Java Reference
In-Depth Information
Interface changes resulting from fixes can severely impair the contracts of the im-
plementing classes. For example, a fix introduced in a later version may be ac-
companied by modifications to an unrelated interface that must now be imple-
mented by the client. The client may be prevented from implementing the fix be-
cause the new interface may impose additional implementation burden on it.
Implementers can provide default or skeletal implementations of interface meth-
ods for their clients to extend; however, such code can adversely affect the beha-
vior of the subclasses. Conversely, when such default implementations are absent,
the subclasses must provide dummy implementations. Such implementations
foster an environment where comments such as “ignore this code, does nothing”
occur incessantly. Such code may never even get tested.
If there is a security flaw in a public API (see, for example, the discussion of
ThreadGroup
methods in
The CERT
®
Oracle
®
Secure Coding Standard for
Java
™
[Long 2012], “THI01-J. Do not invoke
ThreadGroup
methods”), it will
persist throughout the lifetime of the API, affecting the security of any application
or library that uses it. Even after the security flaw is mitigated, applications and
libraries may continue using the insecure version until they are also updated.
Noncompliant Code Example
In this noncompliant code example, an interface
User
is frozen with two methods:
au-
thenticate()
and
subscribe()
.Sometimelater,theprovidersreleaseafreeservicethat
does not rely on authentication.
public interface User {
boolean authenticate(String username, char[] password);
void subscribe(int noOfDays);
// Introduced after the class is publicly released
void freeService();
}
The addition of the
freeService()
method, unfortunately, breaks all the client code
that implements the interface. Moreover, the implementers who wish to use only
freeService()
havetofacetheonusofalsoprovidingtheothertwomethods,whichpol-
lute the API, for reasons discussed earlier.
