How does HttpAsyncClient 4 work?

By default HttpAsyncClient permits only two concurrent connections to the same host per RFC 2616 specification. This limit has nothing to do with the number of i/o dispatch threads used internally by the i/o reactor.

The code above will create two outgoing connections at most.

HTTP message pipelining has nothing do with connection persistence per se, though pipelined request execution implies the use of persistent connections.

HTTP pipelining is about message sequencing. HttpAsyncClient in the pipelining mode can send multiple requests without waiting for each response.

Default mode:

C -> request1 -> S
C <- response1 <- S
C -> request2 -> S
C <- response2 <- S

Pipelining mode:

C -> request1 -> S
C -> request2 -> S
C <- response1 <- S
C <- response2 <- S

Apache HttpAsyncClient 源码分析

Maven中的依赖作用范围(scope)

scope取值 有效范围(compile, runtime, test) 依赖传递 例子
compile all spring-core
provided compile, test servlet-api
runtime runtime, test JDBC驱动
test test JUnit
system compile, test

final vs static final in java

For final, it can be assigned different values at runtime when initialized. For example

Class Test{
  public final int a;
}
Test t1  = new Test();
t1.a = 10;
Test t2  = new Test();
t2.a = 20; //fixed

Thus each instance has different value of field a.

For static final, all instances share the same value, and can’t be altered after first initialized.

Class TestStatic{
      public static final int a;
}
Test t1  = new Test();
t1.a = 10;
Test t2  = new Test();
t1.a = 20;   // ERROR, CAN'T BE ALTERED AFTER THE FIRST INITIALIZATION.

private final static attribute vs private final attribute
Static vs Instance Variables: Difference?

Spring RestTemplate 消息转换2种使用方式

拦截器

public class MyXmlInterceptor implements ClientHttpRequestInterceptor {

@Override
public ClientHttpResponse intercept(HttpRequest request, byte[] body, ClientHttpRequestExecution execution) throws IOException {
    ClientHttpResponse response = execution.execute(request, body);
    HttpHeaders headers = response.getHeaders();

    // you'd want to check if the value needs to be changed
    if (headers.containsKey("Content-Type")) {
        headers.remove("Content-Type");
    }

    headers.add("Content-Type", "application/xml");

    return response;
}
RestTemplate t = new RestTemplate();
t.getInterceptors().add(new MyXmlInterceptor());

自定义

RestTemplate restTemplate = new RestTemplate();
List<HttpMessageConverter<?>> messageConverters = new ArrayList<HttpMessageConverter<?>>();
Jaxb2RootElementHttpMessageConverter jaxbMessageConverter = new Jaxb2RootElementHttpMessageConverter();
List<MediaType> mediaTypes = new ArrayList<MediaType>();
mediaTypes.add(MediaType.TEXT_HTML);
jaxbMessageConverter.setSupportedMediaTypes(mediaTypes);
messageConverters.add(jaxbMessageConverter);
restTemplate.setMessageConverters(messageConverters);

Unsafe.park & Object.wait

如果是搞应用程序的程序员,就不应该使用这两种方法中的任何一种。两种都太底层了,建议使用 java.util.concurrent.locks , 毕竟类库的就是让你多快好省的写代码。

park 直接操作线程,线程作为参数直接传入,线程会sleep知道调用了 unpark 方法。这种操作需要明确知道那个线程需要 block/unblock。可以使用 java.util.concurrent.locks.LockSupport 完成操作。

park 操作可以理解为Thread.sleep 操作,不会释放锁资源,使用不当会造成死锁。park 操作能够设置一个 blocker,并通过 getBlocker 获取阻塞的信息,方便做一些调试之类的工作。

wait 操作会释放锁。wait 操作必须在同步语句块。如果不在同步语句块会抛出 IllegalMonitorStateException 异常。使用 notify 和 notifyAll 唤醒线程。

wait用于锁机制,sleep不是,这就是为啥sleep不释放锁,wait释放锁的原因,sleep是线程的方法,跟锁没半毛钱关系,wait,notify,notifyall 都是Object对象的方法,是一起使用的,用于锁机制

It all eventually makes its way down to the OS’s scheduler, which hands out timeslices to processes and threads.

sleep(n) says “I’m done with my timeslice, and please don’t give me another one for at least n milliseconds.” The OS doesn’t even try to schedule the sleeping thread until requested time has passed.

yield() says “I’m done with my timeslice, but I still have work to do.” The OS is free to immediately give the thread another timeslice, or to give some other thread or process the CPU the yielding thread just gave up.

wait() says “I’m done with my timeslice. Don’t give me another timeslice until someone calls notify().” As with sleep(), the OS won’t even try to schedule your task unless someone calls notify() (or one of a few other wakeup scenarios occurs).

Threads also lose the remainder of their timeslice when they perform blocking IO and under a few other circumstances. If a thread works through the entire timeslice, the OS forcibly takes control roughly as if yield() had been called, so that other processes can run.

You rarely need yield(), but if you have a compute-heavy app with logical task boundaries, inserting a yield() might improve system responsiveness (at the expense of time — context switches, even just to the OS and back, aren’t free). Measure and test against goals you care about, as always.

继续阅读“Unsafe.park & Object.wait”

Lucene Query Syntax

Keyboard Matching

Search for word “­foo­” in the title field
title: foo

Search for phrase “foo bar” in the title field
title: “foo bar”

Search for phrase “foo bar” in the title field AND the phrase “­quick fox” in the body field.
title­:”foo bar” AND body:”quick fox”

Search for either the phrase “foo bar” in the title field AND the phrase “­quick fox” in the body field, or the word “­fox­” in the title field.
(titl­e:”foo bar” AND body:”quick fox”) OR title:fox

Search for word “­foo­” and not “­bar­” in the title field.
title:foo -title­:bar

Wildcard matching

Search for any word that starts with “­foo­” in the title field.
title­:foo*

Search for any word that starts with “­foo­” and ends with bar in the title field.
title­:fo­o*bar

Note that Lucene doesn’t support using a symbol as the first character of a *search.

Proximity matching

Search for “foo bar” within 4 words from each other.
“foo bar”~4

Range Searches

Range Queries allow one to match documents whose field(s) values are between the lower and upper bound specified by the Range Query. Range Queries can be inclusive or exclusive of the upper and lower bounds. Sorting is done lexico­gra­phi­cally.
mod_d­ate­:[2­0020101 TO 20030101]

Boosts

Query-time boosts allow one to specify which terms/­clauses are “more import­ant­”. The higher the boost factor, the more relevant the term will be, and therefore the higher the corres­ponding document scores.

A typical boosting technique is assigning higher boosts to title matches than to body content matches:
(titl­e:foo OR title:­bar­)^1.5 (body:foo OR body:bar)

Boolean Operators

To search for all transa­ctions except MySQL transa­ctions:
NOT type: mysql

To search for all MySQL SELECT queries with large attach­ments:
mysql.me­thod: SELECT AND mysql.s­ize: [10000 TO *]

Lucene also supports parent­heses to group sub queries.
To search for either INSERT or UPDATE MySQL queries with a respon­setime greater or equal with 30ms:
(mysq­l.m­ethod: INSERT OR mysql.m­ethod: UPDATE) AND respon­set­ime:[30 TO *]

SQL注入

SQL注入 维基百科

PreparedStatement

Secure Usage

PreparedStatement stmt = connection.prepareStatement("SELECT * FROM users WHERE userid=? AND password=?");
stmt.setString(1, userid);
stmt.setString(2, password);
ResultSet rs = stmt.executeQuery();

Vulnerable Usage

// Example #1
String query = "SELECT * FROM users WHERE userid ='"+ userid + "'" + " AND password='" + password + "'";
Statement stmt = connection.createStatement();
ResultSet rs = stmt.executeQuery(query);
// Example #2
String query = "SELECT * FROM users WHERE userid ='"+ userid + "'" + " AND password='" + password + "'";
PreparedStatement stmt = connection.prepareStatement(query);
ResultSet rs = stmt.executeQuery();

Hibernate

Secure Usage

/* Positional parameter in HQL */
Query hqlQuery = session.createQuery("from Orders as orders where orders.id = ?");
List results = hqlQuery.setString(0, "123-ADB-567-QTWYTFDL").list();

/* named parameter in HQL */
Query hqlQuery = session.createQuery("from Employees as emp where emp.incentive > :incentive");
List results = hqlQuery.setLong("incentive", new Long(10000)).list();

/* named parameter list in HQL */
List items = new ArrayList(); 
items.add("book"); items.add("clock"); items.add("ink");
List results = session.createQuery("from Cart as cart where cart.item in (:itemList)").setParameterList("itemList", items).list();

/* JavaBean in HQL */
Query hqlQuery = session.createQuery("from Books as books where book.name = :name and book.author = :author");
List results = hqlQuery.setProperties(javaBean).list(); //assumes javaBean has getName() & getAuthor() methods.

/* Native-SQL */
Query sqlQuery = session.createSQLQuery("Select * from Books where author = ?");
List results = sqlQuery.setString(0, "Charles Dickens").list();

Vulnerable Usage

List results = session.createQuery("from Orders as orders where orders.id = " + currentOrder.getId()).list();
List results = session.createSQLQuery("Select * from Books where author = " + book.getAuthor()).list();

JPA

Secure Usage

/* positional parameter in JPQL */
Query jpqlQuery = entityManager.createQuery("Select order from Orders order where order.id = ?1");
List results = jpqlQuery.setParameter(1, "123-ADB-567-QTWYTFDL").getResultList();

/* named parameter in JPQL */
Query jpqlQuery = entityManager.createQuery("Select emp from Employees emp where emp.incentive > :incentive");
List results = jpqlQuery.setParameter("incentive", new Long(10000)).getResultList();

/* named query in JPQL - Query named "myCart" being "Select c from Cart c where c.itemId = :itemId" */
Query jpqlQuery = entityManager.createNamedQuery("myCart");
List results = jpqlQuery.setParameter("itemId", "item-id-0001").getResultList();

/* Native SQL */
Query sqlQuery = entityManager.createNativeQuery("Select * from Books where author = ?", Book.class);
List results = sqlQuery.setParameter(1, "Charles Dickens").getResultList();

Vulnerable Usage

List results = entityManager.createQuery("Select order from Orders order where order.id = " + orderId).getResultList();
List results = entityManager.createNativeQuery("Select * from Books where author = " + author).getResultList();
int resultCode = entityManager.createNativeQuery("Delete from Cart where itemId = " + itemId).executeUpdate();

MyBatis

Secure Usage

<select id="getPerson" parameterType="int" resultType="org.application.vo.Person">
SELECT * FROM PERSON WHERE ID = #{id}
</select>

/* Comparable JDBC code */
String selectPerson = "SELECT * FROM PERSON WHERE ID = ?"; 
PreparedStatement ps = conn.prepareStatement(selectPerson); 
ps.setInt(1, id);

<insert id="insertPerson" parameterType="org.application.vo.Person">
insert into Person (id, name, email, phone)
values (#{id}, #{name}, #{email}, #{phone})
</insert>
 
<update id="updatePerson" parameterType="org.application.vo.Person">
update Person set name = #{name}, email = #{email}, phone = #{phone}
where id = #{id}
</update>
 
 
<delete id="deletePerson" parameterType="int">
delete from Person where id = #{id}
</delete>

Vulnerable Usage

<select id="getPerson" parameterType="string" resultType="org.application.vo.Person">
SELECT * FROM PERSON WHERE NAME = #{name} AND PHONE LIKE '${phone}'; 
</select>

<insert id="insertPerson" parameterType="org.application.vo.Person">
insert into Person (id, name, email, phone)
values (#{id}, #{name}, #{email}, ${phone})
</insert>
 
<update id="updatePerson" parameterType="org.application.vo.Person">
update Person set phone = ${phone}
where id = #{id}
</update>
 
 
<delete id="deletePerson" parameterType="int">
delete from Person where id = ${id}
</delete>