The latest articles on DEV Community by koduki (@koduki). https://dev.to/koduki https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F73599%2F77f2de6d-445a-410a-8306-fb53a2e95ecd.png https://dev.to/koduki en koduki Sat, 04 Apr 2020 08:28:10 +0000 https://dev.to/koduki/zero-trust-network-for-comfortable-wfh-1njf https://dev.to/koduki/zero-trust-network-for-comfortable-wfh-1njf <h2> TL;DR </h2> <ul> <li>Zero Trust Network is post VPN for remote access.</li> <li>Base on HTTPS and Context awareness access Control(CAAC)</li> <li>Big paradigm shift from Firewall boundary to ID boundary</li> </ul> <h2> What is Zero Trust Security? </h2> <p>Do you know Zero Trust Security? </p> <p>Now many people work from home due to Coronavirus disease (COVID-19).<br> This is very very bad situation for your life, health and global economy.<br> However, it is good opportunity to consider about remote access.</p> <p>Roughly speaking, we can understand Zero Trust Network is post VPN.<br> This concept is simple, "Never trust, anywhere and anyone".</p> <p>Traditional VPN and Offie network are <strong>base on trust networks</strong>.<br> It made trust network in office and DC. These physical facilities are connected trust network like dedicate line. And they are protected Firewall.<br> Firewall is the Great Wall to separate trust networks and untrusted <br> networks. Security solutions take care a lot about access from untrusted networks.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--lLBCRvS5--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/7tgrs75j9536tyaloobq.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--lLBCRvS5--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/7tgrs75j9536tyaloobq.png" alt="Alt Text"></a><br> <em>Image: Traditional office networks</em></p> <p>VPN is only way to connect trust networks through untrusted networks as the special solution.</p> <p>On the other hands, Zero Trust Network is <strong>base on untrusted networks</strong>.<br> Today, remote access is very natural requirement. And Attacks have gotten more malus continuously. We have to take care about access from even trust network. That's why zero trust network start from untrusted network. So they can provide same security models whether trust networks or untrusted networks.<br> This approach protect systems by IDaaS like AzureAD or Google Cloud Identity instead of network firewall.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--Brjs47JG--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/jowq4lxl45exf6u6okzc.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--Brjs47JG--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/jowq4lxl45exf6u6okzc.png" alt="Alt Text"></a><br> <em>Image: Zero Trust networks</em></p> <p>Whether from office or home, each access is controlled by <em>Context</em> like user account, device, location and target application.</p> <h2> Why do we need post VPN? </h2> <p>Before deep diving to Zero trust network, let me explain why do we need post VPN.</p> <p>There is two issues.</p> <ul> <li>Performance</li> <li>Difficulty of right access control</li> <li>Consistent security policy</li> </ul> <h3> Performance </h3> <p>VPN performance is not so good. Because encryption is heavy task and it has latency problem. Even we want to connect to SaaS, we need access data center as VPN access hub. It is an extra connection.</p> <p>In addition, capacity plan is difficult. Because in the normal situation, only very few people will access from remote. However disaster situation like now, remote access will increase dramatically for BCP.<br> Honestly specking, it's difficult to always secure enough capacity for emergency.</p> <h3> Difficulty of right access control </h3> <p>VPN looks internal access, so it difficult to control office or home by application side.<br> For example, if you want only approve e-mail and some reporting tool from remote but you don't want to access business application which includes customer information. This requirement is natural. However if you want to realize, you may need to make or change firewall and network configuration. You need take care about network segment of each application. If you want to change such a remote access privilege level depending on role or person, you also need to take care about IP address which is distributed by VPN. If you want to utilize VDI(Virtual Desktop Infrastructure), issue will be complex more and more.</p> <p>This is a big problem.</p> <h3> Consistent security policy </h3> <p>We should use consistent security model to avoid complexity.<br> However, tradition office network is difficult to do it.</p> <p>First of all, it only provides security through trust network. Because almost security solutions like AV, EDR, CASB, device management are deployed on data center. This mean remote device is only applied through VPN. If VPN is not connected, that device is not secure. The problem is caused by that only the office is the first citizen and remote access is not.</p> <p>Second is SaaS. Office networks changed. We utilize not only intra system but also many SaaS product for our business environment. In this case, we also take care about SaaS access control and generally it is separated from current office configurations.</p> <p>From these three reasons, we need to consider about new security model.</p> <h2> Context-Aware Access Control (CAAC) </h2> <p>CAAC is key component for zero trust security network.<br> Role base access control (RBAC) verify user/role and target application. This is a better approach than just Network access control (NAC). Generally, we combinate NAC + RBAC. But it still not enough.</p> <p>CAAC verify user/role, device, location and target application. Location is typically network. So CAAC realize same control with NAC + RBAC by only single security control. </p> <p>Below is an example scenario.</p> <p>This sales staff can access to their customer management (CRM) system from office.<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--dJEj0UTs--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/nhknnlq5i4bn6zxjmpos.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--dJEj0UTs--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/nhknnlq5i4bn6zxjmpos.png" alt="Alt Text"></a></p> <p>But, even same person and same device can't access to their CRM from office.<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--AI0shr3K--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/lj9jw2yzdhz3os7vjci2.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--AI0shr3K--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/lj9jw2yzdhz3os7vjci2.png" alt="Alt Text"></a></p> <p>And he can access Office 365 like e-mail and one drive from home. However ind this case, he is required additional authentication like MFA.<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--dJEj0UTs--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/nhknnlq5i4bn6zxjmpos.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--dJEj0UTs--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/nhknnlq5i4bn6zxjmpos.png" alt="Alt Text"></a></p> <p>CAAC realize such a control easily. If we want do same control by NAC + RBSC, it is very complex configurations.</p> <p><em>Conditional access</em> of Azure AD and <em>Cloud IAP</em> of GCP are popular implementation of CAAC.</p> <h2> Office network with Zero Trust Network </h2> <p>Zero Trust Network is ID base security boundary. It is able to apply same control both office and home by CAAC.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--Brjs47JG--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/jowq4lxl45exf6u6okzc.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--Brjs47JG--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/jowq4lxl45exf6u6okzc.png" alt="Alt Text"></a></p> <p>To utilize this control, typical we use cloud security for endpoint security like AV, EDR, CASB, device management.<br> These tools can apply security whether trust networks or untrusted networks. </p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--42DWEIDg--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/uydbf65jqpw2loo0hvzv.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--42DWEIDg--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/uydbf65jqpw2loo0hvzv.png" alt="Alt Text"></a></p> <p>Form CAAC and Cloud Security, we can resolve <em>Difficulty of right access control</em> and <em>Consistent security policy</em>.</p> <p>In addition, Zero Trust Network doesn't apply extra encryption. Because every application should support HTTPS/TLS. Then they don't need extra overhead by encryption.</p> <p>Someone may afraid HTTPS is less secure than VPN, but it's not true.<br> VPN is based on TLS. So security level is completely same with HTTPS. Sometime VPN also support device trust. But IDaaS like Azure AD also support device trust with Intune. So we can say "It's completely same with VPN".</p> <p>Finally, zero trust security network doesn't take care about remote access or NOT. This mean everyone has capability of remote access. It is just control. So even if remote access increase by BCP, capacity is always enough. </p> <h2> Conclusion </h2> <p>VPN was good solution. However it has some issues today.<br> We should shift from traditional network model to zero trust networks.</p> <p>Of course, migration is not easy. However always improvement is only way to keep security.</p> <p>We should be consider everything about security.</p> <p>Happy Hacking!</p> security koduki Thu, 11 Jul 2019 06:31:01 +0000 https://dev.to/koduki/technology-landscape-for-identification-management-system-33jl https://dev.to/koduki/technology-landscape-for-identification-management-system-33jl <h2> Preface </h2> <p>Identification Management System is very important component for both enterprise and consumer.</p> <p>Especially, <strong>MFA</strong> is very hot topic. Anyone know about MFA. But do you know MFA <strong>clearly</strong>? It is <strong>NOT</strong> MFA to just use SMS or biometrics.</p> <p>Let me explain the technology trend for Identification Management System like MFA, Risk-based authentication, CAAC and SSO.</p> <h2> Authentication/Authorization </h2> <p>As you know <strong>Auth</strong> has two mean — <strong>Authentication</strong> and <strong>Authorization</strong>. These are very similar word. But different is simple.</p> <p>Authentication is <strong>Identify</strong>. This mean "Who are you?". Authorization is <strong>Access Control</strong>. This mean "What is permitted for you?"</p> <p>For example, <strong>OpenID</strong> is a technology for Identify and <strong>OAuth</strong> is a technology for Access Control.</p> <h2> Multi-Factor Authentication(MFA) </h2> <p>MFA/2FA is very hot technology. But it doesn't mean to use SMS or biometrics. And please be careful about difference with <strong>two-step verification</strong>.</p> <p>According to <a href="https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63-3.pdf" rel="noopener noreferrer">NIST Special Publication 800-63-3 Digital Identity Guidelines</a>, there is <strong>three factor of authentication</strong>.</p> <ul> <li>Something you know</li> <li>Something you have</li> <li>Something you are</li> </ul> <p><strong><em>"Something you know"</em></strong> is knowledge which is known only right user. Password or PIN are typically examples.</p> <p><strong><em>"Something you have"</em></strong> is property which is had only right user. SMS(Phone Number), mail address, token generator, hardware key/card, IP address and Geo-location are typically examples.</p> <p><strong><em>"Something you are"</em></strong> is biometrics. Fingerprint, face and iris are typically examples. Smartphone and AI help this area today.</p> <p>MFA is <strong>a combination of over two factor</strong>. This mean <strong>2nd password is NOT 2FA</strong>. It's <strong>only two-step verification</strong> with single factor. Because password and 2nd password are both <strong><em>"Something you know"</em></strong> .</p> <p>Single factor is <strong>easy to hack by same way</strong>. So combination is important.</p> <p>Especially almost <strong>attacker already knows about right ID and password</strong>. Then we need to <strong>additional factor</strong> for important operation.</p> <h2> Fraud detection </h2> <p><strong>Monitoring</strong> and <strong>Fraud detection</strong> is very important part for Identification Management. Because <strong>attacker already knows about right ID and password</strong> . But we need defect fraud.</p> <p>Internet Protocol Address <strong>(IPA) Location</strong>, <strong>Geo-Location</strong> and <strong>time</strong> are important information for this.</p> <p>Because if someone accessed in USA five minutes after being accessed in Japan, maybe it's <strong>illegal access</strong>. Such a access <strong>should be rejected</strong>.</p> <h2> Risk-based authentication </h2> <p>Risk-based authentication is improvement of fraud detection. Sometime we use new PC and we move to another location.</p> <p>If it's only provided fraud detection, we can't log-in in such a situation. It is NOT user-friendly.</p> <p>So Risk-based authentication manages such a <strong>irregular access patterns as risk</strong>. And it requires more <strong>additional authentication</strong> like SMS, e-Mail and so on. This is very useful function.</p> <p>In general, smartphone industry call this behavior as <strong>two-step verification</strong> with SMS authentication.</p> <h2> Context-aware access Control (CAAC) </h2> <p>Context-aware access control is mainly for enterprise system. It is a extetnion of <a href="https://en.wikipedia.org/wiki/Role-based_access_control" rel="noopener noreferrer">role-based access control (RBAC)</a>.</p> <p>It <strong>dynamically</strong> determines access capability according to the following factors.</p> <ul> <li>User</li> <li>Device</li> <li>Location</li> <li>Target system</li> <li>Target operation</li> </ul> <p>For example, we can control access level by office or home. And it is able to <strong>require additional authentication factor</strong> like hardware-key when user is on their home.</p> <p><a href="https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview" rel="noopener noreferrer">Azure AD Conditional Access</a> and <a href="https://cloud.google.com/iap/" rel="noopener noreferrer">Google Cloud IAP</a> provide this feature. It's key component for <strong>Zero Trust Security</strong>. This is only way for security control for SaaS. Because Cloud Age is <strong>every access is Remote Access</strong> . VPN is NOT enough now.</p> <h2> Single Sign On (SSO) </h2> <p><strong>SSO</strong> is not new technology for Enterprise. LDAP and Acitive Direcotry and each cloud vendor's IAMs provide this function. It's natural way for enterprise systems.</p> <p>Maybe someone may think that <strong>SSO is for usability for employee</strong>. But it's <strong>NOT correct</strong>.</p> <p><strong>SSO is for security</strong>. As you already know, <strong>Identification Management is very complex system</strong>. It's required a lot of features like MFA, Fraud Detection and monitoring and Context-aware access.</p> <p>If we don't use SSO, individual system has own account. And user needs to manage their password. It <strong>looks secure</strong>.</p> <p>But <strong>it's difficult to make the best auth features for individual systems</strong> and it's <strong>not realistic scenario</strong> to be managed many passwords <strong>properly</strong> by every user. Maybe <strong>they use same password for every system</strong> to help their brain memory. It's not secure.</p> <p>So we <strong>use SSO</strong> for security with <strong>trusted ID systems</strong>. This is <strong>the best practices!</strong></p> <h2> Conclusion </h2> <p>This diagram is summary of Identification Management System.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fthepracticaldev.s3.amazonaws.com%2Fi%2Ft861bvmob1i6p5wehraa.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fthepracticaldev.s3.amazonaws.com%2Fi%2Ft861bvmob1i6p5wehraa.png"></a></p> <p>Most importantly, <strong>Identification Management System is very complex</strong>. We <strong>shouldn't make by ourself</strong>.</p> <p>If you make <strong>a system for consumer</strong>, you should use <strong>Social Service ID</strong> like Google, GitHub, Twitter and Facebook with <strong>OpenID Connect</strong>.</p> <p>And if you make <strong>a system for business</strong>, you should use <strong>IDaaS</strong> like AzureAD with <strong>SAML 2.0</strong> or <strong>OpenID Connect</strong>.</p> <p>It's the best practice and only way to avoid Identify Issues, I believe.</p> <p>Happy Hacking !</p> security mfa sso caac koduki Sun, 07 Oct 2018 03:33:07 +0000 https://dev.to/koduki/the-seven-rules-for-continuous-unittest-4j9l https://dev.to/koduki/the-seven-rules-for-continuous-unittest-4j9l <h2> Introduction </h2> <p>Do you write UnitTest on your project? Are UnitTests ran every time?</p> <p>I completely thought it's same thing to write UnitTest and write "continuous" UnitTest.<br> But it is difference.</p> <p>Almost engineer know UnitTest is important. So they write UnitTest.<br> But I saw such a UnitTest is abolish again and again.<br> Why? Because they are very slow, they are difficult to maintenance, and they are broken.</p> <p>Continuous UnitTest needs to meet some requirements.<br> You can satisify this requireents by the following rules.</p> <ul> <li>Run always</li> <li>Keep portability</li> <li>Keep repeatability</li> <li>Avoid slow tests like a RDB, emulation, and so on</li> <li>Don't use your eyes</li> <li>One UnitTest, One point of view for a test</li> <li>Use readable name</li> </ul> <p>In this article, I explain about these rules.<br> I explain based on Java, Maven, JUnit. But You can apply to other languages.</p> <h2> The seven rules </h2> <h3> Run always </h3> <p>This rule is the most important.<br> You should run UnitTest every time, when you build your code.</p> <p>Don't use <code>-Dmaven.test.skip=true</code>!! Please...</p> <p>If you can always run all unit tests, they are Continuous UnitTest code.<br> But if you can't do it, you need modify it.</p> <h3> Keep portability </h3> <p><code>Portability</code> is important.<br> Unit Test isn't only ran on you PC, but also is ran on other environment.<br> Other environment is coworker's PC, CI environment and future your PC.</p> <p>For portability, you need to only use under your project directory.<br> You shouldn't use <code>/var/foobar</code> and <code>D:\foobar</code> as test data directory and so on.<br> Please use under <code>target</code> directory or <code>src/test/resources/</code>.</p> <h3> Keep repeatability </h3> <p><code>Portability</code> is important for <code>run always</code>.<br> Your code should be ran without any manual operations like a removing test data and so on.</p> <p>In generally, such a initialize or cleanup code should be ran on <code>setUp</code> or <code>tearDown</code>.</p> <h3> Avoid slow tests like a RDB, emulation, and so on </h3> <p>You should avoid slow test like a RDB test and using emulator.<br> Such a test is very useful. You should do it. However it's integration test.</p> <p>JUnit also support integration test.<br> You can use real DB by DBUnit. You can use arquillian. Today, you can use even Docker.</p> <p>I love it. But these test is slow. <br> If tests are slow, you will not run all UnitTest every time.</p> <p>So, you should separate such a test as Slow Test.<br> I recommend make a <code>slow-test</code> profile or use <code>maven's integration-test phase</code>.<br> And you can ran it when build on CI environment or before commit.</p> <h3> Don't use your eyes </h3> <p>Don't use your eyes for UnitTest!</p> <p>UnitTest should check assertion automatically.<br> You shouldn't use your eyes to check logs, standard out, file output and so on.<br> Please use assertThat, assertEquals and so on. It's JUnit's role.</p> <p>Maybe following article helps you.<br> <a href="https://dev.to/koduki/how-do-you-write-production-code-for-unittest-5f30">How do you write "Production Code" for UnitTest?</a></p> <h3> One UnitTest, One UnitTest, One point of view for a test </h3> <p>Each test should be check only one point of view.<br> If there are many points of view for a test case, it's difficult to check which test is failed.</p> <p>This is not manual tests. You don't need to decrease test operation cost.<br> You can make a test case for only one point of view.</p> <p>Please avoid only one test case per method.</p> <h3> Use readable name </h3> <p>Please use readable name.<br> You should avoid like a <code>test001</code>, <code>test002</code>, <code>test003</code>...<br> Because anyone can't understand a expectation of its method.</p> <p>Naming is important as well as production code.</p> <p>Maybe BDD style helps you a lot.<br> You should use method name, condition and expectation as test name.</p> <h2> Summary </h2> <p>I think almost rule is not difficult.<br> Maybe many people think almost rules are very natural.<br> You may even think it is unnecessary as it is common sense.</p> <p>But it's important to be clearly rules.</p> <p>Especially, many people don't separate UnitTest and IntegrationTest.<br> JUnit tests are managed as just JUnit tests. It's not good.</p> <p>I believe simple rules support smooth communication!</p> <p>Happy hacking!</p> testing java beginners junit koduki Sun, 30 Sep 2018 22:48:53 +0000 https://dev.to/koduki/how-do-you-write-production-code-for-unittest-5f30 https://dev.to/koduki/how-do-you-write-production-code-for-unittest-5f30 <h2> Introduction </h2> <p>UnitTest is very important for keeping code quality.<br> So almost project require to write UnitTest.</p> <p>As a result, I will review strange UnitTest or I will be asked them about "I can't write UnitTest!".</p> <p>Why? Because they don't consider about production code for UnitTest.<br> They only consider about UnitTest code for UnitTest. This is not good.</p> <p>We should divid "business logic" and "uncontrolled value" from production code for writing UnitTest. This is also good for "readability".</p> <p>Basic rule is only two.</p> <ul> <li>Sepalate "business logic" and "uncontrolled value like a I/O, date, random"</li> <li>Inject dependency by argument, constructer, non-private fields</li> </ul> <p>In this article, I explain how do you write production code for UnitTest.</p> <h2> Typically example </h2> <p>Firstly, I explain typically cases.</p> <h3> Case 01: "I want to output to standard output" </h3> <p>You should sepalate the logic and the output method like a <code>System.out.println</code> or <code>Logger.info</code>.<br> You make a simple method for building "output string".<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="c1">// Production Code:</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">Example01Good</span> <span class="o">{</span> <span class="kd">public</span> <span class="kd">static</span> <span class="kt">void</span> <span class="nf">main</span><span class="o">(</span><span class="nc">String</span><span class="o">[]</span> <span class="n">args</span><span class="o">)</span> <span class="o">{</span> <span class="nc">String</span> <span class="n">message</span> <span class="o">=</span> <span class="n">args</span><span class="o">[</span><span class="mi">0</span><span class="o">];</span> <span class="nc">System</span><span class="o">.</span><span class="na">out</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="n">makeMessage</span><span class="o">(</span><span class="n">message</span><span class="o">));</span> <span class="o">}</span> <span class="kd">static</span> <span class="nc">String</span> <span class="nf">makeMessage</span><span class="o">(</span><span class="nc">String</span> <span class="n">message</span><span class="o">)</span> <span class="o">{</span> <span class="k">return</span> <span class="s">"Hello, "</span> <span class="o">+</span> <span class="n">message</span><span class="o">;</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="c1">// UnitTest Code:</span> <span class="nd">@Test</span> <span class="kd">public</span> <span class="kt">void</span> <span class="nf">testMakeMessage</span><span class="o">()</span> <span class="o">{</span> <span class="n">assertThat</span><span class="o">(</span><span class="nc">Example01Good</span><span class="o">.</span><span class="na">makeMessage</span><span class="o">(</span><span class="s">"world"</span><span class="o">),</span> <span class="n">is</span><span class="o">(</span><span class="s">"Hello, world"</span><span class="o">));</span> <span class="o">}</span> </code></pre> </div> <h3> Case 02: "I want to use random number" </h3> <p>Random number is not able to fix result.<br> So we need to sepalate the logic and the number generator.<br> This is a simple dice game logic for checking "Odd" or "Even"<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="c1">// Production Code:</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">Example02Good</span> <span class="o">{</span> <span class="kd">public</span> <span class="kd">static</span> <span class="kt">void</span> <span class="nf">main</span><span class="o">(</span><span class="nc">String</span><span class="o">[]</span> <span class="n">args</span><span class="o">)</span> <span class="o">{</span> <span class="nc">System</span><span class="o">.</span><span class="na">out</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="n">check</span><span class="o">(</span><span class="n">throwDice</span><span class="o">(</span><span class="nc">Math</span><span class="o">.</span><span class="na">random</span><span class="o">())));</span> <span class="o">}</span> <span class="kd">static</span> <span class="nc">String</span> <span class="nf">check</span><span class="o">(</span><span class="kt">int</span> <span class="n">num</span><span class="o">)</span> <span class="o">{</span> <span class="k">return</span> <span class="o">(</span><span class="n">num</span> <span class="o">%</span> <span class="mi">2</span> <span class="o">==</span> <span class="mi">0</span><span class="o">)</span> <span class="o">?</span> <span class="s">"Win"</span> <span class="o">:</span> <span class="s">"Lose"</span><span class="o">;</span> <span class="o">}</span> <span class="kd">static</span> <span class="kt">int</span> <span class="nf">throwDice</span><span class="o">(</span><span class="kt">double</span> <span class="n">rand</span><span class="o">)</span> <span class="o">{</span> <span class="k">return</span> <span class="o">(</span><span class="kt">int</span><span class="o">)</span> <span class="o">(</span><span class="n">rand</span> <span class="o">*</span> <span class="mi">6</span><span class="o">);</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="c1">// Test Code:</span> <span class="nd">@Test</span> <span class="kd">public</span> <span class="kt">void</span> <span class="nf">testCheck</span><span class="o">()</span> <span class="o">{</span> <span class="n">assertThat</span><span class="o">(</span><span class="nc">Example02Good</span><span class="o">.</span><span class="na">check</span><span class="o">(</span><span class="mi">1</span><span class="o">),</span> <span class="n">is</span><span class="o">(</span><span class="s">"Lose"</span><span class="o">));</span> <span class="n">assertThat</span><span class="o">(</span><span class="nc">Example02Good</span><span class="o">.</span><span class="na">check</span><span class="o">(</span><span class="mi">2</span><span class="o">),</span> <span class="n">is</span><span class="o">(</span><span class="s">"Win"</span><span class="o">));</span> <span class="n">assertThat</span><span class="o">(</span><span class="nc">Example02Good</span><span class="o">.</span><span class="na">check</span><span class="o">(</span><span class="mi">3</span><span class="o">),</span> <span class="n">is</span><span class="o">(</span><span class="s">"Lose"</span><span class="o">));</span> <span class="n">assertThat</span><span class="o">(</span><span class="nc">Example02Good</span><span class="o">.</span><span class="na">check</span><span class="o">(</span><span class="mi">4</span><span class="o">),</span> <span class="n">is</span><span class="o">(</span><span class="s">"Win"</span><span class="o">));</span> <span class="n">assertThat</span><span class="o">(</span><span class="nc">Example02Good</span><span class="o">.</span><span class="na">check</span><span class="o">(</span><span class="mi">5</span><span class="o">),</span> <span class="n">is</span><span class="o">(</span><span class="s">"Lose"</span><span class="o">));</span> <span class="n">assertThat</span><span class="o">(</span><span class="nc">Example02Good</span><span class="o">.</span><span class="na">check</span><span class="o">(</span><span class="mi">6</span><span class="o">),</span> <span class="n">is</span><span class="o">(</span><span class="s">"Win"</span><span class="o">));</span> <span class="o">}</span> </code></pre> </div> <h3> Case 03: "I want to calcurate calendar like tomorrow, 1 year ago or later" </h3> <p>Calculating calendar is very general code. But <code>current time</code> like <code>today</code> is uncontrolled value.<br> You need to sepalate the calendar Calculation logic and getting <code>current time</code>.</p> <p>You can use <code>method arguments</code> like a random number. This is good pracitice.<br> But sometimes <code>getting current time</code> is used on many places. In such a case, you can also use <code>factory pattern</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="c1">// Production Code</span> <span class="kd">class</span> <span class="nc">SystemDate</span> <span class="o">{</span> <span class="kd">public</span> <span class="nc">LocalDate</span> <span class="nf">today</span><span class="o">()</span> <span class="o">{</span> <span class="k">return</span> <span class="nc">LocalDate</span><span class="o">.</span><span class="na">now</span><span class="o">();</span> <span class="o">}</span> <span class="o">}</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">Example03Good</span> <span class="o">{</span> <span class="nc">SystemDate</span> <span class="n">systemDate</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">SystemDate</span><span class="o">();</span> <span class="kd">public</span> <span class="nc">LocalDate</span> <span class="nf">tomorrow2</span><span class="o">()</span> <span class="o">{</span> <span class="k">return</span> <span class="n">systemDate</span><span class="o">.</span><span class="na">today</span><span class="o">().</span><span class="na">plusDays</span><span class="o">(</span><span class="mi">1</span><span class="o">);</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="c1">// Test Code</span> <span class="nd">@Test</span> <span class="kd">public</span> <span class="kt">void</span> <span class="nf">testTomorrow2</span><span class="o">()</span> <span class="o">{</span> <span class="nc">Example03Good</span> <span class="n">target</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Example03Good</span><span class="o">();</span> <span class="n">target</span><span class="o">.</span><span class="na">systemDate</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">SystemDate</span><span class="o">()</span> <span class="o">{</span> <span class="nd">@Override</span> <span class="kd">public</span> <span class="nc">LocalDate</span> <span class="nf">today</span><span class="o">()</span> <span class="o">{</span> <span class="k">return</span> <span class="nc">LocalDate</span><span class="o">.</span><span class="na">of</span><span class="o">(</span><span class="mi">2017</span><span class="o">,</span> <span class="mi">1</span><span class="o">,</span> <span class="mi">16</span><span class="o">);</span> <span class="o">}</span> <span class="o">};</span> <span class="n">assertThat</span><span class="o">(</span><span class="n">target</span><span class="o">.</span><span class="na">tomorrow2</span><span class="o">(),</span> <span class="n">is</span><span class="o">(</span><span class="nc">LocalDate</span><span class="o">.</span><span class="na">of</span><span class="o">(</span><span class="mi">2017</span><span class="o">,</span> <span class="mi">1</span><span class="o">,</span> <span class="mi">17</span><span class="o">)));</span> <span class="o">}</span> </code></pre> </div> <h3> Case 04: "I want to manage File I/O" </h3> <p>Basically, this is same with Standard I/O case. You should sepalate the logic for <code>building Text or Binary</code> and the logic for read or write.<br> This is pretiy good.</p> <p>But sometimes you need very many text size, checking line order and so on.<br> In such a case, you can use Reader/Writer and InputStream/OutputStream to sepalate logic and I/O.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="c1">// Production Code</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">Example04Good</span> <span class="o">{</span> <span class="kd">public</span> <span class="kd">static</span> <span class="kt">void</span> <span class="nf">main</span><span class="o">(</span><span class="nc">String</span><span class="o">[]</span> <span class="n">args</span><span class="o">)</span> <span class="kd">throws</span> <span class="nc">Exception</span> <span class="o">{</span> <span class="nc">System</span><span class="o">.</span><span class="na">out</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="s">"hello"</span><span class="o">);</span> <span class="k">try</span> <span class="o">(</span><span class="nc">Reader</span> <span class="n">reader</span> <span class="o">=</span> <span class="nc">Files</span><span class="o">.</span><span class="na">newBufferedReader</span><span class="o">(</span><span class="nc">Paths</span><span class="o">.</span><span class="na">get</span><span class="o">(</span><span class="s">"intput.txt"</span><span class="o">));</span> <span class="nc">Writer</span> <span class="n">writer</span> <span class="o">=</span> <span class="nc">Files</span><span class="o">.</span><span class="na">newBufferedWriter</span><span class="o">(</span><span class="nc">Paths</span><span class="o">.</span><span class="na">get</span><span class="o">(</span><span class="s">"output.txt"</span><span class="o">));)</span> <span class="o">{</span> <span class="n">addLineNumber</span><span class="o">(</span><span class="n">reader</span><span class="o">,</span> <span class="n">writer</span><span class="o">);</span> <span class="o">}</span> <span class="o">}</span> <span class="kd">static</span> <span class="kt">void</span> <span class="nf">addLineNumber</span><span class="o">(</span><span class="nc">Reader</span> <span class="n">reader</span><span class="o">,</span> <span class="nc">Writer</span> <span class="n">writer</span><span class="o">)</span> <span class="kd">throws</span> <span class="nc">IOException</span> <span class="o">{</span> <span class="k">try</span> <span class="o">(</span><span class="nc">BufferedReader</span> <span class="n">br</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">BufferedReader</span><span class="o">(</span><span class="n">reader</span><span class="o">);</span> <span class="nc">PrintWriter</span> <span class="n">pw</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">PrintWriter</span><span class="o">(</span><span class="n">writer</span><span class="o">);)</span> <span class="o">{</span> <span class="kt">int</span> <span class="n">i</span> <span class="o">=</span> <span class="mi">1</span><span class="o">;</span> <span class="k">for</span> <span class="o">(</span><span class="nc">String</span> <span class="n">line</span> <span class="o">=</span> <span class="n">br</span><span class="o">.</span><span class="na">readLine</span><span class="o">();</span> <span class="n">line</span> <span class="o">!=</span> <span class="kc">null</span><span class="o">;</span> <span class="n">line</span> <span class="o">=</span> <span class="n">br</span><span class="o">.</span><span class="na">readLine</span><span class="o">())</span> <span class="o">{</span> <span class="n">pw</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="n">i</span> <span class="o">+</span> <span class="s">": "</span> <span class="o">+</span> <span class="n">line</span><span class="o">);</span> <span class="n">i</span> <span class="o">+=</span> <span class="mi">1</span><span class="o">;</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="c1">// Test Code</span> <span class="nd">@Test</span> <span class="kd">public</span> <span class="kt">void</span> <span class="nf">testAddLineNumber</span><span class="o">()</span> <span class="kd">throws</span> <span class="nc">Exception</span> <span class="o">{</span> <span class="nc">Writer</span> <span class="n">writer</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">StringWriter</span><span class="o">();</span> <span class="n">addLineNumber</span><span class="o">(</span><span class="k">new</span> <span class="nc">StringReader</span><span class="o">(</span><span class="s">"a\nb\nc\n"</span><span class="o">),</span> <span class="n">writer</span><span class="o">);</span> <span class="n">writer</span><span class="o">.</span><span class="na">flush</span><span class="o">();</span> <span class="nc">String</span><span class="o">[]</span> <span class="n">actuals</span> <span class="o">=</span> <span class="n">writer</span><span class="o">.</span><span class="na">toString</span><span class="o">().</span><span class="na">split</span><span class="o">(</span><span class="nc">System</span><span class="o">.</span><span class="na">lineSeparator</span><span class="o">());</span> <span class="n">assertThat</span><span class="o">(</span><span class="n">actuals</span><span class="o">.</span><span class="na">length</span><span class="o">,</span> <span class="n">is</span><span class="o">(</span><span class="mi">3</span><span class="o">));</span> <span class="n">assertThat</span><span class="o">(</span><span class="n">actuals</span><span class="o">[</span><span class="mi">0</span><span class="o">],</span> <span class="n">is</span><span class="o">(</span><span class="s">"1: a"</span><span class="o">));</span> <span class="n">assertThat</span><span class="o">(</span><span class="n">actuals</span><span class="o">[</span><span class="mi">1</span><span class="o">],</span> <span class="n">is</span><span class="o">(</span><span class="s">"2: b"</span><span class="o">));</span> <span class="n">assertThat</span><span class="o">(</span><span class="n">actuals</span><span class="o">[</span><span class="mi">2</span><span class="o">],</span> <span class="n">is</span><span class="o">(</span><span class="s">"3: c"</span><span class="o">));</span> <span class="o">}</span> </code></pre> </div> <h2> Fundamental Concept </h2> <p>In this section, I explain more deeply.</p> <h3> Sepalate logic and I/O </h3> <p>Most importantly, you should seplate logic and I/O every time.<br> This is important desigin for UnitTest.</p> <p>Let's take an example of a simple program for "getting text from command line arguments and print out to standard out".<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="kd">public</span> <span class="kd">class</span> <span class="nc">Example01Bad</span> <span class="o">{</span> <span class="kd">public</span> <span class="kd">static</span> <span class="kt">void</span> <span class="nf">main</span><span class="o">(</span><span class="nc">String</span><span class="o">[]</span> <span class="n">args</span><span class="o">)</span> <span class="o">{</span> <span class="nc">String</span> <span class="n">message</span> <span class="o">=</span> <span class="n">args</span><span class="o">[</span><span class="mi">0</span><span class="o">];</span> <span class="c1">// String message = "World"; // for debug.</span> <span class="nc">System</span><span class="o">.</span><span class="na">out</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="s">"Hello, "</span> <span class="o">+</span> <span class="n">message</span><span class="o">);</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>Maybe, this is the most simple code. I beleave you write down same code firstly.<br> <code>for debug</code> comment is funny.</p> <p>Next, let's write UnitTest.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="cm">/** * Super bad code */</span> <span class="nd">@Test</span> <span class="kd">public</span> <span class="kt">void</span> <span class="nf">testMain</span><span class="o">()</span> <span class="o">{</span> <span class="nc">String</span><span class="o">[]</span> <span class="n">args</span> <span class="o">=</span> <span class="o">{</span><span class="s">"world"</span><span class="o">};</span> <span class="nc">Example01Bad</span><span class="o">.</span><span class="na">main</span><span class="o">(</span><span class="n">args</span><span class="o">);</span> <span class="o">}</span> </code></pre> </div> <p>This is a super simple. But there is NO assertion! So this UnitTest require to check True or False by your eyes!<br> Do you think this is a joke? Unfortunatly, I see such a UnitTest on real project again and again...</p> <p>Of cource this code is terrible. More better people write blow code.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="cm">/** * Bad code */</span> <span class="nd">@Test</span> <span class="kd">public</span> <span class="kt">void</span> <span class="nf">testMainWithSystemOut</span><span class="o">()</span> <span class="o">{</span> <span class="nc">ByteArrayOutputStream</span> <span class="n">out</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">ByteArrayOutputStream</span><span class="o">();</span> <span class="nc">System</span><span class="o">.</span><span class="na">setOut</span><span class="o">(</span><span class="k">new</span> <span class="nc">PrintStream</span><span class="o">(</span><span class="n">out</span><span class="o">));</span> <span class="nc">String</span><span class="o">[]</span> <span class="n">args</span> <span class="o">=</span> <span class="o">{</span><span class="s">"world"</span><span class="o">};</span> <span class="nc">Example01Bad</span><span class="o">.</span><span class="na">main</span><span class="o">(</span><span class="n">args</span><span class="o">);</span> <span class="n">assertThat</span><span class="o">(</span><span class="n">out</span><span class="o">.</span><span class="na">toString</span><span class="o">(),</span> <span class="n">is</span><span class="o">(</span><span class="s">"Hello, world"</span> <span class="o">+</span> <span class="nc">System</span><span class="o">.</span><span class="na">lineSeparator</span><span class="o">()));</span> <span class="o">}</span> </code></pre> </div> <p>This code hook StandardOut. It is not bad.<br> You can run it as UnitTest perfectly. But it's complex jsut a little.</p> <p>If you can't modify target production code, you should write it.<br> However if you can change production code, UnitTest becomes more easily.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="c1">// Good production code</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">Example01Good</span> <span class="o">{</span> <span class="kd">public</span> <span class="kd">static</span> <span class="kt">void</span> <span class="nf">main</span><span class="o">(</span><span class="nc">String</span><span class="o">[]</span> <span class="n">args</span><span class="o">)</span> <span class="o">{</span> <span class="nc">String</span> <span class="n">message</span> <span class="o">=</span> <span class="n">args</span><span class="o">[</span><span class="mi">0</span><span class="o">];</span> <span class="nc">System</span><span class="o">.</span><span class="na">out</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="n">makeMessage</span><span class="o">(</span><span class="n">message</span><span class="o">));</span> <span class="o">}</span> <span class="kd">static</span> <span class="nc">String</span> <span class="nf">makeMessage</span><span class="o">(</span><span class="nc">String</span> <span class="n">message</span><span class="o">)</span> <span class="o">{</span> <span class="k">return</span> <span class="s">"Hello, "</span> <span class="o">+</span> <span class="n">message</span><span class="o">;</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>I sepalate "building message logic" as makeMessage method. So UnitTest becomes following.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="c1">// Good test code</span> <span class="nd">@Test</span> <span class="kd">public</span> <span class="kt">void</span> <span class="nf">testMakeMessage</span><span class="o">()</span> <span class="o">{</span> <span class="n">assertThat</span><span class="o">(</span><span class="nc">Example01Good</span><span class="o">.</span><span class="na">makeMessage</span><span class="o">(</span><span class="s">"world"</span><span class="o">),</span> <span class="n">is</span><span class="o">(</span><span class="s">"Hello, world"</span><span class="o">));</span> <span class="o">}</span> </code></pre> </div> <p>This is a very simple. And it's perfect as UnitTest.</p> <p>You might think it strange, because this code doesn't do any test about StandardOut.<br> Exactly. But it's not necessary as UnitTest.</p> <p>Basically, Checking bussiness logic is the most impotantly in UnitTest.<br> <code>Sysmte.out.println</code> and Logging library is standard or popular library.<br> That means their code quality is keeped by other tests. You are only careful about your business logcic.<br> Of course, you also need to check about Standard Output and so on. But it is integration test.</p> <h3> Don't initilze uncontrolled values directly </h3> <p>You should not initialize uncontrolled value like a randome number, date, RPC(WebAPI), DAO on your each method.<br> Please apply the concept of DI(Dependency Injection).</p> <p>Let's take an example of a method for <code>calculating tomorrow</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="kd">public</span> <span class="kd">class</span> <span class="nc">Example03Bad</span> <span class="o">{</span> <span class="kd">public</span> <span class="nc">LocalDate</span> <span class="nf">tomorrow</span><span class="o">()</span> <span class="o">{</span> <span class="k">return</span> <span class="nc">LocalDate</span><span class="o">.</span><span class="na">now</span><span class="o">().</span><span class="na">plusDays</span><span class="o">(</span><span class="mi">1</span><span class="o">);</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>Naturally, this code is not able to do UnitTest. Because <code>LocalDate.now()</code> value changes every time.<br> So <code>LocalDate.now()</code> is uncontrolled value. This is a typical beginner's trap.<br> You need to sepalate it from business logic. The most simple solution is to use method arguments.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="kd">public</span> <span class="nc">LocalDate</span> <span class="nf">tomorrow</span><span class="o">(</span><span class="nc">LocalDate</span> <span class="n">today</span><span class="o">)</span> <span class="o">{</span> <span class="k">return</span> <span class="n">today</span><span class="o">.</span><span class="na">plusDays</span><span class="o">(</span><span class="mi">1</span><span class="o">);</span> <span class="o">}</span> </code></pre> </div> <p>So you can fix test code follwing.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nd">@Test</span> <span class="kd">public</span> <span class="kt">void</span> <span class="nf">testTomorrow</span><span class="o">()</span> <span class="o">{</span> <span class="nc">Example03Good</span> <span class="n">target</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Example03Good</span><span class="o">();</span> <span class="n">assertThat</span><span class="o">(</span><span class="n">target</span><span class="o">.</span><span class="na">tomorrow</span><span class="o">(</span><span class="nc">LocalDate</span><span class="o">.</span><span class="na">of</span><span class="o">(</span><span class="mi">2017</span><span class="o">,</span> <span class="mi">1</span><span class="o">,</span> <span class="mi">16</span><span class="o">)),</span> <span class="n">is</span><span class="o">(</span><span class="nc">LocalDate</span><span class="o">.</span><span class="na">of</span><span class="o">(</span><span class="mi">2017</span><span class="o">,</span> <span class="mi">1</span><span class="o">,</span> <span class="mi">17</span><span class="o">)));</span> <span class="o">}</span> </code></pre> </div> <p>This is enough. But if getting current time is used on many places, you can also factory method pattern and stub.<br> Firstly, you make factory class which has a method <code>today()</code> to return <code>LocalDate</code>.<br> Next, you set it on target code field.</p> <p>Return value of <code>today()</code> is depends on implementation. In production, it is <code>LocalDate.now()</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="kd">class</span> <span class="nc">SystemDate</span> <span class="o">{</span> <span class="kd">public</span> <span class="nc">LocalDate</span> <span class="nf">today</span><span class="o">()</span> <span class="o">{</span> <span class="k">return</span> <span class="nc">LocalDate</span><span class="o">.</span><span class="na">now</span><span class="o">();</span> <span class="o">}</span> <span class="o">}</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">Example03Good</span> <span class="o">{</span> <span class="nc">SystemDate</span> <span class="n">systemDate</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">SystemDate</span><span class="o">();</span> <span class="kd">public</span> <span class="nc">LocalDate</span> <span class="nf">tomorrow2</span><span class="o">()</span> <span class="o">{</span> <span class="k">return</span> <span class="n">systemDate</span><span class="o">.</span><span class="na">today</span><span class="o">().</span><span class="na">plusDays</span><span class="o">(</span><span class="mi">1</span><span class="o">);</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>In test code, you use stub instead of <code>LocalDate.now()</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nd">@Test</span> <span class="kd">public</span> <span class="kt">void</span> <span class="nf">testTomorrow2</span><span class="o">()</span> <span class="o">{</span> <span class="nc">Example03Good</span> <span class="n">target</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Example03Good</span><span class="o">();</span> <span class="n">target</span><span class="o">.</span><span class="na">systemDate</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">SystemDate</span><span class="o">()</span> <span class="o">{</span> <span class="nd">@Override</span> <span class="kd">public</span> <span class="nc">LocalDate</span> <span class="nf">today</span><span class="o">()</span> <span class="o">{</span> <span class="k">return</span> <span class="nc">LocalDate</span><span class="o">.</span><span class="na">of</span><span class="o">(</span><span class="mi">2017</span><span class="o">,</span> <span class="mi">1</span><span class="o">,</span> <span class="mi">16</span><span class="o">);</span> <span class="o">}</span> <span class="o">};</span> <span class="n">assertThat</span><span class="o">(</span><span class="n">target</span><span class="o">.</span><span class="na">tomorrow2</span><span class="o">(),</span> <span class="n">is</span><span class="o">(</span><span class="nc">LocalDate</span><span class="o">.</span><span class="na">of</span><span class="o">(</span><span class="mi">2017</span><span class="o">,</span> <span class="mi">1</span><span class="o">,</span> <span class="mi">17</span><span class="o">)));</span> <span class="o">}</span> </code></pre> </div> <p>The key is to use <code>package scope</code> instead of <code>private scope</code> or you should initialize by constructor.<br> If you use private scope, you need a mock framework and so on.</p> <h2> Summary </h2> <p>Basic rule is only two.</p> <ul> <li>Sepalate "business logic" and "uncontrolled value like a I/O, date, random"</li> <li>Inject dependency by argument, constructer, non-private fields</li> </ul> <p>This is not difficult. But sometimes biginner doesn't know it.<br> In addtion, TDD(Test Driven Development) and Test First force you to write such code.<br> It is a reasn that TDD is populer. </p> <p>And functional language is more strict style about side effect. Let's try to study also it.</p> testing java beginners