New topics from the Java SE 11 Programmer II exam

About this article

I took and passed the * Java SE 11 Programmer II * exam on May 16, 2020, and obtained the * Java Programmer, Gold SE 11 * qualifications, so I hope this article will help those who are going to take the exam. I decided to write. I didn't really understand the new features myself, so I'm also reviewing them. As a premise, I have * Java Programmer, Silver * qualifications (* Java SE 11 Programmer II * qualifications), and I will proceed with the assumption that I have learned some knowledge about * Java SE 8 Gold *. I will not talk much about Core APIs such as lambda expressions and Stream APIs, but I will mainly write about the new elements added from SE 8. This article is only a brief explanation, so please see the links in each item for details.

Introduction

The company I work for has a qualification allowance, and I was studying for qualifications to learn Java and obtain a qualification allowance. * Java SE 7/8 Bronze * and * java SE 8 Silver * (* Java SE 8 Programmer I *) were both relatively easy to get after solving the black book for a couple of weeks. After studying Gold for about two months, I was able to pass SE 8 but I wanted to get the latest qualification if I wanted to get the highest qualification, so I decided to take SE 11 Did. However, the reference book has not been published as of May 16, 2020, and it is expected that it will take some time before it is published. Therefore, I had to study new fields from SE 11 without relying on reference books, which was quite difficult. Rough information was gathered by attending a free online seminar held by Oracle. The questioner was the instructor, and the story was easy to understand, so it was very meaningful. If I have the opportunity, I think there is no loss in taking the course. Also, if you take the test by May 31, we are running a campaign where you can take the test again for free, so if you are in doubt, you should take it once. Details can be found at the links below.

[Campaign :: Oracle :: Pearson VUE] (https://www.pearsonvue.co.jp/Clients/Oracle/Special-Offers/Retake2020.aspx)

Exam outline

Let's start with an overview of the exam.

Java SE 11 Programmer II | Oracle University

||Java SE 11 Programmer II|Java SE 8 Programmer II| |:-:|:-:|:-:| |Exam name|Java SE 11 Programmer II|Java SE 8 Programmer II| |Exam number|1Z0-816|1Z0-809| |Exam fee(Tax excluded)|¥26,600|¥26,600| |Question format|Choice question|Choice question| |test time|180 minutes|150 minutes| |Number of questions|80 questions|85 questions| |Pass line|63%|65%|

The number of questions has decreased a little and the exam time has increased. It seems that the code of the problem statement is a little longer overall. The number of passing lines has decreased slightly, but I think this is because it is a new qualification. It took about 30 minutes in the actual production, so I don't think it's necessary to rush to solve it.

Differences in question range

Newly added topic

--Private method of interface --Usage of local variable type inference (var) --Module function --Secure coding

The newly added topics focused on modular functionality and secure coding.

Topics to be focused on

--Serialization --Generics

The rate of serialization is higher than you think, so make sure you understand it. Regarding JDBC, there are also problems related to SQL injection countermeasures related to secure coding. Lambda expressions, Stream API, like SE 8, are the most important topics, and the question ratio is quite high.

Topics that are no longer available

I was told that the Date and Time API did not appear at the seminar, but only one question came up with a format problem. It seems better to learn just the basics. As for the design pattern, the Singleton pattern may be asked in connection with secure coding such as synchronization control.

Java SE 11 execution environment

Pleiades Java 11 standard installation and the end of Eclipse codename

There is a complete set of ** Pleiades All In One ** that can be downloaded from the link, so this is the best if you want to use it quickly.

Interface private method

Starting with Java 9, you can define ** private methods ** in your interfaces. It is used for use in static methods and default methods in the same interface, has an implementation, and cannot be inherited or called from an external class.

SampleInterface.java


public interface SampleInterface{
    default void defaultMethod(){
        privateMethod("Taro");
        privateMethod("Jiro");
    }

    static void staticMethod(){
        privateStaticMethod("Saburo");
        privateStaticMethod("Shiro");
    }

    private void privateMethod(String name){
        System.out.println( "Hello," + name + "Mr.");
    }
    
    private static void privateStaticMethod(String name){
        System.out.println( "Hello," + name + "Mr.");
    }
}

SampleClass.java


public class SampleClass implements SampleInterface{
	public static void main(String[] args) {
		SampleClass sc = new SampleClass();
		sc.defaultMethod();
		SampleInterface.staticMethod();
	}
}

Execution result


Hi, Taro
Hi, Jiro
Hi, Saburo's
Hi, Shiro's

In this way, when writing similar processing in an interface, you can write it concisely without writing the same code many times.

Usage of local variable type inference (var)

Starting with Java 10, type inference using var for local variables is available. The type is automatically inferred from the right side when the variable is assigned.

Example of use

LocalVariableType.java


public class LocalVariableType {
	public static void printInt(int i) {
		System.out.println(i + " is int type");
	}

	public static void printBoolean(boolean bl) {
		System.out.println(bl + " is boolean type");
	}

	public static void printString(String str) {
		System.out.println(str + " is String type");
	}

	public static void main(String[] args) {
		var i = 1;
		var bl = true;
		var str = "String";
		printInt(i);//Function that takes an int type argument
		printBoolean(bl);//Function that takes a boolean argument
		printString(str);//Function that takes an argument of type String

		//Can also be used in List and for statements
		var list = List.of(i,bl,str);
		for(var l :list) {
			System.out.print(l + " ");
		}
		//Starting with Java 11, var can be used as an argument of a lambda expression, which allows it to be annotated.
		Function<String,Integer> function = (@Annotation var a) -> a.length();
	}
}

Execution result


1 is int type
true is boolean type
String is String type
1 true String 

As with JavaScript, you can see that type inference can now be performed from the right side. List type inference can omit the description of generics, so I think it will be easier to see with less code.

Example of compiling error

If the type cannot be inferred from the right side, a compile error will occur.

LocalVariableType2


public class LocalVariavleType2 {
	public static void main(String[] args) {
		var v;//Must be initialized at the time of declaration
		var f1 = a -> a + 1;	//Lambda expressions cannot be assigned
		var f2 = (Runnable)() -> new String("Hello");//Can be initialized by casting a functional interface
		var list1 = {1, 2, 3};//Cannot be used to initialize an array
		var list2 = new int[]{1, 2, 3};//Can be initialized by specifying the type
		var list3 = new ArrayList<>();//Compilable, but of type ArrayList<Object>become
		var n = null;//null cannot be assigned
	}
}

I've only asked about two questions directly about how to use var, but it's taken for granted that it's written in the code of the problem statement, so let's understand the meaning.

Module function

I proceeded with the learning by referring to the following Oracle page.

Understanding Java 9 Modules

What is a module?

Starting with Java 9, module functionality is available. A module is a superordinate concept of a package, which is a collection of related packages, resources, and module descriptors. Basic libraries such as java.lang are also stored in the java.base module. This java.base module can be accessed without using module descriptors such as the requires keyword described below.

Benefits of modularization

Dependency simplification

By describing the dependencies on a module-by-module basis, it is now possible to simply describe the dependencies between packages.

Strong encapsulation

Since the access authority to the subordinate packages can be specified in more detail, stronger encapsulation is possible.

Execution environment can be customized for each module

By creating the runtime with only the modules you need, you can reduce the size of the runtime and improve the effectiveness of JVM optimization.

Module definition

Modules can be defined by placing the following module definition files at the top of the source folder. The module name must be an inverse domain expression and must be unique (it cannot contain the same name).

module-info.java


module Java_SE_11_Gold {
//Describe module descriptor etc.
}

Module descriptor

requires

module-info.java


module A {
	requires B;
}

A descriptor that indicates that the module depends on another module. For the above code, module A reads module B. requires transitive

module-info.java


module A {
	requires B;
}
module B{
	requires transitive java.sql;
}

Allows the specified module to be read when the module that describes the requires transitive descriptor is read while reading the specified module. For the above code, module B reads java.sql. Module A also reads module B, but at that time module A also reads java.sql at the same time. If you just use requires in module B, module A will not be able to load java.sql. requires static The existence of module is required only at compile time. Not required at runtime. It's just an imagination, but I think it's used for annotations. exports

module-info.java


module A{
	exports samplePackage;
	exports samplePackage2 to B,C;
}

The following packages of modules are not accessible from the outside by default. Use the exports descriptor to allow access from outside the module. When exportings, allow access to public types (and nested public and protected types). In the above code, the package samplePackage is specified to be accessible from the outside. Also, by using the exports ... to descriptor, you can specify the packages to be allowed access (multiple comma-separated ones can be specified). The above code allows module B and module C access to package samplePackage2. opens It cannot be referenced at compile time, but it can be controlled so that it can be referenced at runtime. There are two types: opens ... to, which is set for each package, and open module, which is set for the entire module.

mojule-info.java


module Java_SE_11_Gold{
	opens samplePackage;//Makes the specified package visible to all modules
	opens aamplePackage2 to B,C;//You can individually specify multiple modules to be opne separated by commas.
}

mojule-info.java


open module Java_SE_11_Gold{//Make it possible to refer to all the modules under it
}

uses Specifies the service used by the module. A service is a set of known interfaces and classes (usually abstract classes). See the javadoc link below for more information. https://docs.oracle.com/javase/jp/8/docs/api/java/util/ServiceLoader.html provides...with Specifies that the module provides an implementation of the service. After provides, specify the interface or small and medium-sized class to be provided to uses, and after with, specify the name of the class that implements the interface or inherits the abstract class.

Anonymous modules and automatic modules

Anonymous modules and automatic modules are special modules primarily for applying module systems to pre-Java 8 code. Here, we will explain the parts that are likely to be involved in the exam, so if you want to know more, please refer to the link below. Learn the module system

Anonymous module

Packages and types loaded from the classpath will now belong to a module called * anonymous module *. Anonymous modules cannot have a module definition (module-info.java), so you can't write dependencies using module descriptors, but they implicitly behave as follows:

--All packages in anonymous modules will be exported. --Anonymous module is [Module Graph](https://qiita.com/opengl-8080/items/93c8e0cf58654d5f73cb#%E3%83%A2%E3%82%B8%E3%83%A5%E3%83%BC % E3% 83% AB% E3% 82% B0% E3% 83% A9% E3% 83% 95) Requires all modules on.

Automatic module

A module for treating non-modules as modules. Code that does not have a module definition will be recognized as an automatic module. Like anonymous modules, module descriptors cannot be explicitly defined and have the following implicit behavior:

--All packages in the automatic module will be exported. --Automatic modules require all modules on the module graph.

Referenceability between modules

A named module is a regular module that has a module definition. Also, the --add-module command is a command that allows you to add any module to the root module. In the table below, the types of modules that are referenced by the side marked (referenced) and the modules that are referenced by the other side are shown.

Named module(Referenced) Automatic module(Referenced) Anonymous module(Referenced) Features
Named module Can be referred Can be referred Cannot be referenced There is a module definition and it is placed in the module path
Automatic module --add-Can be referenced using the module command Can be referred Can be referred No module definition, placed in module path
Anonymous module --add-Can be referenced using the module command --add-Can be referenced using the module command Can be referred No module definition, placed in classpath

ServiceLoader class

It is a class for handling a mechanism for providing implementation by a third party called SPI (Survice Provider Interface). The library provides services that are SPIs (a set of interfaces and classes (usually abstract classes)), and the Service Loader loads a third-party implementation. For detailed specifications and methods, refer to the following Oracle docs. ServiceLoader (Java Platform SE 8 ) - Oracle Docs

How to use jdeps

You can use the jdeps command to find out which module the jar file (or class file) depends on, as shown below.

jdeps -s jar file
(jar file name) -> (Dependent module name)
(jar file name) -> (Dependent module name)
(jar file name) -> (Dependent module name)
……

-s is an option to print a summary of dependencies. The options are detailed on the following Oracle docs page: Print summaries -s and -summary, print dependencies -v and -verbose, specify dependencies in the specified package -p and -package , specified regular expression pattern I remember having problems with -e and -regex , which search for dependencies in packages that match. Also, if no option is specified, the -verbose: package option, which outputs the dependencies between packages by default, is used. For more information, see Oracle Docs below. jdeps - Oracle Docs

For a concrete operation example of each command, refer to the links below. Try jdeps, a dependency analysis tool that comes with Java 8

Secure coding

In the field of secure coding, there are questions about how to prevent data leakage and tampering when exchanging important data such as credit card numbers, and how to prevent attacks such as SQL injection from malicious attackers. .. If you think in common sense, there are problems that can be solved without much knowledge, so I think that it will be a relatively easy category in the new field. At the Oracle seminar, the following JPCERT links "00. Input Value Inspection and Data Detoxification (IDS)", "12. Input / Output (FIO)", "13. Serialization (SER)", "14. Platform There was information that the questions will be asked from "Security (SEC)" and "49. Miscellaneous Rules (MSC)". Java Coding Standard CERT / Oracle Version The main issues are SQL injection, encapsulation and serialization. It's a good idea to compare the conformance code with the violation code in the link above to understand what's wrong. Also, as a prerequisite, it is good to understand the basic attack method for websites. The links below describe each attack method. Types of cyber attacks and web security

Input value inspection

By performing input value inspection, you can prevent SQL injection and XSS (Cross-site scripting). For example, consider the following query.

SELECT * FROM db_user WHERE username='<USERNAME>' AND password='<PASSWORD>'

Given "username'or '1' = '1" as the username, this query looks like this:

SELECT * FROM db_user WHERE username='username' or '1'='1' AND password='<PASSWORD>'

Originally, both the user name and password are checked, but by rewriting the query in this way, "username ='username'" or "'1' = '1' AND password =''" If either is true, you will be able to access the record. In other words, in this case, you can access the record by simply entering the user name, regardless of the password entered value. As a way to prevent this, it is necessary to check whether the input value contains specific symbols or characters, and whether it is longer than necessary. If you want to take measures against SQL injection, you can also use PreparedStatement to construct SQL.

File input / output

Basically, the question is whether the file is properly closed. If the file is not closed, it will leak memory and consume resources. As a method of closing the file, there are a method using the try-with-resource statement and a method using the close () method. Also, when outputting a file, it is a good idea to make a read-only deep copy so that the original data does not change.

Serialization

** Serialization ** is to output a Java instance as a byte string and save it. Conversely, the operation to convert a byte string to a Java instance is called ** deserialization **. It is mainly used to store an instance of Java as a file and make the instance information persistent. Since it is in the range of * SE 8 *, detailed explanation is omitted and only the part related to secure coding is explained.

Compatibility when serializing

If you change the fields of the serialized class, there may be a conflict between the instance restored when the serialization is restored and the modified class. To prevent this, give a value to serialVersionUID and change this value every time there is a change. The serialVersionUID should have a final qualifier so that its value does not change. Also, by using the static modifier and the transient modifier, you can specify the fields that are not serialized in advance. This helps improve compatibility when you make changes to classes, etc.

In addition, when important information such as credit card information is included in the data to be serialized, it may be tampered with maliciously unless processing such as encryption is performed in advance.

Exclusive control in parallel processing

When performing parallel processing, there was a problem asking whether it was thread safe and whether deadlock or live rock occurred. Concurrency is covered in SE 8 as well, so I won't explain it in detail, but I'd like to explain about deadlock and live rock because I was asked a couple of questions in production.

Deadlock

If one thread uses one exclusive resource, it can be processed in parallel without any problem by waiting until another thread releases the resource. Deadlock is a condition in which one thread needs two or more resources, and when parallel processing is performed, separate threads compete for exclusive resources and become inoperable. Workarounds include ordering the locks (for example, when a thread attempts to acquire a lock on a second or subsequent resource, it attempts to acquire the lock on the first resource first). .. Illustrations, code examples, etc. are described in detail on this site, so please refer to it. About Deadlock-Introduction to Java-IT Specialized

Live rock

Multiple threads are acquiring and releasing shared resources to avoid deadlock, but the waiting time is the same, and the priority of the thread to proceed to the next process is lower than that of other threads. Repeating the process that does not proceed is called live rock. To avoid this, use a random number for the waiting time of the thread, or give priority to other threads (yield method, etc.). Code examples etc. are described in detail on this site, so please refer to it. About Live Rock-Nee-kun

Finally

Regarding SE 11 Gold, even if you don't have a reference book, if you study the old range well, I think that you will not have a hard time except for completely new elements such as module functions. Also, if there are any deficiencies or omissions in the content, we would appreciate it if you could point them out in the comments.

Reference link

Java SE 11 Programmer II | Oracle University Understanding Java 9 Modules Learn the module system ServiceLoader (Java Platform SE 8 ) - Oracle Docs jdeps - Oracle Docs Try jdeps, a dependency analysis tool that comes with Java 8 Java Coding Standard CERT / Oracle Version Types of cyber attacks and web security About Deadlock-Introduction to Java-IT Specialized About Live Rock-Nee-kun

Recommended Posts

New topics from the Java SE 11 Programmer II exam
Let's talk about the passing experience of Java SE 8 Programmer II
java se 8 programmer Ⅰ memo
Java SE 8 Sliver exam questions
New features from Java7 to Java8
Oracle Certified Java Programmer, Gold SE 8
Java SE Bronze exam test content
The road from JavaScript to Java
What you did to get the Oracle Certified Java Programmer, Silver SE 8
Kick ShellScript on the server from Java
About the new Java release model @ Seki Java (2018/07/20)
I tried the new era in Java
Hit the Salesforce REST API from Java
Java SE 8 Silver (Java SE 8 Programmer I) Pass Note
The story received by Java SE11 silver
It took a month from application to taking the Oracle Java SE 11 Silver
[Qualification Exam] (Java SE8 Gold) Learning Review & Summary
To become a VB.net programmer from a Java shop
Try calling the CORBA service from Spring (Java)
Try accessing the dataset from Java using JZOS
Try the free version of Progate [Java II]
[Qualification Exam] Java SE 8 Silver Learning Method Summary