HTML code parsing and truncation

March 23, 2010, 6:28 am

Many a times we run in to situations where we need to parse the HTML response text and truncate it. Truncation might be situational and needs might be different in every case. All we want is that when the HTML text is truncated, markup/HTML tags should be properly closed, else it will distort the UI. Below is the sample code which parses a given HTML text and truncates it based on the provided limit. While calculating the length of truncated text, length of markup/HTML tags will not be considered because those tags will not take space on UI/Web page (HTML tags are rendering tags). For example you have following HTML text:

<html>
<body>
<span>This is sample text, and I want to <b>truncate</b> it, can you please help me!
</body>
</html>

and you want to truncate it, so that the length of text displayed on HTML page should be 50, but you don't want length of HTML tags to be considered while calculating truncated text length. In this situation below code will help you.

import java.util.Iterator;

import java.util.Stack;

import java.util.StringTokenizer;

import java.util.regex.Matcher;

import java.util.regex.Pattern;

import com.localmatters.util.StringUtils;

/**

* A class which will format the given HTML string by preserving the order of start and end HTML tags

publicclass HtmlTextTruncator {

/**

* This method will return a substring of HTML text based on provided limit by preserving the order of HTML tags.

* Length of HTML tags will not be considered while calculating the length of return string.

@SuppressWarnings("unchecked")

publicstatic String htmlSubString(String inputString, int limit) {

int actualTextLength = 0; // Text length without considering HTML tags

boolean isNewTag = false;

String htmlTagPattern = "<[^<^>]*>"; // Any HTML tag (start or end)

Pattern htmlStartTagPattern = Pattern.compile("<[^/^<^>]*>"); // only start tag

Pattern htmlEndTagPattern = Pattern.compile("]*>"); // only end tag

Stack tags = new Stack(); // Stack varibale used for pushing and poping up the HTML tags

StringBuilder message = new StringBuilder();

if(StringUtils.isNotEmpty(inputString) && limit > 0) {

// Create the regular expression based tokenizer

Iterator htmlTokenizer = new RETokenizer(inputString, htmlTagPattern, true);

// Get the tokens (and delimiters)

while(htmlTokenizer.hasNext()) {

String tokenOrDelim = (String)htmlTokenizer.next();

if(htmlStartTagPattern.matcher(tokenOrDelim).matches()) {

if (actualTextLength <>tags.push(tokenOrDelim); // add tag to stack

message.append(tokenOrDelim);

} else {

isNewTag = true;

}

} elseif(htmlEndTagPattern.matcher(tokenOrDelim).matches()) {

if (!isNewTag) {

tags.pop(); // remove tag from stack

message.append(tokenOrDelim);

} else {

isNewTag = false;

}

} elseif (actualTextLength <>

StringTokenizer textTockens = new StringTokenizer(tokenOrDelim, " ", true);

while(textTockens.hasMoreElements()) {

String word = textTockens.nextToken();

if(limit - actualTextLength > 0) {

message.append(word);

actualTextLength+=word.length();

} else {

break;

}

} else {

message.append(inputString);

}

return message.toString();

}

@SuppressWarnings("unchecked")

class RETokenizer implements Iterator {

private CharSequence input;

private Matcher matcher;

privatebooleanreturnDelims;

private String delim;

private String match;

privateintlastEnd = 0;

public RETokenizer(CharSequence input, String patternStr, boolean returnDelims) {

// Save values

this.input = input;

this.returnDelims = returnDelims;

// Compile pattern and prepare input

Pattern pattern = Pattern.compile(patternStr);

matcher = pattern.matcher(input);

}

// Returns true if there are more tokens or delimiters.

publicboolean hasNext() {

if (matcher == null) {

returnfalse;

}

if (delim != null || match != null) {

returntrue;

}

if (matcher.find()) {

if (returnDelims) {

delim = input.subSequence(lastEnd, matcher.start()).toString();

}

match = matcher.group();

lastEnd = matcher.end();

} elseif (returnDelims&& lastEnd< input.length()) {

delim = input.subSequence(lastEnd, input.length()).toString();

lastEnd = input.length();

// Need to remove the matcher since it appears to automatically

// reset itself once it reaches the end.

matcher = null;

}

returndelim != null || match != null;

}

// Returns the next token (or delimiter if returnDelims is true).

public Object next() {

String result = null;

if (delim != null) {

result = delim;

delim = null;

} elseif (match != null) {

result = match;

match = null;

}

return result;

}

publicboolean isNextToken() {

returndelim == null&& match != null;

}

publicvoid remove() {

thrownew UnsupportedOperationException();

}

↧

The "Maven" way of doing Flex

April 26, 2010, 6:07 am

≫ Next: Multiple log files using log4j appender

≪ Previous: HTML code parsing and truncation

From last few weeks I was evaluating the power of flex as front end for an enterprise level application and so far it looks very promising. Initially when I started working on Flex I noted that it was missing a very important things and that was capability to share projects/modules when bigger team are working on a single project.

I am from Java background and have worked with couple of good frameworks but Maven was common for all of them. For those who have not heard of Maven should explore it. It is nice tool for managing releases of a project and sharing the development versions with other team members on a big project. Already Maven has proved its capabilities for many of us.

Ok, let's come back to the new yummy topic (Flex). For flex development and release management there are very few tools. If you want to do Flex in Maven way then it is worth investing sometime in Flexmojos. Flexmojos is basically another maven plugin which allows us to configure a Flex project, its dependencies and release versions.

In coming few days I'll be trying to post couple of examples about how to use "flexmojos", but in the mean time if you are interested you can read about it here:
http://flexmojos.sonatype.org/

You can track latest changes here:
https://issues.sonatype.org/browse/FLEXMOJOS

↧

Multiple log files using log4j appender

April 28, 2010, 8:45 am

≫ Next: Flex Quick Overview

≪ Previous: The "Maven" way of doing Flex

Log4j is no doubt is "the best" library for logging purpose and it is used by a lot of developers. It provides many appenders ranging from plain text files to HTML appenders to SMTP appender etc... and also, it allows us to write our own appender.

In this post I'll discuss how you can create a dedicated appender which can be used to generate the separate/second log file independent of root logger.

1) First thing you need to do is, define a custom logger configuration which we'll be using later (promise, I'll show how?). Below is the sample configuration:

(this should go to your log4j.properties file)

log4j.logger.myLogger=DEBUG, mylogger

log4j.appender.mylogger=org.apache.log4j.RollingFileAppender
log4j.appender.mylogger.maxFileSize=5000KB
log4j.appender.mylogger.layout=org.apache.log4j.PatternLayout
log4j.appender.mylogger.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %c : %m%n
log4j.appender.mylogger.File=c:/seconf_file.log

Note the first line, we have given a name (myLogger) to our logger and we'll be using this name in our code to get instance of our custom logger (mylogger).

2) Second, to use this appender you have to get an instance of it. Below is the sample code which shows how to do it (I completed my promise):

private or public (whatever you want)

private static final Logger log = Logger.getLogger("myLogger");

with the "log" instance you can send your log statemnts to a selected logger (in this case mylogger, which will go to seconf_file.log)

Similarly you can define your own loggers and use them as and when needed.

Enjoy !!!!!

↧

Flex Quick Overview

April 29, 2010, 7:26 am

≫ Next: Flex Error: Call to a possibly undefined method

≪ Previous: Multiple log files using log4j appender

What am I targeting here?
1) What is flex and how to start Flex development?
2) Interesting facts about Flex.
3) Few Resources.

What is flex and how to start Flex development?

You might have heard about Flex these days, so what is it? And why should one show interest towards it? Long story in short:

“Flex was built for making rich client side application behavior. It wasn't built for making web pages, banner ads, or server side logic it was built for creating client-side applications that runs over the Internet talking to remote servers. Flex is being used to build rich applications”

Where should I start?

• First you need to have Flex SDK, you can download it from http://www.adobe.com/devnet/flex/?view=downloads. Flex SDK is free !!!!!
• You need to have and IDE for developing Flex applications; we have two options for this (a) Flex Builder and (b) Eclipse plug-in for Flex Builder. These tools are not free but the trial version can be downloaded from http://www.adobe.com/go/try_flashbuilder
• A web server. Through this article I’ll refer tomcat and it can be downloaded from http://tomcat.apache.org/

That’s all bout tools, another important thing which you need is interest in learning new things and obviously for developing Flex applications you’ll need good command on ActionScript. But, for now if you don’t have good knowledge that’s fine, I am one among you...

I’ll not go through the installation process of Flex SDK, Builder and Tomcat, that is pretty straight and simple. Before we start actual development I’ll quote few points which will be helpful to understand Flex and use it in more efficient way, there could be other ways and I’ll love to hear that from you…

A typical flex application consist of a binary flash file (with .SWF as extension) and few HTML pages which loads the .SWF files. A SWF file is a complete package (pretty similar to J2EE WAR file) which consist of:
• Images and other assets.
• Themes CSS (yes you can have a CSS for flex, but is somewhat different than regular CSS used on HTML pages).
• Modules (I’ll discuss more on this, as it is important for large applications).
• Custom components.
• Run time libraries.
• Resource bundle (main used for localization)
• And XYZ123……resources which your application needs.

When we access a Flex application the .SWF file gets downloaded from internet and then it run locally. For smaller application one flash file (.SWF) will be OK, but if your application is quite large and it has multiple pages/screens then it is good idea to break them in pieces, how???? Flex Modules are there for us.

Interesting facts about Flex

Q) How difficult is it for a Java/.NET developer to learn Flex?
ActionScript is heart for Flex and it is pretty much similar to Java/C#. So, if you have good knowledge of Object Oriented design then you can learn it relay quick.

Q) I heard that Flex application is having performance issue?
A badly designed application always has performance problems. Flex provides many features, and if we consider them while developing application then you’ll get even better performance. Flex modules is one feature using which you can break down the big application in smaller pieces and load modules as and when needed rather than loading complete .SWF file.

Q) Can we optimize a Flex application for SEO?
Yes, you can do that and Adobe is actively working with Google and other search engine giants to give more and more….you’ll be visible to world. See this for more information http://www.adobe.com/devnet/flashplayer/articles/swf_searchability.html

Q) Are there any framework which allows integration with Java applications?
Yes, there are many and few popular ones are:
BlazeDS: http://opensource.adobe.com/wiki/display/blazeds/BlazeDS/
Spring Flex: http://coenraets.org/blog/flex-spring

Q) Are there any code generators available which we can use for converting Java to ActionScript files (.as)?
Yes, you can use granite: http://www.graniteds.org/confluence/pages/viewpage.action?pageId=229378

Resources
Few resources which you should consider:
1) Coding conventions: http://opensource.adobe.com/wiki/display/flexsdk/Coding+Conventions
2) A nice site to follow http://flex.org, you'll find cool stuff here.

↧

Flex Error: Call to a possibly undefined method

May 1, 2010, 12:04 pm

≫ Next: Flex: Loading external properties file

≪ Previous: Flex Quick Overview

Hi,

I spent a lot of time finding why I am getting "Call to a possibly undefined method" even though it was defined in my class. I came to conclusion that :

"Never ever declare a variable with a name similar to namspace/package name."

Here is a nice supportting example:

1) Lets say you have a Flex application which contains a Main.mxml at root.
2) Create a class HelloExample.as in a package config (i.e. config/HelloExampl.as) and declare a function sayHello() which just says "Hi".
3) Declare a varibale with name "config" in Main.mxml and try to call the method sayHello() and you'll get this error.

There are other cases as well when you'll get this error, but I thought it is worth mentioning here because its not easy to find. I hope this will help some one.

↧

Flex: Loading external properties file

May 15, 2010, 9:47 am

≫ Next: Cloud Computing: emerging frameworks comparision and fight !

≪ Previous: Flex Error: Call to a possibly undefined method

Flex is a nice platform which provides many out of box feature and that's why more and more Java developers are bending towards it. When I started using flex very soon I started comparing it with Java features. Java provides a features where you can externalize your application configurations in to a configuration (.properties) file external to application, by doing this we can change the configuration without actually changing the application code. Flex is also having same concept where you can externalize the application configurations in to a file. Here is a sample action script class using which you can load a (.properties) file in Flex application.

public class PropertyFileLoader

  {
    [Bindable]
    private var VARIABLES_URL:String = "default.properties";
    [Bindable]
    public var vars:HashTable = new HashTable();
    private var urlReq:URLRequest;
    private var urlLdr:URLLoader;
    public function getValue(key:String):String
    {
      if(key != null && key.length > 0)
      {
        return vars.getItem(key);
      }
      return null;
    }

    public function PropertyFileLoader(fileName:String) {
      /* Initialize the two ArrayCollections objects with empty arrays. */
      VARIABLES_URL = fileName;
      /* Initialize the URLRequest object with the URL to the file of name/value pairs. */
      urlReq = new URLRequest(VARIABLES_URL);

/* Initialize the URLLoader object, assign the various event listeners, and load the specified URLRequest object. */

      urlLdr = new URLLoader();
      urlLdr.addEventListener(Event.COMPLETE, doEvent);
      urlLdr.load(urlReq);
    }

    private function doEvent(evt:Event):void
   {
      switch (evt.type) {
        case Event.COMPLETE:
          if(vars.length <= 0)
          {
            var ldr:URLLoader = evt.currentTarget as URLLoader;
            var lines:Array = ( ldr.data as String ).split( "\n" );

            for each ( var line:String in lines ) {
              var pair:Array = line.split( "=" );
              vars.addItem(pair[0], pair[1]);
            }
             break;
          }
      }
    }
  }

And this is how you'll use above class to load the external file (sample.properties) and use the configuration values in you application:

sample.properties file:
service.endpoint=http://surya:8080/erp/messagebroker/amf

Code to access above property:
publicvar configuration:PropertyFileLoader = new PropertyFileLoader("sample.properties");

publicvarconfigValue:String = configuration.getValue("service.endpoint");

Apart from above code we also need check sandbox security options which should allow flash player (flex) to access the sample.properties file. For more information follow this link http://www.macromedia.com/support/documentation/en/flashplayer/help/set tings_manager04.html and update your sandbox security options accordingly.

↧

Cloud Computing: emerging frameworks comparision and fight !

May 16, 2010, 2:39 am

≫ Next: Robot In Space (RIS) - Introduction

≪ Previous: Flex: Loading external properties file

We have been hearing a lot about cloud computing these days and lot of companies are coming up with various frameworks and strategies for cloud computing. The main thing which I am afraid of is "no standard" behind the cloud computing and every other developer is building whatever he likes and the way he likes. This will present a serious problem to developer community in coming days, how??

1) It'll be very hard for developer to understand what cloud computing is? And the problem is "no standard" (I don't like complaining, but its true).
2) Every framework provides its own concept which makes developers life harder.
3) Integration will be one of the areas where developers will face a big problem while communicating with applications deployed in heterogeneous clouds.

Lack of convention and standards will need to address in coming days so that the buzz word “CLOUD COMPUTING” can live for a long time (at least in developer community). Here is one link where I found someone (somewhere) doing something in the direction of standards http://www.itnews.com.au/Tools/Print.aspx?CIID=174893&utm_source=twitterfeed&utm_medium=twitter

A nice comparison between to famous frameworks (Hadoop Vs GridGain):
http://wiki.apache.org/hadoop/HadoopVsGridGain

http://gridgain.blogspot.com/2008/05/gridgain-vs-hadoop-continued.html

↧

Robot In Space (RIS) - Introduction

May 30, 2010, 8:53 am

≫ Next: Deep copy VS shallow copy of OBJECTS!

≪ Previous: Cloud Computing: emerging frameworks comparision and fight !

I played a role of Robot this weekend...

I was think of a concept about designing a Java wrapper/representation of real time Robot. After spending some time I thought let's write it using OOP (Object Oriented Programing). After thinking for a while I started writing few classes and interfaces and very soon it became very intresting and I thought that I should share my work with you all.

Still I am not completely done with the idea I have. I am still improving the code and re-factoring it. I have already created a project on Google-Projects but, still I have not uploaded the code. After a satisfactory re-factoring I'll upload it and I'll update my blog about it or you can follow me on twitter for update.

At the moment I the thing which I can share with you is a simple introductory document. For more information please download the PDF from here.http://robot-in-space.googlecode.com/files/Robot%20In%20Space-Introduction.pdf

↧

Deep copy VS shallow copy of OBJECTS!

June 19, 2010, 8:59 pm

≫ Next: Request Object and Spring DataBinders

≪ Previous: Robot In Space (RIS) - Introduction

Java provides a mechanism for creating copies of objects called cloning. There are two ways to make a copy of an object called shallow copy and deep copy.
Shallow copy is a bit-wise copy of an object. A new object is created that has an exact copy of the values in the original object. If any of the fields of the object are references to other objects, just the references are copied. Thus, if the object you are copying contains references to yet other objects, a shallow copy refers to the same subobjects.

Deep copy is a complete duplicate copy of an object. If an object has references to other objects, complete new copies of those objects are also made. A deep copy generates a copy not only of the primitive values of the original object, but copies of all subobjects as well, all the way to the bottom. If you need a true, complete copy of the original object, then you will need to implement a full deep copy for the object.
Java supports shallow and deep copy with the Cloneable interface to create copies of objects. To make a clone of a Java object, you declare that an object implements Cloneable, and then provide an override of the clone method of the standard Java Object base class. Implementing Cloneable tells the java compiler that your object is Cloneable. The cloning is actually done by the clone method.

↧

Request Object and Spring DataBinders

July 9, 2010, 9:48 pm

≫ Next: ServletRequest - some useful features

≪ Previous: Deep copy VS shallow copy of OBJECTS!

I am fan of spring framework and I love to use it all the times. In this post I am going to show you how you can bind the data from ServletRequest object to any Java Bean (POJO). Let’s say you have a spring web application and you are working on piece of code which is not directly interacting with Web layer (i.e. don’t have direct access of Request and Response Objects), so 2 questions rises here are:

1) How can I get access of my current request object in plain java class which is not a web component?

2) How can I bind the parameters in request object to my POJO bean?

Request Object access in non web classes

There are ways with which you can make you springs beans aware of ServletRequest object by implementing the interface ServletRequestAware (interface from opensymphony-webwork). But, there is another easier way of doing it with the help of spring Utility classes.

ServletRequestAttributes requestAttributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();

HttpServletRequest request = requestAttributes.getRequest();

Now have the request object and let’s try to bind it to a POJO.

Spring DataBinders is a simple answer. There are many out of box implementations are available for various type of data binding operations. One of the data binders which springs has is ServletRequestDataBinder, spring internally uses this binder to wrap a POJO (command class) with the values from request object. So, let say you have a “User” class with 2 instance variables “username” and “password” also, you have a form which contains many text boxes (let’s say 30) and two of them are for userName and password. Now, in normal scenario we have a command class assigned to a controller and spring automatically populates the properties/instance variables in command class. Let’s say we want to populate our command/POJO manually using the request object in some other class (non-controller class), how to do that? Here is the code

class User {

private String userName;

private String password;

public String getUserName() {

returnuserName;

}

publicvoid setUserName(String userName) {

this.userName = userName;

}

public String getPassword() {

returnpassword;

}

publicvoid setPassword(String password) {

this.password = password;

}

class MyNonControllerClass {

private User user;

public MyNonControllerClass() {

user = new User();

//We can write this code in more better place (apart from constructor) based on need.

ServletRequestAttributes requestAttributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();

HttpServletRequest request = requestAttributes.getRequest();

ServletRequestDataBinder binder = new ServletRequestDataBinder(user);

binder.bind(request);

}

public User getUser() {

returnuser;

}

publicvoid setUser(User user) {

this.user = user;

}

I hope this handy trick will help you to utilize the request objects and spring binders at many places in your code. Enjoy!

↧

ServletRequest - some useful features

September 23, 2010, 11:27 pm

≫ Next: Increasing JVM heap size for Maven

≪ Previous: Request Object and Spring DataBinders

We play with ServletRequest object every day but there are few things which we usually don't use.

One of the nice features of Java servlets is that all of this form parsing is handled automatically. You simply call the getParameter method of the HttpServletRequest, supplying the parameter name as an argument. Note that parameter names are case sensitive. You do this exactly the same way when the data is sent via GET as you do when it is sent via POST. The return value is a String corresponding to the uudecoded value of the first occurrence of that parameter name. An empty String is returned if the parameter exists but has no value, and null is returned if there was no such parameter. If the parameter could potentially have more than one value, as in the example above, you should call getParameterValues instead of getParameter. This returns an array of strings. Finally, although in real applications your servlets probably have a specific set of parameter names they are looking for, for debugging purposes it is sometimes useful to get a full list. Use getParameterNames for this, which returns an Enumeration, each entry of which can be cast to a String and used in a getParameter call.

Hope this will help!

↧

Increasing JVM heap size for Maven

September 30, 2010, 11:27 pm

≫ Next: When to use JSP include directive and jsp:include tag?

≪ Previous: ServletRequest - some useful features

There might be few instances when you are working on bigger project and it needs to do lot of processing while building/packaging final package of the project. In such projects there are chances that you’ll get JVM heap size error while building maven project. You can change the JVM options for Maven2 by setting following environment properties on your system:

Environment variable name: MAVEN_OPTS
JVM value: -Xms512m -Xmx1024m (adjust these values based on your project requirement).

Hope this will help you!

↧

When to use JSP include directive and jsp:include tag?

November 9, 2010, 6:37 am

≫ Next: Understanding Day's CQ & Underlying frameworks - Part 1

≪ Previous: Increasing JVM heap size for Maven

The JSP include directive includes static content at compile time and jsp:include includes static or dynamic content at run time.

1) Use the include directive
a. if the file includes static text
b. if the file is rarely changed (the JSP engine may not recompile the JSP if this type of included file is modified)
c. if you have a common code snippet that you can reuse across multiple pages (e.g. headers and footers)
d. Static includes are faster than dynamic includes

2) Use jsp:include
a. for content that changes at runtime
b. to select which content to render at runtime (because the page and src attributes can take runtime expressions)
c. for files that change often
d. dynamic include can accept a parameter

I hope I have covered everything, please feel free to post additional difference…

↧

Understanding Day's CQ & Underlying frameworks - Part 1

April 10, 2011, 1:50 pm

≫ Next: CQ - Component Design/Development best practices

≪ Previous: When to use JSP include directive and jsp:include tag?

Recently I have got an opportunity to work on a great CMS tool from www.day.com (CQ). CQ is an abstraction on top of all great JAVA frameworks/tools (JCR, Sling, OSGI and DAY’s own component based framework) and fits well for almost all enterprise application. Initially when I started working on it I thought it is a propriety tool and have very limited scope to show your innovations and doing experiments but, after taking a deep dive of underling technology/frameworks I realized that it is a great combination of various great frameworks. CQ is based on following technologies/frameworks (completely JAVA centric):

1) Sling (http://sling.apache.org/site/index.html): A REST based web framework for accessing resources (JCR – Java Content repository)

2) Felix (http://felix.apache.org/site/index.html - An OSGI specification implementation): A lightweight container that is very different from JVM for handling class loading and provides a class level SOA platform.

3) CRX/Jackrabbit (http://jackrabbit.apache.org - A JCR specification implementation): A specification which tells how we can manage our data (that includes images, text files, string, long to everything else…) as structured nodes.

For those who are not well versed with CQ’s underlying frameworks I’ll try to cover it in other posts that I’ll be posting in coming days. In this post my main focus is to explain CQ architecture and best practices (just an overview). I’ll also cover the best practices for various design and development concepts (creating templates, pages, components, JCR repository manager, writing custom JCR nodes, JCR queries and authenticators) in individual posts (later).

Ok, so the CQ is not a new framework and you don’t need to learn new programming language. If you are a developer from Java/JSP background with decent experience of JavaScript, AJAX, XML, JSON and CSS you can do magic with CQ. CQ follows a template, page and component based development methodology.

· Template (cq:Template): Every page that we build for our website should extend from some template. Template itself does not have any rendering logic, a template is just a logical unit in CQ environment which groups certain pages that shares common features (features can be functional or non functional). For example, we have a group of pages that users can access without logging in (these are static/public pages), these pages have common feature (i.e. they are public, it is functional feature) and share common headers and footers (this is non-functional/rendering feature). As I mentioned above that template itself does not have any rendering logic then a general question that you might ask “how the pages are getting rendered?”, well we need to define a resource/page (cq:Page) that can will render the template.

· Page (cq:Page): To create a page on our web site we need a template and to render a template we need a page. A page is combination of one or more resources (Java classes, JSP etc.), and the primary goal of a page to create page structure (ex. Two column with a header or one column with header and footer) in which components can be placed. So a page renders blank container and we need to place components in it, this is real power of CQ. We can add and remove components on a page, we can change their position of components and even we can extend a page and add/remove components from extended pages.

· Component (cq:Component): Component is a reusable entity that we can place on any number of pages. As pages can be extended to add/remove functionality similarly a component can also be extended to add/remove functionality. Components are the smallest building block of a page and usually a component is composed of various resources (Java classes, JSPs, JS).

Let’s see how Sling, JCR and Felix contribute in CQ framework and what role they are playing as a building block.

1) Sling - Request Resolution to a Resource/Script/Servlet (JCR Node/Script): We a request comes to CQ the first thing that happens is request wrapping and resource/page/script resolution. This is where sling comes in to picture, sling looks for the incoming request (HttpServletRequest) and adds a wrapper on it SlingHttpServletRequest. The SlingHttpServletRequest wrapper provides some additional information to sling framework for resolving a particular Resource/Servlet/Scrip on server (in JCR repository). Once the request is wrapped as a SlingHttpServletRequest, sling parses the incoming request URL and breaks it down in to following pieces with the help of additional information that we have in SlingHttpServletRequest wrapper:

NOTE: Scripts and servlets are resource in Sling and thus have a resource path, this is the location in the JCR repository (sling:resourceType). Scripts and Servlets can be extended using the sling:superResourceType property (I’ll cover this in another post “Component and Page inheritance”).

a) Servlet/Script (sling:resourceType): incoming request is parsed and a servlet/script/resource name is extracted from it. A script can be a JSP file, Java class or ActionScript (Flex/Flash) file., the type of script that will be executed depends on the extension and selectors (see below). Internally sling calls [request.getResource().getResourceType()] to get sling:resourceType. Type of supported script is configurable, to see which scripts are supported in your environment navigate to http://localhost:4502/system/console/scriptengines

b) Selector: based on the URL sling decides which type of script to execute, internally sling makes a call [request.getRequestPathInfo().getSelectorString()] to extract selector(s). Let’s say we have a requirement where we want send response in three different formats (XML, JSON, TXT) for same URL, this can be achieved with the help of selectors.

c) Extension: incoming request is parsed and an extension is extracted out of it for script file, internally sling makes a call [request.getRequestPathInfo().getExtension()]. It is possible to have a multiple script files with different extensions and based on the selector(s) provided in incoming URL appropriate script will be executed.

d) Request Method: Request method is required when the request is not GET or HEAD.

Let’s try to tie all 4 pieces together, The resourceType is used as a (relative) parent path to the Servlet/Script in JCR repository while the Extension or Request Method is used as the Servlet/Script(base) name. The Servlet is retrieved from the Resource tree (Repository) by calling the [ResourceResolver.getResource(String)] method which handles absolute and relative paths correctly by searching relative paths in the configured search path [ResourceResolver.getSearchPath()] and sling:resourceType (and sling:resourceSuperType) of the requested resource. To see and configure the path where sling performs looks for resources, navigate to (JCR resource revolver tab on Felix console) http://localhost:4502/system/console/jcrresolver, if required we can map additional paths with various regular expression.

Here is an example URL and its decomposition, let’s say the URL (http://suryakand-shinde.blogspot.com/reports/june/expense.format.pdf.htmlis used to get the expense reports in PDF format for the month of June (it is stored in JCR repository under /reports/june/expense/) :

· Server: suryakand-shinde.blogspot.com

· Script/Servlet (resourceTypeLabel): /reports/june/expense (The last path segment of the path created from the resource type)

· Selector: format/pdf (we can have a JSON and TXT selectors if we want to get the same report in various formats)

· Extension (requestExtension): html

If we have multiple selectors and extensions in request URL then the following rule is applied to resolve a resource:

· Numbers of selectors in request URL are given first preference.

· Requests with extension are given more preference over request without extension.

· A script found earlier matches better than a script found later in the processing order. This means, that script closer to the original resource type in the resource type hierarchy is considered earlier.

For more information on servlet/script resolution please see: http://sling.apache.org/site/servlet-resolution.html

NOTE: Sling treats request methods (GET, PUT, POST, HEAD) differently. So, it’s really important to understand and choose the right request method while designing applications. Only for GET and HEAD requests will the request selectors and extension be considered for script selection. For other requests the servlet or script name (without the script extension) must exactly match the request method. Here is quick example of how sling extracts Servlet/Script,

2) JCR – The data/resource storage: In any application we need a data base to store data (user information, text data, images etc.) so in case of CQ JCR (CRX) is plays role of a database. Data in JCR (Java Content Repository) is structured as nodes; a node can be a folder, file or a representation of any real time entity. Let’s try to co-relate a traditional database (like MySQL) with JCR. In traditional database we store information/data in tables, each table has multiple columns (few of them are mandatory, few of them have data constraints and few of them are optional) and each table has multiple rows. In case of JCR we store data in JCR node of a particular type (so treat this as our table), each node type have multiple properties (so treat this as table columns) few node properties are mandatory, few node properties have constrains (like the property value should be a string, long etc.) and few node properties are optional. We can have multiple nodes (so treat this as out table rows) of a particular type in our JCR repository. To fetch the required data from database tables we write SQL queries similarly, JCR also supports SQL (Query.JCR_SQL2) for querying nodes in JCR repository. JCR also supports the XPath queries (Query.XPATH) to find/query nodes based on path.

Let’s say we have multiple portals and we want to store portal configurations (e.g. a unique id for portal, portal name, home page URL etc.) in a database tables so, we’ll create a table called as Portal with Columns (portal_id, portal_name, portal_home_page etc.) to store portal configurations, each portal will have a row in database with its own configurations. How to do this in JCR?? In JCR we’ll define a node type config:Portal (that will be registered against a namespace so that it is not conflicting with other nodes that have same name) and node Properties (portalId, portalName, portalHomePage etc.) and each portal will have a separate node in JCR with its own configurations. Here is a diagrammatic mapping to traditional database and JCR:

Figure: Traditional Database V/S JCR Node comparison

What extra we are getting from JCR?

· Traditional database supports SQL but JCR supports SQL (the format of queries is little different) and XPATH.

· Structure of database tables are predefined and we can not add or remove certain columns for an individual row (all rows have same columns), in JCR with the help of nt:unstructured and mixin nodes we can add and remove properties of individual nodes.

· In traditional database files/images and large text are represented as BLOB/CLOB with some limitations but, in JCR they are stored as node types and search and retrieval is easy.

· JCR has its own access control mechanism (ACL) and user management framework.

· XML Import & Export

· Provides fast text search (using the Lucene).

· Locking, versioning and Notifications.

3) Felix – managing class dependencies and services: Felix is and OSGI specification implementation that is embedded in CQ for managing service components and their dependencies. Main benefit of using OSGI as an underlying technology for managing service/component dependencies is, it allows us to start/stop services (components) and host multiple version of same service. A service or a component can be configured via the Felix web console and Configuration Admin. Let’s take a smile example, I have an application that is interacting with underlying MySQL database and after few month I found that MySQL team has fixed a major bug in their new version of mysql-connector library release so in order to incorporate this new library in my traditional application I have to stop my application and re-package it (or just replace the older one) but, with OSGI we don’t need to stop the whole application because everything is exposed either as a component or as a service therefore we just need to install new component/service in OSGI container. As and when the services/components are updated in OSGI container there are various event listeners that propagate the service/component update event to service/component consumers and accordingly consumers adapts themselves to use new version of web service (on the consumer side we need to listen for various events so that consumers can decide whether to respond for change or not?).

No framework provides everything that we need built-in, we need to understand the platform/framework that we have chosen for development, and we need to think about how we can utilize it in better way. So, to use the CQ in its full capacity it’s really important to understand the concept and idea behind having Templates, Pages, Components, JCR data modeling and how services/components can be utilized and designed. Each underlying technology (Sling, JCR and OSGI) itself is very vast and I am just a new learner of it, please feel free to comment and share your ideas.

Resources that you can refer for further reading:

Sling:

· http://sling.apache.org/site/architecture.html

· http://sling.apache.org/site/getting-resources-and-properties-in-sling.html

· http://sling.apache.org/site/the-sling-engine.html

JCR:

· http://jackrabbit.apache.org/getting-started-with-apache-jackrabbit.html

· http://jackrabbit.apache.org/jcr-api.html

· http://jackrabbit.apache.org/articles.html

Felix:

· http://felix.apache.org/site/getting-started.html

· http://felix.apache.org/site/index.html

· http://felix.apache.org/site/apache-felix-service-component-runtime.html

-- Ideas can change everything

↧

CQ - Component Design/Development best practices

April 22, 2011, 10:55 pm

≫ Next: Sling Authentication

≪ Previous: Understanding Day's CQ & Underlying frameworks - Part 1

One of the main aims that CQ focuses on is, component based development. In my last post I have tried to give an overview of components and in this post I am going to explain some best practices that we can follow for designing/developing CQ components.

Following are the main points that we should consider before developing a component:

1) What is the main function of a component?

2) Is the component going to be only UI component or is there some business logic associated with it?

3) If a component has some business logic associated with it then is it going to be same for all websites?

4) Is this component is abstract i.e. component itself does not provide any functionality but other components will be inheriting from it and will be adding their own logic (UI or business)?

Once we have decided purpose of component we need to jump on developing it (by writing JSP, CSS, JS and Java code). So, while developing components we should try to follow some best practices and conventions that helps our peers (other developers and teams) to understand the code and it also makes the maintenance task easy:

1) We should avoid writing business logic at UI layer (i.e JSP). It’s always a good practice to extract the business logic in to a separate class so that it can be used in other parts of application, this is very important because our business logic should NOT be scattered around multiple areas. Also, when we have our business logic at one place it makes maintenance task easy, we just need to change it at one place and it’ll be reflected for all. For those case where we have a requirement of different business logic for different component in that case we can extend existing class(es) and add our own functionality.

2) User JSP beans (jsp:usebean) for accessing and class/logic.

3) Application level initialization should be done at one single place. Commonly used variables like user account information, session etc. should not be initialized by each component/page, we should have a common place that is hooked up at entry level of application (when a request comes in for a page) and is initialized only once per request.

4) Use the JSP Expression Language (EL) as much as possible that keeps out code clean/readable.

5) Avoid defining CSS styling in the components, this keeps our component loosely coupled from styling perspective and we can modify it as and when required. We can have some kind of convention for naming the HTML elements so that it can be modified via and external CSS file.

6) It’s fair enough to keep JavaScript code in JSP file but, if there is some code is common for all components then it should be moved to a common JS file.

Ok, let’s try to build a component. I am going to build a component that will read the RSS feeds and will display it on web page, we can place this component on any page.

Purpose “RSS feed” component:

1) It should read the RSS feeds supplied by various web sites and should display it on web page.

2) A user can choose to display RSS feeds from a specific site so component should adapt itself to display the RSS feeds from URL (configured in user’s preference) when he login.

3) User should be able to place the component on as many pages as pages they want.

Development consideration:

1) The URL from where RSS feeds can be pull should be configurable (we’ll CQ’s dialog feature here).

2) I should have control over the number of feeds that is going to be displayed at one time (again we’ll user CQ’s dialog feature).

3) The logic which parses the RSS feeds might change in future and it should not be coded inside component, my components main responsibility is just displaying the RSS content.

4) Styling of a component should be configurable (i.e. it should come from CSS).

Component Setup:

I’ll create a CQ component that consist a

a) JSP file: that contains the rendering logic.

b) JS (JQuery) code (embedded in JSP itself): that handles the click events.

c) A generic helper class (RequestAwareComponent) that initializes the properties (jcr:content properties configured via dialogs) of a component and current request object (thread local request).

i. RequestAwareComponent: there are few things that is common for all components, all components alwaysneed to access certain properties (jcr:content nodes authored by site authors) and data from request so I have abstracted this piece in RequestAwareComponent which performs property initialization and data extraction tasks from request.

d) Supporting classes: component backing bean (RSSFeedComponent) that contains the logic of reading/parsing the RSS feed component, an entity object (RSSFeed) that represents a rss feed entry

i. RSSFeedComponent: This class contains rss feed parsing logic and constant for each author able property. We should define (and use) the constants for component properties because if property name(s) changes in future then the changes that we need to do will be easier (just changing the constant value). Also, since we have the parsing logic in a class this same class can be used by other components (or some other piece of application).

ii. RSSFeed : this class represents a RSS feed entry with getters and setters for accessing feed data (title, link, publish date, author and description). We should always (wherever possible) represents our domain data in the form of objects so that it can be transferred to the other piece of application and that piece can access it without knowing how (and who) has created it.

UML representation of classes that I have used for creating RSS feed component

This how the final component looks like, I have mapped the RSSFeed Object to the actual RSS feed entry that is displayed in below diagram:

Final RSS Feed component: Mapping between RSSFeed class and Actual RSS feed entry

As you can see that we have map the RSSFeed class with actual component and it makes easy to use same RSSFeed class (object) as data for other components. Now let’s see the actual code, first I’ll try to explain the classes and then I’ll move on to the components and its styling.

The RequestAwareComponent class: This class is a base class that holds the Current Request object (HttpServletRequest), component properties (valueMap) and a flag (validValueMap) that indicates whether the value map is valid or not ? Each component that has some business logic should extend this class and implement intializeComponentProperties() method to initialize component specific properties (I’ll show an example of this shortly).

import javax.servlet.http.HttpServletRequest;

import org.apache.sling.api.resource.ValueMap;

publicabstractclass RequestAwareComponent {

publicstaticfinal String COMPONENT_PROPERTIES = "properties";

private HttpServletRequest request;

private ValueMap valueMap;

privatebooleanvalidValueMap = false;

public RequestAwareComponent() {

intialize();

}

protectedvoid intialize() {

request = ComponentUtil.getRequest();

if(request != null) {

valueMap = (ValueMap)request.getAttribute(

RequestAwareComponent.COMPONENT_PROPERTIES);

if(valueMap != null) {

intializeComponentProperties();

validValueMap = true;

}

/**

* This class must be implemented by extended component

* classes to do component specific initializations

publicabstractvoid intializeComponentProperties();

public HttpServletRequest getRequest() {

returnrequest;

}

publicvoid setRequest(HttpServletRequest request) {

this.request = request;

}

public ValueMap getValueMap() {

returnvalueMap;

}

publicvoid setValueMap(ValueMap valueMap) {

this.valueMap = valueMap;

}

publicboolean isValidValueMap() {

returnvalidValueMap;

}

publicvoid setValidValueMap(boolean validValueMap) {

this.validValueMap = validValueMap;

}

The RSSFeedComponent class: This class is component backing class and it extends from RequestAwareComponent.This class will implement the intializeComponentProperties() method to initialize the component specific properties (jcr:content) and will have another component specific method getRssFeeds() that will return the feed entries (List) parsed from provided RSS feed URL.

import java.net.URL;

import java.util.ArrayList;

import java.util.List;

import javax.xml.parsers.DocumentBuilder;

import javax.xml.parsers.DocumentBuilderFactory;

import org.apache.sling.api.resource.ValueMap;

import org.w3c.dom.CharacterData;

import org.w3c.dom.Document;

import org.w3c.dom.Element;

import org.w3c.dom.Node;

import org.w3c.dom.NodeList;

publicclass RSSFeedComponent extends RequestAwareComponent {

publicstaticfinal String COMPONENT_PROPERTIES = "rssFeedComponentProperties";

//Component Constants

publicstaticfinal String RSS_ITEM_ATTRIBUE = "item";

publicstaticfinal String RSS_TITLE_ATTRIBUE = "title";

publicstaticfinal String RSS_LINK_ATTRIBUE = "link";

publicstaticfinal String RSS_PUBDATE_ATTRIBUE = "pubDate";

publicstaticfinal String RSS_AUTHOR_ATTRIBUE = "author";

publicstaticfinal String RSS_DESCRIPTION_ATTRIBUE = "description";

//Component Value/Property constants

publicstaticfinal String RSS_FEED_ULR = "rssFeedUrl";

publicstaticfinal String RSS_MAX_FEED_COUNT = "maxFeedCount";

//Components (Configurable) Attributes

private String rssFeedUrl;

private String maxFeedCount;

public RSSFeedComponent() {

}

publicvoid intializeComponentProperties() {

if(getValueMap() != null&& getRequest() != null) {

setValueMap((ValueMap)getRequest().getAttribute(

RSSFeedComponent.COMPONENT_PROPERTIES));

}

this.rssFeedUrl = getValueMap().get(RSS_FEED_ULR,

"http://suryakand-shinde.blogspot.com/feeds/posts/default?alt=rss");

this.maxFeedCount = getValueMap().get(RSS_MAX_FEED_COUNT, "2");

}

public List getRssFeeds() {

List feeds = null;

try {

DocumentBuilder builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();

URL u = new URL(this.rssFeedUrl);

Document doc = builder.parse(u.openStream());

NodeList nodes = doc.getElementsByTagName(RSS_ITEM_ATTRIBUE);

if(nodes != null) {

feeds = new ArrayList();

for(int feedIndex = 0; feedIndex

if(feedIndex < Integer.parseInt(this.maxFeedCount)) {

Element element = (Element)nodes.item(feedIndex);

feeds.add(new RSSFeed(getElementValue(element, RSS_TITLE_ATTRIBUE),

getElementValue(element, RSS_LINK_ATTRIBUE),

getElementValue(element, RSS_PUBDATE_ATTRIBUE),

getElementValue(element, RSS_AUTHOR_ATTRIBUE),

getElementValue(element, RSS_DESCRIPTION_ATTRIBUE)));

} else {

break;

}

} catch(Exception ex) {

ex.printStackTrace();

}

return feeds;

}

public String getElementValue(Element parent,String label) {

return getCharacterDataFromElement(

(Element)parent.getElementsByTagName(label).item(0));

}

public String getCharacterDataFromElement(Element e) {

if(e != null) {

try {

Node child = e.getFirstChild();

if(child instanceof CharacterData) {

CharacterData cd = (CharacterData) child;

return cd.getData();

}

} catch(Exception ex) {

ex.printStackTrace();

}

return" ";

}

public String getRssFeedUrl() {

returnrssFeedUrl;

}

publicvoid setRssFeedUrl(String rssFeedUrl) {

this.rssFeedUrl = rssFeedUrl;

}

public String getMaxFeedCount() {

returnmaxFeedCount;

}

publicvoid setMaxFeedCount(String maxFeedCount) {

this.maxFeedCount = maxFeedCount;

}

The RSSFeed class: This class is represents the RSS Feeds as a data structure. The component backing bean class parses the RSS feeds XML and constructs a list (List) of RSSFeed objects.

publicclass RSSFeed {

private String title;

private String link;

private String publishDate;

private String author;

private String description;

public RSSFeed (String title, String link, String publishDate, String author, String description) {

this.title = title;

this.link = link;

this.publishDate = publishDate;

this.author = author;

this.description = description;

}

public String getTitle() {

returntitle;

}

publicvoid setTitle(String title) {

this.title = title;

}

public String getLink() {

returnlink;

}

publicvoid setLink(String link) {

this.link = link;

}

public String getPublishDate() {

returnpublishDate;

}

publicvoid setPublishDate(String publishDate) {

this.publishDate = publishDate;

}

public String getAuthor() {

returnauthor;

}

publicvoid setAuthor(String author) {

this.author = author;

}

public String getDescription() {

returndescription;

}

publicvoid setDescription(String description) {

this.description = description;

}

The RSS Feed component JSP: The JSP code is very simple, it will simple use the RSSFeedComponent class a jsp bean (rssFeeder) and will pass the component properties to it. The “rssFeeder” bean will return List that is iterated on JSP to render the feed data/entries. Please not that we are not writing the parsing logic and java code in JSP, rather its part of a reusable class (RSSFeedComponent), this keeps our rendering logic loosely couple with data and its parsing logic. Here is the code of JSP:

DOCTYPEHTMLPUBLIC"-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd">

<%@includefile="/libs/foundation/global.jsp"%>

<%@pageimport="com.newcorp.ccp.web.components.rssfeed.RSSFeedComponent"%>

<%--

Development Notes

=================

Each component has its own properties and in order to pass those properties

to component backing bean (in this case RSSFeedComponent class) we need to

set this as an request (thread local) attribute.

NOTE: while setting the attribute please use the component specific constant

(COMPONENT_PROPERTIES) so that attributes key should not clash with each other.

--%>

<% request.setAttribute(RSSFeedComponent.COMPONENT_PROPERTIES, properties); %>

<jsp:useBeanid="rssFeeder"class="com.newcorp.ccp.web.components.rssfeed.RSSFeedComponent"scope="page"/>

$(function() {

$("#rssFeedBox" ).accordion({

fillSpace: true,

collapsible: true

});

script>

<c:choose>

<c:whentest="${not empty rssFeeder.rssFeeds}">

<divid="rssFeedBox">

<c:forEachvar="feedItem"items="${rssFeeder.rssFeeds}" varStatus="feedCounter">

<h3><ahref="#">Title: ${feedItem.title}a>h3>

<div>

<spanid="rssAuthor">Author: ${feedItem.author}<br>span>

<spanid="rssLink">Link: <ahref="${feedItem.link}">Visit Bloga><br>span>

<spanid="rssPubDate">Description: ${feedItem.description}<br>span>

<spanid="rssPubDate">Date: ${feedItem.publishDate}<br>span>

div>

c:forEach>

div>

c:when>

<c:otherwise>

<spanid="rssPubDate">RSS Feeds (from: <c:outvalue="${rssFeeder.rssFeedUrl}" />) is unavailable at this time!<br>span>

c:otherwise>

c:choose>

There are many other ways to lay down a foundation/convention for components but, it all depends on what kind of application we are building and what level of extensibility we want to achieve. Please feel free to comment and provide your suggestions.

↧

Sling Authentication

April 24, 2011, 2:51 pm

≫ Next: Java ThreadLocal and It's use

≪ Previous: CQ - Component Design/Development best practices

User authentication is core of any application; it can be a desktop application, a web application or a web service. CQ is a tool that is mainly used for building component based web sites and provides content management capabilities. The underlying frameworks Apache Felix and Sling together provide the foundation for CQ’s authentication capabilities.

Let’s explore the web authentication in brief and then I’ll try to explain the CQ’s authentication in detail. Authentication for web application mainly works on request/response headers, session and cookies.

Request/response based authentication: When a page is requested from a web server, the server looks for some specific information in header (to be specific in request “Authorization” header) and if information is available in header then that information is used by server to validate a user. So Authorization header can contain the credentials in Basic form or Digested form. The basic authentication header has following format:

Authorization: Basic username:password (encrypted in Base64 encoding)

There are few other Basic schemes that are used by some sites, some examples are:

a) User/Password scheme

Authorization: user fred:mypassword

b) Kerberos

Authorization: kerberos kerberosauthenticationsparameters

Once the authorization header information is received by server, it’s the responsibility of server to decode the credentials and validate it based on the Authorization scheme. If the request is authenticated on server then a 200 (OK) response is sent back to browser and subsequent request uses the same header information for validating user requests. If a request can not be authenticated on server because of invalid information in Authorization header, the server sends back a 401/Unauthorized response back and user is present a login form to enter username/password.

Path based restriction for header authorization: Let’s say we have a web application that is structured as /a/b/c/ and /a/d/c/. When a user is trying to access a resource that is under /a/b/c path, they need to enter valid user name and password so that server can validate the provided information and will cache it in request Authorization header. Now, user is authenticated to access any resource under /a/b/c but, when user will try to access anything under /a/d/c/ the authorization information in header (cached for /a/b/c/ path) will not be used by server and a 401/Unautorized response is sent back to browser (and a form will be presented to user where user can enter user name and password). So authorization headers are path specific.

Request header based authorization does not deals with cookies or session, the authorization information is cached by browsers and is available till the browser is not closed or a user does not forcibly clears the header information (active logins)

NOTE: Authorization header is a request header (and NOT a response header). We can (and should) not explicitly set this header.

Session based authentication: When a resource is requested from server a unique id (called as session ID) is generated by server and is maintained on the server (something like JSESSIONID=053d59e1-3398-cd4a-8a12-61d371f9f120). For any subsequent requests server checks that whether it already contains a session ID for the received request or not? If a session ID is already there then the same session ID will be used. We can store arbitrary data/objects in session. When user provides a valid user name and password then application validates it and store some information in session to indicate that the user has already provided credentials and is authorized to access resources on server. If a user has not requested any resource for more than a timeout setting value from server then that user is treated as inactive and the his/her session (and data in it) is destroyed. Almost all servers have a setting for timeout value that can be configured based on the requirement to invalidate sessions. The main problem that we have with session is that sometimes it become difficult to replicate user session (on different servers) in clustered environment and authentication does not work properly but, its a deployment issue and there are various ways to fix it (like sticky session at load balancer level etc.)

Cookie based authentication: Cookies are small piece of data that is stored on user’s machine. Again the format of cookies is very simple, they are just key value pair (the value can be plain or encrypted, it depends on how do we sent it to browser). When a user requests some resource on server, browser sends cookies in request header and on server side application extract the required information from cookies. Some sites use cookies for authentication and store an encrypted value in cookies that is used by application/server to identify a user. For security reason many users disable cookies on their browser so, an application that is completely dependent on cookie based authentication will not work (if cookies are disabled). Also, it is worth to note that the size of cookie is restricted to max of 4K size.

Before actually implementing any of the available authentication scheme/mechanism it is important to consider following things:

1) Who are our end users? Do they need to provide credentials for accessing resources on server?

2) What kind of application we are developing? What APIs and framework we are using?

3) Is it a secure site and the credentials should be encrypted before transmitting over wire?

4) What kind of deployment environment we have in production? Is it a clustered environment with a load balancer? Do we have session replication mechanism in place if we are planning to deploy same application on multiple servers?

Based on type of content security, available resource and deployment environment we need to judge which combination fits well to our need.

CQ’s/Sling’s Authentication

We just explored the various ways of authenticating a user on server now let’s explore the CQ’s authentication implementation and how to develop our own site using CQ’s underlying frameworks (Sling and Felix). As I explained in my earlier post Understanding Day's CQ & Underlying frameworks - Part 1, Sling is a REST based web framework and Felix is and OSGI specification implementation and the authentication in CQ works little differently as compared to traditional applications. In traditional application we normally have a controller (at entry point of our application) that validates user but, in CQ a request goes through chain of authenticators exposed as OSGI services (CQ’s own authenticator and any custom authenticator that we have) for validating user.

Also, as I have mentioned in my earlier posts that CQ uses JCR (CRX) for storing data (files, images etc.) and user’s information. If an user want to access something on server (basically from JCR) then either they need to provide credentials (if the requested resource is secured using ACL) or they can access it directly if the resource does not have any ACL (access control list restrictions). So there are basically two types of users we can have in JCR:

a) Anonymous: an anonymous user can only access unsecured/public resources and does not require any credentials.

b) Registered: If a user wants to access secured/private resources on server then they must be registered on JCR and need to provide their credentials. JCR validates the provided credentials against the user account data/information stored in JCR repository and creates a JCR session (note that it is not HTTP session) and a resource resolver. I’ll cover the session and resource resolver later in this post.

Following are few main interfaces/classes that we need to explore for understanding Sling’s authentication framework:

1) Authenticator (Interface)

This is an interfaces that defines basic login() and logout() methods that is implemented by an actual Authenticator class (e.g. SlingAuthenticator). What and how to implement login and logout functionality is complete responsibility of class that implements this interface.

2) AuthenticationSupport (Interface): This interface defines handleSecurity() method which must be implemented class that is exposed as an Authenticator. Sling framework internally calls the handleSecurity() method for extracting the user credentials and returns a Boolean flag depending up on whether user validation is successful or failed.

3) SlingAuthenticator (class): This class implements Authenticator and AuthenticationSupport interfaces (see label 1 in below diagram) and is registered as an OSGI service with Felix. This class is foundation for Authentication in Sling, apart from implementing the methods from Authenticator and AuthenticationSupport class this class holds a mapping between request paths and corresponding authentication handlers (a class that implements AuthenticationHandler interface) that will be used for authenticating a request. When a user request for a resource from server, sling authenticator extracts the request path from request and it’ll try to find whether there is any authentication handler that is mapped for the path (see label 2 & 4 in below diagram), if an authentication handler is mapped for the requested path then the authentication control is delegated to authentication handler class.

4) AuthenticationHandler (Interface): This interface defines extractCredentials(), requestCredentials() and dropCredentials() methods (see label 5 in below diagram) that must be implement by an Authentication Handler implementation class that we need to register/map as authentication handler with SlingAuthenticator service. Once Sling authentication has selected an authentication handler based on request path and deligated authentication job to a particular authentication handler implementation class then, following methods are called:

a. extractCredentials(): Based on the authentication scheme that we want to implement (Authorization header based authentication, session based authentication or cookie based authentication) the implementation class should implement this method to extract credentials from (header, session or cookies) and must one of the following:

i. AuthenticationInfo: If authentication is successful then this method must return an AuthenticationInfo object (that holds the authentication scheme used, user name and password) to SlingAuthenticator. If valid AuthenticationInfo object is returned by this method then sling authenticator will NOT execute any other Authentication Handler that is in the list after the current authentication handler.

ii. Null: If authentication failed then this method must return a null. When a null value is returned from this method, sling authenticator will try the next authentication handler that is mapped for this path (if any).

iii. AuthenticationInfo.DOING_AUTH: if authentication is failed or because of some reason we want to redirect request to some other page (that can be a login page or any other resource) then this method must return DOING_AUTH to sling authenticator. When sling authenticator receives a DOING_AUTH as return value then it stops there and request is suspended.

b. requestCredentials(): An authentication handler that implements AuthenticationHandler interface must implement this method for rendering a login form. If validation fails and sling framework wants to ask for user name and password in that case sling authenticator will call this method and users will be presented a login form to enter user name and password.

c. dropCredentials(): An authentication handler that implements AuthenticationHandler interface should implement this method to removed user credentials (from either authorization header, session or cookies). When a user logs out, sling authenticator calls this method to remove/clean user credentials.

Once all authentication handler have been executed and no one responded back with a valid credentials (AuthenticationInfo), then sling authenticator will try to see if anonymous user can access the requested resource (see label 3 in below diagram).

5) AbstractHTTPAuthHandler (abstract class): This is an abstract class that has basic authentication handler implementation. This class implements Basic Authorization scheme with base 64 encoding of username and password. This class has basic implementation of extractCredentials(), requestCredentials() and dropCredentials() methods (see label 6 & 7 in below in diagram) and provides an abstract method getLoginPage() that can be implemented by child classes to return a custom login page.

6) HTTPAuthHandler (class): This class extends AbstractHTTPAuthHandler and implements Basic Authorization (see label 9 & 10 in below diagram) and CUG support) and is mapped for root path (/) i.e. by default this is the authentication handler that will be called by Sling Authenticator.

UML representation of Sling/CQ Authentication Implementation

The AuthenticationInfo class

For more information on sling authentication you can refer http://sling.apache.org/site/authentication-framework.html

↧

Java ThreadLocal and It's use

April 24, 2011, 4:54 pm

≫ Next: CQ Development - OSGi bundles and Components

≪ Previous: Sling Authentication

Have you ever wondered about accessing you HTTPServletRequest object (or any other contextual/scoped object) in a non web class? What I mean by non web class is any class that does not goes through a web request/response initialization life cycle. HttpServlet is a web class because web container initializes and provides the HttpServletRequest and HttpServletResponse objects.

Let’s say you have a POJO and you want to initialize few properties/variables of it from request object/parameters. Since the POJO is plain class it by default does not have access to the request object, then how to get access if current request Object? We have two options:

1. Override the public constructor of POJO class to accept HttpServletRequest as an argument

e.g. public MyClass(HttpServletRequest request) { }

When we are forcing a class’s constructor to accept an Object, we always need to make sure that we are passing it and the class is tightly coupled with the underlying implementation. Also, we can not instantiate it without passing required arguments or null.

2. Use the thread local capabilities of Java: Thread Local can be considered as a scope of access, like a request scope or session scope. It’s a thread scope. You can set any object in Thread Local and this object will be global and local to the specific thread which is accessing this object. Let’s take a look at the class that uses the thread local concept and then I’ll explain the code:

import java.util.LinkedList;

import javax.servlet.http.HttpServletRequest;

publicabstractclass RequestUtil {

privatestatic ThreadLocal> threadLocalRequest =

new ThreadLocal>();

publicstaticvoid setRequest(HttpServletRequest request) {

LinkedList list = threadLocalRequest.get();

if (list == null) {

list = new LinkedList();

threadLocalRequest.set(list);

}

list.addLast(request);

}

publicstatic HttpServletRequest getRequest() {

LinkedList list = threadLocalRequest.get();

if (list != null&& list.size() > 0) {

return list.getLast();

};

returnnull;

}

publicstaticvoid clearRequest() {

LinkedList list = threadLocalRequest.get();

if (list != null&& list.size() > 0) {

list.removeLast();

};

}

So what we are doing here is, we just created a simple class that has three static methods setRequest(),getRequest() and clearRequest() for setting, fetching and clearing request object from thread local scope. At the entry point of request (e.g. service or doGet or doPost method) we just need to call

RequestUtil.setRequest(request);

This will set the request object in thread local context/scope, and to access it from anywhere (any class) where we don’t have access to request object we just need to call:

RequestUtil.getRequest();

This call will always make sure that it returns the current request object in current thread.

If you explicitly want to clear the current request object from thread local scope just to make sure that it not accessible to any other then just call:

RequestUtil.clearRequest();

I hope this will help you to implement some useful piece of functionality in your application. You can refer the java doc for more information http://download.oracle.com/javase/1.4.2/docs/api/java/lang/ThreadLocal.html

↧

CQ Development - OSGi bundles and Components

September 23, 2011, 12:11 pm

≫ Next: Spring 3 – Environment/Profile based bean initialization and configuration

≪ Previous: Java ThreadLocal and It's use

Recently one of my blog follower asked about how we can use the OSGi bundle (components and services) in CQ’s JSP/components. In this post I am going to enlist few key things about creating and accessing the OSGi bundle in CQ components.

So, a CQ component is nothing but a script file (either a JAVA or JSP) and the primary goal of a component is rending the markup but, component may need to access OSGi services in order to execute some business logic that is part of OSGi bundle. I am going to use CRXDE (an eclipse flavored IDE for CQ development).

First of all I’ll enlist the steps to access any component that you have written in a bundle and then I’ll explain it in details.

Steps:

1) Create an OSGi bundle.

2) Create a OSGi service (using Felix/OSGi annotations).

3) Write an utility class to access the components that we have created in setp#2.

Explanation:

1. Create an OSGi bundle

1.A) To create a bundle open up your CRXDE and right click on “apps” folder ->Build -> Create Bundle (as shown in below) screen shot:

1.B) You’ll get a “Create bundle” pop-up, fill the details as shown below and hit “Finish” button:

1.C) Once the bundle is created successfully you’ll see following folder/package in your CRXDE IDE:

So, now we have a bundle with the directory structure (package) that we defined in step 1.B. In step#2 we’ll be creating a new class which we want to access from a component or other java files (with in same bundle or from other bundles).

2. Create a OSGi service

For this example we are going to create a “FormattingService” that will be used for formatting dates.

2.A) Create an interface “FormattingService” in “com.sample.osgi.components” package.

package com.sample.osgi.components;

publicinterface FormattingService {

public String getDateByInterval(String WMY, String dateFormat, int interval);

}

2.B) Create and implementation class “FormattingServiceImpl” in same package “com.sample.osgi.components”. We need to annotate this class (as shown below) in order to expose it as a OSGi service to other bundles and CQ components.

package com.sample.osgi.components;

import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.Calendar;
import org.apache.commons.lang.StringUtils;
import org.apache.sling.commons.osgi.OsgiUtil;
import org.osgi.service.component.ComponentContext;

/**
 * A sample OSGi service class that will be used by other OSGi bundles or components
 * to get past or future date.
 *
 * @scr.component immediate="false" label="Date formatting service"
 *                        description="An utility service to get past or future date"
 *                name="com.sample.osgi.components.FormattingServiceImpl"
 * @scr.property  name="date.format" label = "Expected date format"
 *                        description="Configuration to set expected date format"
 * @scr.service
 */
public class FormattingServiceImpl implements FormattingService {
 //this can be configured via OSGi configuration console using "default.date.section" property
 private String dateFormat = null;

 /**
  * This method will be invoked only once when the FormattingService is 
  * intialized by OSGi container.
  * @param componentContext
  */
 protected void activate(ComponentContext componentContext) {
  this.dateFormat = OsgiUtil.toString(
    componentContext.getProperties().get("date.format"), "MM/dd/yyyy");
 }

 /**
  * Utility method to choose a future or back date
  * @param WMY W - Week, M - Month, Y - Year
  * @param interval integer value that represents future or past interval
  * @return String date
  */
 public String getDateByInterval(String WMY, String dateFormat, int interval) {
  String formattedDate = "";
  DateFormat expectedDateFormat = null;
  Calendar calendar = Calendar.getInstance();

  if(StringUtils.isBlank(dateFormat)) {
   dateFormat = getDateFormat();
  }

  expectedDateFormat = new SimpleDateFormat(dateFormat);

  if(StringUtils.equalsIgnoreCase(WMY, "W")){
   calendar.add(Calendar.WEEK_OF_YEAR, interval);
  } else if(StringUtils.equalsIgnoreCase(WMY, "M")){
   calendar.add(Calendar.MONTH, interval);
  } else if(StringUtils.equalsIgnoreCase(WMY, "Y")){
   calendar.add(Calendar.YEAR, interval);
  }

  formattedDate = expectedDateFormat.format(calendar.getTime());

  return formattedDate;
 }

 /**
  * @return the dateFormat
  */
 public String getDateFormat() {
  return dateFormat;
 }

 /**
  * @param dateFormat the dateFormat to set
  */
 public void setDateFormat(String dateFormat) {
  this.dateFormat = dateFormat;
 }

}

2.C) Build the bundle by right clicking on “com.sample.osgi.bundle.bnd” -> Build -> Build Bundle

Once the bundle is created go to (Felix web console) using the URL on your machine : http://localhost:4502/system/console/bundles and the bundle that we have built should be available in Felix console and it should be in ”Active” as shown below:

Now, go to “components” tab as shown below, and you’ll see that the service “FormattingService” that we have written is registered with Felix OSGi container and is ready to consume:

3. Code to access component/service from other java classes and components.

In order to access the “FormattingService” we’ll write an utility class with a static method so that the code to access service is wrapped inside it and we don’t need to write same code again and again. This how the utility class should look like:

package com.sample.osgi.components;

import org.osgi.framework.BundleContext;
import org.osgi.framework.FrameworkUtil;
import com.newcorp.ccp.resolver.PortalResolver;

public class ComponentUtil {

 /**
  * Utility method that will return an FormattingService instance from OSGi container
  * @return
  */

 public static FormattingService getFormattingService() {
  BundleContext bundleContext = FrameworkUtil.getBundle(FormattingService.class).getBundleContext();
  return (FormattingService)bundleContext.getService(
    bundleContext.getServiceReference(FormattingService.class.getName()));

 }

}

That’s it! Now you can use this class to get an instance of your service from any CQ component or any other class in other OSGi bundles, here is sample code that you can write in your CQ component’s JSP:

<%String formattedDate = ComponentUtil.getFormattingService().getDateByInterval("M", "MM-dd-YYY", -1);%>

I hope this will help the folks those who are working on CQ.

I have created this example just to explain the concept of how we can create OSGi services and access it from CQ component. For simple things we should avoid creating services. We should create services only for those functionalities that fits in to the OSGi definition.

You can read more about OSGi annotations at:

http://felix.apache.org/site/apache-felix-maven-scr-plugin.html

http://felix.apache.org/site/scr-javadoc-tags.html

http://felix.apache.org/site/scr-annotations.html#SCRAnnotations-Component

↧

Spring 3 – Environment/Profile based bean initialization and configuration

October 4, 2011, 10:52 am

≫ Next: Clientlib: CQ Static Resource Management

≪ Previous: CQ Development - OSGi bundles and Components

As we all know spring team is great and they always do wonder things. No different this time with spring 3.1 M1 release as well…

In this post I am going to cover an interesting bean configuration/initialization strategy using which we can control bean initialization based on environment/profile. Spring team has introduce a concept of Environment and Profile using which we can annotate bean(s) (or mark them in XML) so that those beans will be initialized based on environment and active profile.

Consider environment being a wrapper around our application context that know (or has information) about the environment in which application is running. Profile is something using which we can group various beans so that those beans will only be initialized if a particular profile is enabled in an environment.

For example we have a simple application that uses some kind of third part service to validate the credit card numbers. Assume that the service charges us on per transaction basis and the only thing that is returned by service is a flag (or some transaction ID) based on which our application makes a decision about whether we should continue with processing or not? Also the credit card validation service is secured and it cannot be accessed from developer machine. So we have following limitation:

1) The credit card validation service is a paid service and we need to pay extra amount if we use the same service for development purpose.

2) Since the service is only accessible in production environment therefore either we need to test our application only when it is deployed on production or allow developers/QAs to access the production environment for development/testing purpose (which is not a good idea at all).

3) Rebuild the application for DEV/QA and production environment by making the code changes every time before doing a build (pass hardcoded values or skip the credit card validation in DEV/QA)

Does this sounds good? NO! So, what is the solution?

As we have assumed that we our credit card service just returns a flag (or transaction ID) based on which application will continue/stop processing so, what we can do is we can write a dummy credit card validation service (and create a bean) for it that will be initialized (and injected) in DEV/QA environment and in PROD environment actual bean be will be initialized/injected. Here is sample configuration file:


 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xmlns:context="http://www.springframework.org/schema/context"
 xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
 http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd">

This same thing can be achieved using class level annotations as well, here is an example:

A) Our “creditCardManager” bean that is common for all

@Configuration
public class ApplicationConfiguration {

 @Bean
 public CardManager creditCardManager(){
  return new CreditCardManager(creditCardService());
 }

}

public interface CardManager {
 public boolean validateCard(String cardNumber, String expDate, String cvvNumber);
}

public class CreditCardManager implements CardManager {
 private CreditCardService creditCardService;

 public CreditCardManager(CreditCardService creditCardService){
  this.creditCardService = creditCardService;
 }

 public CreditCardService getCreditCardService() {
  return creditCardService;
 }

 public void setCreditCardService(CreditCardService creditCardService) {
  this.creditCardService = creditCardService;
 }

 @Override
 public boolean validateCard(String cardNumber, String expDate, String cvvNumber) {
  // Add some logic here
  return true;
 }
}

B) “creditCardService” service bean that will be initialized/injected in to “creditCardManager” when “prod” profile is enabled

/**
Production configuration/beans that will be initialized in when "prod" profile is enabled
**/
@Configuration
@Profile(value="prod")
public class ProdCreditCardConfiguration {
 @Bean
 public CreditCardService creditCardService(){
  return new CreditCardService(dataSource());
 }

 @Bean
 public DataSource dataSource(){
  return new BankDataSource();
 }
}

public class CreditCardService {
 private DataSource dataSource;

 public CreditCardService(DataSource dataSource) {
  this.dataSource = dataSource;
 }

 public DataSource getDataSource() {
  return dataSource;
 }

 public void setDataSource(DataSource dataSource) {
  this.dataSource = dataSource;
 }

}

C) “creditCardService” service bean that will be initialized/injected in to “creditCardManager” when “dev” profile is enabled

/**
Dummy configuration/beans that will be initialized in when "dev" profile is enabled
**/
@Configuration
@Profile(value="dev")
public class DummyCreditCardConfiguration {

 @Bean
 public CreditCardManager creditCardManager(){
  return new CreditCardManager(creditCardService());
 }

 @Bean
 public DummyCreditCardService creditCardService(){
  return new DummyCreditCardService(dataSource());
 }

 @Bean
 public DataSource dataSource(){
  return new DummyBankDataSource();
 }
}

public class DummyCreditCardService extends CreditCardService{

 public DummyCreditCardService(DataSource dataSource) {
  super(dataSource);
 }

}

Now the question is how to enable a particular profile in various environments. There are various ways to do this:

1) Programmatically

 GenericXmlApplicationContext ctx = new GenericXmlApplicationContext();
 // To set multiple profiles use "," separated profile names e.g. ctx.getEnvironment().setActiveProfiles("dev, qa, prod");
 ctx.getEnvironment().setActiveProfiles("dev"); 
 ctx.load("classpath:/com/bank/config/xml/*-config.xml");
 ctx.refresh();

2) System environment properties (Based on the operating system the processing of setting environment property will be different). We need to set “spring.profiles.active” value to “dev” or “prod” based on the profile that we want to activate.

3) JVM system properties

We can also set the JVM system properties using -Dspring.profiles.active="dev" or -Dspring.profiles.active="prod". To set multiple profiles use "," separated profile names -Dspring.profiles.active="dev, qa"

4) Servlet context parameters using web.xml


dispatcher
org.springframework.web.servlet.DispatcherServlet

spring.profiles.activedev

Also, if you want to configure application in such a way that if no profile is active a default profile should come in to play then you can use “spring.profiles.default” property to set a default profile. With these configurations in place we don’t need to change the code or rebuild the application, based on the environment appropriate beans will be initialized/injected to the “creditCardManager” bean.

This is just a simple example but this can be very useful in cases where we have multiple environment and based on environment want different set of services (beans) to be initialized.

Clientlib: CQ Static Resource Management

January 27, 2012, 2:10 pm

≫ Next: JAVA: How to capture java exception stack trace in String

≪ Previous: Spring 3 – Environment/Profile based bean initialization and configuration

In this post I am going to cover a feature that is provided in CQ to manage static resources (js, css, images etc.). For every web application performance is an important factor that we usually ignore at first place and down the line it becomes a bottleneck for us. So, performance can be improved by considering various factors while designing a new application, few of them are listed below:

1) Web page size
A web page is composed of HTML markup, JS files, CSS files and images. We should try to keep page size as low as possible so that page is loaded quickly in browser.

2) Ajax calls v/s full page reload
There are many instances where it’s always better to make an Ajax call to hit the server and update a small area (HTML DOM) of page rather than reloading whole page.

3) Amount of data transfer between server and browser
When we make a call to service on server, the services should only return page/context specific data rather returning whole information/data. We can call server again (via Ajax calls) to fetch limited data and update page accordingly.

In this post I’ll try to show the benefit of using client libs feature to reduce the page size. Let’s consider a scenario where we have a web application built using CQ and it has multiple pages that are composed of many component. Each component needs a set of JS, CSS and images which might not be needed on other pages so, it does not make sense to load all those irrelevant resources on other pages where that component is not present.

For example we have a login page and a home page that user sees after successful login. The login page is composed of a login component (with a form) to enter username and password and we are using a jQuery validation plugin to validate form before submitting it to server. Once user is validated we redirect user to home page which does not have any form (i.e. we don’t need validation jQuery
plugin) on this page and there is no point in including validation plugin and we only need jQuery javascript file.

Login Page: needs jQuery and jQuery Validation plugin
Home Page: needs just jQuery

Normally, we include resource (like JS, CSS) in section of a page (in CQ it’s a template). If jQuery and jQuery validation plugin is included in head section of template then it’ll be included on every page no matters whether that page actually needs them or not and hence the page size is increased unnecessarily. There is better way to handle this in CQ and load the resources when they are actually needed and this is where CQ’s clientlib feature comes in to play.

What is client lib feature?
With client lib feature we can categorize every JS and CSS file as a library (with a specific name) and can include/import them in individual component or template (if it is used globally). For the time being consider this as java import feature. If on a page there are multiple component that needs the same library then CQ will make sure that the library is loaded only once. We can also define dependencies while creating clientlibs, e.g. jQuery validation plugin is dependent on base jQuery JS file.

How to define a client lib in CQ?
To define a client lib CQ follow below steps:

1) create a folder called clientlibs (by right clicking on designs folder) under /etc/designs (actually we can create this folder anywhere we want but, to keep it simple and consistent I am creating this under designs folder)

2) Create a new node under clientlibs folder called as jqvalidate with type as cq:ClientLibraryFolder (as shown below):

3) Copy/Put your JS (jq.validate-min-XXX.js) file in jqvalidate folder (we can also copy and css file to this folder if there is any).

4) Create a file js.txt in jqvalidate folder (also create another file css.txt if you have copied any css file in jqvalidate folder).

5) Add name of JS file (e.g. jq.validate-min-XXX.js) in js.txt (also add name of CSS file in css.txt) file and save it.

6) Click on jqvalidate folder node in crxde and open the Properties tab and update/add 2 new properties as shown below and save the node:
NOTE: both properties are of type String Array (String[])
a) categories: This is the name using which we’ll be referencing our jQuery validation client lib in our components and templates.
b) dependencies: Using this property we define the dependency of current library (in this case jQuery validation) on another client lib (in this case cq.jquery).

At this point we are done with creation of a validation library now, we’ll see how to use for developing components and templates.

How to use/import client lib?
To include a client lib in your component/template simply add following code/tag:

If you want to load multiple client libs then provide comma separated names against categories attribute in above tag e.g.

↧

Latest Images