DDevelopment & Design

33rd Degree day 3 review

At the last day of the conference, I’ve decided to skip the first presentations, and get some sleep instead. I was afraid that Venkat’s show is going to be too basic, I will see Jacek Laskowski talking about closure at 4Developers, which I’m kind of s…
At the last day of the conference, I’ve decided to skip the first presentations, and get some sleep instead. I was afraid that Venkat’s show is going to be too basic, I will see Jacek Laskowski talking about closure at 4Developers, which I’m kind of supervising from the Java perspective. As an afterthought, I should have gone to see “Static Code Analysis and AST Transformations” by Hamlet D’Arcy, as I really like this guy and the topic is intriguing at least, but I didn’t want to intoxicate myself more with coffee, and really needed to get some sleep.

MongoDB: Scaling Web Application

The first talk I’ve seen was by Ken Sipe. It was a very interesting case study, and I love case studies. They give you a real perspective, unlike the product-half-marketing that some authors are doing, and unlike self-marketing that some “professional” speakers perform. 
Ken had an interesting project at hand: a Facebook like social service, that deals with politic, named GoVote. Half of the presentation was a bit basic, with simple CRUD syntax, but when Ken started to talk about modeling, it got interesting.
Ken used Grails as the web framework and went through several plugins/libs to get him to the performance and efficiency he needed. Every one of them failed, except for GSP, which is a thing worth reflecting about. His lesson was not really surprising: you should not use any abstracts (ORM?), when playing with document databases. He sticked to GORM because of how fast his problems were solved on the mailing list and bug tracker, but GORM doesn’t really give you the resolution you want, when dealing with tree structures composed of documents.
My favourite part, albeit short, was about modeling. Ken managed to get ONE hit to DB per dynamic web page, something I’ve always dreamed of. His advice was to focus on use cases, and design document model with use cases in mind. You get a sign of bad design, when you find nested joins (hitting more than once for the data), and you can usually get away with tags, instead. Interesting stuff, I hope to verify that soon.

HTML5 For Developers

Nathaniel Schutta had a large presentation at hand, nothing he kind fit into only one hour, so he gave us a choice: what do we want to hear about. It turned out, the audience was most interested into Web Workers, local web storage and Canvas. Each had their caveats. 
Web workers allow to get some much needed concurrency  into heavy GUI (or game engines, I guess), work with a simple API where you can handle errors and spawn new workers.
Local storage is unfortunately limited by default to 5MB, and you may get unsuccessful persuading the user to change it. Apart from that, it’s a simple key-value store (both Strings), with storage events (think on-insert etc.), but current implementations handle those not without some problems.
Canvas was quite interesting. Though it has a very simple API, and only basic primitives implemented, I’ve already bought a 500 pages long book about it (and that’s without any info on all the libs build on top of it).

Ending keynotes

There were three ending keynotes, one from Nathaniel Schutta, Jurgen Appelo and the last from Robert C. Martin. As expected, those were entertaining, though unless you’ve been sleeping through the last three years in a cave, you would not be surprised by both craftsman. Jurgen, however, was quite a different animal.
His talk, titled “How to Change the World”, was based on his book “Management 3.0” and his work afterwards. I’ve been interested in the mechanics of change, since I’ve been trying to change with more or less luck, all the companies I’ve worked for. Jurgen has a lot to say in that matter, and I’ve been wrong on so many levels in my attitude towards change, that the talk was very refreshing.
You can take a look at his presentation here:
How to Change the World
Overall, while it’s too early to say whether that was the best JVM conference in Poland this year, I can recommend 33rd on all grounds. I feel I can bet blindly on it next year. Grzegorz Duda delivers enormous knowledge in so little time and so little money.

Solution Architect @ TouK

— Previous article

33rd Degree day 2 review

Next article —

Bankowcy o dostawcach

You May Also Like
DDevelopment & Design

Phonegap / Cordova and cross domain ssl request problem on android.

In one app I have participated, there was a use case:
  • User fill up a form.
  • User submit the form.
  • System send data via https to server and show a response.
During development there wasn’t any problem, but when we were going to release production version then some unsuspected situation occurred. I prepare the production version accordingly with standard flow for Android environment:
  • ant release
  • align
  • signing
During conduct tests on that version, every time I try to submit the form, a connection error appear. In that situation, at the first you should check whitelist in cordova settings. Every URL you want to connect to, must be explicit type in: 
res/xml/cordova.xml
If whitelist looks fine, the error is most likely caused by inner implementation of Android System. The Android WebView does not allow by default self-signed SSL certs. When app is debug-signed the SSL error is ignored, but if app is release-signed connection to untrusted services is blocked.



Workaround


You have to remember that secure connection to service with self-signed certificate is risky and unrecommended. But if you know what you are doing there is some workaround of the security problem. Behavior of method 
CordovaWebViewClient.onReceivedSslError
must be changed.


Thus add new class extended CordovaWebViewClient and override ‘onReceivedSslError’. I strongly suggest to implement custom onReceiveSslError as secure as possible. I know that the problem occours when app try connect to example.domain.com and in spite of self signed certificate the domain is trusted, so only for that case the SslError is ignored. 

public class MyWebViewClient extends CordovaWebViewClient {

   private static final String TAG = MyWebViewClient.class.getName();
   private static final String AVAILABLE_SLL_CN 
                               = "example.domain.com";

   public MyWebViewClient(DroidGap ctx) {
       super(ctx);
   }

   @Override
   public void onReceivedSslError(WebView view, 
                                  SslErrorHandler handler, 
                                  android.net.http.SslError error) {

       String errorSourceCName = error.getCertificate().
                                  getIssuedTo().getCName();

       if( AVAILABLE_SLL_CN.equals(errorSourceCName) ) {
           Log.i(TAG, "Detect ssl connection error: " + 
                       error.toString() + 
                       „ so the error is ignored”);

           handler.proceed();
           return;
       }

       super.onReceivedSslError(view, handler, error);
   }
}
Next step is forcing yours app to  use custom implementation of WebViewClient. 

public class Start extends DroidGap
{
   private static final String TAG = Start.class.getName();

   @Override
   public void onCreate(Bundle savedInstanceState)
   {
       super.onCreate(savedInstanceState);
       super.setIntegerProperty("splashscreen", R.drawable.splash);
       super.init();

       MyWebViewClient myWebViewClient = new MyWebViewClient(this);
       myWebViewClient.setWebView(this.appView);

       this.appView.setWebViewClient(myWebViewClient);
       
       // yours code

   }
}
That is all ypu have to do if minSdk of yours app is greater or equals 8. In older version of Android there is no class 
android.net.http.SslError
So in class MyCordovaWebViewClient class there are errors because compliator doesn’t see SslError class. Fortunately Android is(was) open source, so it is easy to find source of the class. There is no inpediments to ‘upgrade’ app and just add the file to project. I suggest to keep original packages. Thus after all operations the source tree looks like:

Class SslError placed in source tree. 
 Now the app created in release mode can connect via https to services with self-signed SSl certificates.