Java Developer Tools

Audit - Rules - JavaServer Faces

Description
This group contains audit rules that check for correct usage of the JavaServer Faces framework.

Rules:

Details

Action Method Returns Unknown Value

Summary
Action methods should return values declared in the configuration file.

Description
This audit rule looks for action methods in backing beans that return a constant outcome value that is not declared in faces-config.xml. Because the JSF configuration file defines navigation rules that map outcomes into pages, there is no point in returning an outcome which is never referred to in faces-config.xml.

Example
A violation will be signaled if "checkout" outcome is never mentioned in the configuration file.

    class MyPageBean {
        ...
        public String proceedToCheckout() {
            return "checkout";
        }
        ...
    }

Close Elements in Renderer

Summary
Elements that are opened in a renderer should be closed in the same method.

Description
One of the ways a custom renderer (which is derived from javax.faces.render.Renderer) produces markup is by calling startElement/writeAttribute/endElement methods. This audit rule looks for invocations of startElement that are not followed by a proper endElement invocation within the same method.

Example
    public class CompARenderer extends Renderer {
        public void encodeEnd(FacesContext context, UIComponent component) throws IOException {
            UIOutput outComp = (UIOutput)component;
            ResponseWriter writer = context.getResponseWriter();
            writer.startElement("div", component);
            writer.writeAttribute("id", clientId, "id");
            writer.endElement("p");
        }
    }

Don't Encode Markup in Renderer

Summary
Hard-coding markup as Java literal strings and outputting using write() should be avoided.

Description
This rule looks for HTML/XML tags being output inside write() calls. Placing snippets of HTML code inside Java strings and outputting them using write() calls leads to less maintainable code and potential escaping problems, and is thus prohibited by some coding standards.

Two possible alternatives include:
- use startElement(), writeAttribute(), endElement() calls to output small amounts of markup, or
- use some templating solution to output larger amounts of markup.

Example
The following invocations of the write method would be flagged because the arguments contain markup.

    public class CompARenderer extends Renderer {
        public void encodeEnd(FacesContext context, UIComponent component)
                throws IOException {
            ResponseWriter writer = context.getResponseWriter();
            writer.write("<div class="bpui_compA_popMid">");
            writer.write("</div>");
        }
    }

Incompatible Renderer Type

Summary
The method getRendererType must return a renderer compatible with the type of component specified by the getComponentType method.

Description
This audit rule looks for subclasses of UIComponentTag that return a literal string or a string constant from getComponentRenderer() such that the returned string denotes a renderer which cannot render the component specified by the getComponentType() method's return value.

Example
Given the following XML:

    <render-kit>
        <renderer>
            ...
            <component-family>FamilyA</component-family>
            <renderer-type>RendererA</renderer-type>
            <renderer-class>renderers.RendererA</renderer-class>
        </renderer>
    </render-kit>
    <component>
        <component-type>ComponentB</component-type>
        <component-class>components.ComponentB</component-class>
        <component-extension>
        <component-family>FamilyB</component-family>
        </component-extension>
    </component>

and the following component code:

    public class ComponentB extends UIOutput {
        ...
        public String getFamily() {
            return "FamilyB";
        }
        ...
    }

the return value of the getRendererType() method of the following class will be flagged as violation because the specified renderer cannot render components of the specified family.

    public class ViolatingTag extends UIComponentTagBase {
        ...
        public String getRendererType() {
            return "RendererA";
        }
        public String getComponentType() {
            return "ComponentB";
        }
        ...
    }

Incomplete Validation Method

Summary
Validation methods should either invoke setValid() or throw ValidatorException.

Description
This audit rule looks for validation methods that neither invoke setValid() nor throw ValidatorException, where a validation method is either the processValidation method defined by the Validator interface or a method with a signature of (FacesContext, UIComponent, Object) in a backing bean. These are the two ways for a validation method to signal invalid input to the framework (and if the input cannot be invalid, the validator is not needed).

Example
The following validator will be flagged as a violation because it neither calls UIInput.setValid() nor throws a ValidatorException.

    public class MyValidator implements Validator {
        public void validate(FacesContext context, UIComponent comp, Object value) {
            System.out.println("Validating value " + value);
        }
    }

Inconsistent Validator Attribute

Summary
A validator's attribute type must match the configuration file.

Description
This audit rule looks for accessor methods (getters and setters) in implementations of the Validator interface whose return type or parameter type (as appropriate) does not match the type specified in the configuration file.

Example
Given the following fragment in the faces-config.xml file:

    <validator>
        <description>Checks if the given value matches the ultimate answer.</description>
        <validator-id>MyValidator</validator-id>
        <validator-class>validators.MyValidator</validator-class>
        <attribute>
            <description>...</description>
            <attribute-name>pattern</attribute-name>
            <attribute-class>java.lang.String</attribute-class>
        </attribute>
    </validator>

The method getPattern() of the following validator will be flagged as a violation because it's return type does not match the attribute type specified in the configuration.

    public class MyValidator implements Validator {
        public Integer getPattern() {
            return new Integer(42);
        }
        ...
    }

Invoke super.release() Within release()

Summary
An overriden release() method should invoke the superclass implementation.

Description
This audit rule looks for release() methods implemented by custom tag handlers that do not invoke super.release() in the body of the method.

Example
The release() method of the following class will be flagged as a violation because it does not contain an invocation of super.release().

    public class MyTag extends UIComponentClassicTagBase {
        private String foo;
        public void release() {
            foo = null;
        }
    }

No Validation Message

Summary
Validation methods should indicate why the input is invalid.

Description
A validation method can signal invalid input either by invoking setValid with an argument of false, or by throwing a ValidatorException. If setValid is invoked, the method addMessage should be invoked to pass a message back to the user explaining why the input is not valid. If an exception is thrown, it should have a message that serves the same purpose.This audit rule looks for validation methods that do not either invoke addMessage() or include a message when creating the ValidatorException.

Example
The following validator will be flagged as violation because it neither invokes UIInput.addMessage() nor throws a ValidatorException.

    public class MyValidator implements Validator {
        public void validate(FacesContext context, UIComponent comp, Object value) {
            System.out.println("Validating value " + value);
        }
    }

Non-conforming Backing Bean Methods

Summary
Verifies that parameters and return types of bean's public methods are those expected by the framework.

Description
Public methods of backing beans are called from inside the JSF framework and are expected to have some well-defined signatures. The methods can either be:

- getters/setters of bean properties (to be bound to JSP components or tag attributes)

- event handlers (accepting an instance of an event class and returning nothing)

- action methods (accepting nothing and returning a String)

- validation methods (accepting FacesContext, UIComponent, Object arguments and returningnothing; usually include "validate" prefix in their name)

A method with a signature not matching one of the listed ones will be caught by this rule.

Example
The following method will be marked as violation because it conforms to neither of the allowed specs.

    public class MyBackingBean {
        public void violatingMethod(int x, int y) {
            ...
        }
    }

Return Constant From getComponentType

Summary
The method getComponentType() is expected to return a constant string.

Description
This audit rule looks for implementations of getComponentType() that return a value other than a constant string (i.e. a literal or a final static field). Because the value returned must match the one in the XML file, there is no point in doing any calculations to produce it. Doing so reduces readability of the source and also prevents automatic checking of the return value.

Example
The following return statement will be flagged as a violation.

    public class RoundButtonTag extends UIComponentTag {
        ...
        public String getComponentType() {
            return "CheatyButtonNr" + System.currentTimeMillis();
        }
        ...
    }

Return Constant From getFamily

Summary
The method getFamily() is expected to return a constant string.

Description
This audit rule looks for implementations of getFamily() that return a value other than a constant string (i.e. a literal or a final static field). Because the value returned must match the one in the XML file, there is no point in doing any calculations to produce it. Doing so reduces readability of the source and also prevents automatic checking of the return value.

Example
The following return statement will be flagged as a violation.

    public class RoundButton extends UIComponentTag {
        ...
        public String getFamily() {
            return "RoundButtonNr" + System.currentTimeMillis();
        }
        ...
    }

Return Constant From getRendererType

Summary
The method getRendererType() is expected to return a constant string.

Description
This audit rule looks for implementations of getRendererType() that return a value other than a constant string (i.e. a literal or a final static field). Because the value returned must match the one in the XML file, there is no point in doing any calculations to produce it. Doing so reduces readability of the source and also prevents automatic checking of the return value.

Example
The following return statement will be flagged as a violation.

    public class RoundButtonTag extends UIComponentTag {
        ...
        public String getRendererType() {
            return "RoundButtonNr" + System.currentTimeMillis();
        }
        ...
    }

Tag Handler Field Not Cleared

Summary
Checks for custom tag handler fields that have not been cleared in release().

Description
A practice recommended by the JSF tutorial is to override the release() method and clear non-final instance fields in every custom tag handler. This audit rule looks for custom tag handlers that have non-final instance fields of non-primitive types that are not cleared in the release() method.

See Also
The audit rule "Tag Handler Should Implement Release" checks for the existance of the release() method in classes that need it.

Example
The field "bar" of the following class will be marked is violation because it is not assigned to within the release() method.

    public class MyTag extends UIComponentClassicTagBase {
        private String foo;
        private String bar;
        public void release() {
            foo = null;
        }
    }

Tag Handler Should Implement Release

Summary
Custom tag handlers should implement the release() method.

Description
A practice recommended by the JSF tutorial is to override the release() method and clear non-final instance fields in every custom tag handler. This audit rule looks for custom tag handlers that have non-final instance fields of non-primitive types that are not cleared in the release() method.

See Also
The audit rule "Tag Handler Field Not Cleared" checks for fields that should be cleared in the release() method but are not.

Example
The following class will be flagged as a violation because it has a field to release but does not override the release() method.

    public class MyTag extends UIComponentClassicTagBase {
        private String foo;
    }

Unknown Component Type

Summary
The method getComponentType should return the name of a declared component type.

Description
This audit rule looks for subclasses of UIComponentTagBase that implement a getComponentType method that returns a constant value that is not mentioned in faces-config.xml. Because the JSF configuration file lists all component types in the project, there is no point in returning a component type that is not defined in faces-config.xml.

Example
A violation will be signalled if "RoundButton" component type is not defined in the configuration file.

    public class RoundButtonTag extends UIComponentTag {
        ...
        public String getComponentType() {
            return "RoundButton";
        }
        ...
    }

Unknown Renderer Type

Summary
The method getRendererType should return the name of a declared renderer.

Description
This audit rule looks for subclasses of UIComponentTagBase that implement a getRendererType method that returns a constant value that is not mentioned in faces-config.xml. Because the JSF configuration file lists all renderers in the project, there is no point in returning a renderer type that is not defined in faces-config.xml.

Example
A violation will be flagged if the "RoundButton" renderer is not defined in the configuration file.

    public class RoundButtonTag extends UIComponentTag {
        ...
        public String getRendererType() {
            return "RoundButton";
        }
        ...
    }

Unregistered Validator

Summary
All implementations of the Validator interface should be registered in the configuration file.

Description
This audit rule looks for non-abstract implementations of the Validator interface that are not registered in faces-config.xml. Implementations that are not registered will never be used by the framework.

Example
The following class will be marked as violation if it is not registered in the configuration file.

    public class UnregisteredValidator implements Validator {
        public void validate(FacesContext context, UIComponent comp, Object value) {
            ...
        }
    }

Validation Method Naming Convention

Summary
Verifies that the first component of a backing bean's validation method's name is "validate".

Description
By a common convention, the names of validation methods in backing beans start with word "validate". This audit rule looks for violations of this convention.

Example
The following method will be flagged because it's name does not start with "validate".

    public class MyBackingBean {
        public void emailValidator(FacesContext context, UIComponent comp, Object value) {
        }
    }

Wrong Family Returned

Authentication required

You need to be signed in with Google+ to do that.

Signing you in...

Google Developers needs your permission to do that.