Aiti Tribe Story Collection (28): Waking up from a dream at the advanced Java level

[51CTO.com original article] You still have to have dreams, just in case you see a ghost, but you will never see a ghost. Where will you wake up from your dream tonight? The road to learning is long and arduous.

Beiguo Snail is a Java fanatic. His Java Advanced Dream shares how to prevent small problems from causing big problems, as well as some learning insights. It requires continuous experience and practice, and serves as a starting point for discussion. It elaborates on form interaction problems, image upload problems, server problems, encryption problems, database problems, and other issues. I hope it will be helpful to everyone.

[[203703]]

JavaEE Development Engineer

The snail that takes the blame. Should I put down my heavy shell?|Looking for the blue sky|Floating gently with the gentle wind| I don’t feel any pain from the injuries I’ve experienced. I will climb up step by step.

The Snail is a funny young man who dreams of becoming an architect while doing Java development work and taking on the duties of DBA and operation and maintenance. He leads a leisurely and comfortable life by strolling around on his skateboard.

You still have to have dreams, just in case you see a ghost, but you will never see a ghost. Where will I be when I wake up from my dream tonight? The road to learning is long and arduous.

Meeting the dream . Learning needs a goal. "Don't learn Java anymore, Java is outdated, C language is the way to go," said Beiguo Snail's college friend. To be honest, I am really grateful to him. Without his friend's persuasion, Beiguo Snail would not have a clear goal. He fell in love with Java because he signed up for the web design competition held by the school. After watching the three musketeers of web pages, he could easily make a web page. At the same time, the school opened a Java class, and Beiguo Snail was attracted by the graphical user interface in Java, so he began to learn Java crazily by himself, looking for Java materials and videos, and slowly fell in love with the Java language.

Meet the dream . Learning requires patience. Learning is hard, you need to find your interests and persevere. Ever since he fell in love with the Java language, Beiguo Snail would carry his computer to the library to read books and write code when he had free time. He would also read Java books for classes he was not interested in. At that time, some introductory books included "Crazy Java Lecture Notes", "Java Language Programming (Basics Original Book 8th Edition)", "Java Core Technology (Volume 1, Volume 2)", etc. With the Java development foundation, out of his enthusiasm for Java, Beiguo Snail began to study Java Advanced Edition, "Java Language Programming: Advanced Edition (Original Book 8th Edition)", "Java Common Algorithm Manual", "Java Data Structure and Algorithm 2nd Edition, Algorithm (4th Edition)", He read all the advanced books such as Head First Design, Design Patterns, Struts2+Spring+Hibernate Framework Technology and Project Practice, and Deep Understanding of Java Virtual Machine one by one, and watched all the video tutorials one by one, filling up his notebooks one by one. He found that the contents of the books were basically the same, so he only read the parts he didn't understand. By chance, Beiguo Snail knew that Java could also be used to develop Android, so he downloaded videos from the 51CTO website and studied for a while. Java Web Project Development Case Video and Source Code (20 episodes) http://down..com/zt/1568, From Entry to Mastery Video Tutorial (29 episodes in total) http://down..com/zt/535 Mysql, Chuanzhi Podcast Spring2.5 Enterprise Development Video Tutorial Main Speaker Li Huoming http://down..com/zt/8955, etc.

Just reading books and watching videos without practice will not help you master all the techniques, so Beiguo Snail thought that he should participate in the competition to test himself. But it is difficult to make a boat alone. He was born with a fearless spirit. He volunteered to participate in the projects and competitions organized by the teachers of the college, and won the second prize in the National Information Technology Competition. Learning requires you to spend time and energy, and you need to be patient and interested. It does not mean that you can get carried away with a little achievement. After participating in this competition, he realized that there were so many great people, and he was so green. They had learned so much, not only had several years of experience in Android client and IOS client development, but also had the support of large backend systems. Other people's schools are still better, Beiguo Snail still needs to work hard. He needs to learn the JavaEE framework.

Contrary to the dream , learning is not smooth sailing. In pursuit of technological progress, Beiguo Snail applied to transfer to an ordinary undergraduate school to study for a master's degree. Out of his love for technology, he chose a mentor he had never met. Perhaps it was because of his love for Java, or perhaps it was to bet on his temper. When he graduated from undergraduate school, he bought a JavaEE book for 5 oceans. In the summer before graduate school, he was not so relaxed. He watched JavaEE videos and books, took notes, and participated in the project well to improve his own strength. As a result, the graduate school has never offered Java courses, and all projects use C#. During graduate school, when I have nothing to do, I will look at Java design patterns, which is the classic among classics. Later, because of the needs of the project, Beiguo Snail participated in the development of a C# project. At the beginning, he was told that the project was about to end and needed to write some code optimization. As a result, he changed from a code optimizer to a business logic writer, and then to a front-end writer. "This function is very simple, there are ready-made codes on the Internet", "This is very simple, can it be completed tomorrow?" "He has to take the blame for things that don't belong to him, and he has to take the blame for things that belong to him." When the project was almost over, Snail chose to quit. I don't know if he was too willful at the time. His second project was also passed because of conflicts with other projects. He chose to move forward despite feeling that his talent was not appreciated. That year, he came into contact with Matlab, big data, Hadoop, Mahout, etc. He learned how to build a server cluster, how to separate the read and write of the database, and how to divide the database into different libraries and tables. Dreams are not just dreams, they require sincere efforts.

The technical bottlenecks in the project were summarized in five aspects by Beiguo Snail.

1. Form interaction issues

A. Repeated form submission : Insufficient testing. When modifying form information, the button is not disabled (grayed out). When the network speed is slow, users may click repeatedly, resulting in duplicate records in the database, increasing database pressure. Large online promotions, flash sales, and grab-order activities may bring down the entire website.

Solutions : 1. Prevent repeated submission of forms; 2. Disable button events; 3. Use database cache to reduce database pressure; 4. Use high-availability architecture in the system and build a server cluster; 5. Simple method: Isolate the activity from the website and build a highly available service separately. 6. For promotional activities or flash sales activities, it is necessary to prevent the service from being called directly without leaving the page.

B. Text box processing : Failure to filter the content of the input text box and restricting certain input box operations may result in the content of the input text box being executable, which may cause security issues; the content of some text boxes can be copied, etc.

Solution : Filter all special characters in the text box content to be entered to prevent script injection, XSS and SQL injection problems; according to the actual situation, prohibit operations such as copying certain text boxes, for example: use the password attribute for the password box, do not display clear text, prohibit copying of the password box, encrypt the password, etc.; use regular expressions to filter input, etc.

C. Filtering of uploaded files : There is no filtering or restriction on the file format and suffix name. Some uploaded files are executable scripts. For example, a script file with the suffix js that obtains cookie information may be a cookie fraud for users who use cookies to store user information.

Solution : 1. Limit the suffix of the uploaded files; 2. Judge the content of the uploaded files for more complex cases

2. Picture upload problem

A. Picture uploading and display issues : The project requires the function of uploading pictures. How to display and process pictures?

Solution: 1. If the image is too large, you can use the image capture plug-in to capture part of the image and upload it. 2. If the image is too large to be captured and needs to be displayed at a specified size, you can use Js to proportionally reduce the image and upload it (the actual file size does not change). 3. Use H5 canvas technology or the corresponding image processing Jar package (the rt.jar package in previous Java versions contains image processing functions) to convert the image data into a base64 string, and then upload it to the background. The background will store the base64 string data as an image; canvas can also generate thumbnails of the image (actually redrawing the image according to the percentage of the image quality). Do not reduce it too small, otherwise the image will be distorted.

B. Image storage problem : How to store images after uploading?

Solution : 1. If there is a small need to upload pictures, you can create a folder in the background to store the uploaded pictures. 2. If there is a large demand for picture storage in the system, you can use a separate picture storage server, such as nginx or apache server, using static separation technology. For pictures that need to be saved reliably, the content of the picture server can be finally backed up to other servers. 3. After the pictures are processed with base64, they can be stored in the non-relational row database Redis.

Tips for uploading pictures:

(1) When using a form to upload a file, do not forget: enctype="multipart/form-data".

(2) The file upload path must be defined, and if it does not exist, it must be created.

(3) The file name can be set, and the file content and name can be checked to prevent the uploaded file and file name from containing executable script commands.

C. Verification code problem : Verification code can prevent malicious registration. You can write verification code yourself or use mature verification code generation plug-in. In order to prevent malicious registration, you can use account binding mobile phone or email, etc.

3. Server Issues

A. Service call problem : After the webservice interface is called and deployed to the server, the webservice has a null pointer because the spring container does not inject the remote WS object.

Solution : Use spring's factoryBean to define the webservice interface creation and call getObject to create the ws bean.

B. Cross-domain problem of service call : The call between different services or websites involves the cross-domain problem. Cross-domain means that the browser cannot execute scripts from other websites. It is caused by the browser's homology policy, which is a security restriction imposed by the browser on JavaScript. The so-called homology means: the domain name (www.baidu.com), protocol (http/https), and port (80/8080) are all the same.

Solution : (1) Use src in javascript. The script in Javascript and the src in the img tag can cross domains. Data can be attached to src and passed.

(2) Use the dataType:jsonp attribute in the service jquery (change the dataType:xml in the figure below to jsonp). The principle is the same as src.

(3) Directly encapsulate it into XML and pass it, as follows data:<soapenv></soapenv>.

(4) Other methods: Google or Baidu.

C.Session management of the website : Session management is a technology used by web developers to support stateless sessions in the HTTP protocol. To put it simply: the http protocol is stateless and does not remember your state. Without session management, you need to enter your account and password when you log in to a website for the first time. When you want to browse another page later, you need to enter a username and password. With session management, you only need to log in once to browse other pages of this website. Generally, sessions (stored on the server side) and cookies (stored on the client side) are used to maintain sessions. Some browsers or users will prohibit cookies. You can use address rewriting, hidden fields, etc. to maintain session management. Track users' browsing trajectories, collect user information, and conduct relevant analysis and recommendations.

Distributed session management solutions include Session Stick (session persistence), Session replication, centralized Session management, and Cookie-based management.

4. Encryption Issues

Encryption related : To ensure the security of cookies, add salt when using cookies. The best way to protect passwords is to use salted password hashing. Hash algorithm is a function that converts any amount of data into an irreversible fingerprint of a specified length. Encrypted hash algorithms include: SHA256, SHA512, RipeMD and WHIRLPOOL, etc.

5. Database issues

Forgot Mysql password:

# /etc/init.d/mysql stop

# mysqld_safe --user=mysql --skip-grant-tables --skip-networking &

# mysql -u root mysql

mysql> UPDATE user SET Password=PASSWORD('newpassword') where USER='root' and host='root' or host='localhost'; //Change all empty user passwords to non-empty passwords.

mysql> FLUSH PRIVILEGES;

mysql> quit # /etc/init.d/mysqld restart

#mysql -uroot -p

Enter password: <Enter the new password newpassword>

MySql5.6 reported an error during operation: You must SET PASSWORD before executing this statement.

Solution :

mysql> SET PASSWORD = PASSWORD('123456');

Query OK, 0 rows affected (0.03 sec)

mysql> create database roger;

Query OK, 1 row affected (0.00 sec)

That is, use mysql> SET PASSWORD = PASSWORD('123456'); to reset the password!

Be aware of your dreams . Don't be arrogant when learning. The more you know about technology, the less you actually know. Don't be blinded by a single leaf. Knowledge is a process of gradual accumulation. Only when you see more and accumulate more, can you have your own opinions on some things. Only then can you have some advantages in interviews or job promotions. Knowledge is interconnected, and it is often not enough to master one knowledge. For example: if you want to be a Java development engineer, you need to understand operating systems, databases, networks, etc. Knowledge should be learned and applied flexibly, even if it is a joke.

Fall in love with dreams . Learning is a process of accumulation. Your hard work now may be your fruit tomorrow. The road to technology is full of setbacks and failures. Constant changes in business requirements and all-nighters require determination and courage to "go against the grain". There is no reward for doing well, but you will definitely be criticized or even fired if you do not do well. Knowledge needs to be constantly updated and accumulated, which requires many sleepless nights. Time flies, where will you wake up tomorrow? Will you be addicted to dreams or sleeping in dreams? He is already on the road to his dreams.

【Written in ***】

As a JavaEE development engineer, it is necessary to have a sense of humor. Let’s end the story of the snail who takes the blame with a humorous Java medley.

On Chinese Valentine's Day, you and I are only one sentence away. I want to wait for you to come to me. But you don't understand my heart, but always say: show me the code. You would rather create a new object (instantiate an object) than reference my object (call and reference an object). You would rather copy and clone an object (copy and clone of java objects) than send me a text message to take me flying. How can I accept your feelings if you don't want to pay for a seriable (serialization of objects) flower (objects need to be serialized to be transmitted when they are passed). I said you and I are only one step away, what do you say? You would rather stay in your local circle (local variables) than come to the global circle (global variables) to let me see you. Love is hard to express in the heart, maybe you are not good at words, you can find a courier brother (agent mode) to express your feelings. Don't guess what girls think, you don't know what I like, you can buy a combination of flowers and chocolates (combination mode) or other things to please me (adapter mode), use anonymous (anonymous class) to reflect your feelings (reflection mechanism). I am the only one (hashcode and equals judgment). As long as you need me, I will always be the only one (singleton mode).

If you are also willing to share your story, please join the 51CTO developer QQ exchange group 627843829 and contact the group owner Xiaoguan. We look forward to your wonderful story!

[51CTO original article, please indicate the original author and source as 51CTO.com when reprinting on partner sites]