Le document suivant contient les résultats de PMD 6.13.0.
| Rule | Violation | Ligne |
|---|---|---|
| FormalParameterNamingConventions | The method parameter name '_bPublic' doesn't match '[a-z][a-zA-Z0-9]*' | 128 |
| FormalParameterNamingConventions | The method parameter name '_bPKCE' doesn't match '[a-z][a-zA-Z0-9]*' | 136 |
| Rule | Violation | Ligne |
|---|---|---|
| FormalParameterNamingConventions | The method parameter name '_bEnableJwtParser' doesn't match '[a-z][a-zA-Z0-9]*' | 171 |
| Rule | Violation | Ligne |
|---|---|---|
| FieldNamingConventions | The final field name '_httpAccess' doesn't match '[a-z][a-zA-Z0-9]*' | 60 |
| FieldNamingConventions | The final field name '_mapper' doesn't match '[a-z][a-zA-Z0-9]*' | 61 |
| Rule | Violation | Ligne |
|---|---|---|
| FormalParameterNamingConventions | The method parameter name '_idTokenEncryptionEncValuesSupported' doesn't match '[a-z][a-zA-Z0-9]*' | 251 |
| Rule | Violation | Ligne |
|---|---|---|
| FieldNamingConventions | The final field name '_creationTime' doesn't match '[a-z][a-zA-Z0-9]*' | 57 |
| Rule | Violation | Ligne |
|---|---|---|
| FormalParameterNamingConventions | The method parameter name '_strPostLogoutRedirectUri' doesn't match '[a-z][a-zA-Z0-9]*' | 250 |
| FormalParameterNamingConventions | The method parameter name '_bDefault' doesn't match '[a-z][a-zA-Z0-9]*' | 303 |
| Rule | Violation | Ligne |
|---|---|---|
| FormalParameterNamingConventions | The method parameter name '_bDefault' doesn't match '[a-z][a-zA-Z0-9]*' | 195 |
| Rule | Violation | Ligne |
|---|---|---|
| FieldNamingConventions | The final field name '_keyLocatorsMap' doesn't match '[a-z][a-zA-Z0-9]*' | 72 |
| FieldNamingConventions | The final field name '_httpAccess' doesn't match '[a-z][a-zA-Z0-9]*' | 73 |
| Rule | Violation | Ligne |
|---|---|---|
| FieldNamingConventions | The final field name '_strJwksEndpointUri' doesn't match '[a-z][a-zA-Z0-9]*' | 51 |
| FieldNamingConventions | The final field name '_httpAccess' doesn't match '[a-z][a-zA-Z0-9]*' | 52 |
| Rule | Violation | Ligne |
|---|---|---|
| ClassWithOnlyPrivateConstructorsShouldBeFinal | A class which only has private constructors should be final | 51–110 |
| Rule | Violation | Ligne |
|---|---|---|
| FieldNamingConventions | The final field name '_defaultClientConfig' doesn't match '[a-z][a-zA-Z0-9]*' | 62 |
| FieldNamingConventions | The final field name '_defaultauthServerConfig' doesn't match '[a-z][a-zA-Z0-9]*' | 63 |
| Rule | Violation | Ligne |
|---|---|---|
| LocalVariableNamingConventions | The local variable name 'StrCodeVerifier' doesn't match '[a-z][a-zA-Z0-9]*' | 389 |
| FormalParameterNamingConventions | The method parameter name '_handlerName' doesn't match '[a-z][a-zA-Z0-9]*' | 576 |
| FormalParameterNamingConventions | The method parameter name '_bDefault' doesn't match '[a-z][a-zA-Z0-9]*' | 614 |
| Rule | Violation | Ligne |
|---|---|---|
| ClassNamingConventions | The utility class name 'Constants' doesn't match '[A-Z][a-zA-Z0-9]+(Utils?|Helper|Home|Service)' | 39–86 |
| Rule | Violation | Ligne |
|---|---|---|
| LoggerIsNotStaticFinal | The Logger variable declaration does not contain the static and final modifiers | 60 |
| GuardLogStatement | Logger calls should be surrounded by log level guards. | 273 |
| Rule | Violation | Ligne |
|---|---|---|
| GuardLogStatement | Logger calls should be surrounded by log level guards. | 139 |
| Rule | Violation | Ligne |
|---|---|---|
| GuardLogStatement | Logger calls should be surrounded by log level guards. | 57 |
| Rule | Violation | Ligne |
|---|---|---|
| GuardLogStatement | Logger calls should be surrounded by log level guards. | 113 |
| Rule | Violation | Ligne |
|---|---|---|
| GuardLogStatement | Logger calls should be surrounded by log level guards. | 276 |
| Rule | Violation | Ligne |
|---|---|---|
| LoggerIsNotStaticFinal | The Logger variable declaration does not contain the static and final modifiers | 55 |
| Rule | Violation | Ligne |
|---|---|---|
| LoggerIsNotStaticFinal | The Logger variable declaration does not contain the static and final modifiers | 58 |
| Rule | Violation | Ligne |
|---|---|---|
| LoggerIsNotStaticFinal | The Logger variable declaration does not contain the static and final modifiers | 65 |
| AvoidReassigningParameters | Avoid reassigning parameters such as 'strRedirectUri' | 126 |
| GuardLogStatement | Logger calls should be surrounded by log level guards. | 157 |
| GuardLogStatement | Logger calls should be surrounded by log level guards. | 161 |
| GuardLogStatement | Logger calls should be surrounded by log level guards. | 214 |
| GuardLogStatement | Logger calls should be surrounded by log level guards. | 276 |
| Rule | Violation | Ligne |
|---|---|---|
| LoggerIsNotStaticFinal | The Logger variable declaration does not contain the static and final modifiers | 73 |
| GuardLogStatement | Logger calls should be surrounded by log level guards. | 249 |
| GuardLogStatement | Logger calls should be surrounded by log level guards. | 494 |
| Rule | Violation | Ligne |
|---|---|---|
| CommentRequired | Public method and constructor comments are required | 124–126 |
| CommentRequired | Public method and constructor comments are required | 128–130 |
| CommentRequired | Public method and constructor comments are required | 132–134 |
| CommentRequired | Public method and constructor comments are required | 136–138 |
| Rule | Violation | Ligne |
|---|---|---|
| InsufficientStringBufferDeclaration | StringBuffer constructor is initialized with size 16, but has at least 103 characters appended. | 226 |
| Rule | Violation | Ligne |
|---|---|---|
| CallSuperInConstructor | It is a good practice to call super() in a constructor | 63–69 |
| CommentRequired | Public method and constructor comments are required | 63–69 |
| Rule | Violation | Ligne |
|---|---|---|
| ExcessivePublicCount | This class has a bunch of public methods and attributes | 34–645 |
| TooManyFields | Too many fields | 52–645 |
| TooManyMethods | This class has too many methods, consider refactoring it. | 53–645 |
| CommentRequired | Public method and constructor comments are required | 91–94 |
| CommentRequired | Public method and constructor comments are required | 96–99 |
| CommentRequired | Public method and constructor comments are required | 102–105 |
| CommentRequired | Public method and constructor comments are required | 108–111 |
| LinguisticNaming | Linguistics Antipattern - The getter 'getAuthorizationEndpoint' should not return void linguistically | 108–111 |
| CommentRequired | Public method and constructor comments are required | 113–116 |
| CommentRequired | Public method and constructor comments are required | 119–122 |
| CommentRequired | Public method and constructor comments are required | 124–127 |
| CommentRequired | Public method and constructor comments are required | 130–133 |
| CommentRequired | Public method and constructor comments are required | 135–138 |
| CommentRequired | Public method and constructor comments are required | 141–144 |
| CommentRequired | Public method and constructor comments are required | 146–149 |
| CommentRequired | Public method and constructor comments are required | 152–155 |
| MethodReturnsInternalArray | Returning '_scopesSupported' may expose an internal array. | 159 |
| ArrayIsStoredDirectly | The user-supplied array 'scopesSupported' is stored directly. | 163 |
| MethodReturnsInternalArray | Returning '_responseTypesSupported' may expose an internal array. | 170 |
| ArrayIsStoredDirectly | The user-supplied array 'responseTypesSupported' is stored directly. | 174 |
| MethodReturnsInternalArray | Returning '_responseModesSupported' may expose an internal array. | 181 |
| ArrayIsStoredDirectly | The user-supplied array 'responseModesSupported' is stored directly. | 185 |
| MethodReturnsInternalArray | Returning '_grantTypesSupported' may expose an internal array. | 192 |
| ArrayIsStoredDirectly | The user-supplied array 'grantTypesSupported' is stored directly. | 196 |
| MethodReturnsInternalArray | Returning '_acrValuesSupported' may expose an internal array. | 203 |
| ArrayIsStoredDirectly | The user-supplied array 'acrValuesSupported' is stored directly. | 207 |
| MethodReturnsInternalArray | Returning '_subjectTypesSupported' may expose an internal array. | 214 |
| ArrayIsStoredDirectly | The user-supplied array 'subjectTypesSupported' is stored directly. | 218 |
| MethodReturnsInternalArray | Returning '_idTokenSigningAlgValuesSupported' may expose an internal array. | 225 |
| ArrayIsStoredDirectly | The user-supplied array 'idTokenSigningAlgValuesSupported' is stored directly. | 229 |
| MethodReturnsInternalArray | Returning '_idTokenEncryptionAlgValuesSupported' may expose an internal array. | 236 |
| ArrayIsStoredDirectly | The user-supplied array 'idTokenEncryptionAlgValuesSupported' is stored directly. | 240 |
| MethodReturnsInternalArray | Returning '_idTokenEncryptionEncValuesSupported' may expose an internal array. | 247 |
| ArrayIsStoredDirectly | The user-supplied array '_idTokenEncryptionEncValuesSupported' is stored directly. | 251 |
| MethodReturnsInternalArray | Returning '_userinfoSigningAlgValuesSupported' may expose an internal array. | 258 |
| ArrayIsStoredDirectly | The user-supplied array 'userinfoSigningAlgValuesSupported' is stored directly. | 262 |
| MethodReturnsInternalArray | Returning '_userinfoEncryptionAlgValuesSupported' may expose an internal array. | 269 |
| ArrayIsStoredDirectly | The user-supplied array 'userinfoEncryptionAlgValuesSupported' is stored directly. | 273 |
| MethodReturnsInternalArray | Returning '_userinfoEncryptionEncValuesSupported' may expose an internal array. | 280 |
| ArrayIsStoredDirectly | The user-supplied array 'userinfoEncryptionEncValuesSupported' is stored directly. | 284 |
| MethodReturnsInternalArray | Returning '_requestObjectSigningAlgValuesSupported' may expose an internal array. | 291 |
| ArrayIsStoredDirectly | The user-supplied array 'requestObjectSigningAlgValuesSupported' is stored directly. | 295 |
| MethodReturnsInternalArray | Returning '_requestObjectEncryptionAlgValuesSupported' may expose an internal array. | 302 |
| ArrayIsStoredDirectly | The user-supplied array 'requestObjectEncryptionAlgValuesSupported' is stored directly. | 306 |
| MethodReturnsInternalArray | Returning '_requestObjectEncryptionEncValuesSupported' may expose an internal array. | 313 |
| ArrayIsStoredDirectly | The user-supplied array 'requestObjectEncryptionEncValuesSupported' is stored directly. | 317 |
| MethodReturnsInternalArray | Returning '_tokenEndpointAuthMethodsSupported' may expose an internal array. | 324 |
| ArrayIsStoredDirectly | The user-supplied array 'tokenEndpointAuthMethodsSupported' is stored directly. | 328 |
| MethodReturnsInternalArray | Returning '_tokenEndpointAuthSigningAlgValuesSupported' may expose an internal array. | 335 |
| ArrayIsStoredDirectly | The user-supplied array 'tokenEndpointAuthSigningAlgValuesSupported' is stored directly. | 339 |
| MethodReturnsInternalArray | Returning '_displayValuesSupported' may expose an internal array. | 346 |
| ArrayIsStoredDirectly | The user-supplied array 'displayValuesSupported' is stored directly. | 350 |
| MethodReturnsInternalArray | Returning '_claimTypesSupported' may expose an internal array. | 357 |
| ArrayIsStoredDirectly | The user-supplied array 'claimTypesSupported' is stored directly. | 361 |
| MethodReturnsInternalArray | Returning '_claimsSupported' may expose an internal array. | 368 |
| ArrayIsStoredDirectly | The user-supplied array 'claimsSupported' is stored directly. | 372 |
| MethodReturnsInternalArray | Returning '_claimsLocalesSupported' may expose an internal array. | 390 |
| ArrayIsStoredDirectly | The user-supplied array 'claimsLocalesSupported' is stored directly. | 394 |
| MethodReturnsInternalArray | Returning '_uiLocalesSupported' may expose an internal array. | 401 |
| ArrayIsStoredDirectly | The user-supplied array 'uiLocalesSupported' is stored directly. | 405 |
| CommentRequired | Public method and constructor comments are required | 476–479 |
| CommentRequired | Public method and constructor comments are required | 482–485 |
| CyclomaticComplexity | The method 'validateURI(String, String, boolean, boolean)' has a cyclomatic complexity of 11. | 622–644 |
| Rule | Violation | Ligne |
|---|---|---|
| InsufficientStringBufferDeclaration | StringBuffer constructor is initialized with size 16, but has at least 104 characters appended. | 233 |
| Rule | Violation | Ligne |
|---|---|---|
| CommentRequired | Public method and constructor comments are required | 283–296 |
| MissingOverride | The method 'handleError(HttpServletRequest, HttpServletResponse, String)' is missing an @Override annotation. | 283–296 |
| MissingOverride | The method 'isDefault()' is missing an @Override annotation. | 298–301 |
| CommentRequired | Public method and constructor comments are required | 298–301 |
| CommentRequired | Public method and constructor comments are required | 303–306 |
| MissingOverride | The method 'setDefault(boolean)' is missing an @Override annotation. | 303–306 |
| Rule | Violation | Ligne |
|---|---|---|
| DataClass | The class 'AbstractJWTDataClient' is suspected to be a Data Class (WOC=14.286%, NOPA=0, NOAM=6, WMC=9) | 55–149 |
| MissingOverride | The method 'getData(Token)' is missing an @Override annotation. | 122–147 |
| Rule | Violation | Ligne |
|---|---|---|
| EmptyCatchBlock | Avoid empty catch blocks | 63–66 |
| Rule | Violation | Ligne |
|---|---|---|
| CommentRequired | Public method and constructor comments are required | 75–79 |
| CyclomaticComplexity | The method 'parseJWT(Token, AuthClientConf, AuthServerConf, String, Logger)' has a cyclomatic complexity of 11. | 90–137 |
| IdenticalCatchBranches | 'catch' branch identical to 'SignatureException' branch | 121–124 |
| IdenticalCatchBranches | 'catch' branch identical to 'SignatureException' branch | 125–128 |
| IdenticalCatchBranches | 'catch' branch identical to 'SignatureException' branch | 129–132 |
| IdenticalCatchBranches | 'catch' branch identical to 'SignatureException' branch | 133–136 |
| ConfusingTernary | Avoid if (x != y) ..; else ..; | 225–232 |
| Rule | Violation | Ligne |
|---|---|---|
| CallSuperInConstructor | It is a good practice to call super() in a constructor | 62–66 |
| Rule | Violation | Ligne |
|---|---|---|
| ImmutableField | Private field '_nTimeSkewAllowance' could be made final; it is only initialized in the declaration or constructor. | 68 |
| NPathComplexity | The method 'parseJWT(Token, AuthClientConf, AuthServerConf, String, Logger)' has an NPath complexity of 1119744 | 74–279 |
| CyclomaticComplexity | The method 'parseJWT(Token, AuthClientConf, AuthServerConf, String, Logger)' has a cyclomatic complexity of 45. | 74–279 |
| NcssCount | The method 'parseJWT(Token, AuthClientConf, AuthServerConf, String, Logger)' has a NCSS line count of 78. | 74–279 |
| ExcessiveMethodLength | Avoid really long methods. | 74–279 |
| PrematureDeclaration | Avoid declaring a variable if it is unreferenced before a possible exit point. | 78 |
| CollapsibleIfStatements | These nested if statements could be combined | 105–110 |
| AvoidDuplicateLiterals | The String literal " got " appears 4 times in this file; the first occurrence is on line 157 | 157 |
| PreserveStackTrace | New exception is thrown in catch block, original stack trace may be lost | 223 |
| PrematureDeclaration | Avoid declaring a variable if it is unreferenced before a possible exit point. | 285 |
| Rule | Violation | Ligne |
|---|---|---|
| ImmutableField | Private field '_strAccessToken' could be made final; it is only initialized in the declaration or constructor. | 50 |
| Rule | Violation | Ligne |
|---|---|---|
| CommentRequired | Header comments are required | 9–23 |
| CommentRequired | Public method and constructor comments are required | 12–15 |
| Rule | Violation | Ligne |
|---|---|---|
| UnusedPrivateField | Avoid unused private fields such as '_logger'. | 55 |
| AvoidSynchronizedAtMethodLevel | Use block level rather than method level synchronization | 67–75 |
| UseCollectionIsEmpty | Substitute calls to size() == 0 (or size() != 0, size() > 0, size() < 1) with calls to isEmpty() | 91 |
| Rule | Violation | Ligne |
|---|---|---|
| AvoidSynchronizedAtMethodLevel | Use block level rather than method level synchronization | 70–79 |
| ConfusingTernary | Avoid if (x != y) ..; else ..; | 120–129 |
| ConfusingTernary | Avoid if (x != y) ..; else ..; | 130–141 |
| Rule | Violation | Ligne |
|---|---|---|
| ShortVariable | Avoid variables with short names like t | 75 |
| Rule | Violation | Ligne |
|---|---|---|
| CommentRequired | Header comments are required | 38–59 |
| UseUtilityClass | All methods are static. Consider using a utility class instead. Alternatively, you could add a private constructor or make the class abstract to silence this warning. | 39–59 |
| Rule | Violation | Ligne |
|---|---|---|
| CommentRequired | Header comments are required | 9–27 |
| UseUtilityClass | All methods are static. Consider using a utility class instead. Alternatively, you could add a private constructor or make the class abstract to silence this warning. | 9–27 |
| CommentRequired | Public method and constructor comments are required | 11–17 |
| CommentRequired | Public method and constructor comments are required | 19–26 |
| Rule | Violation | Ligne |
|---|---|---|
| UseObjectForClearerAPI | Rather than using a lot of String arguments, consider using a container object for those values. | 126–127 |
| UseDiamondOperator | Explicit type arguments can be replaced by Diamond Operator | 135 |
| UseDiamondOperator | Explicit type arguments can be replaced by Diamond Operator | 205 |
| UseDiamondOperator | Explicit type arguments can be replaced by Diamond Operator | 206 |
| EmptyCatchBlock | Avoid empty catch blocks | 224–227 |
| UseDiamondOperator | Explicit type arguments can be replaced by Diamond Operator | 266 |
| UseDiamondOperator | Explicit type arguments can be replaced by Diamond Operator | 267 |
| IdenticalCatchBranches | 'catch' branch identical to 'IOException' branch | 292–296 |
| EmptyCatchBlock | Avoid empty catch blocks | 297–300 |
| Rule | Violation | Ligne |
|---|---|---|
| GodClass | Possible God Class (WMC=71, ATFD=83, TCC=9.982%) | 69–744 |
| TooManyMethods | This class has too many methods, consider refactoring it. | 70–744 |
| DefaultPackage | Use explicit scoping instead of the default package private level | 122–140 |
| CommentDefaultAccessModifier | To avoid mistakes add a comment at the beginning of the handle method if you want a default access modifier | 122–140 |
| ConfusingTernary | Avoid if (x != y) ..; else ..; | 127–139 |
| ConfusingTernary | Avoid if (x != y) ..; else ..; | 132–139 |
| DefaultPackage | Use explicit scoping instead of the default package private level | 143–166 |
| CommentDefaultAccessModifier | To avoid mistakes add a comment at the beginning of the logout method if you want a default access modifier | 143–166 |
| AvoidDuplicateLiterals | The String literal "UTF-8" appears 5 times in this file; the first occurrence is on line 149 | 149 |
| ConfusingTernary | Avoid if (x != y) ..; else ..; | 182–202 |
| IdenticalCatchBranches | 'catch' branch identical to 'IOException' branch | 296–301 |
| IdenticalCatchBranches | 'catch' branch identical to 'IOException' branch | 302–307 |
| UnusedPrivateMethod | Avoid unused private methods such as 'getStoredCodeChallenge(HttpSession)'. | 422 |
| ForLoopCanBeForeach | This for loop can be replaced by a foreach loop | 627–644 |
| UseIndexOfChar | String.indexOf(char) is faster than String.indexOf(String). | 632 |
| UnusedFormalParameter | Avoid unused method parameters such as 'dataClient'. | 737 |
| Rule | Violation | Ligne |
|---|---|---|
| UseVarargs | Consider using varargs for methods or constructors which take an array the last parameter. | 163 |
| UseVarargs | Consider using varargs for methods or constructors which take an array the last parameter. | 174 |
| UseVarargs | Consider using varargs for methods or constructors which take an array the last parameter. | 185 |
| UseVarargs | Consider using varargs for methods or constructors which take an array the last parameter. | 196 |
| UseVarargs | Consider using varargs for methods or constructors which take an array the last parameter. | 207 |
| UseVarargs | Consider using varargs for methods or constructors which take an array the last parameter. | 218 |
| UseVarargs | Consider using varargs for methods or constructors which take an array the last parameter. | 229 |
| UseVarargs | Consider using varargs for methods or constructors which take an array the last parameter. | 240 |
| UseVarargs | Consider using varargs for methods or constructors which take an array the last parameter. | 251 |
| UseVarargs | Consider using varargs for methods or constructors which take an array the last parameter. | 262 |
| UseVarargs | Consider using varargs for methods or constructors which take an array the last parameter. | 273 |
| UseVarargs | Consider using varargs for methods or constructors which take an array the last parameter. | 284 |
| UseVarargs | Consider using varargs for methods or constructors which take an array the last parameter. | 295 |
| UseVarargs | Consider using varargs for methods or constructors which take an array the last parameter. | 306 |
| UseVarargs | Consider using varargs for methods or constructors which take an array the last parameter. | 317 |
| UseVarargs | Consider using varargs for methods or constructors which take an array the last parameter. | 328 |
| UseVarargs | Consider using varargs for methods or constructors which take an array the last parameter. | 339 |
| UseVarargs | Consider using varargs for methods or constructors which take an array the last parameter. | 350 |
| UseVarargs | Consider using varargs for methods or constructors which take an array the last parameter. | 361 |
| UseVarargs | Consider using varargs for methods or constructors which take an array the last parameter. | 372 |
| UseVarargs | Consider using varargs for methods or constructors which take an array the last parameter. | 394 |
| UseVarargs | Consider using varargs for methods or constructors which take an array the last parameter. | 405 |
| Rule | Violation | Ligne |
|---|---|---|
| UnusedImports | Avoid unused imports such as 'fr.paris.lutece.util.url.UrlItem' | 44 |
| Rule | Violation | Priority | Ligne |
|---|---|---|---|
| CommentRequired | Public method and constructor comments are required | 3 | 124–126 |
| FormalParameterNamingConventions | The method parameter name '_bPublic' doesn't match '[a-z][a-zA-Z0-9]*' | 1 | 128 |
| CommentRequired | Public method and constructor comments are required | 3 | 128–130 |
| CommentRequired | Public method and constructor comments are required | 3 | 132–134 |
| FormalParameterNamingConventions | The method parameter name '_bPKCE' doesn't match '[a-z][a-zA-Z0-9]*' | 1 | 136 |
| CommentRequired | Public method and constructor comments are required | 3 | 136–138 |
| Rule | Violation | Priority | Ligne |
|---|---|---|---|
| FormalParameterNamingConventions | The method parameter name '_bEnableJwtParser' doesn't match '[a-z][a-zA-Z0-9]*' | 1 | 171 |
| Rule | Violation | Priority | Ligne |
|---|---|---|---|
| InsufficientStringBufferDeclaration | StringBuffer constructor is initialized with size 16, but has at least 103 characters appended. | 3 | 226 |
| Rule | Violation | Priority | Ligne |
|---|---|---|---|
| FieldNamingConventions | The final field name '_httpAccess' doesn't match '[a-z][a-zA-Z0-9]*' | 1 | 60 |
| FieldNamingConventions | The final field name '_mapper' doesn't match '[a-z][a-zA-Z0-9]*' | 1 | 61 |
| CallSuperInConstructor | It is a good practice to call super() in a constructor | 3 | 63–69 |
| CommentRequired | Public method and constructor comments are required | 3 | 63–69 |
| Rule | Violation | Priority | Ligne |
|---|---|---|---|
| ExcessivePublicCount | This class has a bunch of public methods and attributes | 3 | 34–645 |
| TooManyFields | Too many fields | 3 | 52–645 |
| TooManyMethods | This class has too many methods, consider refactoring it. | 3 | 53–645 |
| CommentRequired | Public method and constructor comments are required | 3 | 91–94 |
| CommentRequired | Public method and constructor comments are required | 3 | 96–99 |
| CommentRequired | Public method and constructor comments are required | 3 | 102–105 |
| CommentRequired | Public method and constructor comments are required | 3 | 108–111 |
| LinguisticNaming | Linguistics Antipattern - The getter 'getAuthorizationEndpoint' should not return void linguistically | 3 | 108–111 |
| CommentRequired | Public method and constructor comments are required | 3 | 113–116 |
| CommentRequired | Public method and constructor comments are required | 3 | 119–122 |
| CommentRequired | Public method and constructor comments are required | 3 | 124–127 |
| CommentRequired | Public method and constructor comments are required | 3 | 130–133 |
| CommentRequired | Public method and constructor comments are required | 3 | 135–138 |
| CommentRequired | Public method and constructor comments are required | 3 | 141–144 |
| CommentRequired | Public method and constructor comments are required | 3 | 146–149 |
| CommentRequired | Public method and constructor comments are required | 3 | 152–155 |
| MethodReturnsInternalArray | Returning '_scopesSupported' may expose an internal array. | 3 | 159 |
| UseVarargs | Consider using varargs for methods or constructors which take an array the last parameter. | 4 | 163 |
| ArrayIsStoredDirectly | The user-supplied array 'scopesSupported' is stored directly. | 3 | 163 |
| MethodReturnsInternalArray | Returning '_responseTypesSupported' may expose an internal array. | 3 | 170 |
| UseVarargs | Consider using varargs for methods or constructors which take an array the last parameter. | 4 | 174 |
| ArrayIsStoredDirectly | The user-supplied array 'responseTypesSupported' is stored directly. | 3 | 174 |
| MethodReturnsInternalArray | Returning '_responseModesSupported' may expose an internal array. | 3 | 181 |
| ArrayIsStoredDirectly | The user-supplied array 'responseModesSupported' is stored directly. | 3 | 185 |
| UseVarargs | Consider using varargs for methods or constructors which take an array the last parameter. | 4 | 185 |
| MethodReturnsInternalArray | Returning '_grantTypesSupported' may expose an internal array. | 3 | 192 |
| UseVarargs | Consider using varargs for methods or constructors which take an array the last parameter. | 4 | 196 |
| ArrayIsStoredDirectly | The user-supplied array 'grantTypesSupported' is stored directly. | 3 | 196 |
| MethodReturnsInternalArray | Returning '_acrValuesSupported' may expose an internal array. | 3 | 203 |
| UseVarargs | Consider using varargs for methods or constructors which take an array the last parameter. | 4 | 207 |
| ArrayIsStoredDirectly | The user-supplied array 'acrValuesSupported' is stored directly. | 3 | 207 |
| MethodReturnsInternalArray | Returning '_subjectTypesSupported' may expose an internal array. | 3 | 214 |
| UseVarargs | Consider using varargs for methods or constructors which take an array the last parameter. | 4 | 218 |
| ArrayIsStoredDirectly | The user-supplied array 'subjectTypesSupported' is stored directly. | 3 | 218 |
| MethodReturnsInternalArray | Returning '_idTokenSigningAlgValuesSupported' may expose an internal array. | 3 | 225 |
| ArrayIsStoredDirectly | The user-supplied array 'idTokenSigningAlgValuesSupported' is stored directly. | 3 | 229 |
| UseVarargs | Consider using varargs for methods or constructors which take an array the last parameter. | 4 | 229 |
| MethodReturnsInternalArray | Returning '_idTokenEncryptionAlgValuesSupported' may expose an internal array. | 3 | 236 |
| ArrayIsStoredDirectly | The user-supplied array 'idTokenEncryptionAlgValuesSupported' is stored directly. | 3 | 240 |
| UseVarargs | Consider using varargs for methods or constructors which take an array the last parameter. | 4 | 240 |
| MethodReturnsInternalArray | Returning '_idTokenEncryptionEncValuesSupported' may expose an internal array. | 3 | 247 |
| FormalParameterNamingConventions | The method parameter name '_idTokenEncryptionEncValuesSupported' doesn't match '[a-z][a-zA-Z0-9]*' | 1 | 251 |
| UseVarargs | Consider using varargs for methods or constructors which take an array the last parameter. | 4 | 251 |
| ArrayIsStoredDirectly | The user-supplied array '_idTokenEncryptionEncValuesSupported' is stored directly. | 3 | 251 |
| MethodReturnsInternalArray | Returning '_userinfoSigningAlgValuesSupported' may expose an internal array. | 3 | 258 |
| UseVarargs | Consider using varargs for methods or constructors which take an array the last parameter. | 4 | 262 |
| ArrayIsStoredDirectly | The user-supplied array 'userinfoSigningAlgValuesSupported' is stored directly. | 3 | 262 |
| MethodReturnsInternalArray | Returning '_userinfoEncryptionAlgValuesSupported' may expose an internal array. | 3 | 269 |
| UseVarargs | Consider using varargs for methods or constructors which take an array the last parameter. | 4 | 273 |
| ArrayIsStoredDirectly | The user-supplied array 'userinfoEncryptionAlgValuesSupported' is stored directly. | 3 | 273 |
| MethodReturnsInternalArray | Returning '_userinfoEncryptionEncValuesSupported' may expose an internal array. | 3 | 280 |
| UseVarargs | Consider using varargs for methods or constructors which take an array the last parameter. | 4 | 284 |
| ArrayIsStoredDirectly | The user-supplied array 'userinfoEncryptionEncValuesSupported' is stored directly. | 3 | 284 |
| MethodReturnsInternalArray | Returning '_requestObjectSigningAlgValuesSupported' may expose an internal array. | 3 | 291 |
| UseVarargs | Consider using varargs for methods or constructors which take an array the last parameter. | 4 | 295 |
| ArrayIsStoredDirectly | The user-supplied array 'requestObjectSigningAlgValuesSupported' is stored directly. | 3 | 295 |
| MethodReturnsInternalArray | Returning '_requestObjectEncryptionAlgValuesSupported' may expose an internal array. | 3 | 302 |
| ArrayIsStoredDirectly | The user-supplied array 'requestObjectEncryptionAlgValuesSupported' is stored directly. | 3 | 306 |
| UseVarargs | Consider using varargs for methods or constructors which take an array the last parameter. | 4 | 306 |
| MethodReturnsInternalArray | Returning '_requestObjectEncryptionEncValuesSupported' may expose an internal array. | 3 | 313 |
| UseVarargs | Consider using varargs for methods or constructors which take an array the last parameter. | 4 | 317 |
| ArrayIsStoredDirectly | The user-supplied array 'requestObjectEncryptionEncValuesSupported' is stored directly. | 3 | 317 |
| MethodReturnsInternalArray | Returning '_tokenEndpointAuthMethodsSupported' may expose an internal array. | 3 | 324 |
| UseVarargs | Consider using varargs for methods or constructors which take an array the last parameter. | 4 | 328 |
| ArrayIsStoredDirectly | The user-supplied array 'tokenEndpointAuthMethodsSupported' is stored directly. | 3 | 328 |
| MethodReturnsInternalArray | Returning '_tokenEndpointAuthSigningAlgValuesSupported' may expose an internal array. | 3 | 335 |
| ArrayIsStoredDirectly | The user-supplied array 'tokenEndpointAuthSigningAlgValuesSupported' is stored directly. | 3 | 339 |
| UseVarargs | Consider using varargs for methods or constructors which take an array the last parameter. | 4 | 339 |
| MethodReturnsInternalArray | Returning '_displayValuesSupported' may expose an internal array. | 3 | 346 |
| ArrayIsStoredDirectly | The user-supplied array 'displayValuesSupported' is stored directly. | 3 | 350 |
| UseVarargs | Consider using varargs for methods or constructors which take an array the last parameter. | 4 | 350 |
| MethodReturnsInternalArray | Returning '_claimTypesSupported' may expose an internal array. | 3 | 357 |
| ArrayIsStoredDirectly | The user-supplied array 'claimTypesSupported' is stored directly. | 3 | 361 |
| UseVarargs | Consider using varargs for methods or constructors which take an array the last parameter. | 4 | 361 |
| MethodReturnsInternalArray | Returning '_claimsSupported' may expose an internal array. | 3 | 368 |
| UseVarargs | Consider using varargs for methods or constructors which take an array the last parameter. | 4 | 372 |
| ArrayIsStoredDirectly | The user-supplied array 'claimsSupported' is stored directly. | 3 | 372 |
| MethodReturnsInternalArray | Returning '_claimsLocalesSupported' may expose an internal array. | 3 | 390 |
| UseVarargs | Consider using varargs for methods or constructors which take an array the last parameter. | 4 | 394 |
| ArrayIsStoredDirectly | The user-supplied array 'claimsLocalesSupported' is stored directly. | 3 | 394 |
| MethodReturnsInternalArray | Returning '_uiLocalesSupported' may expose an internal array. | 3 | 401 |
| ArrayIsStoredDirectly | The user-supplied array 'uiLocalesSupported' is stored directly. | 3 | 405 |
| UseVarargs | Consider using varargs for methods or constructors which take an array the last parameter. | 4 | 405 |
| CommentRequired | Public method and constructor comments are required | 3 | 476–479 |
| CommentRequired | Public method and constructor comments are required | 3 | 482–485 |
| CyclomaticComplexity | The method 'validateURI(String, String, boolean, boolean)' has a cyclomatic complexity of 11. | 3 | 622–644 |
| Rule | Violation | Priority | Ligne |
|---|---|---|---|
| FieldNamingConventions | The final field name '_creationTime' doesn't match '[a-z][a-zA-Z0-9]*' | 1 | 57 |
| InsufficientStringBufferDeclaration | StringBuffer constructor is initialized with size 16, but has at least 104 characters appended. | 3 | 233 |
| Rule | Violation | Priority | Ligne |
|---|---|---|---|
| LoggerIsNotStaticFinal | The Logger variable declaration does not contain the static and final modifiers | 2 | 60 |
| FormalParameterNamingConventions | The method parameter name '_strPostLogoutRedirectUri' doesn't match '[a-z][a-zA-Z0-9]*' | 1 | 250 |
| GuardLogStatement | Logger calls should be surrounded by log level guards. | 2 | 273 |
| CommentRequired | Public method and constructor comments are required | 3 | 283–296 |
| MissingOverride | The method 'handleError(HttpServletRequest, HttpServletResponse, String)' is missing an @Override annotation. | 3 | 283–296 |
| MissingOverride | The method 'isDefault()' is missing an @Override annotation. | 3 | 298–301 |
| CommentRequired | Public method and constructor comments are required | 3 | 298–301 |
| CommentRequired | Public method and constructor comments are required | 3 | 303–306 |
| MissingOverride | The method 'setDefault(boolean)' is missing an @Override annotation. | 3 | 303–306 |
| FormalParameterNamingConventions | The method parameter name '_bDefault' doesn't match '[a-z][a-zA-Z0-9]*' | 1 | 303 |
| Rule | Violation | Priority | Ligne |
|---|---|---|---|
| DataClass | The class 'AbstractJWTDataClient' is suspected to be a Data Class (WOC=14.286%, NOPA=0, NOAM=6, WMC=9) | 3 | 55–149 |
| MissingOverride | The method 'getData(Token)' is missing an @Override annotation. | 3 | 122–147 |
| GuardLogStatement | Logger calls should be surrounded by log level guards. | 2 | 139 |
| Rule | Violation | Priority | Ligne |
|---|---|---|---|
| FormalParameterNamingConventions | The method parameter name '_bDefault' doesn't match '[a-z][a-zA-Z0-9]*' | 1 | 195 |
| Rule | Violation | Priority | Ligne |
|---|---|---|---|
| GuardLogStatement | Logger calls should be surrounded by log level guards. | 2 | 57 |
| EmptyCatchBlock | Avoid empty catch blocks | 3 | 63–66 |
| Rule | Violation | Priority | Ligne |
|---|---|---|---|
| FieldNamingConventions | The final field name '_keyLocatorsMap' doesn't match '[a-z][a-zA-Z0-9]*' | 1 | 72 |
| FieldNamingConventions | The final field name '_httpAccess' doesn't match '[a-z][a-zA-Z0-9]*' | 1 | 73 |
| CommentRequired | Public method and constructor comments are required | 3 | 75–79 |
| CyclomaticComplexity | The method 'parseJWT(Token, AuthClientConf, AuthServerConf, String, Logger)' has a cyclomatic complexity of 11. | 3 | 90–137 |
| GuardLogStatement | Logger calls should be surrounded by log level guards. | 2 | 113 |
| IdenticalCatchBranches | 'catch' branch identical to 'SignatureException' branch | 3 | 121–124 |
| IdenticalCatchBranches | 'catch' branch identical to 'SignatureException' branch | 3 | 125–128 |
| IdenticalCatchBranches | 'catch' branch identical to 'SignatureException' branch | 3 | 129–132 |
| IdenticalCatchBranches | 'catch' branch identical to 'SignatureException' branch | 3 | 133–136 |
| ConfusingTernary | Avoid if (x != y) ..; else ..; | 3 | 225–232 |
| Rule | Violation | Priority | Ligne |
|---|---|---|---|
| FieldNamingConventions | The final field name '_strJwksEndpointUri' doesn't match '[a-z][a-zA-Z0-9]*' | 1 | 51 |
| FieldNamingConventions | The final field name '_httpAccess' doesn't match '[a-z][a-zA-Z0-9]*' | 1 | 52 |
| CallSuperInConstructor | It is a good practice to call super() in a constructor | 3 | 62–66 |
| Rule | Violation | Priority | Ligne |
|---|---|---|---|
| ImmutableField | Private field '_nTimeSkewAllowance' could be made final; it is only initialized in the declaration or constructor. | 3 | 68 |
| NPathComplexity | The method 'parseJWT(Token, AuthClientConf, AuthServerConf, String, Logger)' has an NPath complexity of 1119744 | 3 | 74–279 |
| CyclomaticComplexity | The method 'parseJWT(Token, AuthClientConf, AuthServerConf, String, Logger)' has a cyclomatic complexity of 45. | 3 | 74–279 |
| NcssCount | The method 'parseJWT(Token, AuthClientConf, AuthServerConf, String, Logger)' has a NCSS line count of 78. | 3 | 74–279 |
| ExcessiveMethodLength | Avoid really long methods. | 3 | 74–279 |
| PrematureDeclaration | Avoid declaring a variable if it is unreferenced before a possible exit point. | 3 | 78 |
| CollapsibleIfStatements | These nested if statements could be combined | 3 | 105–110 |
| AvoidDuplicateLiterals | The String literal " got " appears 4 times in this file; the first occurrence is on line 157 | 3 | 157 |
| PreserveStackTrace | New exception is thrown in catch block, original stack trace may be lost | 3 | 223 |
| GuardLogStatement | Logger calls should be surrounded by log level guards. | 2 | 276 |
| PrematureDeclaration | Avoid declaring a variable if it is unreferenced before a possible exit point. | 3 | 285 |
| Rule | Violation | Priority | Ligne |
|---|---|---|---|
| ImmutableField | Private field '_strAccessToken' could be made final; it is only initialized in the declaration or constructor. | 3 | 50 |
| Rule | Violation | Priority | Ligne |
|---|---|---|---|
| CommentRequired | Header comments are required | 3 | 9–23 |
| CommentRequired | Public method and constructor comments are required | 3 | 12–15 |
| Rule | Violation | Priority | Ligne |
|---|---|---|---|
| UnusedImports | Avoid unused imports such as 'fr.paris.lutece.util.url.UrlItem' | 4 | 44 |
| ClassWithOnlyPrivateConstructorsShouldBeFinal | A class which only has private constructors should be final | 1 | 51–110 |
| UnusedPrivateField | Avoid unused private fields such as '_logger'. | 3 | 55 |
| LoggerIsNotStaticFinal | The Logger variable declaration does not contain the static and final modifiers | 2 | 55 |
| AvoidSynchronizedAtMethodLevel | Use block level rather than method level synchronization | 3 | 67–75 |
| UseCollectionIsEmpty | Substitute calls to size() == 0 (or size() != 0, size() > 0, size() < 1) with calls to isEmpty() | 3 | 91 |
| Rule | Violation | Priority | Ligne |
|---|---|---|---|
| LoggerIsNotStaticFinal | The Logger variable declaration does not contain the static and final modifiers | 2 | 58 |
| AvoidSynchronizedAtMethodLevel | Use block level rather than method level synchronization | 3 | 70–79 |
| ConfusingTernary | Avoid if (x != y) ..; else ..; | 3 | 120–129 |
| ConfusingTernary | Avoid if (x != y) ..; else ..; | 3 | 130–141 |
| Rule | Violation | Priority | Ligne |
|---|---|---|---|
| ShortVariable | Avoid variables with short names like t | 3 | 75 |
| Rule | Violation | Priority | Ligne |
|---|---|---|---|
| CommentRequired | Header comments are required | 3 | 38–59 |
| UseUtilityClass | All methods are static. Consider using a utility class instead. Alternatively, you could add a private constructor or make the class abstract to silence this warning. | 3 | 39–59 |
| Rule | Violation | Priority | Ligne |
|---|---|---|---|
| CommentRequired | Header comments are required | 3 | 9–27 |
| UseUtilityClass | All methods are static. Consider using a utility class instead. Alternatively, you could add a private constructor or make the class abstract to silence this warning. | 3 | 9–27 |
| CommentRequired | Public method and constructor comments are required | 3 | 11–17 |
| CommentRequired | Public method and constructor comments are required | 3 | 19–26 |
| Rule | Violation | Priority | Ligne |
|---|---|---|---|
| FieldNamingConventions | The final field name '_defaultClientConfig' doesn't match '[a-z][a-zA-Z0-9]*' | 1 | 62 |
| FieldNamingConventions | The final field name '_defaultauthServerConfig' doesn't match '[a-z][a-zA-Z0-9]*' | 1 | 63 |
| LoggerIsNotStaticFinal | The Logger variable declaration does not contain the static and final modifiers | 2 | 65 |
| AvoidReassigningParameters | Avoid reassigning parameters such as 'strRedirectUri' | 2 | 126 |
| UseObjectForClearerAPI | Rather than using a lot of String arguments, consider using a container object for those values. | 3 | 126–127 |
| UseDiamondOperator | Explicit type arguments can be replaced by Diamond Operator | 3 | 135 |
| GuardLogStatement | Logger calls should be surrounded by log level guards. | 2 | 157 |
| GuardLogStatement | Logger calls should be surrounded by log level guards. | 2 | 161 |
| UseDiamondOperator | Explicit type arguments can be replaced by Diamond Operator | 3 | 205 |
| UseDiamondOperator | Explicit type arguments can be replaced by Diamond Operator | 3 | 206 |
| GuardLogStatement | Logger calls should be surrounded by log level guards. | 2 | 214 |
| EmptyCatchBlock | Avoid empty catch blocks | 3 | 224–227 |
| UseDiamondOperator | Explicit type arguments can be replaced by Diamond Operator | 3 | 266 |
| UseDiamondOperator | Explicit type arguments can be replaced by Diamond Operator | 3 | 267 |
| GuardLogStatement | Logger calls should be surrounded by log level guards. | 2 | 276 |
| IdenticalCatchBranches | 'catch' branch identical to 'IOException' branch | 3 | 292–296 |
| EmptyCatchBlock | Avoid empty catch blocks | 3 | 297–300 |
| Rule | Violation | Priority | Ligne |
|---|---|---|---|
| GodClass | Possible God Class (WMC=71, ATFD=83, TCC=9.982%) | 3 | 69–744 |
| TooManyMethods | This class has too many methods, consider refactoring it. | 3 | 70–744 |
| LoggerIsNotStaticFinal | The Logger variable declaration does not contain the static and final modifiers | 2 | 73 |
| DefaultPackage | Use explicit scoping instead of the default package private level | 3 | 122–140 |
| CommentDefaultAccessModifier | To avoid mistakes add a comment at the beginning of the handle method if you want a default access modifier | 3 | 122–140 |
| ConfusingTernary | Avoid if (x != y) ..; else ..; | 3 | 127–139 |
| ConfusingTernary | Avoid if (x != y) ..; else ..; | 3 | 132–139 |
| DefaultPackage | Use explicit scoping instead of the default package private level | 3 | 143–166 |
| CommentDefaultAccessModifier | To avoid mistakes add a comment at the beginning of the logout method if you want a default access modifier | 3 | 143–166 |
| AvoidDuplicateLiterals | The String literal "UTF-8" appears 5 times in this file; the first occurrence is on line 149 | 3 | 149 |
| ConfusingTernary | Avoid if (x != y) ..; else ..; | 3 | 182–202 |
| GuardLogStatement | Logger calls should be surrounded by log level guards. | 2 | 249 |
| IdenticalCatchBranches | 'catch' branch identical to 'IOException' branch | 3 | 296–301 |
| IdenticalCatchBranches | 'catch' branch identical to 'IOException' branch | 3 | 302–307 |
| LocalVariableNamingConventions | The local variable name 'StrCodeVerifier' doesn't match '[a-z][a-zA-Z0-9]*' | 1 | 389 |
| UnusedPrivateMethod | Avoid unused private methods such as 'getStoredCodeChallenge(HttpSession)'. | 3 | 422 |
| GuardLogStatement | Logger calls should be surrounded by log level guards. | 2 | 494 |
| FormalParameterNamingConventions | The method parameter name '_handlerName' doesn't match '[a-z][a-zA-Z0-9]*' | 1 | 576 |
| FormalParameterNamingConventions | The method parameter name '_bDefault' doesn't match '[a-z][a-zA-Z0-9]*' | 1 | 614 |
| ForLoopCanBeForeach | This for loop can be replaced by a foreach loop | 3 | 627–644 |
| UseIndexOfChar | String.indexOf(char) is faster than String.indexOf(String). | 3 | 632 |
| UnusedFormalParameter | Avoid unused method parameters such as 'dataClient'. | 3 | 737 |
| Rule | Violation | Priority | Ligne |
|---|---|---|---|
| ClassNamingConventions | The utility class name 'Constants' doesn't match '[A-Z][a-zA-Z0-9]+(Utils?|Helper|Home|Service)' | 1 | 39–86 |
