DDevelopment & Design

Modular Web Application using Eclipse Snaps

Few days ago, new milestone 3.0.0.M03 of Eclipse Virgo was released. Final release of this well prepared OSGi-based application Server getting closer so I decided to take a look at how to use it to write simple modular web application.

What does it mean a modular web application in OSGi environment? I imagine that this application should:

1) Change their look after installation of some extensions.

2) Also we should be able to write new request handlers for our application or modify flow control of existed.

First idea which occurred to me how to resolve first mentioned problem is to use fragment bundles mechanism. Fragment bundles give opportunity to create bundles with resources and classes which will be accessible from host bundle classloader. A key use case of its was “providing translation files for different locales“. So we can do few fragments with jsp files which should be able to include in index servlet page. Also we can provide some configuration files with class names of new request handlers which could be created using java reflection.

But fragment bundles have some disadvantages. How we can read in specification: “The new content of the updated fragment must not be allowed to attach to the host bundles until the Framework is restarted or the host bundle is refreshed“. This mean that we cannot do installation of extention without refreshing host bundle. Also new jsps must be compiled as a part of host application’s jsps so it is second reason why host bundle should be restarted. The last thing is that fragment bundles can’t have Bundle Activator which is also useful in many cases.

Eclipse Virgo gives component which resolves this problems – Virgo Snaps. It is easy in use extension which helps create modular web application framework. Sources are available here

After build of project and copy artifacts to virgo:

cd build-snaps

ant jar

cd ..

cp org.eclipse.virgo.snaps.api/target/artifacts/org.eclipse.virgo.snaps.api.jar ${virgo.home}/repository/usr/

cp org.eclipse.virgo.snaps.core/target/artifacts/org.eclipse.virgo.snaps.core.jar ${virgo.home}/repository/usr/

… and restart of server, we are ready to use snaps.

In samples dir there is example menu-bar showing idea of Snaps. In host bundle – animal.menu.bar we can see in top.jsp usage of taglib snaps:

  • “> ${snap.properties[‘link.text’]}

 

 

It is simple way to iterate through snaps associated with this host. Only thing which we must to do is to add this snippet to MANIFEST.MF:

Snap-Host: animal.menu.bar;version="[1.0, 2.0)"

Snap-ContextPath: /cat

In first line we are manifesting that this snap will be used as a part of host animal.menu.bar. In the second that all servlets will be deployed in this subcontext of context of host.

In this example also were used properties from file snap.properties which are available in session as attribute properties of snap.

After install host bundle at url: http://localhost:8080/animal-menu-bar we can see page without menu items. After installation of new items are become available.

— Previous article

We wtorek (19 04 2011) dowiemy się co dobrego można znaleźć w JDK7.

Next article —

<!--:en-->Spring security authentication-success-handler-ref and authentication-failure-handler-ref does not work with KerberosServiceAuthenticationProvider<!--:-->

You May Also Like
DDevelopment & Design

Grails session timeout without XML

This article shows clean, non hacky way of configuring featureful event listeners for Grails application servlet context. Feat. HttpSessionListener as a Spring bean example with session timeout depending on whether user account is premium or not.

Common approaches

Speaking of session timeout config in Grails, a default approach is to install templates with a command. This way we got direct access to web.xml file. Also more unnecessary files are created. Despite that unnecessary files are unnecessary, we should also remember some other common knowledge: XML is not for humans.

Another, a bit more hacky, way is to create mysterious scripts/_Events.groovy file. Inside of which, by using not less enigmatic closure: eventWebXmlEnd = { filename -> ... }we can parse and hack into web.xml with a help of XmlSlurper.
Even though lot of Grails plugins do it similar way, still it’s not really straightforward, is it? Besides, where’s the IDE support? Hello!?

Examples of both above ways can be seen on StackOverflow.

Simpler and cleaner way

By adding just a single line to the already generated init closure we have it done:
class BootStrap {


    def init = { servletContext ->    

        servletContext.addListener(OurListenerClass)    

    }    

}

Allrighty, this is enough to avoid XML. Sweets are served after the main course though :)

Listener as a Spring bean

Let us assume we have a requirement. Set a longer session timeout for premium user account.
Users are authenticated upon session creation through SSO.

To easy meet the requirements just instantiate the CustomTimeoutSessionListener as Spring bean at resources.groovy. We also going to need some source of the user custom session timeout. Let say a ConfigService.
beans = {    

    customTimeoutSessionListener(CustomTimeoutSessionListener) {    

        configService = ref('configService')    

    }    

}

With such approach BootStrap.groovy has to by slightly modified. To keep control on listener instantation, instead of passing listener class type, Spring bean is injected by Grails and the instance passed:
class BootStrap {


    def customTimeoutSessionListener


    def init = { servletContext ->    

        servletContext.addListener(customTimeoutSessionListener)

    }    

}

An example CustomTimeoutSessionListener implementation can look like:
import javax.servlet.http.HttpSessionEvent    

import javax.servlet.http.HttpSessionListener    

import your.app.ConfigService    


class CustomTimeoutSessionListener implements HttpSessionListener {    


    ConfigService configService


    @Override    

    void sessionCreated(HttpSessionEvent httpSessionEvent) {    

        httpSessionEvent.session.maxInactiveInterval = configService.sessionTimeoutSeconds

    }    


    @Override    

    void sessionDestroyed(HttpSessionEvent httpSessionEvent) { /* nothing to implement */ }    

}
Having at hand all power of the Spring IoC this is surely a good place to load some persisted user’s account stuff into the session or to notify any other adequate bean about user presence.

Wait, what about the user context?

Honest answer is: that depends on your case. Yet here’s an example of getSessionTimeoutMinutes() implementation using Spring Security:
import org.springframework.security.core.context.SecurityContextHolder    


class ConfigService {


    static final int 3H = 3 * 60 * 60

    static final int QUARTER = 15 * 60


    int getSessionTimeoutSeconds() {    


        String username = SecurityContextHolder.context?.authentication?.principal    

        def account = Account.findByUsername(username)    


        return account?.premium ? 3H : QUARTER

    }    

}
This example is simplified. Does not contain much of defensive programming. Just an assumption that principal is already set and is a String - unique username. Thanks to Grails convention our ConfigService is transactional so the Account domain class can use GORM dynamic finder.
OK, config fetching implementation details are out of scope here anyway. You can get, load, fetch, obtain from wherever you like to. Domain persistence, principal object, role config, external file and so on...

Any gotchas?

There is one. When running grails test command, servletContext comes as some mocked class instance without addListener method. Thus we going to have a MissingMethodException when running tests :(

Solution is typical:
def init = { servletContext ->

    if (Environment.current != Environment.TEST) {    

        servletContext.addListener(customTimeoutSessionListener)    

    }    

}
An unnecessary obstacle if you ask me. Should I submit a Jira issue about that?

TL;DR

Just implement a HttpSessionListener. Create a Spring bean of the listener. Inject it into BootStrap.groovy and call servletContext.addListener(injectedListener).
DDevelopment & Design

Spring security authentication-success-handler-ref and authentication-failure-handler-ref does not work with KerberosServiceAuthenticationProvider

I'm using SpringSecurity with KerberosServiceAuthenticationProvider which is Kerberos security extension. You can read how to use it on extension author's blog.But you cannot use handler on form-login to catch authorization result. It's because of inne...I'm using SpringSecurity with KerberosServiceAuthenticationProvider which is Kerberos security extension. You can read how to use it on extension author's blog.But you cannot use handler on form-login to catch authorization result. It's because of inne...
DDevelopment & Design

Micro services on the JVM part 1 – Clojure

Micro services could be a buzzword of 2014 for me. Few months ago I was curious to try Dropwizard framework as a separate backend, but didn’t get the whole idea yet. But then I watched a mind-blowing “Micro-Services Architecture” talk by Fred George. Also, the 4.0 release notes of Spring covers microservices as an important rising trend as well. After 10 years of having SOA in mind, but still developing monoliths, it’s a really tempting idea to try to decouple systems into a set of independently developed and deployed RESTful services.

Micro services could be a buzzword of 2014 for me. Few months ago I was curious to try Dropwizard framework as a separate backend, but didn’t get the whole idea yet. But then I watched a mind-blowing “Micro-Services Architecture” talk by Fred George. Also, the 4.0 release notes of Spring covers microservices as an important rising trend as well. After 10 years of having SOA in mind, but still developing monoliths, it’s a really tempting idea to try to decouple systems into a set of independently developed and deployed RESTful services.