Monthly Archives: August 2013

Spring Book – Chapter 18 – Remoting

Spring Book, , , ,

Fundamentally Spring remoting is a Remote Procedure Call (RPC) feature which uses a communication protocol like RMI, HTTP or JMS, to inter-operate across multiple JVM’s. The plumbing involved in actually talking to one another using these protocols and other complexities are hidden away from the developer by employing a proxy object created by Spring.

In this Chapter, we will first go through the basic concepts in remoting and then go on to the support provided by Spring. We will then go on in detail to cover the various remoting technologies which Spring supports in detail.

Basic Concepts

This section provides standard definitions for the basic concepts and terminologies that will be used throughout to explain Spring remoting in detail.

Remote Procedure Call (RPC)

A remote procedure call (RPC) is an inter-process communication that allows a computer program to cause a subroutine or procedure to execute in another address space (commonly on another computer on a shared network) without the programmer explicitly coding the details for this remote interaction.

– wikipedia.org

Remote Method Invocation (RMI)

Java Remote Method Invocation (Java RMI) enables the programmer to create distributed Java technology-based to Java technology-based applications, in which the methods of remote Java objects can be invoked from other Java virtual machines*, possibly on different hosts. RMI uses object serialization to marshal and unmarshal parameters and does not truncate types, supporting true object-oriented polymorphism.

– oracle.com

Proxy Pattern

Proxy patterns are key for gaining an understanding of Spring remoting. Figure 19-1 shows the UML diagram for the proxy software design pattern.

Figure 19-1. UML diagram of proxy software design pattern

Figure 19-1. UML diagram of proxy software design pattern

In simple terms, a Proxy object is one through which we control access to the actual object on which the functionality lies. Based on the context in which these proxy objects are used, it can be categorized into three types:

  • Virtual Proxy – If you would like to control the creation of resource intensive objects in a lazy fashion (objects will be created only when the application actually uses it for the first time to do something), the heavy objects can be put inside the proxy objects and its creation can be controlled according to the requirement of your application.
  • Remote Proxy – Used to mask the complexity in communication mechanism between remote objects. Spring remoting uses this type of proxy for abstraction.
  • Access Proxy – Used to control the access to a sensitive object by wrapping it with a proxy.
  • Smart Proxy – If you would like to provide additional functionality to the existing object, smart proxies can be created to address this in your application.

The Proxy pattern is one of the most important design patterns because it provides an alternative to extending functionality in Java using inheritance. Another alternative is object composition, where an object (proxy, now you know) forwards method calls to an enclosed object (real subject).

Problems Faced Today

Most of the remoting mechanisms provide a layer of abstraction over the transport details used for communication in a distributed environment. This locks your code to a particular programming model. In present day of application development, locking to any model is not considered a right approach especially with frameworks like Spring being around which allows non-locking integration with other third party technologies and programming models.

In the case of using Java RMI (Remote Method Invocation), your service interface has to extend the java.rmi.Remote interface and your client is forced to catch the java.rmi.RemoteException exception class. This dependency of your code to Java RMI makes your code tightly couple with this programming model. It not only locks you in, but also clutters your business logic with the remoting infrastructure hurting the principle of separation of concerns.

Any enterprise application normally will be using many applications and services that function on different platforms. When the need arise for sharing the data or functions between these existing applications, the need for remoting could arise.

Integration will remain a high priority in coming years, according to Forrester analyst Ken Vollmer, as virtually all enterprise application delivery projects require significant integration among applications, internal data sources, external trading partners, and more and more frequently, external data resources.

To answer these challenges, the main goals on which Spring Remoting was built and the advantages it brings can be summarized as below:

  • Hide plumbing code as much as possible through abstraction—Spring Remoting hides a lot of plumbing code from the developer by the use of service providers in the server side and client proxy in the client side. Due to this the code becomes cleaner and more maintainable in the longer run. Clear separation of concerns and avoiding tangling and scattering of code.
  • Remoting capability by configuring and exposing services declaratively—Spring’s abstraction uses the configuration based approach for remoting. On the server side no code change is required at all and you have the power of exposing your existing services as remote services with ease. In the client side expose remote methods from existing code. You can then use Spring’s dependency injection to wire various objects into your remote objet with ease.
  • Support for multiple protocols and handling exceptions in  a consistent way—Spring offers a consistent way of writing service exporters, and client FactoryBeans for various protocols represents the same approach and is also consistent across. It provides consistency and ease of adoption as the overall flow remains the same irrespective of remoting technology. In addition, due to this consistency, on the server side ,you have the provision of exposing the services using various protocols declaratively. In the client side it brings in easy swapping of various available protocols according to infrastructure and other considerations. It is also easy to switch between remote and local deployment by mere configuration change which is very handy during testing and actual deployment phase.

In the following sections, we will see whether Spring Framework was able to deliver their goals and in what way they allow extension to it following the Spring philosophy.

Page Visitors: 4815

Pages: 1 2 3 4 5 6 7 8

Spring Book – Chapter 15 – Web Application Security with Spring

Spring Book, Spring Security, , , ,

Security is one of the very important services which any application needs to have in a comprehensive manner taking care of all the essential parts in a very elegant and simple manner. Spring Security framework is used in several domains including government, banking and military applications. Although written in Java, due to its high adoption and success, its architecture is ported to other platforms such as Microsoft .NET and Python to name few.

Spring Security provides declarative security especially for Spring based application. Having said that it has appropriate extension points and pluggability built into it using which it can be even plugged and used with other standard frameworks available in the software industry. Spring Security provides enterprise level authentication and authorization services at the web request level and at the method invocation level for JEE based enterprise software applications.

Security Concepts

Before diving deep into the Security and Spring Security in detail in this Chapter, there are certain terms in the Security world which should be understood in all aspects. This section aims to do just that and armor you with adequate concepts and terminologies which will be used throughout the Chapter.

Principal

Any user, system or a device which performs an action is called as a “Principal”. In simple terms in the case an application, anything which would like to interact with the application can be called as a “Principal”.

Authentication

The process by which the application checks or validates if the interacting “Principal” is who or what it claims to be is called authentication. There are various ways by which authentication process can take place like basic, form, digest, etc.

Credentials

The application does the process of authentication by challenging the principal. The challenge is usually a request by the application to get the principal to pass on valid credentials, usually a username/password combination already stored in a persistent store of any nature as the application please to be. There are various storage mechanisms by which to store the credentials and various authority details like a database, LDAP, etc.

Authorization

After a principal is successfully authenticated, it still needs necessary access rights to perform an action on the application like creating a new record, viewing a page etc. This process makes sure that the principal has necessary access to perform the action.

Secured Item

Any resource or item in an application which requires appropriate access rights to perform action on it is called “Secured Item” or “Secured Resource”.

GrantedAuthority

Spring Security related term and is used to refer to application-wide permissions/access rights granted to a principal.

SecurityContext

It’s the Spring Security object which is responsible for holding authentication and other security related details.

SecurityContextHolder

It’s the Spring Security object which is responsible for providing access to the SecurityContext object. It uses various strategies like ThreadLocal, inherited ThreadLocal and Global to provide the SecurityContext object within an application.

Spring Security Motivation

Spring Security was developed keeping in mind certain considerations. These considerations have become the core motivation on which Spring Security thrives and competes. These motivations can be summarized as shown below:

  • Portability – Spring Security is portable across different containers both commercial and open-source alike in all aspects. Web application using Spring Security can be deployed as is in different containers and can also run in standalone environments. Non-portability in servlet specification security is overcome by Spring Security by not having container specific adapters and role mappings.
  • Flexibility – Spring Security supports almost all the common authentication mechanisms and also keeps adding new supports as new technologies arises making it up-to-date almost all the time. It also provides configurable storage options for user credentials and authorities. Being built on top of Spring, we can do all of these by mere configuration, making it simple and easy.
  • Extensibility – This is high level of extensibility which Spring Security provides in the form of how the principal is defined, where the authentication information stored, how authorization decisions made, where security constraints stored etc. making is highly customizable in nature according to various application requirements.
  • Separation of Concerns – one of the very important motivations on which Spring Security is built on is the level of separation of concerns it provides allowing business logic to completely decouple from the security code. Also security concerns like authentication and authorization is also decoupled from each other making it possible to change authentication process without affecting authorization.
  • Consistency – regardless of mechanisms followed to achieve both authentication and authorization, Spring Security keeps the consistency in all aspects.

Spring Security History

Spring Security was originally called Acegi Security created by Ben Alex in the year 2003. Version 1.0 got release in March 2003. Acegi Security provided declarative security and was extremely powerful and flexible in numerous aspects. Although it had advantages in many aspects it had a big inherent problem in having all configurations in XML making it really cumbersome and sometimes troublesome in various aspects.

In Spring Framework 2.0 version Acegi Security was adopted into it and was renamed as Spring Security. With advances in Spring Framework, came advances in Spring Security. Additional modules kept added on and with Spring namespace configurations slowly became easy and more manageable and paved way to configuration by convention. It applies security rules by extensive use of Servlet filters and Spring AOP. Although Spring Security is Spring-based, it can be used with non-Spring based web applications with ease.

Page Visitors: 11025

Pages: 1 2 3 4 5 6 7 8 9 10 11

Spring Book – Chapter 16 – Web Services – Spring WS

Spring Book, , , ,

In June 2000, Microsoft coined the term “Web Services” when they introduced this as one of the key component of its .NET framework. As other industry players started adopting this, it was evident that this technology would revolutionize distributed computing in the coming years. In the past few years many techniques have been developed to help applications interact with each other, of which prominent one is Web Services by a large extend.

Spring Web Services (Spring WS) follows the strategy of contract-first web services. It focuses more on XML and lesser on Java implementation. The underlying details are completely under the control of developers starting from the contract to the marshalling/unmarshalling details to the endpoint which actually handles the request.

Spring WS being a product of the Spring Framework, offers first class support of using Spring configurations and integrating with Spring framework. It provides ability to plug-in various XML APIs (SAX, DOM, StAX, XOM, and JDOM) to handle XML messages and can always ensure that the XML contract is marshaled correctly into Java objects. It supports JAXB 1 and 2, Castor, XMLBeans, JiBX, and XStream as part of its XML marshalling support.

When you have finished with this Chapter, you will have clear idea of all the terminologies related to web services and will also have a clear idea of the support provided by Spring to create and use web services in your application.

What is a Web Service

A Web service is a method of communication between two electronic devices over the Web (Internet).

– wikipedia.org

A Web service is a unit of managed code that can be remotely invoked using HTTP protocol which allows exposing the functionality of your existing code over the network which other application can use it.

To give you a better explanation of what a web service is, I would like to give you the exact working of web service pictorially shown in Figure 16-1 below.

fig16-01

Figure 16-1. Web service architecture

The various steps involved in actually consuming an already exposed web service can be summarized as below:

  1. The client (web service consumer), queries the UDDI registry to get the details of the service and to locate it in the network (Internet).
  2. The UDDI registry refers the web service requesting client to the WSDL document details.
  3. The requesting client accesses the WSDL document.
  4. The WSDL document gives all the relevant details of the requested web service to the client.
  5. The client now sends SOAP-message request to the actual web server exposing the service.
  6. The web service returns the SOAP-message response which the client receives and does the appropriate processing.

Concepts

Spring hides many of the web service complexities away from the developer. But since some concepts are very crucial in overall understanding of web services, we’ll take a brief look at some these concepts in the following sections.

SOAP Messages

SOAP (Simple Object Access Protocol) is an XML vocabulary that lets programs on separate computers interact across a network via RPC (Remote Procedure Call). A SOAP message can be of three types summarized as below:

  • Method call – it contains name of method and parameters.
  • Method Response -contains the return values.
  • Fault Message – if service throws exception, it produces SOAP fault message. Due to any reason if transport fails, it will give appropriate standard HTTP messages

The SOAP message structure is illustrated in Figure 16-2.

 Figure 16-2. A typical SOAP message structure

Figure 16-2. A typical SOAP message structure

Page Visitors: 11145

Pages: 1 2 3 4 5 6 7 8 9 10

Spring Book – Part IV – Enterprise Application Development

Spring Book, , , ,

Enterprise application requires many services to realize various uses cases. These services are mandatory and form the backbone of the application in many ways. Changing business scenarios requires changing and updating these services at various changes according to demand. With Spring’s capability, this can be achieved very easily catering integration with evolving opens-source technologies and solutions.

This part of the book contains Chapters which will help you in developing enterprise application having all the required enterprise services helping you realize business use case with the help of Spring Framework.

Chapter 16, “Web Services – Spring WS”, introduces you to the Spring’s capability of supporting web services in your application. After reading through this Chapter, you will have clear idea of all the terminologies related to web services and will also have a clear idea of the support provided by Spring to create and use web services in your application.

Chapter 17, “Messaging with Spring”, will initially cover messaging concepts in some detail. Later on we will cover JMS and its components in detail. We will then deep-dive into the support provided by Spring in applying messaging to your application. We will then go through the transaction support by JMS and again what Spring has to offer in this space. Last but not the least, the Chapter concluded with introduction and Spring’s support in achieving global transactions in your application.

Chapter 18, “Remoting”, we will first go through the basic concepts in remoting and then go on to the support provided by Spring. We will then go on in detail to cover the various remoting technologies which Spring supports in detail.

Chapter 19, “Tasks and Scheduling”, initially looks into the various concepts dealing with concurrency and then looks into Java support for doing this. Later on it looks into how Spring Framework can support doing this in your application. You should also be able to configure and use Quartz in your Spring application as well have the capability of using JDK’s timer support in your application.

Chapter 20, “Spring Integration”, will help you start with Spring Integration and will aid you in achieving the various integration requirement in your application. I am sure after reading through this Chapter you will have one more weapon up your sleeves which you can use and reap benefits from its high level of integration capabilities.

Chapter 21, “Spring Batch”, similar to other chapters will introduce you to Spring Batch in a comprehensive manner. Batch operation is one among the integral parts of modern day application and Spring’s support comes in the form of Spring Batch and we will deep dive into this in all aspects possible.

Chapter 16: Web Services – Spring WS

Chapter 17: Messaging with Spring

Chapter 18: Remoting

Chapter 19: Tasks and Scheduling

Chapter 20: Spring Integration

Chapter 21: Spring Batch

Page Visitors: 647

Technology stack for a web application (2013) – Part II

General, Web Application, , , , , ,

As I speak/write the blog is kept on updating with the reasons on the choice of various technologies/framework. Please look into the blog for more updates. Please look into the first part of this blog in here.

Web/Client Tier

  1. Spring MVC (Web Framework) – Here any good web application framework can be used. Even good component based framework like JSF is also a good choice, especially JSF implementation namely RichFaces. Once you use any of the component based framework, the level of control you have on the overall final HTML generated as a whole is a big issue especially when the application’s performance is considered. To avoid this using a basic web framework like Spring MVC with a very good JavaScript library is a good solution according to me. Spring MVC has evolved a great deal over the period of time and in line with the Spring Framework philosophy, it allows integrating various other web technologies with ease. Also a typical web application development evolution according to me should be as follows:
    1. Get the requirements from the business
    2. Converting business requirement into meaning user story board
    3. Converting those story boards into HTML’s, most done by an expert graphic designers. usually these HTML nowadays does have some level interaction and page flows shown using the various open source JavaScript libraries like JQuery. Final menu structure, sitemap and so on is designed during this time.
    4. Once getting business confirmation, pass on the HTML’s to the Java developers for making it dynamic and functional in all nature.
      Once the developer gets these HTML’s as designed and agreed by business, if you use any of the component based web frameworks, looking at the HTML provided, it has to be designed from scratch. The developed final HTML which is required will never be achieved by the developer and this can be a big issue to the business. By using such a basic web application framework like Spring MVC will avoid this and the developer will be bale to use the HTML as given by the graphic designed and convert into a dynamic web application. The business will get the same look and feel which the graphic designer as shown and overall the project can be completed in a much shorter span of time.
  2. Thymeleaf / Apache Tiles (Templating framework instead of using JSP directly) – One of the greatest features that i see of Apache Tapestry (a web application framework, initial release, Tapestry 4 and older, before the framework rewrite) is the full use of the graphic designer supplied HTML’s by the developer’s as is and making necessary changes so as to make it dynamic in nature. Thymeleaf brings that advantage onto any web application framework and acts as the templating framework. But there is an issue using Thymeleaf along with the security compliance framework namely HDIV, down the lane I will explain this and how good is it for your web application to use HDIV to cover OWASP security requirements with ease by mere configuration. If you want to use HDIV, the next best templating framework that you can use with your web application framework is Apache Tiles. For more details on Thymeleaf please go through http://www.thymeleaf.org. For more details on Apache Tiles please go through http://tiles.apache.org.
  3. SiteMesh (Decorator – Filter for layout creation/maintenance) – Using a templating framework and layout framework might not be well accepted, but i feel if the application is developed keeping in mind to be made into product and customization in mind, using this layout framework along with a templating framework will be good overall. For more details, please visit http://www.sitemesh.org.
  4. JQuery (JS) – There are so many good JavaScript frameworks available in the market both open source and commercial, which will make developing a web application enjoyable and easy with lot of cool features out-of-box. One of the prominent and mostly used JavaScript framework available as of now is JQuery and I am no exception to go along with it for developing my web application. Its fast, small and feature-rich JavaScript library, which allows traversing,parsing and manipulating HTML document easy and straightforward with it easy to use API’s, guaranteeing support to a variety of browsers available in the market. For more detail, please visit http://jquery.com.
  5. JQuery-UI (JS) – Theming (More for productization) – JQuery UI (user interface) contains a whole lot of widgets, interactions, effects and themes which are built on top of JQuery JavaScript library. A must if you building highly interaction and rich web application. Using JQuery UI with JQuery is a natural choice and i too support this in all aspects. For more details, visit http://jqueryui.com.
  6. Dandelion datatables – Dandelion is a component of the open source web application framework Dandelion. It uses DataTables JQuery plugin to create full-featured HTML based tables. There are variety of ways by which to use the tables in your web application, easy to use, integrate and customize. Any web application requires a datatable for displaying data and nowadays the expectation out of a datatable has grown out of proportions. Using Dandelion will help you realize these to a greater extend with not much hassle. That’s the reason for me to choose this and being a JQuery plugin, makes it even an easier choice. To know more details on this, visit http://dandelion.github.io/datatables.
  7. Bootstrap (CSS) or Blueprint (CSS) – If you don’t have a graphic designer and you are told to do the graphics and design of the web application, i would suggest using either bootstrap or blueprint. These give a head start, suing which the skeleton of the web application can be built and it id designed by experts, so why use their expertise. For more details on bootstrap, please visit http://getbootstrap.com. For more details on blueprint, please visit http://www.blueprintcss.org. As the project name suggests, bootstrap gives you the head start and blueprint give you the blueprint on which to bild you web application. It inherently takes care of many things for you, on such example is browser compatibility and graceful degradation.
  8. D3 JS or Highcharts JS – Both are fabulous charting framework. Both are really good in features and if you application is chart/report oriented, not using any one of them is a crime. D3 can be used for commercial projects for free but Highcharts can only be used freely for non-commercial projects. Since these are JS based libraries, usage is easy and wouldn’t be that troublesome. Highcharts being a commercial products boasts good support and browser compatibility and as its a de-facto requirement, supports graceful degradation according to the browser in which you web application is rendering.
  9. Modernizr (Browser detection and grace degradation in case you are using HTML5 and CSS3) – If your application is based on HTML5 and CSS3 standards, using this JS would be handy so that the web application can degrade gracefully according to the browser in which the application is loading. For more details, visit http://modernizr.com.
  10. HDIV (HTTP Data Integrity Validator) – Good things come later, isn’t? To me one of the best Java Web application security framework. Integrates well with major web application framework and templating frameworks. Just by using this framework, you automatically get your web application security requirement covered to a good level. The framework takes care of almost all the top 10 security threats as classified by OWASP. It gives you this feature by not tampering with your pages by your developers, rather it sits as a filter (highly configurable), and takes care of all without a single line written in your main application code. At any point, if you feel that this is not doing any justice to your web application, removing it can be done very easily. Its a wonderful handy framework which you can use to get past your company’s security team (VAPT). For more details, please visit http://hdiv.org.
  11. yepnope.js (Script/resource loader) – Now your application has good amount of JavaScript library and slowly your application’s client side is becoming heavier and clunkier. You definitely need a conditional resource loader. Out of various resource loaders available in market, I consider using either of these. yepnope JS (cool, innovative and apt name) is an asynchronous conditional resource loader which allows you to load what scripts you want in your application. Its not only light-weight but super-fast. For more details, visit http://yepnopejs.com. These script loaders will surely improve your performance and will also reduce your page’s load time.
  12. backbone.js – You now really have good amount of JS libraries and maintenence of these can be cumbersome if your web applications keeps growing in size over a period of time. This JS library brings structure to the JS coding as a whole and this can be really helpful in case of big coporate web application. For more details, visit http://backbonejs.org.
  13. Custom tags – Custom tags must be written and used as much as possible bringing in component based development in case you plan to use Spring MVC as your choice of web application framework.

Exhausted. I will be completing my three part series in my following blog post. In couple of days and you will see my final blog. Having said that I will keep updating the earlier blog parts with more and more detail, especially when i get more details from my fellow bloggers/readers.

Page Visitors: 2204

Technology stack for a web application (2013) – Part I

General, Web Application, , , , , ,

This is an opinionated blog as I do favor considering Spring Framework in the various tiers of a typical web application. I consider the framework because of its features, ease and above all good enthusiastic community and activity surrounding it as a whole. While doing this evaluation and recommendation, I have put the year, as technology changes are so fast, obsolesce is down the lane and I do want to make sure that it is reviewed in a timely manner so that rather than giving a wrong recommendation, make recommendation to some extent useful and ideal for a typical web application. The whole technology stack can be summarized as below:

Web/Client Tier

  1. Spring MVC (Web Framework)
  2. Thymeleaf / Apache Tiles (View framework instead of using JSP directly)
  3. SiteMesh (Decorator – Filter for layout creation/maintenance)
  4. JQuery (JS)
  5. JQuery-UI (JS) – Theming (More for productization)
  6. Dandelion (For datatables) – JSF datatables are heavy
  7. Bootstrap (CSS) or Blueprint (CSS)
  8. D3.js – for graph representations
  9. Modernizr (Browser detection and grace degradation in case you are using HTML5 and CSS3)
  10. HDIV – to tick all security requirements in your application from a single point. At this point in time, using Spring MVC along with Thymeleaf is not supported by HDIV, but its not far away. So if you want to use HDIV, Spring MVC along with Apache Tiles should be used.
  11. yepnope.js (Script/resource loader)
  12. backbone.js
  13. Custom tags will be written and used as much as possible bringing in component based development

Server Tier

  1. Spring Framework
  2. Consider using Spring Data – Different profiles

Things to be considered as a whole:

  • WebJars for managing JS and CSS libraries as jars
  • Caching using Ehcache
  • Multiple DB support (development can be even considered using in-memory database)
  • Consider using Datatables4J
  • Reason for each technology/framework selection

As detailed earlier, the reasons that I consider might be fully opinionated/biased, please let me know your suggestions, after careful consideration looking at its advantages/disadvantages, the technology stack will be considered and changed accordingly. For the year 2013, I consider this blog as evolving as possible according to the suggestions that I get from the readers of www.javacodebook.com.

I will have another blog written very soon (2 days’ time) giving the reasons for each choice which I made so that while you do a selection in your project, you do have enough reasons and points to be given to your management.

Please visit Part II of this blog in here.

Page Visitors: 954