sonar + findbug + checkstyle +….

this code review tool has cost me much time, due to the poor documentation of sonar, and actually wrong documentaion.

1. the command should be “mvn sonar3:sonar” instead of “mvn sonar:sonar”. the latter would download sonar-maven-plugin-2.0-beta, which would always display the class missing/ class not accessible through classloader exception. the former command would instead download and install sonar-maven-plugin-2.4.1, which is the latest version, using which, the can be utilized locating the needed library jars.
2.there are some checkstyle, pmd null pointer exceptions, this is due to the configuration of each. something like single regexp setting, even though its default value is “^$”, however, specify this explicitly or not, makes a null pointer exception difference. which again proves, sth wrong with the sonar, or the plugin.

3. there are plugins to generate pdf report, sonar-pdfreport-plugin-1.2.jar

4. there are plugins to analyze the jsp, html files, sonar-web-plugin-1.0.2.jar. (however, Please note you can run sonar analysis for an artefact in only one language (SONAR-926). So you cannot run a web analysis and a java analysis on the same maven project. The fix is to make a separate maven pom for the web project with a different name. )

set up sonar yesterday, then start running against the project

there is one critical error, claiming
Security – Array is stored directly : The user-supplied array ‘lSelectedProdList’ is stored directly.

I just went through a research, then quickly refreshed what I have been done for passing SCJP.

shallow copy of the clone, is to clone the object, with primitive variables copies, reference variables, the values of the reference variable, which is the address of the being referred object copied.

Deep copy clone, is to have another copy of the object, the reference variable referred.


Java provides a mechanism for creating copies of objects called cloning. There are two ways to make a copy of an object called shallow copy and deep copy.
Shallow copy is a bit-wise copy of an object. A new object is created that has an exact copy of the values in the original object. If any of the fields of the object are references to other objects, just the references are copied. Thus, if the object you are copying contains references to yet other objects, a shallow copy refers to the same subobjects.
Deep copy is a complete duplicate copy of an object. If an object has references to other objects, complete new copies of those objects are also made. A deep copy generates a copy not only of the primitive values of the original object, but copies of all subobjects as well, all the way to the bottom. If you need a true, complete copy of the original object, then you will need to implement a full deep copy for the object.
Java supports shallow and deep copy with the Cloneable interface to create copies of objects. To make a clone of a Java object, you declare that an object implements Cloneable, and then provide an override of the clone method of the standard Java Object base class. Implementing Cloneable tells the java compiler that your object is Cloneable. The cloning is actually done by the clone method.”