[JAVA] I tried to clone a web application full of bugs with Spring Boot
Overview
Introduced before Bug-filled web application ["EasyBuggy"](https://github.com/k-tamura/easybuggy/blob/master/README I made a clone of .jp.md) based on Spring Boot ("EasyBuggy Boot") ..
You can download it from here and start it with the following command.
java -jar ROOT.war
* Java 7 or above is required to start. `java -jar ROOT.war --port = 9000` will start on port 9000. td> tr>
If you add the Java option as shown below, you can output logs, debug, and monitor with JMX (* This is an option for Java 7). It also limits maximum memory usage, making it more prone to problems such as OutOfMemoryError.
java -Xmx256m -XX:MaxPermSize=64m -XX:MaxDirectMemorySize=90m -XX:+UseSerialGC -Xloggc:logs/gc.log -XX:+PrintHeapAtGC -XX:+PrintGCDetails -XX:+PrintGCDateStamps -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=5 -XX:GCLogFileSize=10M -XX:GCTimeLimit=15 -XX:GCHeapFreeLimit=50 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=logs/ -XX:ErrorFile=logs/hs_err_pid%p.log -agentlib:jdwp=transport=dt_socket,server=y,address=9009,suspend=n -Dderby.stream.error.file=logs/derby.log -Dderby.infolog.append=true -Dderby.language.logStatementText=true -Dderby.locks.deadlockTrace=true -Dderby.locks.monitor=true -Dderby.storage.rowLocking=true -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=7900 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -ea -jar ROOT.war
When the following message is displayed, the web application has been started.
2017-08-11 22:05:25.233 INFO 81661 --- [ main] o.t.e.Easybuggy4sbApplication : Started Easybuggy4sbApplication in 8.404 seconds (JVM running for 10.723)
Go to http: // localhost: 8080 and you will see the main page.
Startup methods other than the above
You can also boot by git clone and mvn clean spring-boot: run .
$ git clone https://github.com/k-tamura/easybuggy4sb
$ cd easybuggy4sb
$ mvn clean spring-boot:run
`server.port = $ {port: 8080}` line in `src / main / resources / application.properties` to` server.port = 9000` Then it will start on port 9000. td> tr>
You can also deploy ROOT.war in a Java container such as Tomcat 8.5 and it will work as well.
Use of this app
Similar to "Easy Buggy", the purpose is to reproduce, analyze, and deepen understanding of various obstacles. The reason why I made something with the same function is because I wanted to know the following (I'm personally interested).
--Is it easy to create vulnerabilities and resource leaks in the latest framework (Spring Boot) based apps?
--What is required to migrate legacy apps to Spring Boot?
--Will the readability be improved by migrating legacy apps to Spring Boot?
――How different is the development productivity of Spring Boot compared to legacy apps?
I will publish these in another article at a later date. I made it with my personal interest, but I think it will be useful for the following purposes.
--Understanding implementation examples that create vulnerabilities in Spring Boot-based apps
--Reference when migrating from legacy apps to Spring Boot-based apps
Differences in configuration
The main differences between the configurations of "Easy Buggy" and "Easy Buggy Boot" are as follows.
Difference |
EasyBuggy |
EasyBuggy Boot |
Base technology |
Servlet 3.0.1 |
Spring Boot 1.5.6 (Servlet 3.0.1) |
Presentation layer |
unused(Some JSP 2.2 + JSTL 1.2) |
Thymeleaf 2.1.5 (Some JSP 2.3 + JSTL 1.2) |
DB client/server |
JDBC / Derby 10.8.3.0 |
Spring JDBC 4.3.9 / Derby 10.12.1.1 (For Java 7), Or 10.13.1.1 (For Java 8) |
LDAP client/server |
Apache DS Client API 1.0.0 / Server 1.5.5 |
Spring LDAP 2.3.1 / unboundid-ldapsdk 3.2.1 |
Email |
JavaMail 1.5.1 |
JavaMail 1.5.1 (Java Mail introduced by Spring Boot Mail 1.5.Override 6) |
Development tools |
None |
Spring Boot Developer Tools 1.5.6 |
Java |
Supports Java 6 and above |
Supports Java 7 and above |
- Spring Security should have been introduced for this verification, but unfortunately it has not been done yet ...
How to build
You can create an executable and deployable war file with the following command.
$ mvn clean package
Development method
It also describes how to use STS (Spring Tool Suite) to browse, develop, and debug the EasyBuggy Boot source code. STS is an Eclipse-based IDE, customized to make it easy to develop Spring-based applications.
-
Download STS from this page.
-
git clone EasyBuggy Boot from GitHub.
$ git clone https://github.com/k-tamura/easybuggy4sb
$ cd easybuggy4sb
-
Execute the following command. This command creates the files needed for STS development (.project and .classpath files). You can also see the source code of the dependent libraries.
$ mvn dependency:sources
$ mvn eclipse:eclipse
-
Start STS.
-
Import the cloned project from Package Explorer. Select "Existing Maven Projects" and click "Next".
Enter the path to the cloned project in the Root Directory and click Finish.
-
Right-click on the ʻeasybuggy4sb` project in Package Explorer and select Debug As, Spring Boot App to launch EasyBuggy Boot in debug mode.
Also, if you modify the source code, it will be reloaded automatically and the modification will be reflected.
| |