Simplest ways to increase performance of a application

1)     Logging - during my analysis of a project i found logging is takes much time and if we are using it wrongly such as logging directly a large object, in that case toString() method of the object gets called then the time increases drastically. Logging of any exception also takes much time. So if we log only required data and check isDebugEnabled() before any debug log then we can achieve good improvement.

2)      Exception – are also takes considerable time. if we analyze the situations where we are getting exceptions and can do any thing alternative to it or apply any check we can achieve performance improvement in less efforts.

3)     Caching – will increases performance drastically. EH Cache is very easy to configure and if you are using JPA or Hibernate then it will not require much efforts

4)     UI Validations -  

5)     Parallel Processing –

6)     Transaction Management –

7)     Indexing of DB tables

8)     Hibernate Tuning

9)     Increase fetch size

10)HTTP caching

11)Time out for external systems

Tools to Identified performance bottlenecks.

In my recent project we did performance tuning of a java application. I used below tools to identify the performance bottlenecks. The application was a distributed web application, developed using IceFaces , EJB 3, JPA 2. I found the tools very effective in identifying root cause of the problem , specially AppDynamics was very useful.

ü  AppDynamics –  Application Performance Monitoring tool(APM ).

ü  Jconsole  - Monitoring tool to monitor JVM

ü  Eclipse Memory Analyzer – Tool for Java Heap Analyzer

ü  Oracle Enterprise Manager – for database tuning. 

       AppDynamics is the next-generation application performance  management solution. AppDynamics is available as AppDynamics Lite (Free) or AppDynamics Pro (Commercial).  

       AppDynamics Lite has 2 Components

       AppDynamics Lite Application Server Agent

       AppDynamics Lite Viewer

AppDynamics Lite Application Server Agent

The AppDynamics Application Server Agent collects performance data overall and diagnostic data and sends it to the AppDynamics Lite Viewer where you can monitor the health of each Business Transaction from a single easy-to-use dashboard. You can drill down into all Business Transactions to troubleshoot code hot spots, exception stack traces, and SQL queries.

AppDynamics Lite Viewers

The Viewer stores and analyzes application performance data about a single JVM or CLR, using data collected by the Agent. You install the Viewer on the same machine as the application server or Java process that you want to monitor. The Viewer requires very little disk space and memory, and you can open multiple Viewers on multiple application servers running on the same machine. The Viewer is a browser-based Flash application that runs on commonly-used computer systems.

AppDynamics Lite download comes as zip named AppDynamicsLite.zip. After extracting the zip you get two zip files, LiteViewer.zip for the Viewer and AppServerAgentLite.zip for the Agent.

       Install the Viewer

•      Extract the LiteViewer.zip file.

•      From the viewer directory run the below command

      java –jar adlite-viewer.jar

•      By default it will run on port 8990. If you do not want the Viewer to be installed at the default port, you can change the port number using the -Dadlite.port command option.

     java -Dadlite.port= -jar adlite-viewer.jar

•      Open a Web browser and enter the Viewer URL     http://localhost:8990

•      Install the Application Server Agent

•      Extract the AppServerAgentLite.zip on the same file system as the app server.

•      Open the startWebLogic.cmd file or startWebLogic.sh in case of Linux environment

•      Add below javaagent argument to the beginning of your application server start script.

     For Windows

     Set JAVA_OPTIONS=% JAVA_OPTIONS% -javaagent:"Drive:\agent_install_dir\javaagent.jar"

     For Linux

     Set JAVA_OPTIONS=% JAVA_OPTIONS% -javaagent:"Drive:\agent_install_dir\javaagent.jar"

•      Restart the application server. The application server must be restarted for the changes to take effect.

iText API

iText is a library that allows you to generate PDF files on the fly.The most recent version is iText 5.0.3iText is an ideal library for developers looking to enhance web- and other applications with dynamic PDF document generation and/or manipulation. iText is not an end-user tool

You can use iText to:

Serve PDF to a browser
Generate dynamic documents from XML files or databases
Use PDF's many interactive features
Add bookmarks, page numbers, watermarks, etc.
Split, concatenate, and manipulate PDF pages
Automate filling out of PDF forms
Add digital signatures to a PDF file

http://www.roseindia.net/java/itext/index.shtml

import java.io.*;
import com.lowagie.text.pdf.*;
import com.lowagie.text.*;
public class HelloWordPDF
{
public static void main(String arg[])throws Exception
{
Document document=new Document();
PdfWriter.getInstance(document,new FileOutputStream("hello.pdf"));
document.open();
document.add(new Paragraph("Hello Pdf"));
document.close();
}
}

Apache POI Java API for Microsoft Documents

create and maintain Java APIs for manipulating various file formats based upon the Office Open XML standards (OOXML) and Microsoft's OLE 2 Compound Document format (OLE2). In short, you can read and write MS Excel files using Java. In addition, you can read and write MS Word and MS PowerPoint files using Java. Apache POI is your Java Excel solution (for Excel 97-2008). We have a complete API for porting other OOXML and OLE2 formats and welcome others to participate

http://poi.apache.org/spreadsheet/quick-guide.html

New Workbook Workbook wb = new HSSFWorkbook();
FileOutputStream fileOut = new FileOutputStream("workbook.xls");
wb.write(fileOut);
fileOut.close();
Workbook wb = new XSSFWorkbook();
FileOutputStream fileOut = new FileOutputStream("workbook.xlsx");
wb.write(fileOut);
fileOut.close();

New Sheet Workbook wb = new HSSFWorkbook();
//Workbook wb = new XSSFWorkbook();
Sheet sheet1 = wb.createSheet("new sheet");
Sheet sheet2 = wb.createSheet("second sheet");
FileOutputStream fileOut = new FileOutputStream("workbook.xls");
wb.write(fileOut);
fileOut.close();

Creating Cells Workbook wb = new HSSFWorkbook();
//Workbook wb = new XSSFWorkbook();
CreationHelper createHelper = wb.getCreationHelper();
Sheet sheet = wb.createSheet("new sheet");
// Create a row and put some cells in it. Rows are 0 based.
Row row = sheet.createRow((short)0);
// Create a cell and put a value in it.
Cell cell = row.createCell(0);
cell.setCellValue(1);
// Or do it on one line.
row.createCell(1).setCellValue(1.2);
row.createCell(2).setCellValue(
createHelper.createRichTextString("This is a string"));
row.createCell(3).setCellValue(true);
// Write the output to a file
FileOutputStream fileOut = new FileOutputStream("workbook.xls");
wb.write(fileOut);
fileOut.close();

Preventing Cross-Site Scripting Attacks

Cross site scripting (XSS) is basically using JavaScript to execute JavaScript from an unwanted domain in a page. Such scripts could expose any data in a page that is accessible by JavaScript including, cookies, form data, or content to a 3rd party. Here is how you can prevent your web pages from being exploited on both the client and the server. This is followed with tips on how to avoid vulnerable sites.
Escape parameters and User Input - The safest step you can take is to escape all parameters to a page where the parameters are displayed in the content.The same applies for any user input that may be displayed or re-displayed in a web page rendered by a server. The downside is that your users can not provide markup.
Remove eval(), javascript, and script from User Provided Markup - If you allow users to provide markup in any part of your application that is displayed in a page make sure to remove eval() and javascript: calls from element attributes including styles as they can be used to execute JavaScript. Also remove script blocks.
Filter User Input on the Server - You should always filter user input that is stored or processed on a server because URLs and GET/POST requests can be created manually.
Use Caution with Dynamic Script Injection - Be careful when dynamically injecting external scripts to retrieve JSON based data as you are potentially exposing everything accessible by JavaScript.
Avoid XSS Phishing Attacks - Be aware of sites that contain vulnerabilities and phishing style attacks containing external script references.
To Solve the problem in Spring MVC

1. Use htmlEscape="true" in input tag that will escape all special characters.
2. Use special chacter Validation for input fields '&*@/\'.
3. Use escapeXml="true" for all c:out's

Tool For Javascript Source Code

I found good tool which contains lot of ready made javascript codes to improve the design, validate forms, detect browsers, create cookies,calendars, calculator, clocks, password protections, page-details, scrolls.It is a freeware.You just need to copy the code and use it

http://www.freedownloadscenter.com/Programming/Java/EMX_Javascript_Professional_Download.html