springbootdemo-tomcat11: apply Gemini review fixes + add FinancialBenchmarkServiceTest

robertlazarski · claude · robertlazarski · commit 82e6e243a6a4 · 2026-04-06T13:54:28.000-10:00
Gemini 2.5 Pro LOW findings applied to the Java financial benchmark service:

- FinancialBenchmarkService: add logger.warn() to all validation failure paths
  so rejected requests appear in server logs (previously silent)
- FinancialBenchmarkService: runtimeInfo() now reports heap tier classification
  ("JVM heap tier: 16+ GB") instead of Java version string (information disclosure)
- FinancialBenchmarkService: simplify monteCarlo() — remove redundant ternary
  defaults now that MonteCarloRequest getters enforce them
- MonteCarloRequest: getters enforce defaults (nSimulations, nPeriods,
  initialValue, nPeriodsPerYear) so service code has no ternary clutter

CRITICAL finding applied: add unit test coverage (FinancialBenchmarkServiceTest):
- portfolioVariance: 2-asset known result (σ²=0.0355), single asset, flat matrix,
  monthly nPeriodsPerYear, normalizeWeights rescaling, 6 validation paths
- monteCarlo: seeded reproducibility, defaults, zero volatility, custom percentiles,
  monthly vs daily nPeriodsPerYear, max-simulations cap, negative-volatility rejection
- scenarioAnalysis: single-asset known result (E[r]=0.04, upside=120, downside=80,
  U/D=1.5), 200-asset hash vs linear speedup, useHashLookup=false, 4 validation paths
- MonteCarloRequest getter defaults verified independently
- 30 tests total; all paths exercised without Spring context (plain unit tests)

Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/modules/samples/userguide/src/userguide/springbootdemo-tomcat11/src/main/java/userguide/springboot/webservices/FinancialBenchmarkService.java b/modules/samples/userguide/src/userguide/springbootdemo-tomcat11/src/main/java/userguide/springboot/webservices/FinancialBenchmarkService.java
@@ -94,26 +94,30 @@ public PortfolioVarianceResponse portfolioVariance(PortfolioVarianceRequest requ
 
         int n = request.getNAssets();
         if (n <= 0 || n > MAX_ASSETS) {
-            return PortfolioVarianceResponse.failed(
-                "n_assets=" + n + " is out of range [1, " + MAX_ASSETS + "].");
+            String err = "n_assets=" + n + " is out of range [1, " + MAX_ASSETS + "].";
+            logger.warn(logPrefix + "validation failed: " + err);
+            return PortfolioVarianceResponse.failed(err);
         }
 
         // ── Resolve covariance matrix ─────────────────────────────────────────
         double[][] cov = resolveCovarianceMatrix(request, n);
         if (cov == null) {
-            return PortfolioVarianceResponse.failed(
-                "Missing or malformed \"covarianceMatrix\": provide a " + n + "×" + n +
-                " 2D array or a flat array of " + (long) n * n + " elements in row-major order.");
+            String err = "Missing or malformed \"covarianceMatrix\": provide a " + n + "×" + n +
+                " 2D array or a flat array of " + (long) n * n + " elements in row-major order.";
+            logger.warn(logPrefix + "validation failed: " + err);
+            return PortfolioVarianceResponse.failed(err);
         }
         if (cov.length != n) {
-            return PortfolioVarianceResponse.failed(
-                "covarianceMatrix row count " + cov.length + " != nAssets " + n + ".");
+            String err = "covarianceMatrix row count " + cov.length + " != nAssets " + n + ".";
+            logger.warn(logPrefix + "validation failed: " + err);
+            return PortfolioVarianceResponse.failed(err);
         }
         for (int i = 0; i < n; i++) {
             if (cov[i] == null || cov[i].length != n) {
-                return PortfolioVarianceResponse.failed(
-                    "covarianceMatrix row " + i + " has " +
-                    (cov[i] == null ? 0 : cov[i].length) + " columns, expected " + n + ".");
+                String err = "covarianceMatrix row " + i + " has " +
+                    (cov[i] == null ? 0 : cov[i].length) + " columns, expected " + n + ".";
+                logger.warn(logPrefix + "validation failed: " + err);
+                return PortfolioVarianceResponse.failed(err);
             }
         }
 
@@ -125,9 +129,10 @@ public PortfolioVarianceResponse portfolioVariance(PortfolioVarianceRequest requ
         boolean weightsNormalized = false;
         if (request.isNormalizeWeights()) {
             if (weightSum <= 0.0) {
-                return PortfolioVarianceResponse.failed(
-                    "normalizeWeights=true but weights sum to " + weightSum +
-                    ". Cannot normalize a zero-weight portfolio.");
+                String err = "normalizeWeights=true but weights sum to " + weightSum +
+                    ". Cannot normalize a zero-weight portfolio.";
+                logger.warn(logPrefix + "validation failed: " + err);
+                return PortfolioVarianceResponse.failed(err);
             }
             if (Math.abs(weightSum - 1.0) > 1e-10) {
                 for (int i = 0; i < n; i++) weights[i] /= weightSum;
@@ -136,10 +141,11 @@ public PortfolioVarianceResponse portfolioVariance(PortfolioVarianceRequest requ
             }
         } else {
             if (Math.abs(weightSum - 1.0) > 1e-4) {
-                return PortfolioVarianceResponse.failed(
-                    "weights sum to " + String.format("%.8f", weightSum) +
+                String err = "weights sum to " + String.format("%.8f", weightSum) +
                     ", expected 1.0 (tolerance 1e-4). " +
-                    "Pass normalizeWeights=true to rescale automatically.");
+                    "Pass normalizeWeights=true to rescale automatically.";
+                logger.warn(logPrefix + "validation failed: " + err);
+                return PortfolioVarianceResponse.failed(err);
             }
         }
 
@@ -201,11 +207,9 @@ public MonteCarloResponse monteCarlo(MonteCarloRequest request) {
             return MonteCarloResponse.failed("Request must not be null.");
         }
 
-        int nSims = Math.min(
-            request.getNSimulations() > 0 ? request.getNSimulations() : 10_000,
-            MAX_SIMULATIONS);
-        int nPeriods = request.getNPeriods() > 0 ? request.getNPeriods() : 252;
-        double initialValue = request.getInitialValue() > 0 ? request.getInitialValue() : 1_000_000.0;
+        int nSims = Math.min(request.getNSimulations(), MAX_SIMULATIONS);
+        int nPeriods = request.getNPeriods();
+        double initialValue = request.getInitialValue();
         double mu = request.getExpectedReturn();
         double sigma = request.getVolatility();
         int npy = request.getNPeriodsPerYear();
@@ -341,8 +345,9 @@ public ScenarioAnalysisResponse scenarioAnalysis(ScenarioAnalysisRequest request
         List<ScenarioAnalysisRequest.AssetScenario> assets = request.getAssets();
         int nAssets = assets.size();
         if (nAssets > MAX_ASSETS) {
-            return ScenarioAnalysisResponse.failed(
-                "assets count " + nAssets + " exceeds maximum " + MAX_ASSETS + ".");
+            String err = "assets count " + nAssets + " exceeds maximum " + MAX_ASSETS + ".";
+            logger.warn(logPrefix + "validation failed: " + err);
+            return ScenarioAnalysisResponse.failed(err);
         }
 
         double probTolerance = request.getProbTolerance();
@@ -357,13 +362,15 @@ public ScenarioAnalysisResponse scenarioAnalysis(ScenarioAnalysisRequest request
                 probSum += s.getProbability();
             }
             if (Math.abs(probSum - 1.0) > probTolerance) {
-                return ScenarioAnalysisResponse.failed(String.format(
+                String err = String.format(
                     "Asset index %d (id=%d): scenario probabilities sum to %.8f, " +
                     "expected 1.0 (tolerance %.2g). " +
                     "All %d scenario probabilities must sum to exactly 1.0. " +
                     "Pass probTolerance to adjust validation strictness.",
                     i, asset.getAssetId(), probSum, probTolerance,
-                    asset.getScenarios().size()));
+                    asset.getScenarios().size());
+                logger.warn(logPrefix + "validation failed: " + err);
+                return ScenarioAnalysisResponse.failed(err);
             }
         }
 
@@ -515,12 +522,19 @@ private long heapUsedMb() {
         return (rt.totalMemory() - rt.freeMemory()) / (1024 * 1024);
     }
 
-    /** Human-readable JVM / runtime identifier for response metadata. */
+    /**
+     * Runtime identifier for response metadata.
+     * Reports the JVM family and heap class without exposing version numbers
+     * or precise memory configuration (which would aid fingerprinting).
+     */
     private String runtimeInfo() {
         Runtime rt = Runtime.getRuntime();
-        return String.format("Java %s (heap: %d MB max / %d MB total)",
-            System.getProperty("java.version"),
-            rt.maxMemory() / (1024 * 1024),
-            rt.totalMemory() / (1024 * 1024));
+        long maxMb = rt.maxMemory() / (1024 * 1024);
+        // Heap tier, not exact size — enough for C vs JVM comparison context
+        String heapTier = maxMb >= 16_000 ? "16+ GB" :
+                          maxMb >=  8_000 ? "8+ GB"  :
+                          maxMb >=  4_000 ? "4+ GB"  :
+                          maxMb >=  2_000 ? "2+ GB"  : "< 2 GB";
+        return "Java (JVM heap tier: " + heapTier + ")";
     }
 }
diff --git a/modules/samples/userguide/src/userguide/springbootdemo-tomcat11/src/main/java/userguide/springboot/webservices/MonteCarloRequest.java b/modules/samples/userguide/src/userguide/springbootdemo-tomcat11/src/main/java/userguide/springboot/webservices/MonteCarloRequest.java
@@ -80,16 +80,16 @@ public class MonteCarloRequest {
     /** Optional identifier echoed in the response for request tracing. */
     private String requestId;
 
-    // ── getters ──────────────────────────────────────────────────────────────
+    // ── getters — all enforce defaults so service code has no ternary clutter ─
 
-    public int getNSimulations() { return nSimulations; }
-    public int getNPeriods() { return nPeriods; }
-    public double getInitialValue() { return initialValue; }
+    public int getNSimulations() { return nSimulations > 0 ? nSimulations : 10_000; }
+    public int getNPeriods() { return nPeriods > 0 ? nPeriods : 252; }
+    public double getInitialValue() { return initialValue > 0 ? initialValue : 1_000_000.0; }
     public double getExpectedReturn() { return expectedReturn; }
     public double getVolatility() { return volatility; }
     public long getRandomSeed() { return randomSeed; }
     public int getNPeriodsPerYear() { return nPeriodsPerYear > 0 ? nPeriodsPerYear : 252; }
-    public double[] getPercentiles() { return percentiles; }
+    public double[] getPercentiles() { return percentiles != null ? percentiles : new double[]{0.01, 0.05}; }
     public String getRequestId() { return requestId; }
 
     // ── setters ──────────────────────────────────────────────────────────────
diff --git a/modules/samples/userguide/src/userguide/springbootdemo-tomcat11/src/test/java/userguide/springboot/webservices/FinancialBenchmarkServiceTest.java b/modules/samples/userguide/src/userguide/springbootdemo-tomcat11/src/test/java/userguide/springboot/webservices/FinancialBenchmarkServiceTest.java
