Category Archives: Programming



JPA inheritance performance improvement

This article is about improving JPA's performance when working with large/thick hierarchies.

Let's suppose that for some reason you have a similar (or larger) hierarchy to one I encountered in one of my projects:
- InheritanceType.JOINED also using DiscriminatorColumn
- 4 levels hierarchy (including root entity)
- 24 entities actually making the hierarchy
- 7 properties as an average for each entity (excluding @Id)
- other entities are referenced by those actually making the hierarchy
- using hibernate JPA 2.1 api (though this might not be important)

When retrieving an entity I face the situation of about 70 tables being joined (24 from the hierarchy and 46 other referenced entities) and the performance is pathetic. Of course I have the appropriate indexes painfully chosen by testing every query with EXPLAIN ANALYZE.

Part of the problem is that I also have a large table for the hierarchy's root (26 million of rows). The other part is the way JPA is working: I mean when I try to get the root entities filtered by few discriminator types then JPA creates a 70 tables SELECT instead of using only the tables making sense for those specific discriminators. 

Let's name RootEntity the root entity of my JPA hierarchy. Let's also suppose I have Level4Entity (with 4a as discriminator) which inherits from Level3Entity which inherits from Level2Entity which inherits RootEntity. When querying for RootEntity using 4a and 4b discriminator types as criteria then JPA is using the same query as when querying for RootEntity's entire hierarchy (70 tables as a total). Should JPA only use the tables required by Level4Entity's specific sub-hierarchy (e.g. 12 tables: 4 for hierarchy and other 8 referenced) then the performance would be much better. Even when simply retrieving a RootEntity entity by its @Id the timing is 12 seconds!

The client cares only for the performance (while using same hardware) asks: can you do better? Well, let's now just imagine the totally crazy idea of using InheritanceType.SINGLE_TABLE instead of InheritanceType.JOINED. For me this would mean an 177 columns table for RootEntity's and liquibase scripts in order to copy the columns and data from previous tables to the RootEntity's table, refactor FKs and indexes. But would this effort worth? Well, if your database supports materialized views you could test this approach before changing your code and database. You could simply create a materialized view based on the actual 70 tables SELECT generated by JPA then you could test the retrieving of one row by pk (somehow equivalent to the previously retrieving by @Id which took 12 seconds). If you really want the best comparison than you should include in the materialized view only the tables used directly by the hierarchy (24 tables) which is not so straight forward but still easy to do. For me this approach allowed for a 450 ms when retrieving an entity instead of 12 s as before - quite a huge difference. 

So yes, changing the hierarchy to InheritanceType.SINGLE_TABLE and using a many-columns table with many possible null columns was by far faster then using InheritanceType.JOINED approach. And not only the retrieve was faster but also the INSERT (I don't remember exactly by how much but at least 5 times faster). 

So, what are the pro and cons of the approach?

- speed: both for query and insert
- sql simplicity: I find easier to read a many columns SELECT instead of many JOIN SELECT

- database structure: you'll have 1 many columns table versus many tables
- database consistency: columns which were NOT NULL in their dedicated table should now accept NULL in order to account for the situation when their row might not exists for a specific sub-hierarchy

Observation: with Oracle table partitioning on the join columns of the hierarchy I guess (but never tested) you should gain same performance benefit while still using InheritanceType.JOINED

Compiling google’s mod_pagespeed for nginx

This post is intended mainly to Zyxel NSA310 users.

See first for building environment, script and other things not defined here.
Before starting do declare the environment variables specified to the link above.

Environment & other preparations
ls -l /tmp/$NEW_BUILD_NAME-*
ls -l ~/ffp_0.7_armv5/packages/$NEW_BUILD_NAME-*

wget -O ngx_pagespeed-$
unzip ngx_pagespeed-$
mv ngx_pagespeed-master/ ngx_pagespeed-$NEW_BUILD_VER

Build procedure
Read then do first
cd ~/compile/mod_pagespeed/src/net/instaweb/automatic
~/ ffpg1
make BUILDTYPE=Release"$PWD/../../../build/wrappers/""$PWD/../../../build/wrappers/" all

Other considerations
See also

Comments on Angular 2 router guide!#resolve-guard
CanDeactivateGuard is used in CrisisCenterRoutingModule which is part of CrisisCenterModule which is lazy loaded by AppRoutingModule (loadChildren: 'app/crisis-center/crisis-center.module#CrisisCenterModule').
q: Why should CanDeactivateGuard be declared in AppRoutingModule providers? why not to CrisisCenterRoutingModule providers?
guide answer: We also need to add the Guard to our main AppRoutingModule providers so the Router can inject it during the navigation process.
my (original) comment
AppRoutingModule seems to need to know in advance (at least for lazy loaded modules) the CanDeactivate guards used classes. It's odd why this does not apply for e.g. CrisisDetailResolve which is a service too and has the same configuration parent.
the final answer
Well, it seems that indeed CanDeactivateGuard could be provided by CrisisCenterRoutingModule too instead of AppRoutingModule. 
Now the question is why then the guide pointed AppRoutingModule as the one to provide CanDeactivateGuard?
The answer I guess is that the CanDeactivateGuard is a service useful to any module and because lazy loaded modules have their own root injector this means it would be created an additional instance of CanDeactivateGuard for any lazy load module that would provide it too. CanDeactivateGuard has no state so it's useless to have more than one instance of it.

Spring security with kerberos

What is a keytab, and how do I use one?
Introduction to Kerberos for Managers
Crash Course to Kerberos
Appendix D. Troubleshooting
JAAS authentication with Kerberos
KDC = Kerberos Key Distribution Center
TGT = Ticket Granting Ticket
TGS = Ticket Granting Server

For the configuration below (just a copy from spring security reference):
<sec:authentication-manager alias="authenticationManager">
	<sec:authentication-provider ref="kerberosAuthenticationProvider"/>

<bean id="kerberosAuthenticationProvider"
	<property name="kerberosClient">
		<bean class="">
			<property name="debug" value="true"/>
	<property name="userDetailsService" ref="dummyUserDetailsService"/>

	<property name="debug" value="true" />
	<property name="krbConfLocation" value="/path/to/krb5.ini"/>

<bean id="dummyUserDetailsService"
	class="" />
The file /path/to/krb5.ini could be an exact copy of /etc/krb5.conf from the KDC machine. You'll have to make sure the host names used in krb5.ini's default_realm are accessible for the application.

Angularjs 2


angular 2 project seed


webpack lazy loading
not working for me



Migrating from 2.x to 3.0


basics javascript


initialize a node.js project (this creates package.json)
node init

sass vs less

Immediately-Invoked Function Expression (IIFE)

basics webpack
sudo npm list -g --depth=0
sudo npm install -verbose webpack -g
webpack --progress --colors -d
webpack --progress --colors -d --config webpack.config.js
npm search angular-in-memory-web-api
install dev dependencies:
npm install --dev -> deprecated, use the following below
npm install --only=dev
	gigi@gigi-desktop:~/Projects/semaphore-ng2-webpack$ node start
		throw err;
	Error: Cannot find module '/********/Projects/semaphore-ng2-webpack/start'
		at Function.Module._resolveFilename (module.js:326:15)
		at Function.Module._load (module.js:277:25)
		at Function.Module.runMain (module.js:442:10)
		at startup (node.js:136:18)
		at node.js:966:3
	it's not "node start" but "npm start"
list dependencies for typings@1.4.0:
sudo npm list typings@1.4.0
npm config list
npm config ls -l
npm config ls -l | grep cache
How to view the dependency tree of a given npm module?
sudo npm install -g npm-remote-ls
npm-remote-ls typings
just view a package
npm view typings@1.4.0
here npm start is equivalent to:
npm install webpack-dev-server@1.14.1 --only=dev
find . -name webpack-dev-server.js
./node_modules/webpack-dev-server/bin/webpack-dev-server.js --progress --display-errors-details --inline --colors --config ./webpack/

npm install tslint@3.13.0 --dev
tslint --version
npm run lint

debug with WebStorm

webpack multiple entry points
build with (this one uses
rm js/* 2>/dev/null; node build.js
or install globally webpack@1.13.1:
sudo npm install webpack@1.13.1 -g
then change webpack.config.js:
// var CommonsChunkPlugin = require("../../lib/optimize/CommonsChunkPlugin");
var webpack = require('webpack');
const CommonsChunkPlugin = webpack.optimize.CommonsChunkPlugin;
then build with:
rm js/* 2>/dev/null; webpack
For changing webpack.config.js from "commons" to e.g. "adunate" you'll
need to also change in pageA.html, pageAB.html,

git clone
git checkout material2
install global dependencies:
sudo npm install --global webpack webpack-dev-server karma-cli protractor typescript rimraf
install project dependencies (package.json):
npm install --verbose

Promise and catch keyword are highlighted with red
go to Languages & Frameworks -> JavaScript and select ECMAScript 6

html5 semantic elements and its usage

Angular 2 lazy loading with Webpack
angular2-router-loader is now angular-router-loader
See for a working example.

angular2-webpack-starter + bootstrap
see also "'use:' revered back to 'loader:'" in webpack.test.js
npm install --save-dev bootstrap
npm install --save-dev image-webpack-loader
add to vendor.browser.ts before "if ('production' === ENV)"
// bootstrap 3.3.7:
import 'bootstrap/dist/css/bootstrap';
import 'bootstrap/dist/css/bootstrap-theme';
change webpack.common.js with this:
resolve: {
	extensions: [..., '.css'],
and this:
	test: /\.css$/,
	use: ['to-string-loader', 'css-loader'],
	include: /src\//,
	exclude: /node_modules\//
// for bootstrap
	test: /\.css$/,
	loader: ['style-loader', 'css-loader'],
	exclude: /src\//,
	include: /node_modules\/bootstrap/
and this:
// for bootstrap
	test: /\.(jpe?g|gif|svg)$/i,
	loaders: [
		// image-webpack-loader chained with the file-loader (equivalent to: file?...!image-webpack?...)
{test: /\.png$/, loader: "url-loader?limit=100"},
{test: /\.eot(\?v=\d+\.\d+\.\d+)?$/, loader: "url-loader?limit=1000&mimetype=application/"},
{test: /\.(woff|woff2)$/, loader: "url-loader?&limit=1000&mimetype=application/font-woff"},
{test: /\.ttf(\?v=\d+\.\d+\.\d+)?$/, loader: "url-loader?limit=1000&mimetype=application/octet-stream"}

AfterContentInit, ContentChildren

difference between @ContentChildren and @ViewChildren
viewProviders vs providers
AfterViewInit, ViewChild, ViewChildren, ContentChild

Fine grained change detection with Angular 2
DoCheck, KeyValueDiffers

ChangeDetectionStrategy: OnPush vs Default

How to use IterableDiffers -> see app.component.ts
ngDoCheck() {
	const changes = this.differ.diff(this.heroes);
	if (changes) {
		console.log('new change');// for splitting up changes
		changes.forEachAddedItem(r => console.log('added ', r));
		changes.forEachRemovedItem(r => console.log('removed ', r))
		changes.forEachMovedItem(r => console.log('moved ', r))

Pipes and Internationalization API

Animation -> click on ease function for cubic-bezier code
transition(':leave', [
  animate('2s cubic-bezier(0.755, 0.05, 0.855, 0.06)', style({
	opacity: 0,
	transform: 'translateY(100%)'

Build error
[at-loader] Checking finished with 4 errors
[at-loader] src/app/gui/components/validation-alerts.component.ts:6:14 
    Cannot find namespace 'jasmine'. 

[at-loader] src/app/gui/components/validation-alerts.component.ts:32:23 
    Cannot find name '$'. 

[at-loader] src/app/gui/components/validation-alerts.component.ts:34:14 
    Cannot find name '$'. 

[at-loader] src/app/gui/components/validation-alerts.component.ts:158:26 
    Cannot find name '$'. 
search the appropriate tsconfig.json (or all of them - tsconfig*.json) file and add:
  "compilerOptions": {
    "types": [

Important details
  • By default, the router re-uses a component instance when it re-navigates to the same component type without visiting a different component first.
  • When subscribing to an observable in a component, you almost always arrange to unsubscribe when the component is destroyed. There are a few exceptional observables where this is not necessary. The ActivatedRoute observables are among the exceptions. The ActivatedRoute and its observables are insulated from the Router itself. The Router destroys a routed component when it is no longer needed and the injected ActivatedRoute dies with it. Feel free to unsubscribe anyway. It is harmless and never a bad practice. See also route.snapshot
  • Use route parameters to specify a required parameter value within the route URL

gitweb on nginx

nginx configuration

# Let Nginx handle static files # location ~ ^.*\.git/objects/([0-9a-f]+/[0-9a-f]+|pack/pack-[0-9a-f]+.(pack|idx)) { location ~ ^/[^/]*\.git/objects/([0-9a-f]+/[0-9a-f]+|pack/pack-[0-9a-f]+.(pack|idx)) { auth_basic "strong authentication"; auth_basic_user_file /********/apps/etc/basic.auth.strong.passwords.txt; root /********/GITRepoUbuntu/; } # Pass Git Smart HTTP requests to git-http-backend. Require Auth for everything. # see man git-http-backend for Apache configuration #location ~ ^.*\.git/(HEAD|info/refs|objects/info/.*|git-(upload|receive)-pack)$ { location ~ ^/[^/]*\.git/(HEAD|info/refs|objects/info/.*|git-(upload|receive)-pack)$ { auth_basic "strong authentication"; auth_basic_user_file /********/apps/etc/basic.auth.strong.passwords.txt; client_max_body_size 0; fastcgi_read_timeout 300; fastcgi_buffers 4 64K; include fastcgi_params; fastcgi_pass unix:/var/run/fastcgi.sock; fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend; fastcgi_param GIT_PROJECT_ROOT /********/GITRepoUbuntu; fastcgi_param PATH_INFO $uri; fastcgi_param REMOTE_USER $remote_user; ### Uncomment below to export ALL repositories in GIT_PROJECT_ROOT path. fastcgi_param GIT_HTTP_EXPORT_ALL ""; } location /git/ { auth_basic "strong authentication"; auth_basic_user_file /********/apps/etc/basic.auth.strong.passwords.txt; try_files $uri @gitweb; } location @gitweb { fastcgi_pass unix:/var/run/fastcgi.sock; fastcgi_param SCRIPT_FILENAME /usr/share/gitweb/gitweb.cgi; fastcgi_param PATH_INFO $uri; fastcgi_param GITWEB_CONFIG /etc/gitweb.conf; include fastcgi_params; } # sudo systemctl status nginx fcgiwrap.service fcgiwrap.socket # sudo systemctl enable nginx fcgiwrap.service fcgiwrap.socket # sudo systemctl stop nginx fcgiwrap.service fcgiwrap.socket # sudo systemctl start fcgiwrap.socket fcgiwrap.service nginx


#see man gitweb # path to git projects (.git) $projectroot = "/********/GITRepoUbuntu/"; # directory to use for temp files # $git_temp = "/tmp"; # html text to include at home page # $home_text = "indextext.html"; # file with project list; by default, simply scan the projectroot dir. # $projects_list = "/home/git/projects.list"; @stylesheets = ("gitweb.css"); $javascript = "gitweb.js"; $favicon = "git-favicon.png"; $logo = "git-logo.png"; # git-diff-tree(1) options to use for generated patches @diff_opts = ('-C', '-C'); # enable nicer uris # $feature{pathinfo}{default} = [1]; $site_name = "adrhc's projects"; $home_link = ""; $home_link_str = "adrhc's projects"; $mimetypes_file = "/********/apps/etc/nginx/mime.types"; $base_url = ""; @git_base_url_list = qw(; @extra_breadcrumbs = ( [ "adrhc's blog" => "" ] );


[Unit] Description=fcgiwrap Socket [Socket] SocketMode=0660 SocketUser**** SocketGroup********* ListenStream=/var/run/fastcgi.sock [Install]


[Unit] Description=Simple CGI Server [Service] # # sudo apt-get install fcgiwrap # systemctl daemon-reload # sudo systemctl enable fcgiwrap.socket fcgiwrap.service ExecStartPre=/bin/mkdir -p /var/cache/cgit ExecStartPre=/bin/chown ************ /var/cache/cgit #ExecStartPre=/bin/rm -rf /var/cache/cgit/* ExecStart=/usr/sbin/fcgiwrap User**** Group********* [Install] Also=fcgiwrap.socket

example bare repository config

cat /********/GITRepoUbuntu/test/git/config [core] repositoryformatversion = 0 filemode = false bare = true sharedrepository = 1 [receive] denyNonFastforwards = true [alias] st = status gr = log --full-history --all --graph --color --date-order --pretty=format:"%x1b[31m%h%x09%x1b[32m%d%x1b[0m%x20%s" ci = commit cim = commit -m ck = checkout ckm = checkout master ckd = checkout dev rs = reset mgnf = merge --no-ff mg = merge pom = push origin master pod = push origin development gom = pull origin master god = pull origin development [gitg] mainline = refs/heads/master # ERROR git clone edit some files then commit ... git push origin master Counting objects: 3, done. Delta compression using up to 4 threads. Compressing objects: 100% (3/3), done. Writing objects: 100% (3/3), 303 bytes | 0 bytes/s, done. Total 3 (delta 2), reused 0 (delta 0) remote: error: unable to create temporary file: Operation not permitted remote: fatal: failed to write object error: unpack failed: unpack-objects abnormal exit To ! [remote rejected] master -> master (unpacker error) error: failed to push some refs to '' # SOLUTION Make sure the user and group (and SocketMode) set for fcgiwrap OS service are appropriate for the git repository (when using http/https push).

Spring security

HTML translated to java config
see also Java Configuration
see also

<http security="none" pattern="/resources/**"/>
<http pattern="/api1/**" create-session="stateless">
	<intercept-url pattern="/**" access="authenticated"/>
	<http-basic />
<http pattern="/api2/**" create-session="never">
	<intercept-url pattern="/api2/api21/**" access="hasRole('ROLE_ADMIN')"/>
	<intercept-url pattern="/api2/**" access="hasRole('ROLE_USER')"/>
	<http-basic />
<http pattern="/api3/**">
	<intercept-url pattern="/api3/api31/**" access="hasRole('ROLE_ADMIN')"/>
	<intercept-url pattern="/api3/api32/**" access="hasRole('ROLE_USER')"/>
	<intercept-url pattern="/**" access="authenticated"/>
	<http-basic />
	<intercept-url pattern="/logout" access="permitAll"/>
	<intercept-url pattern="/login" access="permitAll"/>
	<intercept-url pattern="/**" access="hasRole('ROLE_USER')"/>
	<form-login login-page="/services/session" login-processing-url="/login"
				password-parameter="password" username-parameter="username"
				logout-success-url="/services/session" ... />
	<http-basic />
	<logout invalidate-session="true"/>
public class WebSecurityConfig {
    private AuthenticationManager am;

     * @param auth
     * @throws Exception
    public void configureGlobal(final AuthenticationManagerBuilder auth) throws Exception {
public class Api1Authentication extends WebSecurityConfigurerAdapter {
	protected void configure(final HttpSecurity httpSecurity) throws Exception {
public class Api2Authentication extends WebSecurityConfigurerAdapter {
	protected void configure(final HttpSecurity httpSecurity) throws Exception {
public class Api3Authentication extends WebSecurityConfigurerAdapter {
	protected void configure(final HttpSecurity httpSecurity) throws Exception {
public class OtherAuthentication extends WebSecurityConfigurerAdapter {
    public void configure(final WebSecurity web) throws Exception {

    protected void configure(final HttpSecurity httpSecurity) throws Exception {
                    .failureHandler(new DdcAuthenticationFailureHandler())
Q1: why should I use antMatcher("/api2/**") while anyway the subsequent antMatchers(...) cover the entiy /api2/** paths?
A1: because antMatcher has the purpose of mapping the  security configuration while antMatchers accompanies authorizeRequests() in order to specify request access conditions (e.g. roles). antMatchers could accompany also requiresChannel() in order to specify the protocol (http, https, any). If not using antMatcher that would be like  security configuration wouldn't use the pattern attribute (equivalent to using /**).

OtherAuthentication allows the use of form and basic authentication (using the order of declaration). So when not authenticated user access /services/session (using no Authorization header) he would get back a response (e.g. json containing a CSRF token :D). When the user tries to POST /services/session using the received CSRF token he will then be authenticated using basic authentication when he use Authorization header or form authentication otherwise (suppose he uses a valid token otherwise spring will consider a CSRF attack). When one tries to access /some-not-resources-and-not-api123-path with the header Authorization filled with a valid user/password than the basic authentication will be enforced and the user will get the result; if user/password is wrong he will get http code 401. 

/api2/** has SessionCreationPolicy.NEVER which means it won't create a session (when using basic authentication) but it might use one when the user already created one like when authenticated with form-authentication.

/api1/** has SessionCreationPolicy.STATELESS which means it will not create a session but also it will invalidate it if found so it does not live well with OtherAuthentication which creates (in order to use) a session. This means that after a form authentication the user will be disconnected after trying to access /api1/**.

JPA performance

Use byte code weaving
EclipseLink implements LAZY for OneToOne and ManyToOne relationships using byte code weaving

Use setFirstResult, setMaxResults of javax.persistence.Query.

See <shared-cache-mode> in persistence.xml or javax.persistence.sharedCache.mode property when creating the EntityManagerFactory.
See javax.persistence.Cacheable used to annotate an entity.

JDBC batching (insert/update only)
hibernate.jdbc.batch_size: a non-zero value enables use of JDBC2 batch updates by Hibernate. e.g. recommended values between 5 and 30

JDBC fetch size (retrieve only)
hibernate.jdbc.fetch_size: a non-zero value determines the JDBC fetch size (calls Statement.setFetchSize())
Statement.setFetchSize: gives the JDBC driver a hint as to the number of rows that should be fetched from the database when more rows are needed for ResultSet objects genrated by this Statement. If the value specified is zero, then the hint is ignored. The default value is zero.
In my opinion the best explanation is here:
Excerpt: Standard JDBC also enables you to specify the number of rows fetched with each database round-trip for a query, and this number is referred to as the fetch size.

Hibernate batch size (@BatchSize)
@BatchSize specifies a "batch size" for fetching instances of this class by identifier. Not yet loaded instances are loaded batch-size at a time (default 1).

Hibernate fetching strategies (@Fetch)
Fetching strategies: join fetching, select fetching, subselect fetching, batch fetching.


see also hibernate.batch_fetch_style at specifies LEGACY as the default for hibernate.batch_fetch_style

JAXB 2.2.10

see also
see also
see also - Unofficial JAXB Guide
see also How to get simple and better typed binding in

fixed attributes will be generated as a java constant.
<xs:attribute name="country" type="xs:NMTOKEN" fixed="US"/>
@XmlSchemaType(name = "NMTOKEN")
public final static String COUNTRY = "US";
Specifies the base type used for collections.
<xs:element name="item" minOccurs="1" maxOccurs="unbounded">
@XmlElement(required = true)
protected List<Items.Item> item = new Vector<Items.Item>();
typesafeEnumBase = a list of QNames, each of which must resolve to a simple type definition
Specifies that all simple type definitions deriving directly or indirectly from e.g. xsd:string and having enumeration facets should be bound by default to a typesafe enum.
<xs:simpleType name="USState">
	<xs:restriction base="xs:string">
		<xs:enumeration value="AK"/>
		<xs:enumeration value="AL"/>
		<xs:enumeration value="AR"/>
		<xs:enumeration value="CA"/>
		<xs:enumeration value="MA"/>
		<!-- and so on ... -->
The default value is false. choiceContentProperty is not relevant when the bindingStyle is elementBinding (see below).
<xs:complexType name="fileUploadRequest">
		<xs:element name="path" type="xs:string"/>
		<xs:element name="file" type="xs:base64Binary"/>
Xjc with choiceContentProperty="false":
public class FileUploadRequest {
    protected String path;
    protected byte[] file;
Xjc with choiceContentProperty="true":
    @XmlElement(name = "path", type = String.class),
    @XmlElement(name = "file", type = byte[].class)
protected Object pathOrFile;
typesafeEnumMemberName = "generateName" | "generateError"
generateError specifies that the code generator generates an error when it cannot map an enumeration to a Java enum type.
<xs:simpleType name="USState">
	<xs:restriction base="xs:string">
		<xs:enumeration value="CA"/>
		<xs:enumeration value="MA"/>
		<xs:enumeration value="1MA"/> -> 1MA is an invalid java name
		<!-- and so on ... -->
[ERROR] Cannot generate a constant name from the enumeration value "1MA". Use <jaxb:typesafeEnumMember name="..."/> to specify one.
generateName specifies that member names will be generated following the pattern VALUE_N. N starts off at one, and is incremented for each member of the enumeration.
    private final String value;
Type constraint checking is performed when setting a property.
item.setQuantity( new BigInteger( "-5" ) );// must be a positive number here
If @enableFailFastCheck was "true" and the optional FailFast validation method was supported by an implementation, a TypeConstraintException would be thrown here. Note that the JAXB implementation does not support the FailFast feature.

First see FileUploadRequest schema declaration above.
Causes two additional property methods, isSetPath and isSetFile, to be generated. These methods enable a client application to distinguish between schema default values and values occurring explicitly within an instance document. Some good folks claim unsetPath and unsetFile should be generated too but it didn't happened for me (with or without a default attribute set on path element).

Consider this element:
<xs:element name="sOmE_PROPerty" type="xs:string"/>
Jxc generation result when asWordSeparator (default value):
@XmlElement(name = "sOmE_PROPerty")     -> it's an invisible underscore between sOmE and PROPerty
protected String sOmEPROPerty;
Jxc generation result when asCharInWord:
protected String sOmE_PROPerty;         -> it's an invisible underscore between sOmE and PROPerty

XSD schema

<!-- example -->
  <xs:restriction base="xs:string">
    <xs:enumeration value="Audi"/>
    <xs:enumeration value="Golf"/>
    <xs:enumeration value="BMW"/>

<!-- example -->
<xs:complexType name="personinfo">
    <xs:element name="firstname" type="xs:string"/>
    <xs:element name="lastname" type="xs:string"/>

<xs:complexType name="fullpersoninfo">
    <xs:extension base="personinfo">
        <xs:element name="address" type="xs:string"/>
        <xs:element name="city" type="xs:string"/>
        <xs:element name="country" type="xs:string"/>

<!-- example -->
<element name="callMyApp" type="dc:processingHook" />
<callMyApp/> -> best article
That leaves us with <complexType> with <complexContent>, which ensures that there will not be any data content in the element.
<complexType name="processingHook">
    <restriction base="xs:anyType"> -> the default syntax for complex types is complex content that restricts anyType

<complexType name="processingHook"></complexType>

<!-- example -->
<product prodid="1345" />

<xs:element name="product">
      <xs:restriction base="xs:anyType">
        <xs:attribute name="prodid" type="xs:positiveInteger"/>

<xs:complexType name="prodtype">
  <xs:attribute name="prodid" type="xs:positiveInteger"/>

<!-- example -->
Apparently, you can't restrict simpleContent within a complexType, only extend it.
<shoesize country="france">35</shoesize>
<xs:complexType name="shoetype">
    <xs:extension base="xs:integer">
      <xs:attribute name="country" type="xs:string" />

<!-- example -->
<xs:element name="marks">
    <xs:restriction base="xs:integer">
      <xs:minInclusive value="0"/>
      <xs:maxInclusive value="100"/>