Rule Definition
One of the reasons why an application server has been created is thread management that is complex to develop. It manages multiple threads for different types of components, and in order to effectively maximize performance and resource utilization, it requires control of the threads being run on a given machine.
More often than not, threads are created when there is no time to implement a better solution. However, the consequences can be serious in terms of performance and robustness.
The EJB specification prohibits applications from managing their own threads.
Threads in the JVM are a limited resource that must be allocated thoughtfully. Your applications may break or cause poor Application Server performance when the server load increases. Problems such as deadlocks and thread starvation may not appear until the application is under a heavy load.
Also multithreaded modules are complex and difficult to debug. Interactions between application-generated threads and Application Server threads are especially difficult to anticipate and analyze.
Remediation
Use Message Driven Bean to send messages (through JMS) that will be consumed in parallel or implement JCA where the application server manages threads efficiently and can use thread pooling if necessary.
Violation Code Sample
class BasicThread implements Runnable {
public void run() {
[...]
}
}
class SimpleThread extends Thread {
public SimpleThread(String str) {
super(str);
}
public void run() {
[...]
}
}
class ThreadLaunch {
public static void main (String args[]) {
Runnable runnable = new BasicThread();
new Thread(runnable).start(); // VIOLATION
new SimpleThread("Thread").start(); // VIOLATION
}
}
Reference
EJB specifications, http://java.sun.com/developer/technicalArticles/J2EE/connectorarch1_5/; J2EE Best Practices: Java Design Patterns, Automation, and Performance - 2002 page 439
Related Technologies
JEE
Technical Criterion
PCI-DSS4-Requirement-6.2.4 - Software engineering techniques or other methods are defined and in use by software development personnel to prevent or mitigate common software attacks and related vulnerabilities
About CAST Appmarq
CAST Appmarq is by far the biggest repository of data about real IT systems. It's built on thousands of analyzed applications, made of 35 different technologies, by over 300 business organizations across major verticals. It provides IT Leaders with factual key analytics to let them know if their applications are on track.