Raible Designs

RE: J2EE App Server Security

Dion and Christian are talking about J2EE App Server Security. Specifically, they are talking about setting up standard container-managed security. J2EE allows you to specify security settings in your web.xml, but to make those work - you have to configure your app server. For Tomcat, this is pretty easy, and Resin makes it easy too. However, the XML you have to write for both is quite different and some app servers don't even let you write XML - instead you have to use their "admin console". Personally, I think most admin consoles are a pain in the ass. I'd prefer to write a single XML file to configure the server. Some servers require several files just to authenticate against a database.

AppFuse uses both container-managed authentication and a JNDI DataSource. This means you have to configure the appserver in order to run AppFuse. On many servers, this is difficult to do (or, they didn't pass my 10 minute test at least). I like servers where I can deploy a couple of JARs into a directory and a single XML file to configure the server. Tomcat and Resin come to mind.

After using Acegi for the last month, I think I'm going to ditch the "standard" J2EE security stuff. I managed to port AppFuse to use Acegi last month - and didn't have to change a single line of security-related code. The hardest parts of integrating Acegi where 1) figuring out how to build it from CVS (there's currently two src trees) and 2) excluding URLs. Once I got these two things solved, I had to add an "enabled" column to my user table, but that's about it. This is awesome b/c it means you can always port back to CMA with very few code changes.

I used to think that using the container's resources was a good thing, but I'm starting to change my mind. Spring allows you to configure a DataSource connection pool just like Tomcat does, so there's not as many benefits as there once was. Being able to drop a WAR into a directory and have your app work without configuring the server is a very nice thing. What do you think? Are there any advantages to using a container's services anymore? I suppose there is for distributed or clustered apps, but that's all I can think of.

If you could add another framework to AppFuse, which would it be?

If you could add another web framework option to AppFuse, which one would it be and why? Please keep in mind it already includes Struts, Spring, WebWork, JSF and Tapestry.

Pick the web framework you think is cool

Ever since I started adding additional web frameworks into AppFuse, people have asked me "which framework should I use?" I've often told them "use what you know." If you have in-house knowledge of Struts, use it. I thought this was good advice because I believed that existing knowledge leads to greater productivity.

Lately, I've started to change my philosophy. I'm starting to think it's more important to use the web framework you're passionate about. The one you want to learn more about. After reading Kathy Sierra's "Does it really matter if your tool is cool?", it seems this is a good idea. She writes:

Coolness (or just perceived coolness, it really doesn't matter) is linked to passion. The cooler you perceive your tools to be, the more passionate you are about those tools. And passion, while it might lead to the "everything is a nail" syndrome, has an extraordinary amount of value!

Obviously there's quality of life... a life with passion is certainly more fun than one without. And the more passion, the greater the chances that a person has what psychologists label optimal experiences. And the more optimal experiences one has, the more likely one is to describe life as being "happy". So, passion = optimal experiences = happiness. And research says happy people are generally more productive. Certainly they're more spirited and fun to be around...

So I guess passion leads to greater productivity, not existing knowledge. So which web framework do you think is cool? Which one are you passionate about?

If I had to choose based on my passionate choice, and the one that I think is the coolest, I'd have to go with Tapestry or possibly JSF (JSF would be a lot cooler if it let me put my JSPs in the WEB-INF directory instead of in the root). These are the frameworks I want to learn more about. 6 months from now? Maybe Laszlo or JDNC.

[DJUG] JMS and Spring

Tonight's DJUG should be a fun one. First, I hope to learn some JMS tips and tricks from Chris Huston then I'm doing a presentation on Spring. I asked the group what they wanted to know about Spring last week and I got a wide range of answers. There should be a good mix of newbies and experienced Spring users. I'll give you a link to my presentation, but I have to warn you that there's not much there. I tend to show a lot of code in and do demos when I present, so my presentations tend to be kinda thin. My two goals for tonight are 1) keep it under an hour so we can all get to the bar and 2) inspire Spring-mania among the crowd.

   Download Presentation »

[ANN] AppFuse 1.7 Released

This release adds support for JSF/MyFaces and Tapestry as web framework options. AppGen has been updated to work with both of these frameworks and I added new tutorials as well. You can read about my integration experience in a previous post.

After I released AppFuse 1.6.1, I knew the only way I was going to get Tapestry and JSF support done was if I stayed close to the code and started the next release. I never envisioned developing the Tapestry and JSF versions of AppFuse at the same time, but it turned out to be very efficient. If you want a comparison of all the different web frameworks in AppFuse (and AppFuse Light) - you can checkout my Comparing Web Frameworks presentation. If you want more in-depth coverage - it'll be in the next Chapter of Spring Live.

• Download
• Release Notes
• Learn more about AppFuse
• Live Demos:
  • Struts + Spring + Hibernate
  • Spring + iBATIS
  • WebWork + Spring + Hibernate
  • JSF + Spring + Hibernate
  • Tapestry + Spring + Hibernate

If you find any issues, let us know.

Integrating JSF and Tapestry into AppFuse

Well it looks like I accomplished my goal for the year: integrate Spring MVC, WebWork, Tapestry and JSF into AppFuse. I decided to integrate JSF and Tapestry at the same time so I could get a good feel for their differences. Also, I figured there would be a lot of similarities I could re-use between the two. I found this to be a great idea. Often I'd use the first framework as a template and the second would go much quicker. It turned out to be a good strategy because I often found bugs in the first while working on the second. I really enjoyed developing with both JSF and Tapestry - here's my notes from my development marathon over the last week:

Tapestry

• For Tapestry, I created a patched version of the 3.0 source. I did this because I wanted some non-standard things, like friendly URLs, a global properties file and a popup calendar that works with IE/XHTML. The Tapestry Community was gracious enough to supply the source - so I didn't have to do much patching myself.
• Pure HTML, like Tapestry has, is ssoooooo much nicer to work with. The syntax highlighting in HomeSite is fully functional again! I've been an HTML developer since 94 and I felt like it was 97 all over again - when we didn't write apps, just static HTML.
• Overriding the default Tapestry ValidationDelegate was pretty easy - and there's even an example in Tapestry in Action. I was able to add asterisks for required fields and error messages next to the fields fairly easily. Erik Hatcher also hooked me up with a Label component for non-validating fields.
• For the contrib:Table component, you can easily i18n column headings by using "keyName:propertyName" as the column value. However, if your keyName has a period in it (i.e. user.username), you can't override the ValueBlock b/c user.username is an invalid OGNL expression. I patched Tapestry to solve this.
• The ability to use <span key="keyName"/> to render i18n keys is awesome. So simple.
• Tapestry has a very rich validation framework that requires virtually no configuration. No setting up your resource bundle, etc. It just works. Client-side too.
• It would be nice to show all the client-side validation errors in a single dialog instead of one-at-a-time (WebWork does this too).

JSF/MyFaces

• I like how you don't have to create mappings - just link to the .jsp with an .html extension.
• For some reason, when I save a user and server-side validation occurs, the user's username and roles disappear. Good thing client-side validation is available.
• It was easy to override the Labels to add asterisks thanks to some code from David Geary on the MyFaces mailing list. In order to make it work, I had to ditch my HTML <table> and use an <h:panelGrid>. Now my JSP is Tag Soup. I think JSF is going to have to ditch JSP if they want to get anywhere. Hopefully JSF will soon support HTML templates like Tapestry and parse them with a Servlet Filter or something.
• It's unfortunate that I have to specify a "styleClass" attribute on all my <h:message> tags - I'd like to just set a default for these tags (others too).
• I ditched JSF's message setting and opted for setting my own List of messages in the session and then grabbing them out with a MessageFilter. This was so much easier to implement than the standard JSF message setting stuff.
• I'd rather not have to specify <f:loadBundle> at the top of each page. It's going to be the same for my whole app - it'd be nice to set a default bundle and variable name that all tags could access.
• It was quite a bit easier to integrate JSF into AppFuse than Tapestry. This was mainly due to the fact that I could re-use a lot of the JSP code, as well as the WebWork Actions are pretty close to the JSF Managed Beans.
• Spring Rocks - it never caused any issues with either framework. I just wish MyFaces wouldn't warn that it can't find a variable that it's already found. I had to turn logging down to FATAL so I don't get any meaningless messages from MyFaces.
• With JSF, why do I have to specify the supported locales in faces-config.xml? Why can't it look up the available bundles like JSTL with Spring/WebWork/Struts does?

So after all of this, which is my favorite? Unfortunately, there is no clear winner. They're both pretty cool, but not that much better than Struts, Spring or WebWork. In reality, I like them all, that's why they're all integrated into AppFuse!

Update: I forgot to mention that I was very pleased with the latest version of Canoo's WebTest. It now uses HtmlUnit at its core and its JavaScript support has vastly improved. I wouldn't have been able to do integration testing on the JSF version without this (updated) library. Not only did it work great, but it found XHTML issues in my code - that rocks! The JSF and Tapestry versions of AppFuse are the only ones that run Canoo tests with JavaScript turned on. This is mainly because the old tests worked fine w/o JavaScript and I didn't want to break them.

AppFuse - Tapestry and JSF Support in CVS

I've finished the coding part of adding JSF (MyFaces) and Tapestry support to AppFuse. This weekend was spent knee-deep in XDoclet templates - updating AppGen for these two frameworks. I still need to write up a couple of blog posts about integration and update the tutorials, but the hard part is done.

If you're an early-adopter, feel free to check it out. The QuickStart Guide should help you get the source from CVS. I hope to release version 1.7 later this week.

Helluva Week

It's been a rough one this week. Mainly due to AppFuse. This is the 4th (or maybe 5th) night this week I'm up late working on it. Tonight will be an average night, turning in at 5:30 a.m.. Last night was 6:00 a.m. Abbie likes to wake me up at 8.

The good news is that I have the JSF and Tapestry integration done. I just finished up writing all the programmer tests for the beans/pages and tomorrow (today?) I'll work on Canoo WebTests and installation/appgen/documentation. With any luck I'll finish up and release this weekend.

Next week, I get to write a chapter for Spring Live on MVC Framework integration. I'm also talking about Spring at the local Denver JUG on Wednesday night.

I can't wait for Christmas - 2 weeks in Sunny Southern Florida.

AppFuse Tapestry/JSF Status

There's 3 phases of adding a new web framework to AppFuse. The first phase is integration and configuration. This is the fun part and involves adding JARs and configuring everything so the framework actually works. At the end of this phase, I'm usually pretty enthusiastic about my progress and think I can finish the whole project in a few more days. Then comes the "features" phase, when I start coding AppFuse features with the framework. This part always takes wwaaaaaaayyyy longer than I anticipate. This is the part where I realise previously done things (from other framework implementations) won't work and I have a long road ahead of me. For instance, with Tapestry and JSF, I have to figure out how to do the following: Country drop-down based on locale (currently a JSP tag, so should work with JSF), multi-select checkbox, and placing an asterisk next to required fields.

The asterisk isn't too hard if you do it the "WebWork way" - where you simply specify required="true" on JSP Tag. However, I'd prefer to have it read from the validation engine, so this will probably take some digging on how to do it with JSF/Tapestry. For the country drop-down, I'll probably have to create a Tapestry Component. I believe both frameworks have a multi-select checkbox component. After working with Tapestry's contrib:Table component for a few hours, I miss the Display Tag. The contrib:Table works, but it's a LOT more difficult to configure than the Display Tag. It also blows up if you click the column headings too many times. Also, it doesn't have any exporting features like the Display Tag. Sure, it might not need them, but a lot of folks have come to rely on these and it's a handy feature. Furthermore, another unfortunate thing I found in Tapestry this morning is it doesn't seem to read the locale from the request. So if you change your browser's language, it won't switch the language. You actually have to logout and kill the session to switch the locale. Bummer.

My main problem with the 2nd phase of the project is choosing whether to "do it right" or "get it done". I often start out just trying to get shit done, but end up being a perfectionist and trying to do it right. This phase took a couple of weeks to get through with WebWork. Ugh - I'd rather just get this stuff done, but I don't think it's gonna happen. I think I'll be working on the "features" phase for quite some time. Oh well, at least I'll learn the ins and outs of each framework.

The final "finishing up" phase is one of the best. It's when everything works and I write the installation scripts and tutorials. This is slightly painful b/c there's nothing new to discover, but it's also nice because there's nothing new to learn or get tripped up on.

AppFuse 1.7 estimated release date? I was hoping for the next couple of weeks, but I'd better stick with the end of the year. I'm sure there's going to be a fair amount of banging my head against the wall in the next few weeks.

AppFuse Gig in San Fran

Todd Huss is looking for an AppFuse developer in San Francisco. More details at http://www.craigslist.org/sfc/eng/49835022.html. For those of you who don't know, AppFuse isn't much of a framework itself - it's more of a directory structure and build file that helps glue Hibernate, Spring and various web frameworks together. You can learn more about it by reading this article on java.net.