method.

Info
Note: "Fire" links are never escalated.


USESELECT
Traced between bean and server objects (tables).
  • Bean --Usdui--> Table (U for Use, s for Select, d for Delete, u for Update, i for Insert)
  • Finder and select Method --Us--> Table

The link Bean --Usdui--> Table is traced only with container managed persistence (cmp) beans. For Bean managed persistence (bmp) beans, this link is indirect and is represented by two links:

  • One from Bean component to its java class (traced by EJB Assistant ).
  • One from Methods of the bean class where access to database objects is coded (via jdbc) to server objects corresponding to these objects (tables in this case). This link is traced by Java Analyzer.

For example in this standard ejb-jar.xml file:

Code Block
<entity id="ContainerManagedEntity_1">
   <ejb-name>PlayerEJB</ejb-name>
   ...
   <abstract-schema-name>Player</abstract-schema-name>
   ...

The bean in question is found in the ejb-jar.xml file using its name. Persistence information is identified using descriptors specific to each server type:

DELETE
UPDATE
INSERT
PROTOTYPE
This link type is reserved for J2EE components' support and is used as follows:
  • EJB: between the bean component and its implementation classes (bean class, local/remote interfaces and possibly primary key class).
  • Servlet: between the servlet component and its servlet class.
  • EJB: between the bean and the SEI (Service Endpoint Interface).

For example the Webservices.xml (must be placed in the module directory)

Code Block
<webservices ...>
   <webservice-description>
      ...
      <webservice-description-name>MyHelloService</webservice-description-name>
      <jaxrpc-mapping-file>mapping.xml</jaxrpc-mapping-file> // relatif ou absolu
      <port-component>
      ...
         <port-component-name>HelloIF</port-component-name>
         <service-endpoint-interface>helloservice.HelloIF</service-endpoint-interface>
         <service-impl-bean>
            <ejb-link>HelloServiceEJB</ejb-link>
         </service-impl-bean>
      </port-component>
   </webservice-description>
</webservices>

JAX-RPC mapping file (mapping.xml in the example) indicates that the mapping information between the web service operation and the java methods can be found in mapping.xml.

Code Block
<java-wsdl-mapping ...>
...
      <port-mapping>
         <port-name>HelloIFPort</port-name>
      </port-mapping>
   </service-interface-mapping>
   <service-endpoint-interface-mapping>
      <service-endpoint-interface>helloservice.HelloIF</service-endpoint-interface>
      <service-endpoint-method-mapping>
         <java-method-name>sayHello</java-method-name>
         <wsdl-operation>sayHello</wsdl-operation>
            <method-param-parts-mapping>
               <param-position>0</param-position>
               <param-type>java.lang.String</param-type>
               ...
               </method-param-parts-mapping>
   </service-endpoint-method-mapping>
   </service-endpoint-interface-mapping>
</java-wsdl-mapping>

Link example:

Info
Note:"Prototype" links are never escalated.


ACCESS
These links correspond to inter-bean references. These references are made via a logical name (declared in the ejb-jar.xml file and that specifies the target ejb) used in the bean client code. The tags containing this logical name are <ejb-ref> or <ejb-local-ref>.
  • EJB client -- Access --> EJB target

For example in this standard ejb-jar.xml file:

Code Block
<entity> //ou session ou message-driven
   <ejb-name> AddressBean</ejb-name>
   <ejb-ref> //ou ejb-local-ref
      <ejb-ref-name>ejb/CustomerRef</ejb-ref-name>
      ...
      <ejb-link>CustomerBean</ejb-link>
   </ejb-ref>
</entity>

Each bean specifies the list of other beans it accesses as well as the references used to do so.

JOIN
Traced between entity beans based on the abstract schema defined in deployment descriptor (beneath the <relationships>...</relationships> tag).

An entity bean (source EJB) is linked to another entity bean (destination EJB) only if navigation is possible from source EJB to destination EJB, i.e the relation-role in which source EJB is involved contains at least one cmr (container managed relationship) field allowing access to the destination EJB.

Code Block
<ejb-relation>
  <description>Team To Player</description>
  <ejb-relation-name>PlayerEJB.teams-TeamEJB.players</ejb-relation-name>
  <ejb-relationship-role>
     <ejb-relationship-role-name>TeamEJB</ejb-relationship-role-name>
     <multiplicity>many</multiplicity>
     <relationship-role-source>
         <ejb-name>TeamEJB</ejb-name>
     </relationship-role-source>
     <cmr-field>
        <cmr-field-name>players</cmr-field-name>
        <cmr-field-type>java.util.Collection</cmr-field-type>
     </cmr-field>
  </ejb-relationship-role>
 
  <ejb-relationship-role>
     <ejb-relationship-role-name>PlayerEJB</ejb-relationship-role-name>
     <multiplicity>many</multiplicity>
     <relationship-role-source>
        <ejb-name>PlayerEJB</ejb-name>
     </relationship-role-source>
     <cmr-field>
        <cmr-field-name>teams</cmr-field-name>
        <cmr-field-type>java.util.Collection</cmr-field-type>
     </cmr-field>
  </ejb-relationship-role>
</ejb-relation>

Considering the example above, the source EJB TeamEJB will be linked to the destination EJB PlayerEJB because the cmr field players makes navigation possible from source to destination EJB.

For the same reasons, PlayerEJB (now source EJB) will have Refer link to TeamEJB (destination EJB for this link).

For each Join link, the information below is retrieved from the deployment descriptor and accessible in HTML Report:

  • Relation Name

    The name of the EJB relation as found in the <ejb-relation-name> tag of the deployment descriptor (PlayerEJB.teams-TeamEJB.players in the example). If no name is provided, EJB Assistant computes a name for the relation, based on the names of the two beans involved. For instance, the computed name would be TeamEJB-PlayerEJB if PlayerEJB.teams-TeamEJB.players was missing in the example.

  • Relation Description

    The relation description as specified in the descriptor. No default value for this attribute.

  • Multiplicity

    One of the string Many, One or N/S if relation role multiplicity is not specified in the descriptor.

...

Info
Please also see Web technologies for more information about web technology specifics (i.e. XHTML, JScript, JavaScript).

Java Identifiers containing the '$' character

Identifiers containing the '$' character: '$' is used by java compilers as a class name delimiter in inner class file generation. It is also a legal java character authorized in class names. When reversing class files containing a reference to a class name with a '$', the analyzer can not determine if the '$' should be kept as is or interpreted as a '.' delimiter. It always takes the '.' alternative, meaning that "C$D" will always be interpreted as inner class "D" of class "C". The impact on the analyzer is that the '$' character is not supported in class names reversed from class files. However it is supported for code defined in java source files.

Overloaded Java methods

J2EE Analyzer cannot distinguish two overloaded methods if the signature (i.e. the name + parameters) of one of them exceeds 1024 characters. Both methods will be considered as one single method and links will be created for only one of them.

JSP Syntax

JSP comments are not supported within the body of an action (custom and standard).

Incorrect JSE registry key in the environment profile

When the registry key specified in a J2EE Environment Profile does not correspond to the real registry key used by the JSE installed on the analysis PC, you should duplicate the Environment Profile of the JSE version that you want to use and reference there the rt.jar of the JSE installed on your machine. Note that duplication is required to ensure that the parameterization related to JSE will be effective for this profile.

Java code in a JSP tag

When analyzing JSP expressions that are the value of attributes in a tag, the analyzer may try to identify a bean with the same name as the java code. The analyzer will not find this bean in the scope as it does not exist.
Take the following JSP example:

 

No Format
<logic:equal name="<%=Colors.KEY_COLOR%>" value="<%=Colors.RED%>">

When this code is analyzed by the J2EE Analyzer, the log will contain the following warning:

No Format
Bean 'KEY_COLOR%>' not found in scope

Tag Libraries

J2EE Analyzer is unable to take into account attributes that are IMPLIED. This occurs when the TLD references a DTD that contains IMPLIED attributes. When the analyzer encounters such attributes in a JSP page, it gives the following error message in the log: "Attribute 'xxx' is not valid for custom tag 'yyy'". Workaround: Modify the TLD and add all IMPLIED attributes with their values defined in the DTD. This allows J2EE Analyzer to correctly parse the TLD.

Links between tag attributes and JavaScript functions

The J2EE analyzer does not create links between tag attributes and JavaScript functions, for example:

  • A .tag file defines some JSP content, in which HTML 5 content is defined. This content includes a call to a JavaScript function.
  • A JSP file refers to this tag, which is expanded to code including a call to the JavaScript function

...

Funnel programming and Strongly Connected Components

Where "funnel programming" causes Strong Connected Components (SCC - see Transaction Configuration Center - Information - Definition and impacts of the large Strongly Connected Component) a number of ambiguous links may be generated during an analysis. This can in turn cause erroneous Function Point values for Transactions.

Example of "funnel programming":

  • An abstract class called "ABS" exists.
  • All of its methods are abstract, except "processFlow", which is implemented. 
  • "ABS.processFlow" calls methods "ABS.method1", "ABS.method2" and "ABS.method3" (which are abstract)
  • Classes "B", "C" and "D" inherit class "A"
  • All their methods are overriden but "processFlow" ("processFlow" is already implemented in "A")
  • A method "methodFromZ" from class "Z" does the following:
Code Block
languagejava
public methodFromZ(){
  B myB = new B();
  myB.processFlow();
}
  • The analyzer will draw a link from "methodFromZ" to "ABS.processFlow", and then "ABS.processFlow" will have a link to "B.method1", "C.method1", "D.Method1", "B.Method2", "C.Method2", "D.method1", "D.Method2" which will resemble a "funnel" when viewed in CAST Enlighten.
  • CAST recommends creating an "Update CAST Knowledge Base" tool job (Content Enrichment editor in the CAST Management Studio) to remediate situations where Strongly Connected Components exist.
  • The TF Graph Adjustment feature in the CAST Transaction Configuration Center can help reduce the impact of Strongly Connected Components.

Anonymous classes

Objects are not saved in the CAST Analysis Service schema for anonymous classes and their sub-objects. For example, for the following code where an anonymous class implementing interface "MyInterface" is dynamically created. There will be no object dsaved in the CAST Analysis Service for this anonymous class, nor for the overriding method "doSomething".

Code Block
languagejava
themeDJango
post( new MyInterface(){
	@Override
	public void doSomething(){
		....
	}
	);

Java Identifiers containing the '$' character

Identifiers containing the '$' character: '$' is used by java compilers as a class name delimiter in inner class file generation. It is also a legal java character authorized in class names. When reversing class files containing a reference to a class name with a '$', the analyzer can not determine if the '$' should be kept as is or interpreted as a '.' delimiter. It always takes the '.' alternative, meaning that "C$D" will always be interpreted as inner class "D" of class "C". The impact on the analyzer is that the '$' character is not supported in class names reversed from class files. However it is supported for code defined in java source files.

Overloaded Java methods

J2EE Analyzer cannot distinguish two overloaded methods if the signature (i.e. the name + parameters) of one of them exceeds 1024 characters. Both methods will be considered as one single method and links will be created for only one of them.

JSP Syntax

JSP comments are not supported within the body of an action (custom and standard).

Incorrect JSE registry key in the environment profile

When the registry key specified in a J2EE Environment Profile does not correspond to the real registry key used by the JSE installed on the analysis PC, you should duplicate the Environment Profile of the JSE version that you want to use and reference there the rt.jar of the JSE installed on your machine. Note that duplication is required to ensure that the parameterization related to JSE will be effective for this profile.

Java code in a JSP tag

When analyzing JSP expressions that are the value of attributes in a tag, the analyzer may try to identify a bean with the same name as the java code. The analyzer will not find this bean in the scope as it does not exist.
Take the following JSP example:


No Format
<logic:equal name="<%=Colors.KEY_COLOR%>" value="<%=Colors.RED%>">

When this code is analyzed by the J2EE Analyzer, the log will contain the following warning:

No Format
Bean 'KEY_COLOR%>' not found in scope

Tag Libraries

J2EE Analyzer is unable to take into account attributes that are IMPLIED. This occurs when the TLD references a DTD that contains IMPLIED attributes. When the analyzer encounters such attributes in a JSP page, it gives the following error message in the log: "Attribute 'xxx' is not valid for custom tag 'yyy'". Workaround: Modify the TLD and add all IMPLIED attributes with their values defined in the DTD. This allows J2EE Analyzer to correctly parse the TLD.

Links between tag attributes and JavaScript functions

The J2EE analyzer does not create links between tag attributes and JavaScript functions, for example:

  • A .tag file defines some JSP content, in which HTML 5 content is defined. This content includes a call to a JavaScript function.
  • A JSP file refers to this tag, which is expanded to code including a call to the JavaScript function

Supported path resolution for links between JSP files and JSP or JavaScript files/functions

The JEE analyzer supports the following path configuration rules in JSP source files:

  • If the path starts with a slash ("/"), then this refers to the Web Application Root Path (as configured in the CAST Management Studio)
  • If not, the path is a relative to the folder containing the current file

If the above rules are adhered to, then the analyzer will correctly resolve links between JSP files and the following components:

  • other JSP files
  • JavaScript files and functions

If any other path resolution rule is used, links will not be created.

No link bookmarks generated

When Java Methods are defined inside a JSP file, no link bookmarks are generated (bookmarks can be seen in CAST Enlighten or in the Dynamic Link Manager). Example of a Java Method defined in a JSP file:

Code Block
<%@ page language="Java" %>
<%!
public void myMethod(String message)
{ System.out.println(message); }
%>

JSON/AJAX support

The JEE Analyzer does not support .json/AJAx syntax used in JavaScript files, for example:

Code Block
languagexml
$.ajax({                    

    		type: "POST",   
    		url: "saveColumnAdSolutions",   
        	data: "ColumnValue="+totalColumn,
        	async: true,  
    		cache: false,  
        	success: function (msg) {  
                           $('#saveResult').text(msg);  
                   } 
            })