How do I use HttpClient with JSON parsing?

By I Wayan Saryada in HttpClient, Net Package 0 Comment

To use HttpClient with JSON parsing in Java, the most common approach is to combine the standard java.net.http.HttpClient with a JSON library like Jackson or Gson.

While HttpClient doesn’t have a built-in JSON parser, you can map the response body string to a Java object.

Using Jackson (Recommended)

Jackson is a powerful and widely-used library in the Java ecosystem. Here is how you can fetch a JSON response and parse it into a POJO (Plain Old Java Object).

First, define your data model:

public record Post(int userId, int id, String title, String body) {}

Then, use the HttpClient to fetch the data and ObjectMapper to parse it:

package org.kodejava.httpclient;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;

public class HttpClientJsonExample {
    public static void main(String[] args) {
        HttpClient client = HttpClient.newHttpClient();
        ObjectMapper mapper = new ObjectMapper();

        HttpRequest request = HttpRequest.newBuilder()
                .uri(URI.create("https://jsonplaceholder.typicode.com/posts/1"))
                .header("Accept", "application/json")
                .build();

        try {
            // Send request and get response as a String
            HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());

            if (response.statusCode() == 200) {
                // Parse the JSON string into the Post object
                Post post = mapper.readValue(response.body(), Post.class);

                System.out.println("Post Title: " + post.title());
                System.out.println("Post Body: " + post.body());
            } else {
                System.err.println("Error: " + response.statusCode());
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}

Tip: Custom BodyHandler

If you find yourself parsing JSON frequently, you can implement a custom HttpResponse.BodyHandler to handle the conversion automatically.

public static <T> HttpResponse.BodyHandler<T> asJson(Class<T> targetType) {
    return responseInfo -> HttpResponse.BodySubscribers.mapping(
            HttpResponse.BodySubscribers.ofString(StandardCharsets.UTF_8),
            body -> {
                try {
                    return new ObjectMapper().readValue(body, targetType);
                } catch (IOException e) {
                    throw new UncheckedIOException(e);
                }
            });
}

// Usage:
// HttpResponse<Post> response = client.send(request, asJson(Post.class));
// Post post = response.body();

Dependencies

Ensure you have the Jackson dependency in your pom.xml:

<dependency>
    <groupId>com.fasterxml.jackson.core</groupId>
    <artifactId>jackson-databind</artifactId>
    <version>2.18.2</version>
</dependency>

This approach keeps your networking logic clean while leveraging the robustness of proven JSON libraries

How do I send async HTTP requests with HttpClient?

By I Wayan Saryada in HttpClient, Net Package 0 Comment

To send asynchronous HTTP requests in Java using the java.net.http.HttpClient, you use the sendAsync() method. This method returns a CompletableFuture<HttpResponse<T>>, allowing you to handle the response without blocking the main thread.

Here is a step-by-step example of how to implement this:

1. Basic Asynchronous GET Request

This example demonstrates how to fire a request and handle the result using thenAccept.

package org.kodejava.httpclient;

import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.util.concurrent.CompletableFuture;

public class AsyncRequestExample {
    public static void main(String[] args) {
        // 1. Create the HttpClient
        HttpClient client = HttpClient.newHttpClient();

        // 2. Build the HttpRequest
        HttpRequest request = HttpRequest.newBuilder()
                .uri(URI.create("https://jsonplaceholder.typicode.com/posts/1"))
                .GET()
                .build();

        // 3. Send the request asynchronously
        CompletableFuture<HttpResponse<String>> responseFuture =
                client.sendAsync(request, HttpResponse.BodyHandlers.ofString());

        // 4. Handle the response when it arrives
        responseFuture.thenAccept(response -> {
            System.out.println("Status Code: " + response.statusCode());
            System.out.println("Response Body: " + response.body());
        }).exceptionally(ex -> {
            System.err.println("Error occurred: " + ex.getMessage());
            return null;
        });

        // The program continues here immediately while the request is in flight
        System.out.println("Request sent! Doing other things...");

        // Optional: Block if you need to wait for the result before the program exits
        responseFuture.join();
    }
}

2. Chaining and Transforming Results

Because sendAsync returns a CompletableFuture, you can chain operations like extracting the body or converting JSON.

CompletableFuture<String> bodyFuture = client.sendAsync(request, HttpResponse.BodyHandlers.ofString())
        .thenApply(HttpResponse::body)       // Transform response to just the body
        .thenApply(String::toUpperCase);      // Further transform the string

bodyFuture.thenAccept(System.out::println);

Key Components

  • sendAsync(request, bodyHandler): The non-blocking counterpart to send().
  • HttpResponse.BodyHandlers: Defines how to handle the incoming data (e.g., ofString(), ofByteArray(), or ofFile()).
  • CompletableFuture: Provides methods like .thenApply() (map), .thenAccept() (consume), and .exceptionally() (error handling).

Best Practices

  • Reuse the Client: Don’t create a new HttpClient for every request. It’s designed to be long-lived and shared.
  • Executor Service: By default, HttpClient uses a default executor. For high-load applications, you can provide your own thread pool when building the client: 
    HttpClient client = HttpClient.newBuilder()
            .executor(Executors.newFixedThreadPool(10))
            .build();

  • Join/Get: In a console application, use .join() or .get() at the very end to prevent the main method from finishing (and the JVM exiting) before the background thread completes.

How do I use memory mapped files with FileChannel.map()?

By I Wayan Saryada in IO 0 Comment

Using FileChannel.map() allows you to map a region of a file directly into memory. This creates a MappedByteBuffer, which acts like a bridge between your application’s memory and the file on disk. The operating system handles the actual reading and writing in the background, making it extremely efficient for large files.

Here is how you can use it for both reading and writing.

1. Reading from a Memory-Mapped File

To read, open the channel with StandardOpenOption.READ and use MapMode.READ_ONLY.

import java.nio.MappedByteBuffer;
import java.nio.channels.FileChannel;
import java.nio.file.Path;
import java.nio.file.StandardOpenOption;

public class MemoryMappedExample {
    public void readMappedFile(Path path) throws IOException {
        try (FileChannel channel = FileChannel.open(path, StandardOpenOption.READ)) {
            long size = channel.size();

            // Map the entire file for reading
            MappedByteBuffer buffer = channel.map(FileChannel.MapMode.READ_ONLY, 0, size);

            // Access data directly from memory
            while (buffer.hasRemaining()) {
                byte b = buffer.get();
                // Process byte...
            }
        }
    }
}

2. Writing to a Memory-Mapped File

To write, you must open the channel with both READ and WRITE options (even if you only intend to write) and use MapMode.READ_WRITE.

public void writeMappedFile(Path path) throws IOException {
    // Files must be opened for both READ and WRITE to use MapMode.READ_WRITE
    try (FileChannel channel = FileChannel.open(path, 
            StandardOpenOption.READ, 
            StandardOpenOption.WRITE, 
            StandardOpenOption.CREATE)) {

        long size = 1024 * 1024; // Map 1MB
        MappedByteBuffer buffer = channel.map(FileChannel.MapMode.READ_WRITE, 0, size);

        // Writing to the buffer automatically writes to the file
        buffer.putInt(12345);
        buffer.put("Hello Memory!".getBytes());

        // Force changes to storage to ensure they are written to disk
        buffer.force();
    }
}

Key Considerations

  • Map Modes:
    • READ_ONLY: Any attempt to modify the buffer results in a ReadOnlyBufferException.
    • READ_WRITE: Changes to the buffer are eventually propagated to the file.
    • PRIVATE: “Copy-on-write” mode. Changes are local to the buffer and not saved to the file.
  • Size Limits: On 32-bit JVMs, you cannot map more than 2GB at once because of address space limits. On 64-bit systems, you can map much larger regions, but a single MappedByteBuffer is still limited to Integer.MAX_VALUE bytes (approx 2GB). To handle larger files, you must create multiple mappings.
  • Performance: Memory mapping is most beneficial for large files accessed frequently or randomly. For small, sequential reads, standard BufferedInputStream might be simpler and just as fast.
  • Unmapping: Java does not provide an explicit “unmap” method. The mapping remains until the MappedByteBuffer object is garbage collected. Closing the FileChannel does not unmap the file.

How do I use ObjectOutputStream with record?

By I Wayan Saryada in IO 0 Comment

To use ObjectOutputStream with a Java record, you need to make the record implement the java.io.Serializable interface.

One of the great things about records is that they are designed to be “data carriers,” and Java’s serialization mechanism handles them more robustly and securely than regular classes. Specifically, records are serialized using only their components (the fields defined in the header), and the deserialization process uses the record’s canonical constructor, ensuring that any validation logic you’ve placed there is always executed.

Here is a complete example of how to write a record to a file and read it back:

1. Define the Record

Make sure it implements Serializable.

package org.kodejava.io;

import java.io.Serializable;

/**
 * A simple record representing a Person.
 * Records are implicitly final and their fields are private and final.
 */
public record Person(String name, int age) implements Serializable {
    // Compact constructor for validation
    public Person {
        if (age < 0) {
            throw new IllegalArgumentException("Age cannot be negative");
        }
    }
}

2. Serialize and Deserialize

Use ObjectOutputStream to write the object and ObjectInputStream to read it.

package org.kodejava.io;

import java.io.*;

public class RecordSerializationDemo {
    public static void main(String[] args) {
        String filename = "person.ser";
        Person person = new Person("John Doe", 30);

        // 1. Serialize the record
        try (FileOutputStream fos = new FileOutputStream(filename);
             ObjectOutputStream oos = new ObjectOutputStream(fos)) {

            oos.writeObject(person);
            System.out.println("Record saved: " + person);

        } catch (IOException e) {
            e.printStackTrace();
        }

        // 2. Deserialize the record
        try (FileInputStream fis = new FileInputStream(filename);
             ObjectInputStream ois = new ObjectInputStream(fis)) {

            Person savedPerson = (Person) ois.readObject();
            System.out.println("Record loaded: " + savedPerson);

        } catch (IOException | ClassNotFoundException e) {
            e.printStackTrace();
        }
    }
}

Key Points to Remember:

  • Immutability: Since records are immutable, serialization is very straightforward.
  • No serialVersionUID Required (mostly): While you can define a serialVersionUID, Java’s serialization for records ignores the field-matching rules that usually require it. The serialization is based strictly on the component names.
  • Security: Records are less susceptible to “deserialization attacks” because they don’t allow the creation of “ghost” objects; they must go through the canonical constructor.
  • Customization: Records do not support writeObject, readObject, readObjectNoData, or writeExternal methods. If you need custom serialization logic, you should use a regular class instead.

How do I serialize and deserialize objects safely?

By I Wayan Saryada in IO 0 Comment

In a modern Java environment, “safely” means avoiding the pitfalls of standard Java Serialization, which is often vulnerable to gadget attacks and remote code execution.

Here are the best practices for safe serialization and deserialization:

1. Prefer Data-Only Formats (JSON/XML)

Instead of standard Java serialization, use JSON with a library like Jackson (already common in Spring projects). It separates data from logic, making it much harder for an attacker to trigger malicious code during deserialization.

Example using Jackson:

import com.fasterxml.jackson.databind.ObjectMapper;

public class SerializationDemo {
    private final ObjectMapper mapper = new ObjectMapper();

    public String serialize(Object obj) throws Exception {
        return mapper.writeValueAsString(obj);
    }

    public <T> T deserialize(String json, Class<T> clazz) throws Exception {
        // Safe because it only maps data to fields in the specified class
        return mapper.readValue(json, clazz);
    }
}

2. If You Must Use Java Serialization: Use Filtered Deserialization

If you are forced to use java.io.Serializable, you should implement a SerializationFilter. Introduced in Java 9 (and perfected in later versions), this allows you to “allowlist” only the classes you expect.

Example of an ObjectInputFilter:

import java.io.*;

public class SafeDeserializer {
    public static Object deserialize(byte[] data) throws IOException, ClassNotFoundException {
        try (ByteArrayInputStream bais = new ByteArrayInputStream(data);
             ObjectInputStream ois = new ObjectInputStream(bais)) {

            // Allow ONLY specific classes (and primitives/arrays)
            ObjectInputFilter filter = ObjectInputFilter.Config.createFilter(
                "com.yourpackage.MySafeClass;java.base/*;!*"
            );
            ois.setObjectInputFilter(filter);

            return ois.readObject();
        }
    }
}

3. Use transient for Sensitive Data

Always mark fields that shouldn’t be serialized (like passwords, tokens, or internal state) as transient.

public class User implements Serializable {
    private String username;
    private transient String password; // Will not be saved/transmitted
}

4. Implement readObject for Validation

If you use standard serialization, override readObject to validate the object’s state after it is reconstructed. This prevents “half-baked” or illegal objects from being created.

private void readObject(ObjectInputStream ois) throws IOException, ClassNotFoundException {
    ois.defaultReadObject();
    // Validate state
    if (this.age < 0) {
        throw new InvalidObjectException("Age cannot be negative");
    }
}

Summary of “Safe” Rules:

  1. Don’t accept serialized objects from untrusted sources.
  2. Use JSON/Jackson whenever possible (it’s the industry standard for a reason).
  3. Use allowlists (via ObjectInputFilter) if you use native Java serialization.
  4. Keep dependencies updated to patch known “gadget” classes that attackers use to exploit deserialization.