Action Class Checklist (conforms to the IRS Java Coding Standards) 0) Before you start coding an Action class you need to define the Actions (methods) 1) Start by listing all the methods in an Interface 2) Write JavaDocs for the methods in the Action Interface 3) Write an Implementation for the Interface which has the code to make all the methods work this is where I put the SQL use {@inheritDoc} to "copy" the JavaDocs from interface into Implementation 4) Do not have the action class connect to the DB creating a connection is SLOW and EXPENSIVE it is better to pass a connection pool (DataSource) to the action class, I pass a DataSource/Connection to the DAO Method 5) Use only the minimum Database permissions need to to the work 6) Always use PreparedStatement objects and load the parameters to avoid SQL Injection attacks In JPA this means we really like NamedQueries 7) Do not throw SQLExceptions outside of the DAO, because the calling method does not work with SQL, consider a custom exception wrapping the orginal cause within it 8) All methods must have logging, log the Database code and state 9) All methods that access the Database must check permission 10) All Methods must be tested, I use DBUnit for DAO testing 11) Do not code Select *, code Select field1, field2, field3, to fetch ONLY the fields your code is going to use Here is how I create an Action class 1) I make sure the project and package exist 2) I create a new interface w/ JavaDocs 3) I add 1 method at a time 4) I create an implementation of the Interface (using {@inheritDoc}) 5) I code the implementation of the current method 6) I test the method using DBUnit