Coding Blog

I was inspired by a face-to-face technical interview awhile ago that is why I am writing this down. To avoid having the Servlet’s doXXX() methods clogged, use reflection by breaking down your controller code into modules. Here’s how. You must have the following. 1. Reflection Interface (ServletHandler.java) - An interface for reflection. Nice definition! 2. Main Servlet (MainServlet.java) - A class extending HttpServlet. 3. Module Handler (CreditHandler.java) - A class containing the module’s controller code, for this example, the Credit Module. in file ServletHandler.java , import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public interface ServletHandler { public abstract void setServlet(HttpServlet servlet); public abstract void handle(HttpServletRequest request, HttpServletResponse response); } in file MainServlet.java , protected void doGet(HttpServletRequest r...

There’s nothing new here. I just want to reiterate though. class TargetClass { private static String DB_PASSWORD = "sw0rdfish"; private static String getDatabasePassword() { return DB_PASSWORD; } } And the attack? import java.lang.reflect.Method; public class ClassPiercing { public static void main(String... args) throws Exception { Class targetClass = Class.forName("TargetClass"); Method[] methods = targetClass.getDeclaredMethods(); methods[0].setAccessible(true); String databasePassword = (String)methods[0].invoke(null, null); System.out.println("Database Password: " + databasePassword); } } Output: Database Password: sw0rdfish Check out Val’s Blog by clicking [here] . He has more examples.

Consider the snippet. Integer firstInteger = 1000; // autoboxing Integer secondInteger = 1000; //autoboxing if (firstInteger != secondInteger) { System.out.println("Different objects!"); } if(firstInteger.equals(secondInteger)) { System.out.println("Meaningfully equivalent!"); } Output: Different objects! Meaningfully equivalent! How about this one. Integer firstInteger = 100; // autoboxing Integer secondInteger = 100; //autoboxing if (firstInteger == secondInteger) { System.out.println("Equal objects!"); } if(firstInteger.equals(secondInteger)) { System.out.println("Meaningfully equivalent!"); } And the output? Equal objects! Meaningfully equivalent! And the explanation? Two instances of the wrapper objects will always be == when their primitive values are the same. - Boolean - Byte - Character from \u0000 to \u007F (0 to 127) - Short from -128 to 127 - Integer from -128 to 127 Tsk.