Ron on software

JSR 303 & Hibernate validation framework

Posted on July 14, 2009 by ron

I was recently looking for a validation framework, and came across the work that has been done lately for JSR 303 (latest version of the spec here). JSR 303 defines a standard meta-data model and API for validation of JavaBeans/POJOs. Basically, it’s a standard way to describe constraints for Java POJOs, and an API to access those constraints.

From the JSR:

“Validating data is a common task that is copied in many different layers of an application, from the presentation tier to the persistentce layer. Many times the exact same validations will have to be implemented in each separate validation framework, proving time consuming and error-prone. To prevent having to re-implement these validations at each layer, many developers will bundle validations directly into their classes, cluttering them with copied validation code that is, in fact, meta-data about the class itself.”

I definetely agree – the validation metadata belongs to the domain class. This has been a hole in the Java space for quite a while. We’ve had validation frameworks such as Commons Validator (previously part of Struts) for many years, but we haven’t had something that could be used across layers in a widespread manner. If you look at typical web applications with XML schemas , a persistence framework, and Web UI, you can easily see where you can end up re-implementing the same constraints multiple times.

public class Address {
    @NotNull private String line1;
    private String line2;
    private String zip;
    private String state;

    @Length(max = 20)
    @NotNull
    private String country;

    @Range(min = -2, max = 50, message = "Floor out of range")
    public int floor;

        ...
}

As can be seen from the Hibernate Validator example above, the JSR allows you to specify the validation message as a part of the metadata. I think it’s good to have the option, but I prefer to define the validation messages externally. I don’t want to have to change my domain classes every time someone wants different wording on a validation message, and for those that need to support internationalization, you pretty much have no option but to define them externally. From looking at the JSR, it looks like defining messages externally is also supported.

Like recent JSRs, I like that it supports annotations, but still supports overriding/extension via XML. I’m also glad this JSR works on Java SE. In the past too many JSRs were restricted to JEE.

Hibernate Validator 4 (currently beta 1) is the reference implementation. It being a Hibernate project, you can guess that Hibernate core would be able to use the constraints to generate table definitions, etc.. But what about other layers – I’d really like to see UI frameworks taking advantage of this, and generating browser-side validation JavaScript as well as enforcing the constraints server side.

Here’s what I was able to find in the JSF world:

MyFaces Extensions Validator
Planned support for JSR 303, but not currently supported. See this page.
RichFaces BeanValidator
RichFaces 3.2.2 supports constraints defined in Hibernate Validator. Presumably they’ll switch to JSR 303 in the future. Since Hibernate Validator 4 is the reference implementation, hopefully switching from Hibernate Validator 3.X to JSR 303 is little/no work.

Posted in Java | Tagged validation | 2 Comments

Grails security

Posted on June 1, 2009 by ron

I’m working an a Grails-based project which requires security, as pretty much every web application does. My high level requirements are:

Role-based access control
Database-based authentication (passwords stored in database)
Simple to use
Good documentation
Ability to model permissions for finer granularity authorization than role (nice to have)
Captcha support (nice to have)
OpenID support (nice to have)
Facebook Connect support (nice to have)

From browsing the list of Grails plugins, it looks like there are two that fit the bill, each based on well-established Java security frameworks. Here are my notes on each:

JSecurity plugin

Based on JSecurity framework (now Apache Ki)
API includes classes for user, roles, and permissions.
Support for role and permission-based authorization, which I prefer to use
Quick Start Guide has example of users and roles being created
Access control is declaratively configured, pointing to the controller & action
AuthController is responsible for common auth functions (logout, login) & login page-
Different authentication schemes (e.g. LDAP, database based auth) supported via realms
Supports database-based authentication (passwords stored in database)
OpenID support : not directly supported in JSecurity yet, but people have gotten it working at Grails level by integrating with OpenID plugin
Documentation looks good, but not as much available as the Spring Security plugin

Spring Security plugin

Based on Spring Security (Acegi security) framework
Supports database-based authentication (passwords stored in database)
Supports OpenID and Facebook connect for authentication
Also supports LDAP, Kerberos, CAS, NTLM for authentication
Support for role-based authorization
User and Role Groovy classes are generated. These may be customized after generation (e.g. to add attributes).
Generates a simple registration page with password confirmation and CAPTCHA support
Pages and actions security mappings (which pages/actions should be access controlled) can be stored in database, as annotations in the Controller, or using the standard URL string mapping supported by Spring security
Good documentation

Both plugins look very capable and meet my core requirements. Support for OpenID is a big plus for me so I went with Spring Security. I’ve been using it for about a week now. I may jot down some notes on it in a future post.

BTW, this to me is one of the huge advantages of dynamic language frameworks on the JVM; the ability to tap into mature, very full-featured existing Java frameworks, libraries, and drivers. This is particularly true for Grails, since it so heavily leverages existing frameworks (e.g. Spring, Hibernate).

Posted in Grails | Tagged Grails | 1 Comment

Idea 8.1 & Grails 1.1

Posted on May 1, 2009 by ron

I’ve been working with Grails again lately after not using it for a while. Last time I was using Grails was a pre-1.0 release about a year ago. Even then it was an extremely productive framework, but it was rough around the edges.

The main obstacle I saw was that exception messages and stack traces were not descriptive of the root problem. It wasn’t that the error messages were poorly written, but the error that was reported wasn’t near the root cause of the problem. The reported error was a far-removed side effect of the actual problem. If you had messed up the definition of your GORM domain class, the application may start up fine and complain that some dynamic save method was undefined for the domain class when you tried to use it. You then had to do a good deal of trial and error until you isolated what change caused the problem. Having a robust set of unit tests for your application helped, but it still took a while to diagnose the problem.

I’ve been using Grails 1.1 betas lately, and it looks like the error reporting has gotten much better. When I’ve gotten errors, it was usually pretty clear what the cause was.

Officially, IDEA only supports Grails 1.0, but it’s working fine for me with some tweaks. Here’s what I did:

Created the Grails 1.1 project outside of IDEA, using the grails command (not MVN plugin)
Redefine GROOVY and GRAILS global libraries in IDEA to point to the latest versions of each
Imported the existing Grails project into IDEA
After installing some Grails plugins (specifically, the google-chart plugin), I found that they weren’t on the classpath and the grails launcher no longer worked. Apparently Grails 1.1 moved where the plugins are stored and IDEA hasn’t been updated for this yet. To get around it, I added <home dir>/.grails/1.1/projects/<my project> to the module’s content root for my project, and added the plugin’s source directory (plugins/google-chart-0.4.8/src/groovy in my case) as a source folder within the added content root.

The grails app launcher is working for me, and I’m not getting the compile problems I was getting before.

Posted in General, Grails | Tagged General, Grails | 3 Comments

Setting up a virtual private server

Posted on February 2, 2009 by ron

I’ve had a dedicated server at a hosting provider that I’ve used to host applications and sites for years. I got a great price on the hosting package and it’s worked well, but the server’s growing long in the tooth and needs an OS upgrade. I’ve also had some hardware failures in the past which caused some downtime.

In looking for a replacement to my current server, I’ve been looking into the virtual private server options. A virtual private server will allow me to start small and scale up as needed, minimize outages due to hardware problems, and should be more economical than dedicated hosting.

Most of the VPS providers I looked at were using the open source Xen virtualization software, including Amazon EC2 and Slicehost. Amazon EC2 has some nifty features, such as pre-configured virtual server images (e.g. JBoss stack image, PHP stack image, etc), and a web services interface to manipulate your server instances, creating or removing instances as needed.

Amazon EC2 charges by the amount of time your instance is running, which for me basically means the time your instance is available to serve traffic. This is a good feature for people that need to dial up instances to handle large loads of traffic or execute some processing intensive task. I was hoping that I wouldn’t get charged for time that the instance is effectively idle, but unless I want my instance to be unavailable for some time period, I’d get charged. Amazon charges $0.10 per instance hour for the smallest instance, which if you want a server available all the time, works out to ~ $74/month, which is more than I was paying for my dedicated server.

Slicehost lets you add and remove “slices” (server instances) via their control panel, as well as resizing silces. They don’t provide a web service interface to control your instances as Amazon does. Also, I don’t see a way to upload pre-built images, such as a Apache/Tomcat/MySQL, or a Apache/PHP/MySQL pre-built image. These would be nice features, but definitely not must-haves for me. Slicehost charges on a monthly basis, with a 256MB RAM instance costing $20/month, and a 512MB instance costing $38/month. I signed up for the 256MB instance running Ubuntu linux to try it out, and was surprised it was up and running with shell access within 5 minutes of submitting the request.

Since I got set up with Slicehost, they got acquired by Rackspace, the largest hosting provider in the U.S. I see this as largely positive – giving them access to Rackspace’s data centers and economies of scale. Hopefully Slicehost’s excellent operations, web control panel, and pricing will continue to impress me.

Posted in Web | Leave a comment

Mercurial and Subversion : What’s working for me

Posted on December 22, 2008 by ron

One popular use of DVCS systems such as Mercurial and GIT is as “super clients” to Subversion, at least until more projects get on the DVCS bandwagon. You get most of the benefits of the DVCS and can still work the rest of the team using Subversion.

I’ve been using Mercurial to work on a couple projects I’m involved with that have Subversion repositories. GIT has a good bridge to Subversion built in. Unfortunately, Mercurial is a little bit behind on this front, but it looks like things are getting better quickly.

I initially tried out Tailor, a general purpose version control bridge tool, which supports Mercurial and Subversion among a bunch of others. I had difficulty getting Tailor to work with the Subversion repository I was working on, and it didn’t seem like Tailor was being used much for Mercurial-Subversion.

I’ve been using the hgsvn package lately and it’s worked out pretty well. The only caveat is that hgsvn doesn’t directly support uploading changes from Mercurial back to Subversion. hgsvn does a good job of downloading changesets from Subversion to Mercurial though, and there are a couple solutions to handle the other direction. I’ve been pushing changes back by using the excellent Mercurial MQ extension.

A new Mercurial-Subversion bridge, hgsubversion, looks like it supports both downstream and upstream changes from Mercurial to/from Subversion, and looks very promising. I’m just waiting for it to support importing starting at a particular Subversion revision before I can start using it.

Until I can use hgsubversion, here is how I’ve been using hgsvn. I installed hgsvn as a Python egg package via easy_install:

sudo easy_install hgsvn

The hgimportsvn command is used to import change sets from an existing Subversion repository into a local Mercurial repository it creates. You can optionally have it start at a particular Subversion revision if you don’t need the full history imported:

hgimportsvn [-r svn rev] <svn URL> <local directory name>

This creates a combined Subversion working directory and Mercurial repository in the local directory you give it. Once this is done you can update the Mercurial repository with the latest Subversion changesets by executing the following in the local directory:

hgpullsvn

You run hgpullsvn anytime you want to refresh the Mercurial repository with the latest from Subversion. You can then do anything you would do with a Mercurial repository, except committing changes of your own. Cloning, MQ, revision histories, diffs, etc all work. I tried committing a change to the Mercurial repository, then committing the same changes to Subversion, then doing an hgpullsvn to update both from the Subversion repository. This worked at first but the Mercurial repository got out of sync after a while, so I wouldn’t recommend it.

What I’ve been doing is managing the upstream changes via Mercurial Queues (MQ). This also helps me manage patches I want to apply on top of the latest code.

The first time using Mercurial Queues in a repository, you have to initialize the queue repository:

hg qinit -c

The -c option makes it so the queues repository is version controlled. You can then see what older versions of a patch were in case you need to roll back. I’m basically using patches as changesets, so it’s useful for me to be able to version control and have a history for them.

Once you have the queue repository, you can create a patch before making any changes to files:

hg qnew -g <patch name>

When you create a new patch, it automatically becomes an active patch at the top of the queue. You can then edit files as you normally would. ‘hg add’ and ‘hg remove’ commands mark files to be added or removed in the patch.

Once you’re ready to commit any changed/added/removed files to the patch, do a commit:

hg qcommit

Once committed, you can look in your .hg/patches/ directory and see the patch file.

Whenever I want to update from SVN, I pop everything off the patch queue so the Mercurial repository & Subversion working directory are pristine, and do the update:

hg qpop -a

hgpullsvn

I can then push the patches I’m working on back on top:

hg qpush -a

Whenever I’m ready to push changes into Subversion, I export the patch, then apply it to a separate Subversion working directory for commit:

hg export -g <patch name> > ../my.patch

in separate Subversion working directory,

patch -p1 < ../my.patch

Posted in Software Development, Tools | 3 Comments

MyFaces and JBoss built-in implementation

Posted on October 28, 2008 by ron

I’m working on a WebSphere-based application, and need to get it running on my Mac. RAD isn’t available for the Mac, and even if it was, it’s so far behind in Eclipse revisions that I can’t use most of the Eclipse plugins I find useful.

So there’s a couple options for developing WebSphere-based applications on Eclipse/Mac:

MyEclipse Blue Edition : An Eclipse distribution with WebSphere connectors. Bring your own WebSphere (e.g. WebSphere Express)
Make your application portable and develop on another app server : Develop on JBoss & Eclipse, but deploy on WebSphere

Right now I’m going with the second option, since a colleague already did most of the work of getting the application running under JBoss. I took the changes he had to make to get it to run under JBoss, and made them into a patch I could apply on top of the latest code from source control.

So far it’s working great. I just have to be careful to do a regression test in a RAD/WebSphere environment before any changes can be handed over to QA.

I did run into a problem with clashing JSF libraries in JBoss:

09:25:40,120 WARN [JBossJSFConfigureListener] MyFaces JSF implementation found! This version of JBoss AS ships with the java.net implementation of JSF. There are known issues when mixing JSF implementations. This warning does not apply to MyFaces component libraries such as Tomahawk. However, myfaces-impl.jar and myfaces-api.jar should not be used without disabling the built-in JSF implementation. See the JBoss wiki for more details.
09:25:40,126 WARN [config] Unable to process deployment descriptor for context ‘null’
09:25:40,443 ERROR [STDERR] java.lang.UnsupportedOperationException
09:25:40,444 ERROR [STDERR] at com.sun.faces.config.ConfigureListener$InitFacesContext.getViewRoot(ConfigureListener.java:1690)
09:25:40,444 ERROR [STDERR] at com.sun.faces.util.MessageFactory.getMessage(MessageFactory.java:113)
09:25:40,444 ERROR [STDERR] at com.sun.faces.util.MessageUtils.getExceptionMessageString(MessageUtils.java:277)
09:25:40,444 ERROR [STDERR] at com.sun.faces.config.ConfigureListener.configure(ConfigureListener.java:855)
09:25:40,444 ERROR [STDERR] at com.sun.faces.config.ConfigureListener.configure(ConfigureListener.java:502)
09:25:40,444 ERROR [STDERR] at com.sun.faces.config.ConfigureListener.contextInitialized(ConfigureListener.java:402)
09:25:40,444 ERROR [STDERR] at org.jboss.web.jsf.integration.config.JBossJSFConfigureListener.contextInitialized(JBossJSFConfigureListener.java:69)

The MyFaces Tomahawk components are an implementation of, and extension of the standard JSF components. This complicates things because when you use application servers that bring their own implementations, such as JBoss and WebSphere, you have to somehow get the application server to not load its implementation ahead of MyFaces. I wish MyFaces had just made their extended components use a separate namespace and we could then use their components while still keeping the application server JSF implementation.

For JBoss, the solution is to set a parameter that instructs JBoss to ignore its own JSF implementation in favor of yours. The following article describes the solution:

http://www.jboss.org/community/docs/DOC-10182

Posted in Java, Web | Leave a comment

Semantic documentation markup languages: XDocs, DocBook, Dita

Posted on August 13, 2008 by ron

I’ve been using the Maven XDoc markup language for documenting design on a client project. Looking into editors for XDoc led me to taking a closer look at DocBook, and Dita, a relative newcomer. All of these formats allow you to write documentation in a semantic manner, separate from the presentation. You can then generate HTML, PDF, RTF, etc from your document using your choice of transformers. DocBook has been around the longest, but is still active, with the 5.0 version recently released.

The best editor for these formats I’ve found is XMLMind XMLEditor. Here is information on using XMLEditor to edit XDoc documents. The latest version of XMLEditor supports DocBook v4 and v5 out of the box, and support for Dita can be downloaded as a plugin. Currently I’m leaning towards using DocBook for technical documentation due to its wider support, although Dita sounds interesting.

Posted in Tools | Leave a comment

Change Management and Bug Tracking

Posted on May 21, 2008 by ron

A project I’m involved with is in need of a change management tool, so I’m in the process of re-evaluating the landscape of open source change management tools, and testing a couple out.

Change management is one of those software software development practices that I rarely see implemented in IT projects, although it helps to organize development and cuts down on the more tedious project management activities (gathering status, updating detailed project plans). Change management is similar to defect tracking, which is frequently used, but is broader is scope. Defect tracking is really a subset of change management.

In a change management process, every proposed and actual change to an artifact is recorded and tracked in a change management tool. I say artifact rather than code because it can be used to track changes to requirements, test scripts, documentation, design; not just code. Every change to an artifact and commit to VCS has an associated record in the change management tool associated with it, describing the nature of the change, who requested it, what release it was planned for, etc.

Open source projects seem to more frequently use change management, which isn’t surprising considering they are made up of distributed teams who need a good way to keep track of what changes are planned for, and tracking the progress of those changes.

There’s a bunch of open source change management tools out there. Roundup, JTrac, XPlanner, Scarab, Mantisbt, ITracker, Trac, and Bugzilla are the tools I took a look at.

I have several criteria for a change management tool, including:

Ability to link one change request to another
This can be used to set up dependencies between changes or defects (this bug has to be fixed before that one can) or to break up large changes into smaller ones to be worked on by different people (e.g. have a change request to track the development of a feature, linked to smaller change requests to track the changes to implement the feature).
RSS feeds for reports/searchs
Support for representing enhancements and defects
Support for components, with the ability to assign change requests to components, and to assign owners for each component
Easy to administer – Ability to administer products, components, and users through a web UI
Ability to authenticate against LDAP
Active development community
Easy to use, web-based on-demand reporting and charting
Can run on Windows (it’s the box I have)
Support by Mylyn

I narrowed the choice down to Bugzilla and Trac, and settled on Bugzilla after installing both. I’ve used and installed Bugzilla before, so I was already pretty comfortable with it. The Bugzilla Windows installation has come a long way since the last time I tried it (~2001). Back then I gave up and ended up installing Linux on a box just to be able to run Bugzilla. It still requires quite a few steps, but it worked without too much trouble.

I installed stable version 3.0.4 following the instructions at http://www.bugzilla.org/docs/win32install.html. At a high level, the steps were:

Download and unpack tarball
Install MySQL 5.0.51a
Create Bugzilla database and database user
Installe ActiveState Perl 5.8.8
Installed a bunch(!) of Perl packages via bundled PPM tool
Install & Configure Apache 2.2
Had to upgrade Email and Mime related Perl packages (see this blog posting).
Download and install Graphviz, and tell Bugzilla where the ‘dot’ executable can be found (Bugzilla parameters->Dependency Graphs)
Execute perl collectstats.pl (not sure if this is doing anything)
I had to execute the following to get graphical reports to work: ppm install Template-GD

Posted in Software Development, Tools | 1 Comment

Using IntelliJ IDEA

Posted on March 27, 2008 by ron

I’ve started using Intellij IDEA as an IDE. I’ve always heard good things about it but stuck with Eclipse because it’s pretty good, and the standard used by most clients I’ve worked with.

What got me to try it out was the Groovy/Grails support. I’ve been doing some work with Grails and had heard they had a good plugin. After working with it a while, the Groovy support is the best out of the three major Java IDEs (Eclipse, NetBeans, IDEA). The Maven 2 support is great too.. It’s by far the best support for Maven 2 in any IDE. There are some features I would still like them to add (such as a Maven repository index/search feature), but the important things work well (handling Maven dependencies).

In general, I find myself having to fiddle with the UI less than I do with Eclipse (configuring and switching perspectives, resizing panes, etc).

The other plugin I was really interested in was the Mercurial IDEA plugin. This plugin is still early in the development cycle. Unfortunately it gave me an error when starting up – it was compiled for JDK 1.6 and I’m stuck with 1.5 on my Mac. I imported the MercurialIdea plugin source into Idea, reset it to use the Idea platform runtime, and rebuilt the plugin without success. No biggie, the Mercurial command line is easy enough to use.

Posted in Software Development, Tools | Leave a comment

OpenID, Yahoo, and other news

Posted on January 21, 2008 by ron

Recent OpenID developments…

At the end of this month, Yahoo will be supporting OpenID. Any Yahoo user that chooses to enable the feature will be able to use their Yahoo ID on sites that support OpenID. The announcement doesn’t mention Yahoo accepting OpenIDs from other providers, so this is probably only one-way for now. So put together the population of Yahoo users which are now getting OpenID support, and AOL users, which have had it for a while, and you have a pretty large chunk of the web population that have OpenIDs (once they enable them anyways). Now we need more websites to accept OpenIDs from other providers.

I’m waiting for Acegi to support OpenID so I can build support into a webapp I’m working on. Looks like there’s been some recent progress on that front.

Another OpenID related, if a bit old, tidbit – MyOpenId now supports Information Card as a means to authenticate with MyOpenID. So when prompted to authenticate to MyOpenID, you can present an Information Card and authenticate without using a username or password at all.

Posted in Tools, Web | Leave a comment