Wednesday, May 28, 2008

Addicted to YSlow and what Jawr can do to help

At the No Fluff Just Stuff (NFJS) conference I attended 2 weeks ago, somebody mentioned YSlow, which is a tool for analyzing websites in regards to performance and is a plugin for Firebug. Hence, this week I spent some time using it and fixing the issues YSlow found on my project.

It is really nice and almost addictive...YSlow grades the performance of your website in a number of categories. There is a good site at yahoo explaining those categories called: "Best Practices for Speeding Up Your Web Site".

For example, you should always put CSS at the top of your web pages and JavaScript files should be at the bottom. While this is easy to fix, the recommendation to reduce HTTP request is a bit trickier to fix.

Well, let's assume you implemented a typical Web 2.0 website using a few Javascript libraries such as Prototype, Scriptaculous as well as your own Javascript files. Furthermore, you broke your CSS into multiple files because otherwise you would simply lose control over it entirely.

That of course causes a lot of HTTP requests when loading the files and thus leads to a degradation of your website's performance.

But luckily if you write Java based web applications there is a really cool library out there called Jawr that let's you bundle up (combine) your Javascript and CSS files. Not only that, Jawr also minifies your Javascript and CSS files plus it is able to GZip the files as well. Jawr also provides a nice quickstart tutorial and lastly Jawr also has a tutorial that explains how to use it with the big JavaScript libraries such as jQuery, Prototype, Scriptaculous and Yahoo! UI library.

Wednesday, May 21, 2008

RSS Feed Aggregators

For the Atlanta Java User Group I have been looking into providing an RSS feed aggregation service for blogs of AJUG members. Since AJUG is running its own server, I wanted to provide a server-based solution. Interestingly, it seems the choices are rather slim when looking for something that is OSS. Pratik mentioned groovyblogs. It looks interesting, got it running very quickly, but I saw one too many stacktraces when clicking through the application. Maybe just bad luck...Once I find the time to dive deeper into Groovy and Grails, I may return to groovyblogs, though. The source code is available here.

Barry Hawkins pointed me to Planet, a Python-based feed aggregator. To see it in action, take a look at Well, after looking at it, I found Planet Venus its successor. Compared to the original Planet, Planet Venus actually has some documentation (I like documentation!) and a fairly active mailing list. Furthermore, is using Planet Venus. You can find it at There is also blog entry by Sam Ruby that provides a little more background information regarding Planet Venus.

Anyway, the actual installation has been trivial - it is basically just a command line script, that parses RSS feeds, applies a template and than spits out html pages. Thus, adding the script's execution to your crontab is all that is needed to feed your aggregator with new data.

Monday, May 19, 2008

Spring Security 2.0

For my home project, I updated ACEGI security to Spring Security 2.0.1. My experience was similar to Matt Raible's - positive. I was able to cut down the XML configuration quite substantially. At the end only 49 lines remained (Including XML namespace declarations).

The migration was very easy except for 2 smaller issues (See further below). First, I updated web.xml to rename the security filter to Spring Security's one:





Also, since I am using my own "user service" to pull users and roles from the database, I had to rename a few imports in my classes to reflect the package names of Spring Security 2.0.

The biggest configuration change was updating the bean definition in my context configuration file which contains all the necessary XML to wire all the beans together. Spring Security 2.0 is now providing its own XML Namespaces, which drastically simplifies configuration.

Thsu, here is the final application context configuration file for Spring Security 2.0 as used by my project:

As mentioned above, I encountered two smaller issues. First, I am using the Jasypt library which I am using for digesting passwords. It provides a password encoder that plugs into ACEGI security. Unfortunately, it has not yet been updated to also work in conjunction of Spring Security 2.0. The aforementioned implemented password still uses the old package structure. Thanks to open source this is an easy fix :-)

Thus, I checked out Jasypt into my Eclipse Ide, updated the package reference and the pom to pull in the Spring Security 2.0 jars. I also created a ticked on the Jasypt project website and submitted a patch with the changes. Let's see whether it will find its way into the prokject soon.

My second problem had to do with the rolePrefix of Spring Security. Spring Security by default pre-fixes roles names with "ROLE_". Since my project does not use prefixes for role names I had created rolevoter bean that set the rolePrefix property.

Interestingly you can't do this configuration using namespaces. With the current version you need to fall back to the traditional bean configuration support which involves creating 3 additional beans:

  • roleVoter

  • accessDecisionManager

  • authenticatedVoter
There is a little more information available on the Spring forums about this. Hopefully this maybe be simplified in the future - thus, I opened a ticket for this on the Spring Jira.

Wednesday, May 14, 2008

If Tomcat is Running out of Memory...

If your Tomcat is running out of memory, take a look at the following issue posted by Atlassian. It affects basically all Tomcat versions including Tomcat 6.

The fix is to set the following JVM parameter:


And, just for completeness - if you need to specifiy JVM parameters for Tomcat, create a file called in your Tomcat's bin directory.



-Xms512m -Xmx512m \
-XX:PermSize=128m -XX:MaxPermSize=256m \
-server \
-Djava.awt.headless=true \


Tomcat will pick up the file automatically when it starts up. Regarding Permspace issues, there was a good discussion about it over at Matt Raible's Blog.