Although Gin and Guice are seemingly the favored GAE DI frameworks, you can still use Spring for your DI/IOC needs. Furthermore, thanks to Spring Security team’s, Luke Taylor, you can continue to use Spring Security. In this post, he gives you clear steps on how.

Ray Ryan has another talk on creating great GWT apps. This time his primary focus was on creating “production” ready applications. A number of things are required to do this. Things like Built-in logging support for GWT, and User Actions (instrumented Widgets), guarding against Cross-Site Attacks, etc. Some of this is less about the technology of GWT, and more about the consciousness of the developers.

Building on his talk from the previous year, he of course mentions the MVP (Model-View-Presenter) pattern. However, this time around, Spring’s Roo is used to build the apps, which changes a few things. It seems some people were complaining (loudly?) about the Presenter pattern requiring a good deal of boilerplate code. So, he describes how using Roo actually eliminates a reasonable amount of code - namely the DTOs and Presenters. When using Roo, the DTOs and Activity (similar to Android’s Activity) instances are generated for you. It seems that the Activity replaces the Presenter. As with last time, he explains how coding this way reduces the effort needed to build complete GWT tests. Again, definitely worth a watch!

Awesome talk, great slides! If you aren’t already impressed by GWT (aka Swing for the all browsers ) , this talk should bring you over. This gave a number of new ideas. One of them is obviously the MVP pattern. Ryan attributes this to the great Martin Fowler. So, I went to Fowler’s site looking for more, and found this retirement note.

I’m also now looking forward to using the the EventBus architecture. It reminds me of the one of the driving forces behind some organizations using SOA. It just makes sense. In my unit tests, I’m still a Luddite - at least in my use of Mock objects… Uh, the lack thereof. However, I’m sold on the style he presented.

I’m a long time Spring user, so not sure where I stand on moving to Gin and Guice for GWT. But when I looked, I didn’t see a Google OS project for easy Spring/GWT integration. Unless I’m missing something I don’t think I’ll have much of a choice.

My latest problem arose when I decided that Spring Security’s DaoAuthenticationProvider should get as much of its information from a cache. Well, if you never change a user’s security information after they are logged in (ya know, like a password) this is fine. However, it’s actually fairly common that a user forgets their password. In some cases, a user might just want to change their password. In either case, if the DaoAuthenticationProvider is looking to a cache for its user data, it will deem the old password to be correct, at least until the cached entity expires. It took me 2 full days to figure this out. I assumed the bad data was being cached, but I could not find the source… I focused on Hibernate for the longest. I thought, maybe a forced flush? No? OK, how about making sure the cache-mode is set to Ignore. No? Hmm, what the heck?!

In the end, I just started looking for all forms of caching in the system. I finally stumbled upon my various DaoAuthenticationProvider Spring definitions, and their userCache dependencies. I went to to the Spring Security documentation and found out that because of this very issue, only stateless apps should use the non-default userCache. Ehh, live and learn…

Anyway, yet another subtle difference between what MS used to call an OS, and Windows 7…

http://freegeektwincities.org/ is a great idea. I’ve always had a hard time simply throwing away major computer components. It just seems wrong. Dell, at least for a short while, stopped offering recycling of old laptops. Now, with a group like FGTC, this problem is solved. Kudos…

This how Paint looks now… and it has more functionality.

If you’re wondering why I care, I’ve used this two small programs for years, and I was about to make the move to UltraEdit. Not sure who Microsoft hired in the past few years, but wow… wow.

Hands down, Windows 7 Professional is light years a head of Vista Professional. Wow. The UI’s better, without needing more RAM. The security implementation has been tweaked slightly - I’m not fighting with soft link over regular shortcuts… Also, the environment emulation helps a ton. They’ve taken the theme to a new level - background changing every few moments… nice.

I’m sure it doesn’t hurt that my new machine is also a step-up. The Dell Studio XPS 16 is pretty remarkable. Aside from the i7, with 6MB cache, being pretty powerful on its own. Dell, with this line, has gotten a complete makeover. Small things like the soft lighting under the keyboard and touch-surfaces. That’s right, I said touch-surfaces - no more eject button for your optical drive. An optical drive that reads Blue-Ray, and writes DVDs. Certain lights that used to be on the far rear, right, are now to the front of the machine, and on the left.

I don’t have time to go over each little thing, but I can say that someone clearly put money into some real HCI research. I wont say this is a Mac, or anything crazy like that. I will say that if Dell stays on this path, I cant see why I wouldn’t keep coming back to them for my computing needs.

Back then, none of projects required groups or users to inheriting permissions. I simply gave permissions to the roles and individuals that needed them. So, I used an AffirmativeBased AccessDecisionManager, and placed a RoleVoter before any other AbstractAclVoter. Simple, and it worked. One of my newer projects, however, does require the inheriting permissions.

What else…

Since I always use GUIDs, I still don’t need Spring Security to know the the domain class. But I’d like to utilize the new auditing feature. I’d also like to turn on and off auditing at the permission entry level. All in all, the upgrade wasn’t too bad at all. I had move some code from the SimpleAclEntry (deprecated) to the BasePermission. I actually extended the BasePermission, as the javadocs suggest.

Spring-Security’s distributed example code uses JDBC. Which is fairly straight-forward. It keeps a good amount of the information on the acl entry table. Thus no real need for a parent acl table. Well, since I’m using Hibernate, a few things automatically change:

• Built-in 2nd level caching (ehache for me)
• Ability to define granular joins and fetches based on the context

Based on those two (three?) items, I was able to normalize a good amount of information back to a new parent table permission (acl?). Now permission entries can focus on one purpose, facilitating a relationship between their parent permission and the target SID (Secure ID). See my pared-down ERD for this:

I’m not big on defining AOP behavior via the newer namespaced expressions. So, in that context, I stayed with what I had before. Some other things have been deprecated, such as BasicAclEntryAfterInvocationProvider, in favor of AclEntryAfterInvocationProvider. Overall, it was pretty painless.

One more thing…

When it comes to ACLs, the was one thing that drives me crazy is having to define the default relationships in SQL scripts. I freaking hate it. Well, I was able to resolve that this time around: Added a task and some delegation to my existing ServletContextListener. At application start, it goes about finding existing objects that need securing, that aren’t already secured. Yeah, that’s great…

Recently I decided to leave the 2.0.x series, and upgrade to the 2.1.x path. After a little work, you can piece together the major changes you need to adhere. For me, the biggest change was the built-in Dojo support. As of 2.1, it’s an optional, external module, which is fine. I went about making the changes. Things like changing my theme from Ajax to XHtml. Importing the Dojo taglibs into the necessary pages. Nothing too complicated. More time-consuming than anything.

OK, so I ran into a problem. I worked at it for a good weekend. After banging my head against this one, with no resolution, I sought help on the user-list. No response. None of this really bothered me. What really bothered me was my naiveté.

The affected projects are all on svn. For some reason, I did the upgrade on HEAD. So, after no resolution, I had to revert. Since the upgrade included some other libs (Hibernate-3.3, some Commons modules, etc), I actually had to revert and then reapply some other upgrades.

Regardless of your personal feelings for a framework/library, don’t ever assume it’s going to be that easy! If you have a source control tool, use it. A branch for these upgrades would have made things a bit easier. I used to think branches were for teams larger than 2-3. Yeah, not so much. It’s not a problem to adopt a release/technology early, it’s all in how you do it. Ugh, lesson learned.