Raible Designs

RE: Why Grails doesn't use Maven

Graeme Rocher's in Why Grails doesn't use Maven:

In his post entitled "Grails - The Good, The Bad and the Ugly", Jonas has some nice praise for Grails, his main beef is that it is not built on Maven.

So I wanted to clarify why exactly we chose not use Maven (by default) and the explanation is there for all to see in Jonas' first example of creating a Grails application vs creating a Maven project:

Instead of

grails create-app name

could be just

mvn archetype:create -U\
-DarchetypeGroupId=net.liftweb\
-DarchetypeArtifactId=lift-archetype-blank\
-DarchetypeVersion=0.4\
-DremoteRepositories=http://scala-tools.org/repo-releases\
-DgroupId=your.proj.gid -DartifactId=your-proj-id

My goodness, what a mouthful the Maven example is. There is a common acronym in the open source world called RTFM (read the *ing manual), when a user asks a question on a mailing list and the "experts" respond by pointing them to the place in the manual.

I think Maven's biggest problems are 1) poor metadata in the central repository and 2) the source of metadata in projects (pom.xml).

I believe #1 can be fixed if the Maven guys allow dependencies to be fixed based on user feedback. It's also gotten a lot better in recent years. In reality, maintaining transitive dependencies is hard and I believe Maven has done a good job. In reality, they're the only ones that slurp up transitive dependencies, so the only other option is to maintain the dependencies yourself.

To fix #2, I think the problem is mainly XML and the verboseness of the elements-only pom.xml that Maven requires. Most of the contents of a pom.xml are either dependencies, plugins or exclusions/variances of Maven's conventions. What if Maven's metadata was pluggable? What if XML was only one option? What if you could write a pom.groovy and describe your entire build process in 5 lines instead of 500? That would be very cool.

I'm still a Maven fan, mostly because it's greatly simplified the maintenance of and releasing of AppFuse. When I do GWT, Seam or Grails development in the future, you can be sure I'll try to use Maven to do the development. Why? Because I've learned how to use it and I don't feel the pain that so many others talk about. I also think it really shines on really large projects (builds that produce 30+ WARs for example). An Ant-based system on really large projects can become quite burdensome and difficult to maintain. Not only that, but it's very difficult to maintain a modular build system (where you can build/test/deploy a single WAR) with Ant. In my experience, really large Ant-based systems take forever to process that everything is up-to-date whereas Maven systems depend on each other and require you to keep them up to date. Sure it requires you to be smarter and run "mvn install" on your subprojects, but I'd rather do that than wait 5 minutes for Ant to process everything just to run a test.

You might remember that the main reason I used to prefer Ant over Maven was speed. That was in Maven 1 days. With Maven 2, speed is no longer a problem and I've found it much easier to run "mvn jetty:run" than "ant deploy" and wait for Tomcat to restart. IMO, the perfect development environment is one were you can run a command-line command (or use your IDE to start the server) and code away without worrying about restarts. Seam and Grails offer this environment, but it's unlikely your entire organization is going to use standardize on those frameworks and not have anything else. I think Maven and the Maven Jetty Plugin offer a nice alternative for the rest of those applications.

GWT Presentation with Bob Vawter

Tonight I'm in Mountain View attending the inaugural meeting for the new Silicon Valley Google Technology User Group (SV-GTUG). The good news about this meeting is Bob plans to discuss some of the new features in the GWT 1.5 release. Although it is not available yet, it sounds like they are putting the finishing touches on the 1.5 release and that it will be available soon.

The first ting I've learned is that GWT is actually pronounced "gwit". Bob is a member of the GWT team and he's the only one that's not based out of Atlanta. GWT has a very Swing-like programming model. It has widgets, panels and windows and operates very much like a traditional UI programming API. To create an application, you create a class that implements EntryPoint. Below is an example Hello World application.

One of the really nice things about GWT is that you can easily debug your application in your favorite Java IDE. GWT doesn't prevent you from writing JavaScript - you can insert native JavaScript into your code using a special /*-{ script here }-*/.

When you compile a GWT application, you get a whole bunch of stuff. When trying to develop cross-browser JavaScript code, you often end up with "if soup" to handle the different browsers. GWT does the same thing, but it creates different versions of the application for the different browsers. The naming of these files is an MD5 hash that's bootstrapped by a simple JS file. GWT files are all static and the file sizes are ~40KB/each for the Hello World application.

If you have to write fewer than 100 lines of code, it's likely that GWT will be overkill - you can do it with JavaScript easier. Once you get more lines of code and larger teams, Java's tools do all the heavy lifting. Yes, you can create large applications with large teams with scripting languages, but Java is the clear winner when you have large teams of developers working on projects.

GWT provides a RemoteService for client code and a RemoteServiceServlet for server-side code that you can use to implement RPC calls. For more information, see the Remote Procedure Calls documentation.

At this point, we're 45 minutes into the presentation and it's pretty disappointing. This is likely because there's no presentation and Bob doesn't seem to have any sort of agenda. I think this type of presentation would work well if folks had experience with GWT and were asking lots of questions. However, it seems that most folks haven't used GWT - so the questions (and his resulting answers) aren't very meaty.

One attendee asked about making GWT applications SEO-able. Bob's suggested solution is to continue to use Servlet or JSPs to render the page, but then use GWT to for the user interaction that needs to happen within the page. The RootPanel class has a get(String id) method that can be used to put the GWT application into a particular div or other placeholder.

Google Base and Google Checkout are currently using GWT. There's also a lot of Google internal development that uses GWT. Apparently, there's quite a few applications built with GWT that haven't launched yet.

Has anyone used the Maven Gwt Plugin? It sounds like it might be pretty nice as it contains the GWT compiler with no OS-dependent Google tooling.

The main new feature in GWT 1.5 is Java 5 support. There's also a GWT Incubator that's used to host GWT features that may go into GWT's core. You can view the demos online.

GWT's mission statement:

GWT's mission is to radically improve the web experience for users by enabling developers to use existing Java tools to build no-compromise AJAX for any modern browser.

GWT's competition according to Bob - Visual Studio.

Java Web Framework Smackdown at TSSJS in Vegas

This year's TSSJS is starting to look like an excellent conference. I'm particularly excited to be moderating the following Expert Panel.

Java Web Framework Smackdown: Struts 2, Spring MVC, Grails, Seam/JSF and Wicket
The leading advocates of today's popular Web frameworks will duel under the Vegas Lights. Come and learn when to use your favorite framework and to see if it can live up to its hype.

We're talking about productivity, scalability and maintainability of Java-based Web applications. The emerging trend is that simplicity is better and productivity matters. Furthermore, if maintainability is the most costly part of any application -- how do these frameworks perform?

Attend if you're a Java Web developer, or if you simply like good entertainment. A working knowledge of the popular Java Web framework options will make this session more fun. If you haven't worked with any framework, come and learn who has the best spokesman.

I plan on bringing the boxing bell from OSCON 2005 to make this session one of the best in the show. I'll be coming up with a list of questions for these experts in the next couple of months. In the meantime, if you have any suggestions, please let me know.

With a venue like The Venetian, why wouldn't you go?

REST and Seam Talks at Denver's JUG

After a long hiatus, I decided to attend the Denver JUG meeting this evening. Tonight there's a couple of interesting talks:

• Give It a REST by Brian Sletten
• Seam by Norman Richards

I'll do my best to live-blog these sessions, so hopefully you can read along and learn everything I do.

Give It a REST by Brian Sletten
This talk isn't an implementation talk, it's more of a motivational talk. Brian is trying to answer the question "Why do we care?". We care because we have a lot of WS-Dissatisfaction. "Conventional" Web Services are often:

• too difficult for non-trivial tasks (real complexity)
• too complex for trivial tasks (artificial complexity)

RPC-based Web Services are mythically interoperable and time/process coupled in painful ways. SOAP has largely become popular because of marketing dollars behind in. REST is more like the "hippy" way that has grass-roots support with no corporate sponsor.

What makes SOAP difficult? It's remote procedure calls and its tunneled using existing application protocols (HTTP). Furthermore, there are no nouns (mappings to business terms), only handlers. There are no semantics, only handlers. When you tie yourself to a contract/WSDL, you can have anything back that you want - so as long as its simple XML. This isn't entirely true because a lot of things can be shoved into XML (Word documents that are Base64 encoded).

The main problem with SOAP is it solves a problem that most people don't have. It solves an edge case, rather than the main problem.

Many people say "SOAP is secure and REST isn't".

Why do people believe this? It's because of the long list of SOAP-related security acronyms: XML Encryption, XML Signature, XKMS, SAML, XACML, WS-Security, WS-Trust, XrML. Even if you're using these in your system, there's no proof that your implementation is secure. REST is what we all use on the web with online shopping, etc. We don't seem to have a problem with the security we use everyday on the web, do we?

SAO is an architectural style promoting loose coupling among software participants. Sompanies have rigid definitions of what constitutes a SOA. Many believe that SOAP is an essential piece, but it's not. SOAP 1.2 and Doc Lit are improvements, but are they necessary? Interestingly, 85% of Amazon's users chose REST over SOAP when given the choice.

What is REST? The acronym stands for REpresentational State Transfer. It's an architectural style based on certain constraints designed to elicit properties of scalability and extensibility. It's an idealized notion of how the early web should work and helped drive the way it eventually did work. It's more than just URLs!

Resource-Oriented Computing focuses on information spaces, not code or objects. It focuses on logical connections and reduces complexity by separating actions from nouns. In the history of the web, we started with URLs that pointed to documents. Eventually, these documents became dynamic and were generated on-the-fly.

URLs are locations on the web that are horrible names because they change so much. URIs are good names that have no way of being resolved. Fundamentally, REST is a separation of the parts of the system: Nouns, Verbs and Representation. A Resource (in a REST architecture) can be a file, a service or a concept. It can also have different representations. Resources are named with Resource Identifiers. It's simply the means of naming a resource. It's a standard syntax that allows various schemes. Often known as URIs (or IRIs). It's orthogonal to satisfying the reference and it's one of the missing pieces of "normal" web services.

Examples of Representation include 1) a particular dereferencing of a Resource Identifier to a Resource at a particular time, 2) a byte-stream tagged with metadata or 3) it could change based on request or processing/display capabilities of the client (Firefox vs. WAP).

REST's verbs are design decisions to minimize the the complexity of implementing a system. GET retrieves a resource and always returns the exact same result. It doesn't change anything in the backend system. Because of this, it allows for easier layering of your system - particularly when you introduce caching for GETs. POST is used to create (or update) a Resource. It does not require a "known URI" and it supports the append operation. PUT creates (or updates) a Resource, but requires a "known URI" and also supports an overwrite operation. Lastly, there is DELETE, which removes a Resource. This is not supported in modern browsers. Just because browsers don't support them doesn't mean you can't implement them in your applications.

REST's concepts were developed by Roy Fielding in his thesis. He was trying to create a system that had the following architectural properties: performance, scalability, generality, simplicity and modifiability. REST allows us to create true client-server applications. To satisfy scalability requirements, REST is stateless. All parameters travel with the request and no session information is maintained on the server. This improves scalability through load-balancing and allows visibility of intermediary processors.

One of the first things that becomes a bottleneck in enterprise systems is the database. This works fine if you like paying Oracle. By using REST and HTTP concepts, it's easy to take advantage of a cache. This allows replication of an external data set where it's too large to copy locally. REST allows you to create Layered Systems that allow you to have managed dependencies between layers. Having a RESTful architecture allows you to swap out the backend without changing the front-end and vise-versa.

Now Brian is going to do some demos using NetKernel. He recommends using HTML documents to describe services. The beauty of developing a RESTful system is there's nothing preventing you from appending ?wsdl to your URLs to return SOAP.

Invoking functionality using web-friendly techniques is a very nice way to build web applications.

What is controversial in REST? When you are not dereferencing you should not look at the contents of the URI string to gain other information.. However, if you structure your URLs in your application in a hierarchical manner, people will be able to use URIs in this way.

What isn't controversial? No one believes you should rely on sessions or other state at the application level. They also believe using nouns, not verbs is an excellent idea.

Seam by Norman Richards
Seam isn't just a web framework, it's an integration technology for building applications for the web. It's a technology that takes your persistence and web technologies and unifies them so you have a simpler view of your system.

First of all, what is Seam?

• It's a unified component and event model - you access all your components the same way
• It has a declarative state with a rich context model
• It provides deep integration with minimal glue code
• It minimizes configuration, prefers annotations to XML
• It allows a freedom of architectures and technologies
• It also allows testing of components in context

With Seam, you have a number of technology choices to make. The first is which business component model you want to use (EJB 3 vs. POJO). You might choose EJB 3 if you want more clustering capabilities. For persistence, you can use Hibernate or any JPA implementation. Norman recommends using JPA if possible. You also have a choice of languages: Java or Groovy (and possibly Scala in the future). Seam gives you a choice of web frameworks. All the examples today will use JSF, but there's also support for GWT and 2.1 will have support for Wicket. Also, there's some non-committers developing support for Flex. Norman believes component-based web frameworks are the best way to develop web applications. While I hear this from a lot of folks component-based framework authors, it seems ironic that the "best" way to develop webapps is not the most popular way (PHP, Struts, Rails).

I think it's ironic that there's a REST (no state) and a Seam (it's all about state) talk in the same night. I'm tempted to ask why a stateful architecture is better than a REST one, but I'm not really that interested in the answer. I think your architecture should be determined by the needs of your application, rather than choosing the architecture and then implementing an application with it.

In addition to choices, Seam gives you a number of tools: CRUD generation, Eclipse and NetBeans support and full IDE support in JBoss Tools / JBoss Developer Studio.

Now Norman is doing a demo - starting by creating a new Seam Web Project in Eclipse. He mentions that he's skipped a number of steps: downloading and installing Seam, downloading and installing JBoss and configuring your Seam installation and database in Eclipse. He has two projects in Eclipse - apparently the New Project wizard creates two - one for the application and one for testing. It's strange that the tests don't go in the actual project. The directory structure has src/action and src/model for your Seam components. After doing some simple CRUD, Norman starts JBoss and looks at the master/detail screens it generates.

To make a Java class a Seam component, you usually only have to add a @Name annotation to the class. While trying to show us how the Authenticator/login works, Norman tried to open components.xml. Unfortunately, this crashed Eclipse and 30 seconds later - following a bevy of "file does not exist" errors, we're back in action. To inject dependencies in a Seam environment, you use the @In annotation. In the example class, here's what the code looks like:

try {
  currentUser = (Person) entityManager.createQuery("select p from Person p where" + 
       " p.email = #{identity.username} and p.password=#{identity.password}").getSingleResult();
} catch (NoSuchEntityException e) {
  currentUser = null;
}

This example appears to encourage title coupling with the data layer, rather than loose coupling (i.e. a DAO layer). I'm sure Seam doesn't prevent you from developing a more loosely coupled application.

Bug Alert: The <h:messages> tag looks like it always has an <li> - even when there's only one message. Struts 2 has the same issue with its <s:errors> tag. It's disappointing that so many Java framework developers don't have more attention to HTML details.

Probably the coolest part of Norman's demo is how Eclipse auto-synchronizes with JBoss so he never has to start/stop anything when he changes Facelets pages or Java classes. Of course, hot deploy should be possible with any web application if you're using Eclipse Web Tools effectively.

I do believe all-in-one starter frameworks like Seam, Rails, Grails and AppFuse are excellent. However, I also believe they're solving a problem that only 10% of companies have. Most companies don't have the ability to start applications from scratch - unless they're a startup. Most companies have an existing infrastructure in place for the backend and they simply need a better web framework to slap a pretty face on it. I don't know the best solution for this, but it seems like a logical choice to RESTify the backend (possibly with a web framework) and then use a modern web framework for the front-end. IMHO, the best web frameworks for a RESTified backend are Flex, GWT and Appcelerator. If nothing else, these appear to be the most hyped for 2008.

Many of the enhancements that Seam has added to the Java web programming model are being pushed back into the Web Beans JSR. With Seam, injection is bi-directional (input and output), is continuous during application invocation and dis-injected after action is done. The whole purpose of this is to let Seam handle the state of your application. By not worrying about storing/maintaining state, you as a developer can concentrate on business logic more and get your applications done faster.

At this point, Norman started talking about Seam's events and how you can use them. Unfortunately, my battery ran out and I drifted off to do some other stuff. I'm sure Seam's Event Model is pretty cool, I just missed it.

Acegi Security 1.0.6 and Spring Security 2.0-M1

From the Acegi mailing list:

Release 1.0.6 is now available from Sourceforge:

http://sourceforge.net/project/showfiles.php?group_id=104215

This is a minor bugfix and maintenance release - the changelog can be viewed here:

http://jira.springframework.org/secure/ReleaseNote.jspa?version=10671&styleName=Text&projectId=10040

The jar files should also be available from the central maven repository.

Spring Security 2.0-M1
----------------------
This is the first milestone release of Spring Security 2.0. You can download it from:

http://static.springframework.org/downloads/nightly/milestone-download.php?project=SEC

The changelog can be found here:

http://jira.springframework.org/secure/ReleaseNote.jspa?projectId=10040&styleName=Html&version=10451

For maven users, the jars are available from the Spring milestone repository. For details on how to add this to your project, read Ben Hale's article.

I tried this release with AppFuse and all tests pass.

Denver JUG End of Year Party

Tomorrow's Denver JUG meeting should be a lot of fun.

Our DJUG meeting this Wednesday, December 12th will be our annual end of year get together. It will start at 5:30 PM and we'll be meeting at the Wynkoop Brewery and Restaurant located at 18th and Wynkoop in the upstairs area where the pool tables and dart boards are.

No presentations, free pool and beer. What's not to like? I'll be there with bells on.

Next Thursday, the Denver Open Source User Group is having a party as well. It's at 6:00 at Darcy's Irish Pub. Cheers!

Big Changes for Joe and DWR

I'm thrilled to see DWR join the Dojo Foundation and Joe Walker join SitePen. This couldn't happen to a nicer guy. I first met Joe at the Ajax Experience in San Francisco 2 years ago. Great guy, awesome open source project. Well done Joe!

Spring Security 2

It looks like we'll have to wait until next week to get our hands on Spring Security 2 (the next release of Acegi Security). The good news is it looks much simpler. From what I can tell, this new code is available in Acegi's SVN repository. Here's to hoping the Acegi Team writes some sort of migration guide.

New Tools for AppFuse Project: MarkMail and FishEye/Crucible

We've recently added some some new features to the AppFuse project. The first feature is the good folks at Mark Logic (primarily Jason Hunter) has setup a kick-ass mailing list archive for us at appfuse.markmail.org.

This is an easily searchable set of archives and goes all the way back to when our mailing list started in March 2004. In the future, they hope to provide RSS/Atom feeds and allow posting (like Nabble does). I've added a link to these archives to the mailing list page. To learn more about MarkMail, please see Jason's announcement of the service @ Apache.

The second feature is we've installed FishEye and Crucible (a code review tool) on AppFuse's server at Contegix. We've used FishEye in the past, but now we have it on our own server.

Thanks to Mark Logic and Atlassian for supporting the AppFuse project.

Spring MVC, JstlView and exposeContextBeansAsAttributes

Did you know that Spring MVC's JstlView has a exposeContextBeansAsAttributes property you can use to expose all your Spring beans to JSTL? I didn't. To configure it, you configure your viewResolver as follows:

<bean id="viewResolver" 
    class="org.springframework.web.servlet.view.InternalResourceViewResolver">
    <property name="viewClass" value="org.springframework.web.servlet.view.JstlView"/>
    <property name="exposeContextBeansAsAttributes" value="true"/>
    <property name="prefix" value="/"/>
    <property name="suffix" value=".jsp"/>
</bean>

After doing this, any Spring bean can get referenced in JSTL with:

${beanId.getterMethodWithoutTheGetPrefix}

If you're using Spring 2.5a annotations and <context:component-scan>, you'll need to specify a "value" attribute on your annotations in order to reference them in JSTL. For example:

@Controller(value = "beanId")
@RequestMapping("/foo.html")
public class MyController extends SimpleFormController

...

@Component(value="testClass")
public class TestClass {

Pretty cool stuff. It'd be a lot more useful if you could call methods with parameters. Hopefully JUEL will solve that problem. JSTL's functions work, but I'd rather write ${foo.method('arg')} rather than ${taglib:callMethod(foo, 'method', 'arg')}.