This document covers common coding styles and guidelines for all ForgeRock products.
The ForgeRock Java coding style is loosely based on the Sun Java conventions. We provide a set of Checkstyle rules which can be used to enforce the code style, as well as integration for Maven based projects.
All new source files must begin with the following copyright notice, which should be adapted accordingly for non-Java source code (e.g. XML, properties, etc):
All source files should contain copyright attributions for the people or organizations who have contributed the code. For new files this should be of the form:
The attribute should be prefixed with "Portions" for non-ForgeRock changes to existing ForgeRock-created files or for any changes to existing non-ForgeRock-created files:
When multiple contributions have been made in different years by the same contributor a year range should be used and kept up to date, for example:
Note that copyright attributions DO NOT need to include a (c) symbol nor the phrase "All rights reserved". In addition, projects MUST include the CDDL license in its entirety in the project relative location
When committing code it is essential that others can quickly get an idea of what the commit relates to, and also find more information on the issue and review. A message must always be provided when committing to trunk, sustaining or release branches/tags and we have some simple guidelines for writing them.
- Start with the JIRA issue ID for the story or bug
State in up to 50 chars how this commit changes the product. Begin with a capital letter and don’t end with a full stop. Write as if completing the sentence "If applied, this commit will..."
- If you really need to provide further info in the commit message (info about the fix should be captured in the JIRA issue), then leave a blank line below the summary before adding the details.
AME-9876 CR-1234 Add new authentication module for device auth
AME-9876 Add new authentication module for device auth
Ideally the commit message for a security fix should only contain the JIRA issue ID. You may also optionally provide a simple description of the general area of the fix, but you must not mention any details of the vulnerability.
OPENAM-12345 Fix email service.
OPENAM-12345 Adjust LDAP connection settings.
OPENAM-12345 Eliminate XSS in /json/sessions endpoint - mentions a specific vulnerability and/or endpoint
OPENAM-12345 Fix issue reported by customer - customers often report security issues, so this is a red flag
OPENAM-12345 JWT validation - NB even something as simple as this should be avoided as bugs in validation are almost always security issues
If in doubt, leave it out!