CETi 1982 Technology
Technology Driven IT Training



Java Technology Update Knowledge Base Computer Education CETi

Java Platform and Language

Java 8 and Oracle Corporation

Java 8 was released in March 2014: there were delays resulting from security vulnerabilities. The enhancements include support for closures - lambda expressions, annotations on Java types, and Date and Time API. The Project Coin collection of language changes are part of Java 8: strings in switch, binary integral literals and underscores in numeric literals, multi-catch and more precise rethrow, and try-with-resources statement. There is improved type inference for generic instance creation and simplified varargs method invocation. The goal of Project Coin is to determine what set of small language changes should be added to the JDK.

Nashorn: JavaScript and Java

Nashorn uses the jrunscript command-line tool to leverage the new native APIs for implementing a lightweight, high-performance JavaScript runtime in Java. Extension points are provided for an application to use JavaScript within the JVM for Web content generation. Nashorn is the pure open source JavaScript implementation in the JVM, written in Java and compatible with the current standardized version of JavaScript - ECMAScript 5.1.  It compiles JavaScript into byte code; a new query can be added with no compilation. Modifications can be made or new logic introduced without recompilation. The new JavaScript engine includes the same UI: user interface as the Google Chrome debugger and the same testing suite as the Google V8 engine.

Nashorn documentation is available at OpenJDK.

Java Language

Java Security

In January 2013 the US-CERT: US Computer Emergency Readiness Team issued an alert indicating a Security Manager Bypass Vulnerability. Java 7 restrictions on the permissions of Java applets allowed an attacker to execute arbitrary commands on a vulnerable system. All versions of Java 7 through update 10 were affected by this security problem. Oracle Corporation provided a clarification and fix to the vulnerability with Oracle Security Alert for CVE-2013-0422. It addressed the US-CERT and a second security issue affecting Java running in web browsers. The vulnerabilities did not apply to embedded Java applications, Java running on servers, or standalone Java desktop applications.

A vulnerability in the JMX: Java Management Extensions MBean components allowed unprivileged Java code to access restricted classes. Recursive use of the Reflection API through the invokeWithArguments method of the MethodHandle class was a related security problem. It allowed an escalation of privilege by an untrusted Java applet called with the setSecurityManager() function without requiring code signing. Introduced with Java 7, the invokeWithArguments method affects: 1- Oracle Java 7 update 10, 2-earlier Java 7 versions, 3- OpenJDK 7, and 4- IcedTea.

Enhanced Facilities

The enhanced for Loop eliminates the issues associated with iterators and index variables iterating over collections and arrays.

These Java facilities can be used:

Facility Explanation
Autoboxing/Unboxing Eliminates the requirement for manual conversion between primitive types and wrapper types.
Typesafe Enums Allows object oriented enumerated types to be created with arbitrary methods and fields.
Varargs Eliminates the need for manually boxing argument lists into an array when invoking methods which accept variable-length argument lists.
Class Data Sharing Reduces application startup time and footprint.
Garbage Collector Ergonomics The parallel collector monitors and adapts to the memory requirements of the application.
Server-Class Machine Detection The launcher detects whether the application is running on a "server-class" machine.
Thread Priority Changes Thread priority mapping allows Java threads and native threads which do not have explicitly set priorities to compete for allocation of resources.
Fatal Error Handling Provides diagnostic output and reliability.

The Enhanced Loop has limitations in different base operating environments.

Java Language Features

The Java language facilities include:

  • Annotation processing for turning off compiler warnings at a class or method level.
  • Enums as an improvement over ints for type safety.
  • Utilization of varargs for cleaning up ugly code.
  • Covariant returns in order to avoid casts when an implementation's return type is known to be more specific than the APIs.
  • Covariant Return Types for creating methods in a subclass which return an object with a subtype from the overridden method.
  • Utilization of generic methods and generic types.

SYS-ED's workshops explain and demonstrate:

  • How annotations work for frameworks, such as EJB and web services, when behavior is not directly modified.
  • How to correctly pass the same object type to a method without knowing the number of instances at compile time.
  • How type safety is a significant improvement over ints.
  • How to prevent mistakes in which one type of enum is used in place of another.

Java for CICS Transaction Server

Java increasingly is being used in the IBM mainframe environment. There are issues which need to be addressed when running Java applications under CICS Transaction Server and coding using WSAD - first generation and Rational z.

SYS-ED's workshops explain and demonstrate:

  • The profile directory which must be specified in the SIT parameter - JVMPROFILEDIR.
  • That the SIT parameter points to a directory containing the profile files specified in the Java program definition.
  • That case must be preserved when changing the SIT: System Initialization Table or SIT overrides.
  • CICS passing of values in the profile to the JVM: Java Virtual Machine when a transaction invokes a Java program.
  • The important values in the profiles - the directory for CICS Java classes, directory for Java, LIBPATH for additional executables, file names for STDOUT and STDERR, and CLASSPATH for executing the Java programs.
  • The creation of separate CICS class directories for each maintenance level of CICS; then building a process to change the CS_DIRECTORY parameter in the JVM profiles.


  • CICS does not support the 64-bit JVM and when the 64-bit JVM is the default, the 31-bit JVM will have to be placed in its directory within the profile.

Sources: Java Security