1

I have an existing Java web app based on Servlets. It's an Eclipse project and it runs in Tomcat 10.

The application doesn't use any Java 9+ modularization / JPMS up to now. The code base started at JDK 8 but now JDK 17 is used and works.

Now I have a feature request to add an XLSX file export. I want to use XSSF of Apache POI for that.

But POI is quite a large library with many enclosed JARs and I'm a bit concerned about "polluting" my class path.

And concerning "defense in depth", I don't want the Internet-surfacing part of my application to be able to directly access any of the classes of POI or its dependencies. E.g. to avoid such classes potentially being used in gadget chains.

The API of my XLSX export feature basically would look like this:

public class MyCustomDataTransferObject {
    // ... some attributes with getters and setters
}

public class MyXLSXExportException extends Exception {
    // ...
}

public interface MyXLSXExport {
    byte[] createXLSXOutputFromData( MyCustomDataTransferObject bean )
            throws MyXLSXExportException;
}

// That's all.

Nothing else should be accessible to my main application! Not a single XSSF class at all.

My first idea was: Write a microservice for the XLSX export and access it internally using HTTP(S) from my main application (via loopback interface).

But then I thought: Wouldn't this be a nice use case for the Java 9 module system?

If I'm on the right track: How to enable my non modular main project to use the XLSX export module? I guess the XLSX export module goes into a new, dedicated Eclipse project in the workspace. The XLSX export module project gets a module-info and in the project properties of the main project I have to add the XLSX Eclipse project as a module path dependency. Is that correct? Does the main project need a module-info on its own? What to consider about deploying this setup in Tomcat? Have you done that before? Any objections or other ideas?

MrSnrub
  • 1,123
  • 1
  • 11
  • 19

1 Answers1

0

Before you go down the route of adding a lot of complexity on top of what is already complex (POI, let alone the rest of your app) consider not using POI at all.

If all you are doing is providing data feeds in single XLSX Worksheets then you don't need to deal with POI.

I have a couple of (in house) projects that use POI for exporting XLSX data and am working on another and was keen to avoid using POI (for the same reasons you want to encapsulate it, plus the fact that I want to stream out as the data comes in). I came across this question: How to create and write to Excel file (.xlsx)? And was inspired by the answers given to produce this: https://github.com/Yaytay/streaming-xlsx-writer

All it does is stream XLSX files with a single sheet to an OutputStream as data comes in. There is some basic formatting available (if you need more feel free to ask). The memory overhead is almost nothing and it has no dependencies.

It's very new, so I haven't battle tested it yet, but if you find anything broken I'll fix it 'cos I need it to work for my project :).

Yaytay
  • 493
  • 4
  • 13