PMD Coding practices - JEE

JEE rules - provided by PMD

UseProperClassLoader

In JEE, the getClassLoader() method might not work as expected.

Use Thread.currentThread().getContextClassLoader() instead.

MDBAndSessionBeanNamingConvention

The EJB Specification states that any MessageDrivenBean or SessionBean should be suffixed by 'Bean'.

RemoteSessionInterfaceNamingConvention

A Remote Home interface type of a Session EJB should be suffixed by 'Home'.

LocalInterfaceSessionNamingConvention

The Local Interface of a Session EJB should be suffixed by 'Local'.

LocalHomeNamingConvention

The Local Home interface of a Session EJB should be suffixed by 'LocalHome'.

RemoteInterfaceNamingConvention

Remote Interface of a Session EJB should not have a suffix.

DoNotCallSystemExit

Web applications should not call System.exit(), since only the web container or theapplication server should stop the JVM.

This rule also checks for the equivalent call Runtime.getRuntime().exit().

StaticEJBFieldShouldBeFinal

According to the JEE specification, an EJB should not have any static fieldswith write access.

However, static read-only fields are allowed.

This ensures properbehavior especially when instances are distributed by the container on several JREs.

DoNotUseThreads

The JEE specification explicitly forbids the use of threads.

Basic JSF

DontNestJsfInJstlIteration

Do not nest JSF component custom actions inside a custom action that iterates over its body.

Basic JSP

NoLongScripts

Scripts should be part of Tag Libraries, rather than part of JSP pages.

NoScriptlets

Scriptlets should be factored into Tag Libraries or JSP declarations, rather than being part of JSP pages.

NoInlineStyleInformation

Style information should be put in CSS files, not in JSPs.

Therefore, don't use B or FONT tags, or attributes like "align='center'".

NoClassAttribute

Do not use an attribute called 'class'. Use "styleclass" for CSS styles.

NoJspForward

Do not do a forward from within a JSP file.

IframeMissingSrcAttribute

IFrames which are missing a src element can cause security information popups in IE if you are accessing the pagethrough SSL.

NoHtmlComments

In a production system, HTML comments increase the payload between the application server to the client, and serve little other purpose.

Consider switching to JSP comments.

DuplicateJspImports

Avoid duplicate import statements inside JSP's.

JspEncoding

A missing 'meta' tag or page directive will trigger this rule, as well as a non-UTF-8 charset.

NoInlineScript

Avoid inlining HTML script content.

Consider externalizing the HTML script using the 'src' attribute on the script element.

Externalized script could be reused between pages.

Browsers can also cache the script, reducing overall download bandwidth.