machine501

While running the Los Angeles Flex Users Group I got a lot of questions from people about how BlazeDS could fit into their existing infrastructure.

Typically, they will have an application container, such as JBoss, or maybe just a servlet container, like Tomcat, and a SQL backend. Usually MySQL or PostgresSQL. JSPs are used for the presentation layer and, sometimes, they may use Struts or SpringMVC as a web application framework. If you’re using ColdFusion this post is likely of little use to you.

Many programmers are understandably weary of introducing yet another component into their system and BlazeDS sounds like such a complex component that it’s often mistaken for a standalone application container that doesn’t readily integrate with standard Java application containers. This couldn’t be further from the truth. Those programmers who follow the bundled BlazeDS examples get stuck trying to figure out how to expand the example to fit their application or how to even start from scratch.

Let’s tackle the first misconception, that is, that BlazeDS doesn’t play well with Java application containers. To put it simply, BlazeDS is configured as a standard servlet. When a Flex client wants to make a request to a BlazeDS server it will issue a POST request to a defined servlet path. That path is whatever you configured the BlazeDS MessageBrokerServlet to. Flex sends the request as an AMF binary payload or an XML version of AMF. I’m glossing over some details but just knowing that you can access BlazeDS as a servlet is a good starting point for figuring out how you can start integrating BlazeDS into your existing application.

What this means to you is that BlazeDS can use container authentication or even work with Spring.

Let me make it even more clear by putting some sample configuration and code.

Here’s the part of the web.xml in which you declare and configure the MessageBrokerServlet:

<servlet>
<servlet-name>MessageBrokerServlet</servlet-name>
<display-name>MessageBrokerServlet</display-name>
<servlet-class>flex.messaging.MessageBrokerServlet</servlet-class>
<init-param>
<param-name>services.configuration.file</param-name>
<param-value>/WEB-INF/flex/services-config.xml</param-value>
</init-param>
</servlet>

Here’s the part where you map the MessageBrokerServlet to a path:

<servlet-mapping>
<servlet-name>MessageBrokerServlet</servlet-name>
<url-pattern>/messagebroker/*</url-pattern>
</servlet-mapping>

The file “services-config.xml” is the primary configuration file for BlazeDS. Here is where you define a “channel”:

<channel-definition id="amf" class="mx.messaging.channels.AMFChannel">
<endpoint url="http://localhost:8080/sample_bds/messagebroker/amf"  .... />
</channel-definition>

This tells the Flex client where to make an HTTP POST request when using the “amf” channel on a RemoteObject, for example.

In fact, try it out on a browser, startup BlazeDS and point to htp://localhost:8080/blazeds/messagebroker/amf/

You’ll get a blank page. That’s a good thing!

The next question I usually get is, “do I have to dump my JSP/WebServices/Struts in order to use BlazeDS?” The answer is definitely no! In fact, if you have a JSP AND a WebServices front end to your application you’re a good bit along the way towards integrating BlazeDS. The reason for this is that if you have two front-ends to your application, and these two front-ends share some functionality, then you have probably structured your application in such a way (using a Service Layer, for example) that makes it easy to add a third front-end.

So what architectural patterns are useful for BlazeDS? To cut to the chase, I use Service Layer, Data Transfer Objects, and Mapper (or Assembler) on the server side. I’ll have a post on what I use on the client side later.

If you have played around with BlazeDS or used it to create a production application you’ve probably followed the examples bundled with the turnkey solution. And you probably have a hunch and instinct about how to create your app. I’m guilty of jumping right in and starting to code from my gut, but after a few days of learning a technology I like to step back and formalize my approach. My first place to consult is Martin Fowler’s Patterns of Enterprise Application Architecture (PEAA), and Design Patterns: Elements of Reusable Object-Oriented Software (Typically referred to as The Gang of Four Book, or GoF).

Service Layer

A Service Layer can have many methods, each using a variety of domain objects and models. Service Layer have application logic, like telling an emailing component to notify administrators that a payment has been processed, while delegating the business logic to the domain models. It’s pretty easy to figure out what types of methods a Service Layer should support; you can use the user interface as a guide to what sorts of things a client can do or you could base this off your use cases, if you’ve taken the time to do this.

The defining characteristics of Service Layers are the following:

• Defines application boundaries
• Defines available services from the perspective of interfacing clients
• Encapsulates business logics
• Provides convenient place for handling transactions, logging, etc.
• Prepares the response appropriately for the client

That last one brings me to the next pattern I use.

Data Transfer Objects

These are objects that have a bunch of properties, contain no domain logic, and may be structured in a simple hierarchy. When I first started with BlazeDS I was using an Hibernate as my object-relational mapping (ORM) solution and so I was happily transporting the objects I got from a database straight through BlazeDS and over to Flex. Some of my objects had few methods for domain logic, some had more. Few had a complex hierarchies.

Once I started adding parent child relationships and collections then I suddenly encountered a problem where retrieving one of these objects would cause Hibernate to recreate a pretty huge hierarchy. Just as bad was a problem with transactions; when you’re about to send an object down the wire, BlazeDS will call each of its getter methods and each of those Object’s getter methods in turn. This is why it recreates entire hierarchies, but if you close the Hibernate session before BlazeDS has a chance to get to these methods then you’ll get an exception because the Hibernate proxy object can’t get a hold of a session with which to get the rest of the objects out of the database.

There are ways to go around this, such as using the Open Session in View approach, and that works well, though I found it felt awkward because of the name, since the “view” part of this is that hibernate objects are being used by the view and so the session should not be closed, but I also didn’t need to load all the objects that were connected to the one measly object I wanted to read.

I could have used the custom serialization method specified here: Using custom serialization between ActionScript and Java.

So, the simples solution I finally adopted was to use Data Transfer Objects. Characteristics of DTOs are the following:

• May contain aggregated data
• Fields are simple, such as primitives, or other DTOs

The pain of adding DTOs is that you now have to transform some of your domain models, in my case, for example, some of the objects gathered with Hibernate into DTOs. So you have to use the Assembler (or Mapper) pattern. An Assembler can take care of:

• Knowing how to transform an object into a DTO
• How to reconstruct hierarchies for DTOs
• Keeps the domain model independent of external interfaces
• May make use of more than one assembler per dto based on the semantics of the request.

Now I have no problem with building deep hierarchies when I only need one object. If I do need the complete hierarchy I can use a different assembler that knows how to reconstruct that. That’s what the last bullet point on that list is talking about; if it makes sense in one request to bring in all children and grandchildren objects then an assembler can know how to do that, if, instead, all you need, is the one object, then that’s all the other assembler needs to do. In my case, I now had better control over when I could close the session without having to worry about Session closed exceptions.

An additional benefit with respect to BlazeDS and Flex is that the RemoteClass mapping from Flex to Java can always map to DTO and you won’t have to worry about changing your actual Domain Objects and having those changes reflected in the mapped actionscript class; if you remove a property from your domain object then the Java compiler will complain because the assembler will be unable to access that property. You’ve caught the error earlier on.

I didn’t talk about the client side much. I’m working on another post that will address that side.

Update: The “start”-method-not-getting-called bug is now a filed in the adobe bug tracker: http://bugs.adobe.com/jira/browse/BLZ-190

This post is another baby step in getting acegi/spring security and blazeds to work together. The whole purpose of these exercises is to for acegi to handle authentication/authorization and destination security. Even bypassing container security.

In the last part I talked about how I was stumped by the LoginCommand and how the “start” method is never called. The reason I want the start method to be called is so that I am passed a ServletConfig and from there I can get access to the ServletContext, and thereby access to the Spring WebApplicationContext but unfortunately this method never seems to get called. I traced the BlazeDS source in SVN, not very thoroughly I should admit, and never found a spot where the start method gets called.

That’s not such a big deal because I can get access to the ServletContext by using the FlexContext singleton. I’m not generally a fan of singletons but what the hell; if it gets it to work =p

Anyway, here’s a brief outline of my AcegiLoginCommand, which extends AppServerLoginCommand:

.. class AcegiLoginCommand extends AppServerLoginCommand …

public AcegiLoginCommand() {
    initAuthenticationManager();
}

private void initAuthenticationManager()
{
    ServletContext servletContext = FlexContext.getServletContext();
    String beanId = servletContext.getInitParameter("loginCommandBean");

    if (beanId == null) {
        beanId = "authenticationManager";
    }

    WebApplicationContext context =
        WebApplicationContextUtils.getWebApplicationContext(servletContext);

    authenticationManager = (AuthenticationManager)context.getBean(beanId);

    if (authenticationManager == null) {
      throw new RuntimeException("AuthenticationManager could not be found.  Tried beanId='"+ beanId+"'");
    }
}

The LoginCommand needs access t othe authenticationManager so that it can pass it call the manager’s “authenticate” method. To make it more configurable, I added a little bit of code that will get the bean name from a web.xml init-parameter.

Finally, my “doAuthentication” method looks like this:

public Principal doAuthentication(String username, Object password) {
  Authentication authentication =
        new UsernamePasswordAuthenticationToken(username, password);
  authentication = authenticationManager.authenticate(authentication);
  SecurityContextHolder.getContext().setAuthentication(authentication);

  return (Principal)authentication;
}

I don’t need to override doAuthorization because when I’m doing MethodSecurityInterceptor, that class takes care of looking at the Authentication token’s “GrantedAuthority”es to see if they can execute the method.

That’s pretty much it. I need to figure out the extent of the security integration. I know that at the moment the authentication will not work on RTMP channels.

A good explanation and example for Spring and BlazeDS is important for driving adoption of BlazeDS into environments that run on Java. I know a potential client of mine is looking into using BlazeDS as a transport layer for a product they have running on a Tomcat container. They want to try following established practices in Java and want to use off-the-shelf, tried-and-true technologies like Spring and Hibernate, and having information on using these with BlazeDS would make them more confident when adopting BlazeDS.

Hope this helps. Also, I just found out someone else had documented a similar approach at this blog post:

http://blog.f4k3.net/fake/entry/acegi_logincommand_for_fds

This is a component that mimics the text finding functionality in Safari. When you do a search it dims out the text field and highlights the currently found fragment of text. Other fragments in the text are currently set apart by a black rectangle, but I plan to change that.  This is kind of like the Highlighter component on FlexLib http://code.google.com/p/flexlib/wiki/ComponentList

The currently selected text indicator can be a IDataRenderer component that you can specify in code.

I couldn’t wait to show it to people before cleaning the code … so here it is. Without code. But I’ll release the source to the public once I clean it up and fix a few bugs.

Things I still need to do:

• Allow custom renderer for non-selected item
• Fix scrolling issues
• Looks like I’m missing the ability to highlight items towards the very end of the text
• Simplify so it can be used as a component. Currently needs a few lines of AS code to get working

Some notable features:

• You are passed the text formats of the text fragment match so that you can render the text in the selected indicator exactly as it looks on the original text.
• You can pass a custom selected text renderer. Notice it has animations as you click for the next find

There is another version that works on an HTML control in AIR. There’s a problem with that, however, when the text match wraps; I can’t figure out a way to find the coordinates of the start of text that’s been wrapped to the next line.

I read a blog post by Jeff Clavier about Twitter, Microblogging, and when Twitter might go mainstream.  I thought, yeah: I publish much more often on Twitter, Flickr, Facebook, and am starting to mess around with Muxtape.  So I looked around for a widget for my blog where I could put up my different streams from different social services.  I found friend feed and thought it’d be good to put on my blog.  That’s when it hit me: why not just make my stream my home page?  Why not replace my whole blog with my social stream, and just make my longer entries part of that stream?  So I whipped up a script in a few minutes and came up with what you see on the front page of my site.

Is this the way we’ll start to see online presence for those of us brave enough to run our own blogs?  Basically, this is a way to publish feeds from your online identities, not to aggregate feeds you’re interested in.  It’s not a personal feed aggregator.  It’s a starting point for people to get to your online identity(ies).

I have a bunch of ideas for this.  The initial, quick and dirty, version of these scripts is setup in a somewhat modular format, so as you sign up to new services, or new services appear you just drop in a new module and it will load those up.  Each item from each service can be customized as you want using CSS.  And you can control how often it should aggregate your content.  The source is coming soon but if you want to play with it I can post it.

Let me know what you think.

I was just catching up on my SFist LAist reading and was reading through the comments on a post linking to an LATimes story comparing LA to SF on a green scale. turns out sf wins. Then I saw this comment I thought “Oh no you di’n't”

i have always promoted the awesomeness that is SoCal. without SoCal (specifically, without LA), SF is just another Portland. and i don’t mean that in a good way.

Completely unrelated … I was catching up on BlazeDS forum reading and saw a very good question about OS project management on the project.  Here are the questions:

1. Who is the project manager(s), senior leads, etc?
2. What is the experience level of the project management staff and contributing developers?
3. What is the release schedule? What was the historical release schedule?
4. What version is BlazeDS in right now?

Tom Jordahl, CF 7 & 8 architect and BDS/LCDS know-it-all, gave a good reply and the about page gives a highlevel answer to the questions, but it’d be great to see this more formalized, either as wiki pages with contact and role information about the higher level participants and accepted contributors. It reminds me of how tricky managing and leading an os project can be, and how much work it’s actually required to get do it right. It’s specially tricky for a project backed by a commercial entity because confusing or missing information can quickly bring suspicion from project users.

If you’re interested in finding out more about BlazeDS I suggest you watch the talk Tom Jordahl gave to the Connecticut CF user group.  Also, what’s up with those adobe forums? The formatting’s bleh and it pukes on multipart messages.

I can’t talk about what I saw at the Microsoft Home of the Future because I signed an NDA.

I’m usually approached by people telling me they want to talk with me about their startup idea but I have to sign an NDA first. This usually doesn’t happen on the street, but at least once it’s happened in a diner. My reply is I have an Anti-NDA policy. And that usually cuts it short and saves me from having to listen to their idea which is absolutely nothing new and everybody and their grandmother has already come up with it so why even bother signing a stupid NDA? Not to mention that they’re unenforceable in california.

Well, I felt the same way about the MS home of the future NDA ; I saw nothing there that was anything new. Go watch minority report, dumb it down, tone it down, remove all sense of privacy, and have some goth girl pretend to be a mom and give you a tour of her home, and you’ve got the MS home of the future. Mostly I was indifferent to it. The current setup was created more than 2 years ago, so it’s missing some things that are most in our minds today, like power consumption, reuse, etc., though it did have some demos of assistive technologies.  Maybe next time we’ll see better ways to conserve energy, turn off unnecessary displays, report power consumption, provide easy ways for recycling materials, and a host of other things to make life better.

Here’s a quick list of blog posts about the Microsoft Technology Summit 2008 from people who were there. If you have a link to one please send it to me.

Paul Jones:
Don’t pitch me, bro!

The Real Adam’s impression of Open Source at MS:
http://therealadam.com/archive/2008/03/27/open-source-and-research-at-microsoft/

Luis Villa, who managed to quickly dismiss me and others who care about open source by saying “almost everyone was in some way a user or developer of open source technologies (the rest were flash/adobe people)“. Nice way to form alliances.

http://tieguy.org/blog/2008/03/29/microsoft-technology-summit-mts08/

The company I run is built on open source technologies, for both commercial and philosophical reasons. I use flash because it’s the best way to deliver the service to my costumers. The rest is python, mysql, php, apache, jabber, java, django, bsd and lots of other things. But, I shouldn’t have to list my open-source creds to be legit.

This reminds me about another thing I noticed at the summit: some people who are extremely passionate about their respective domain are, as my best friend often labels me, “ANTI”. You’re in the belly of the beast, in the borg! And you have the borg’s ear. Rather than showing how indignant you feel about M$ and what a shitty, enslaving, conniving, greedy, dense, stupid company you think it is, how about finding some common ground and seeing how you can work for the common good? If I missed some adjectives regarding M$ please send those to me, they will be promptly appended to the previous list.

And also, like I mentioned in my previous post: from what I saw, Microsoft Research is Research with a big “R”. That’s academic type research. The reason there is no iterative process or user engagement is because such research is not typically amenable to iterative process and user engagement; in other words, it’s not Product Testing. Some areas of study, like social computing, HCI, user interface design, cultural effects on user experience, and stuff having to do with people will have limited user engagement, typically called debriefing, after testing theories with experiments. Because you are trying to find out one thing, you control for many factors, much as in academic research. So, you can’t have the same free-form, back-and-forth user-feedback-loop that you should when developing and product testing. The way Research works is you first come up with a theory. For example, that green buttons are easier to click on. Then you create an experiment where you control for all sorts of stuff so that the only variable that changes is the green button. Then you have people click on the green button, and then you report your findings about how that one variable proved or disproved your theory. Then you provide some potential reasons why your hypothesis is true or false, sometimes pointing to previous Research. Some time, later in the future, maybe years into the future, the results of that research are used inside a product. At that point, you might, if you want your product to be good, engage in iterative development and user feedback.

Often I heard the question: “Why should I care?” Why should I care that, say, ASP.NET MVC, exists when I already use Rails? Why should I care that Silverlight exists when I use Flex? I have the same visceral reaction when listening to the Silverlight talk, but that’s just my initial reaction because I’m invested in what I’m already using. After thinking about it for a minute, I can come up with a few reasons why I should care a little more, and why I shouldn’t feel indignant about the fact that M$ is building a clone. As The Real Adam pointed out in his post “Important Ideas in ASP.NET MVC“:

The most promising thing about this tool, to me, is that MS is guiding people down the unit testing path by default

What about Silverlight? It might be a better tool for a client or product, but not yet. Hey, choice is great sometimes. These are purely pragmatic reasons. And if a programmer learns to do testing in one language then she’ll be at an advantage if sometime in the future she has to develop something in Rails and she’s already familiar with unit testing thanks to her having learned it first in ASP.NET MVC. Note to microsoft, drop the .net thing =s Skills transfer is an important thing that M$ cannot control. I learned to program on the C64, then on Borland’s Turbo Pascal, then on Borland’s C/C++, then on Microsoft’s C++ compiler. Then, I magically transfered all my programming skills that I learned in close-source commercial implementations to GCC, python, ruby, PHP, using vim or emacs. Lock-in is not so all-consuming on the developer skills end as it is on the product usage end.

Some thoughts on “presentation fu”: I had ample notice from M$ about this summit. So I was disappointed when some of the presenters seemed to have recycled product pitches and tech talks created specifically for audiences already receptive to and interested in the M$ pitch. This could have been a chance for those presenters to really think about their work in relation to OS, Rails fanboys, Apple Fanboys, Flash Fanboys, etc, basically, to the audience. They could really have thought about how their work fits with the current trends in the online sphere. Maybe I was mistaken about the purpose of the summit? Anyway, there was plenty of time to at least drop a couple of slides addressing these issues. I’d get the summit managers to see how the talks fit in with the summit next time. I heard John Lam praised in the few discussions I had with other attendees about this particular topic. You’ll see his name in some of the posts on the above blogs. He certainly had the presentation zen, or whatever, while talking about IronRuby and the Dynamic Language Runtime. He put it nicely when he showed a slide with MS/APPLE/The Penguin at the bottom, IE/SAFARI/FF (where’s opera? nudge, wink), above that, and the stuff that really makes the web tick, the services and things people build for it, above all that. He said, and I agree, that the browser and the os are uninteresting; they’re just fancy rendering engines. He also said that people are interested in the source for frameworks, not for browsers. How true. I’ve often heard the question asked during Flex conferences why the Flash players is not open source? First, you probably will not download it and recompile it yourself. If you will, you will have exactly one user. Second, there are so many licenses to sub-components of the player that it would be plenty difficult to get lawyer$ to let you open source it. The same applies to the browser and maybe the os. I care more about why DRM is in the player, clear and consistent policies on spyware, adware, and user privacy while using that player. Anyway, John Lam even managed to keep me wondering if the presentation was done in Apple’s slidemaking thingy until he alt-tabbed out of it into vista. Still, he was running Vista on an Apple (i heard my nascent apple fanboy side say). What? No open office?

BTW, I saw zero GNU/Linux laptops at this summit; I left mine at the office.  I stand corrected on this point; thanks to Paul Jones for pointing out that Luis Villa was using one.

Personally, I’m glad for the opportunity to come and engage with so many smart people, both attendees and presenters. Special thanks to The Real Adam who was thoughtful and engaging when discussing our reactions to the summit while there.

Oh yeah. Just to be fully transparent here: M$ paid for my travel, stay, and food.

The summit’s ended and we had a closing session with Sam Ramji. Some issues about the format were brought up and there were lots of other great comments and questions. Here was my question:

What did Microsoft learn from this?

I want Microsoft to somehow publish, with consent from participants, what they got out this summit. What was useful to them, what was confirmed, what did they already know about, what did they not know, and maybe how they will proceed with this information.

An MS employee who was one of the event managers quickly suggested that if we, the attendees, posted back what Microsoft told us, then our audience would learn from us instead of MS publishing this themselves, and that this would make it “seem more believable and legitimate if it came from the community than if it came from Microsoft”. Ok, put aside how creepy that sounds. I doubt, also, that there was a sinister motive behind that.

Anyway, putting those things aside, here’s what my response to this suggestion is: If Microsoft wants to be involved in the community, then Microsoft *should* be part of the community. That includes dialog. I want for others who see my blog to be able to go to a response or blog post I linked to and compare and decide themselves if what MS believes matches up with what I believe or if there’s a huge difference.
So, I suggest MS put up a site that aggregates the blogs, twitters, and other digital artifacts from attendees, presenters, and maybe others, that reflect the thoughts, discussions, and conclusions of these summits. MS has held these summits in previous years, but when I googled to find out what they were about, why I was invited, I saw a list of results that didn’t synthesize what happened. The trail ended abruptly. So, I have little idea what happened before and what happened in response.

Before this summit I couldn’t care less about Microsoft. Now I’m aware of them.

Update:
Something else I learned about! The vimperator! The vimperator is an awesome Firefox plugin that gives you VIM like keys and UI for using firefox. It’s awesome.

This is the third day of the Microsoft Technology Summit. I’m thankful it is only a half-day because I’m all .NETted out. That’s just the nature of these types of events; I work with Flex all day, but when I go to Max or 360|Flex, I’m all Flexed out by the end of these conferences.

There were two main things I got from this summit:

1. Microsoft is playing catchup: They know they’ve missed the boat on this generation of web developers, that is, the folks who are working with rails, django, social networks, and open technologies. To address parts of this they’re providing ASP.NET MVC (rails), Silverlight (address Flash in silverlight 1; Flex, in silverlight 2), Hibernate (parts of LINQ), and the Dynamic Language Runtime (dynamic languages). I’m not saying I’m not impressed with what they have come up with.

2. Open web: OpenID was the prominent example of an open web technology during the two days. MS is playing a significant role in defining it, but the main questions during the two days were “why is MS not doing more to push it by providing implementations and integration points in its current products?” and “why are they not leaders in this?” I think the trust issue is big, too, with many people commenting that although they appear to embrace it, are they actually doing it for the “right reason?” or is it just for the bottom line.

Thanks to all the folks that I got to talk to during the event.

A friend said I shouldn’t have bothered coming all the way to Seattle to spend 2.5 days listening to Microsoft.  Instead I should have just checked this out:

The summit’s not a sales pitch.   At the moment, I’m on day two of the summit and listening to Anandeep Pannu discuss his role and the projects inside the Microsoft Open Source Lab.  Some of the other, more technically focused speakers give sales-pitch like talks because I’m sure they’re recycled from previous presentations, given to audiences who want to know about Microsoft projects, and not to people who are skeptical or indifferent about MS.