审计大型 java/j2ee Web 应用程序的最佳方法是什么
我必须审核一个大型 Web Java/J2ee 应用程序,该应用程序已经发展了数年 年。 它是由其他公司编写的,而不是我正在工作的公司。 在 它目前的状态已经变得难以发展和维护,新的 功能很难添加,并且经常会导致有时出现的错误 生产。 似乎有一些复制/粘贴的代码导致了代码重复。 当前的应用程序是某种在线购物,到处都有一些类似 cms 的内容。 代码的较新部分主要是 Struts 和一些 Spring,也许还添加了一些 ejb 很好的措施。 有一些可用的单元测试,但数量不多。 这些是我被告知的事情,我还没有看到实际的代码。
我的公司将提议重写该应用程序的部分内容,以减少 复杂性,提高质量和模块化,并使添加变得更容易 没有回归的新功能。 在做出任何承诺之前,他们希望得到某种赞赏 现有代码的质量并评估其中有多少可以重用,以便 对必须要做的事情有更多的猜测 - 完全重写或部分重写 改写。
问题是我必须在很短的时间内(几天)完成这项工作,所以我 试图制定一个在如此短的时间内可以完成的计划。 我的想法是:
- 检查“基本”的东西 - 异常处理、日志记录
- 检查分层的级别(视图、控制器、dao 层)
- 测量单元测试的实际覆盖率
- 可能会运行一些 Checkstyle、Findbugs 和 PMD项目
- ......
所以实际的问题是我还应该考虑/检查/测量/等等其他什么事情?
我不确定我能从中得到什么样的数字,以及这是否真的意味着什么 有些事,我感觉管理层的要求有点不对 方法,所以第二个问题是:有人有更好的主意吗?
我将不胜感激对此的任何想法、建议、评论。
I have to audit a large web Java/J2ee application that has evolved over several
years. It's been written by some other company, not the one I'm working for. In
it's current state it has become hard to evolve and maintain, new
functionalities are hard to add and often lead to bugs that sometime show up in
production. There seem to be some copy/pasted code which resulted in code duplication.
The current app is some kind of online shopping with some cms-like content here and there.
It's mostly Struts and some Spring in newer parts of the code, maybe some ejbs thrown in for
good measure. There are some unit tests available, but not a lot of them.
These are things I've been told, I haven't seen yet the actual code.
My company will make a proposition to rewrite parts of this app in order to reduce
complexity, improve quality and modularity, and make it possible to add easier
new functionalities without regressions.
Before making any commitement, they would like to have some kind of appreciation
of the quality of the existing code and to asses how much of it can be reused, in order
to have more than a guess in what there will have to be done - full rewrite or partial
rewrite.
The catch is that I'll have to do this in a very short period ( a couple of days ) so I'm
trying to work out a plan for what can be done in such a short time. What I'm thiking is :
- check out "basic" things - exceptions treatment, logging
- check out the level of layering ( views, controllers, dao layer )
- measure the actual coverage of the unit tests
- maybe run some Checkstyle, Findbugs and PMD over the projects
- ...
So the actual question is what other things should I take into account/check/measure/etc ?
I'm not sure what kind of numbers I could get out of this and if it would really mean
something, I have the feeling that what the management is asking is kind of the wrong
approach, so the second question would be : does anyone has a better idea ?
I'll appreciate any idea, suggestion, comment on this.
Edit: I'll be adding two dead code detectors to the mix : UCD and DCD
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
我非常喜欢你的清单。 我认为你有一个很好的进攻计划。
我会着眼于 Spring 或 EJB 3.0 的标准化,但不会同时关注两者。
我自己还没读过,但我想知道 Michael Feathers 的书 “有效地与遗留代码》有什么好的想法吗?
更新:
也许您可以通过自动化构建和持续集成来帮助解决问题 - Cruise Control、Hudson 或 Team City。 如果您必须进行任何重构,它会有所帮助。
I like your list quite a lot. I think you have an excellent plan of attack to start.
I'd look with an eye to standardizing on either Spring or EJB 3.0 but not both.
I haven't read it myself, but I wonder if Michael Feathers' book "Working Effectively With Legacy Code" has any good ideas?
UPDATE:
Maybe you can help things by putting them on a automated build and continuous integration - Cruise Control, Hudson, or Team City. If you have to do any refactoring it'll help.
您非常关注可维护性和可扩展性。
我想补充一下重新启动项目需要多长时间。 他们使用源代码控制吗? 他们是否有单独的集成和用户验收测试环境? 有构建服务器吗?
当您必须花费两个月的时间才能出现第一次改进时,就需要有人提前管理客户的期望。
You're focusing on maintainability and extensibility which is spot on.
I would add looking at how long it is going to take to reboot the project. Do they use source control? Do they have separate environments for integration and user acceptance testing? Is there a build server?
When you have to spend two months before the first improvement appears someone needs to manage the client's expectations upfront.
事实上,他们不会支付完全重写的费用,因为:
现在是经济衰退,你从头开始重写的成本会很高
我首先会讲一些简单的事实:
尝试绘制架构的快速图表如果他们没有给您有关申请的文件。
收集一些统计数据和一些事实,写一份报告并发送给公司。 他们会希望最大限度地降低成本,并且会要求您避免修复未损坏的代码。 您从统计数据开始,然后是事实和关于时间/受影响代码的大致百分比/定价的建议。
通常,遗留的 Struts 应用程序维护起来很麻烦,已经做过了。 如果这不是你工作的一部分,我会说放弃它。 如果您遇到不涉及很多模板并且会进行很多更改的“独立”页面,建议使用其他技术重写它们。
In fact they won't pay for a full rewrite, because :
It's recession, the cost of you rewriting it from scratch will be high
They might be trying to sell the company ASAP
I would first go with some simple facts :
Try to draw a quick diagram of the architecture of the application, if they don't give you a document about it.
Gather some statistics and some facts, write a report and send them to the company. They'll want to minimize the costs and they'll ask you to avoid fixing code which is not broken. You start with the statistics, then to the facts and a proposition with time/approximate percentage of code affected/pricing.
Usually legacy Struts applications are a pita to maintain, been there done that. If it wasn't part of your job, I would say let it go. If you come across "standalone" pages which don't involve many templates and are subject to many changes, propose to rewrite them with some other technology.
我有两个网络应用程序,其设置与您类似。 我停止使用 FindBugs 和 Checkstyle,因为它们显示了超过 10,000 个问题点。 应用程序使用 JDBC 级别的数据访问、JSP 进行表示以及使用自定义框架进行请求分派。 对我来说幸运的是,这些低级别设置使我能够在中等难度下进行扩展和修复。 在为期 3 年的项目中,只有大约 20% 的原始代码保持原样。 迟早,其他所有内容都需要更改、替换或删除(最后我能够使用 FindBugs 和 Checkstyle)。
我们也面临着完全重写的困境。 然而,有几个因素反对它:
它归结为你实际上想做的事情。
尽管很复杂,你还是想重写吗?
你不想重写吗?
如果您想尝试一下代码,请尝试添加 Hello World! 应用程序的功能/屏幕。 这说明了你实施新事物的难度和速度。
I had two web applications with similar settings as you. I stopped using FindBugs and Checkstyle as they showed more than 10.000 problematic points. The applications used JDBC level data access, JSP for presentation and a custom framework for request dispatching. Luckily for me, these low level settings allowed me to do the extensions and fixes on medium difficulty. During the 3 year project, only about 20% of the original code remained as it were. Sooner or later everything else needed to be either changed, replaced or removed (and finally I was able to use FindBugs and Checkstyle).
We too faced the dilemma of complete rewrite. However, there were several factors against it:
It boils down what you want to do actually.
Do you want to rewrite, despite the complexity?
You don't want to rewrite?
If you want to taste the code, try to add the Hello World! function/screen to the application. That tells how hard and how fast you can implement new things.