that’s great…

Spring Security in Google App Engine…

When delving into the Google App Engine (GAE) world, aside from NOSQL (Not Only SQL), there are a number of other unfamiliar paradigms you’ll encounter. If you’re used to a number of technologies, such as Spring, Hibernate, Sitemesh, you may fear that you’ll be starting from scratch. The fact is, yes, in some cases you will be. However, all is not lost.

Although Gin and Guice are seemingly the favored GAE DI frameworks, you can still use Spring for your DI/IOC needs. Furthermore, thanks to Spring Security team’s, Luke Taylor, you can continue to use Spring Security. In this post, he gives you clear steps on how.

Google IO - Architecting GWT Apps talk

Ray Ryan has another talk on creating great GWT apps. This time his primary focus was on creating “production” ready applications. A number of things are required to do this. Things like Built-in logging support for GWT, and User Actions (instrumented Widgets), guarding against Cross-Site Attacks, etc. Some of this is less about the technology of GWT, and more about the consciousness of the developers.

Building on his talk from the previous year, he of course mentions the MVP (Model-View-Presenter) pattern. However, this time around, Spring’s Roo is used to build the apps, which changes a few things. It seems some people were complaining (loudly?) about the Presenter pattern requiring a good deal of boilerplate code. So, he describes how using Roo actually eliminates a reasonable amount of code - namely the DTOs and Presenters. When using Roo, the DTOs and Activity (similar to Android’s Activity) instances are generated for you. It seems that the Activity replaces the Presenter. As with last time, he explains how coding this way reduces the effort needed to build complete GWT tests. Again, definitely worth a watch!

Google IO - Best Practices for GWT talk

Awesome talk, great slides! If you aren’t already impressed by GWT (aka Swing for the all browsers ) , this talk should bring you over. This gave a number of new ideas. One of them is obviously the MVP pattern. Ryan attributes this to the great Martin Fowler. So, I went to Fowler’s site looking for more, and found this retirement note.

I’m also now looking forward to using the the EventBus architecture. It reminds me of the one of the driving forces behind some organizations using SOA. It just makes sense. In my unit tests, I’m still a Luddite - at least in my use of Mock objects… Uh, the lack thereof. However, I’m sold on the style he presented.

I’m a long time Spring user, so not sure where I stand on moving to Gin and Guice for GWT. But when I looked, I didn’t see a Google OS project for easy Spring/GWT integration. Unless I’m missing something I don’t think I’ll have much of a choice.

Caching for the DaoAuthenticationProvider - don’t do it

It’s extremely hard to remember that everything is not a nail. Whenever I’m using Hibernate Core and/or Hibernate Search, I plan on caching frequently used entities, in order to remove unnecessary load on the data-store(s). Pretty standard performance move. I tend to use Ehcache – currently on 1.7.

My latest problem arose when I decided that Spring Security’s DaoAuthenticationProvider should get as much of its information from a cache. Well, if you never change a user’s security information after they are logged in (ya know, like a password) this is fine. However, it’s actually fairly common that a user forgets their password. In some cases, a user might just want to change their password. In either case, if the DaoAuthenticationProvider is looking to a cache for its user data, it will deem the old password to be correct, at least until the cached entity expires. It took me 2 full days to figure this out. I assumed the bad data was being cached, but I could not find the source… I focused on Hibernate for the longest. I thought, maybe a forced flush? No? OK, how about making sure the cache-mode is set to Ignore. No? Hmm, what the heck?!

In the end, I just started looking for all forms of caching in the system. I finally stumbled upon my various DaoAuthenticationProvider Spring definitions, and their userCache dependencies. I went to to the Spring Security documentation and found out that because of this very issue, only stateless apps should use the non-default userCache. Ehh, live and learn…

snipping tool in window 7…

OK, so Windows 7 has this awesome screen capture tool that appears on the menu just after you do your first screen capture (Alt + PrtScn)… It’s called Snipping Tool. Considering the fact that it’s free, I was pretty surprised how well it compared to a commercial product I was going to buy called SnagIt.

Anyway, yet another subtle difference between what MS used to call an OS, and Windows 7…