[JAVA] I tried to clone a web application full of bugs with Spring Boot

Overview

Introduced before Bug-filled web application ["EasyBuggy"](https://github.com/k-tamura/easybuggy/blob/master/README I made a clone of .jp.md) based on Spring Boot ("EasyBuggy Boot") ..

You can download it from here and start it with the following command.

java -jar ROOT.war
* Java 7 or above is required to start. `java -jar ROOT.war --port = 9000` will start on port 9000.

If you add the Java option as shown below, you can output logs, debug, and monitor with JMX (* This is an option for Java 7). It also limits maximum memory usage, making it more prone to problems such as OutOfMemoryError.

java -Xmx256m -XX:MaxPermSize=64m -XX:MaxDirectMemorySize=90m -XX:+UseSerialGC -Xloggc:logs/gc.log -XX:+PrintHeapAtGC -XX:+PrintGCDetails -XX:+PrintGCDateStamps -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=5 -XX:GCLogFileSize=10M -XX:GCTimeLimit=15 -XX:GCHeapFreeLimit=50 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=logs/ -XX:ErrorFile=logs/hs_err_pid%p.log -agentlib:jdwp=transport=dt_socket,server=y,address=9009,suspend=n -Dderby.stream.error.file=logs/derby.log -Dderby.infolog.append=true -Dderby.language.logStatementText=true -Dderby.locks.deadlockTrace=true -Dderby.locks.monitor=true -Dderby.storage.rowLocking=true -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=7900 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -ea -jar ROOT.war

When the following message is displayed, the web application has been started.

2017-08-11 22:05:25.233  INFO 81661 --- [           main] o.t.e.Easybuggy4sbApplication            : Started Easybuggy4sbApplication in 8.404 seconds (JVM running for 10.723)

Go to http: // localhost: 8080 and you will see the main page.

Screenshot from 2017-08-27 13-49-32.png

Startup methods other than the above

You can also boot by git clone and mvn clean spring-boot: run.

$ git clone https://github.com/k-tamura/easybuggy4sb
$ cd easybuggy4sb
$ mvn clean spring-boot:run
`server.port = $ {port: 8080}` line in `src / main / resources / application.properties` to` server.port = 9000` Then it will start on port 9000.

You can also deploy ROOT.war in a Java container such as Tomcat 8.5 and it will work as well.

Use of this app

Similar to "Easy Buggy", the purpose is to reproduce, analyze, and deepen understanding of various obstacles. The reason why I made something with the same function is because I wanted to know the following (I'm personally interested).

--Is it easy to create vulnerabilities and resource leaks in the latest framework (Spring Boot) based apps? --What is required to migrate legacy apps to Spring Boot? --Will the readability be improved by migrating legacy apps to Spring Boot? ――How different is the development productivity of Spring Boot compared to legacy apps?

I will publish these in another article at a later date. I made it with my personal interest, but I think it will be useful for the following purposes.

--Understanding implementation examples that create vulnerabilities in Spring Boot-based apps --Reference when migrating from legacy apps to Spring Boot-based apps

Differences in configuration

The main differences between the configurations of "Easy Buggy" and "Easy Buggy Boot" are as follows.

Difference EasyBuggy EasyBuggy Boot
Base technology Servlet 3.0.1 Spring Boot 1.5.6 (Servlet 3.0.1)
Presentation layer unused(Some JSP 2.2 + JSTL 1.2) Thymeleaf 2.1.5 (Some JSP 2.3 + JSTL 1.2)
DB client/server JDBC / Derby 10.8.3.0 Spring JDBC 4.3.9 / Derby 10.12.1.1 (For Java 7), Or 10.13.1.1 (For Java 8)
LDAP client/server Apache DS Client API 1.0.0 / Server 1.5.5 Spring LDAP 2.3.1 / unboundid-ldapsdk 3.2.1
Email JavaMail 1.5.1 JavaMail 1.5.1 (Java Mail introduced by Spring Boot Mail 1.5.Override 6)
Development tools None Spring Boot Developer Tools 1.5.6
Java Supports Java 6 and above Supports Java 7 and above
  • Spring Security should have been introduced for this verification, but unfortunately it has not been done yet ...

How to build

You can create an executable and deployable war file with the following command.

$ mvn clean package

Development method

It also describes how to use STS (Spring Tool Suite) to browse, develop, and debug the EasyBuggy Boot source code. STS is an Eclipse-based IDE, customized to make it easy to develop Spring-based applications.

  1. Download STS from this page.

  2. git clone EasyBuggy Boot from GitHub.

    $ git clone https://github.com/k-tamura/easybuggy4sb
    $ cd easybuggy4sb
    
  3. Execute the following command. This command creates the files needed for STS development (.project and .classpath files). You can also see the source code of the dependent libraries.

    $ mvn dependency:sources
    $ mvn eclipse:eclipse
    
  4. Start STS.

  5. Import the cloned project from Package Explorer. Select "Existing Maven Projects" and click "Next". Screenshot-Import .png Enter the path to the cloned project in the Root Directory and click Finish. Screenshot-Import Maven Projects .png

  6. Right-click on the ʻeasybuggy4sb` project in Package Explorer and select Debug As, Spring Boot App to launch EasyBuggy Boot in debug mode. Screenshot-Spring - easybuggy4sb-src-main-java-org-t246osslab-easybuggy4sb-Easybuggy4sbApplication.java - Spring Tool Suite .png

Also, if you modify the source code, it will be reloaded automatically and the modification will be reflected.

Recommended Posts