Wednesday, August 18, 2010

Google, Oracle and JUGs

One might think that developing software (web-applications in my case) is a pretty involved endeavor. It is a constant learning experience: from understanding the business domain of your customers for each and every project, to figuring out which frameworks to choose (How many web-frameworks to we have?), all the way to understanding the broader IT landscape.

Thus, in a nutshell life as a developer is busy...and then Oracle sues Google, adding just a tad more complexity to the mix (Things were also much easier back when it was all about Microsoft versus he rest of the world :-). Additionally, as the leader of the Atlanta Java Users Group, I wonder what kind of implication this development will have for our community of Java developers.

Following the various information sources, there is certainly no black-and-white battle going one, albeit Google seems to be certainly in a more favorable position among developers. A good source for gauging the mood within the Java community is to follow the mailing list of the global JUG community. Sentiments there have been ranging from surprise to shock.

Bruno Souza, THE Java advocate in Brazil (he also spoke at AJUG in Atlanta in May 2007) made probably the most balanced statements regarding the just started litigation process between Oracle and Google. Thus, from a technical/legal perspective you may very well argue in either direction, in favor of Google or in favor of Oracle.

However, I am concerned about the impact this may have in regards to our community and the leading edge open-source developers, that may again increasingly look elsewhere (Remember the wave of developers that left for Ruby on Rails a few years back?). 

I will cautiously follow the developments over the next couple of months and I hope that the negative impact to our community can be minimized. I mean, there is certainly the hope that Oracle and Google come to a quick agreement and maybe make Android an official part of the Java platform (too overly optimistic?)

Here are some pointers for further information:

InfoQ had a short article summarizing the latest developments: http://www.infoq.com/news/2010/08/oracle_sues_google

Javalobby has an insightful article regarding Oracle's open-source activities, e.g. essentially shutting down OpenSolaris: http://java.dzone.com/articles/oracle-and-open-source-list

JavaWorld takes it even a step further and ask whether SpringSource should be worried as well: http://www.javaworld.com/community/?q=node/4919

Many high-ranking Java advocates left Oracle in recent months, and Java inventor James Gosling is becoming increasingly outspoken. His blog provides some interesting insights:

http://nighthacks.com/roller/jag/entry/the_shit_finally_hits_the
http://nighthacks.com/roller/jag/entry/quite_the_firestorm
http://nighthacks.com/roller/jag/entry/cynical_chuckles

(Interestingly, looks like too many people were trying to read read James Gosling's blog on 2010-08-16 because his blog was not accessible for a good portion of the day)

The following link points to an official statement by Oracle regarding its patent policy in 1994. Things seemed to have changed since then, unfortunately:

http://www.bustpatents.com/articles/oracle.htm

Wednesday, August 11, 2010

Function based indexes in Oracle

If you ever have to query tables in Oracle containing million of records using "is null" in the where clause, then you will notice that your normal indexes won't kick in. They work as prescribed for "is not null", though.

Using a function-based index you can work around that issue. Take a look at the following article which might be quite helpful if you run into the issue: http://www.dba-oracle.com/oracle_tips_null_idx.htm

Thursday, May 6, 2010

Using Hibernate's SchemaExport Feature from within a Spring/JPA Context

My Spring-based application uses the Java Persistence Api (JPA) with Hibernate as persistence provider. As business requirement, I have the need to generate the SQL schema from my JPA annotated classes at application startup (As a disclaimer: I used the Maven Hibernate3 plugin in the past and there is also an Ant task provided by Hibernate, however in my case I needed a programmatic approach to have some more flexibility). Anyway, A logic choice for this would be Hibernate's SchemaExport class.

The problem is that Hibernate's SchemaExport class requires a org.hibernate.cfg.Configuration class to be passed in. Configuring this within Spring based applications is sparsely documented (Furthermore, the Configuration class is not easy to get hold off) but nevertheless there are some good pointers on how to get the Configuration object, when using straight Hibernate e.g:
Unfortunately, I am a bit on the cutting edge and I configured my persistence using
  • org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean and
  • org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter
How do you make that work? The best, albeit limited, information I found (as usual) on Stackoverflow:
That discussion pointed to the following blog post:
That was pretty much it. The blog post gave me some ideas about where to look next for answers (the Hibernate and Spring source code ;-), but the example just felt a bit heavy for my use-case. Everything was already configurred using Spring/JPA in my environment. Why shouldn't I be able to reuse my existing infrastructure to use the SchemaExport class?

The solution

After some more searching, I think I found a workable example:

In my class I inject the LocalContainerEntityManagerFactoryBean:

@Autowired LocalContainerEntityManagerFactoryBean fb;

Then I use the following code to setup SchemaExport:

org.hibernate.ejb.Ejb3Configuration cfg = new org.hibernate.ejb.Ejb3Configuration();
org.hibernate.ejb.Ejb3Configuration configured =     
                 cfg.configure(fb.getPersistenceUnitInfo(), fb.getJpaPropertyMap()); org.hibernate.tool.hbm2ddl.SchemaExport schemaExport = 
new org.hibernate.tool.hbm2ddl.SchemaExport(configured.getHibernateConfiguration());

And then do whatever you need to, such as printing the SQL Schema DDL to the console:       

schemaExport.create(true, false);

Not that bad after all. If you have similar needs, hopefully the Google gods are with you and this blog posting showed up in your search results. See you next time. 

Thursday, April 29, 2010

Martin Fowler in Atlanta - DSLs, Agile, CI

I went to Martin Fowler's talk last night night at the Crowne Plaza Hotel next to Perimeter Mall. Martin Fowler is the Chief Scientist at ThoughtWorks and it has been a great experience to finally hear him speak personally. He have three mini presentations:

His first talk was about domain specific languages (DSL) covering all the different variation of DSLs - external DSLs (XML, custom language) and internal DSLs (e.g Ruby). Martin Fowler also had a slide about Language Workbenches - I saw an article on his website covering that subject, which I need to look at in the next few days.

An interesting point I thought he raised was, to focus on making codified business concerns "readable" through DSLs rather than making the DSL available to business people to write rules, business logic etc. as this would be so much harder to achieve.

In his second presentation segment, Martin Fowler answered questions, that were submitted by the audience prior to his presentation, which covered various aspect of agile software development. He mentioned that the British newspaper The Guardian, is releasing software changes into production every 2 weeks.

The way to achieve this is through total test automation. He mentions that at Thoughtworks manual QA is reduced to exploratory testing and that any test plans etc. are part of the automated build process (More details about this at the end of this blog post)

A popular question these days also seems to be whether Java has peaked and whether also languages shall be considered. Martin Fowler, stated that "Java stalled" but it is not going away. However, he  also pointed to the fact, that you should consider more productive languages (especially for new projects). He mentioned an internal and informal Thoughtworks survey in which developers on average attested a 0.5-2.5x increase in productivety when using alternative languages (Ruby, Groovy, Scala, Clojure etc.). Martin Fowler himself expressed his preference for Ruby.  

His last talk was about continuous integration and continuous delivery. He talked a bit about different approaches regarding managing your source code in your respective source repository (e.g. Subversion). Specifically he talked about having feature branches versus just a single trunk (for the most part). It was interesting to hear him talk about that as at work we recently had that same discussion and we finally settled on having just a single trunk for all our regular development efforts. He said feature branches are just too painful when doing merges.

Moving on, he suggested to commit your code at least once a day, preferably even more often.

He then talked about continuous delivery, meaning to continuously push code into production in a controlled fashion. He mentioned a Suisse Insurances company that would deploy code into production once a day. As far as I remember he said that at Thoughtworks they typically deploy into production every two weeks to once a month.

In order to achieve that you must have really good automated testing at which point Martin Fowler talked about having a "build pipeline" which consists of the following phases:
  1. Commit Stage - Build project run tests (unit-tests), execution shouldn't take longer than 10 minutes. Deploy artifacts to artifacts repository
  2. Acceptance Stage - Deploy the application, run smoke tests, run acceptance tests. This stage may take much longer (e.g. 1-2 hours)
  3. Performance Stage - Run Performance Tests - This may take a very long time
  4. Deployment Stage - Deploy the application into production - It is important to be able to deploy by just  pressing one button. However, have a rollback option
Then he talked a little bit about Cruise, Thoughtwork's product to help implement that kind of continuous delivery. There is also a book coming out from Addison Wesley called Continuous Delivery.

That basically conclded his talk - there was one further question from the audience that caught my attention. Chris Curtin (CTO of Silverpop) asked him about the Devops movement. Personally I was unaware of that term. In my understanding, this fairly new concept brings developers and operation teams closer together.

Martin Fowler found that concept to be a very positive thing saying that if a production issue was caused by a developer, he should carry the pager for that and fix it. I have to learn more about the Devops movement - here is an interesting blog entry that seems to summarize it quite well: http://www.jedi.be/blog/2010/02/12/what-is-this-devops-thing-anyway/.

A great evening - learned a lot.


Tuesday, March 23, 2010

Java Posse Roundup 2010 - Summary

I am sitting in the plane right now returning back to Atlanta from Denver, Colorado. It has been an incredible week. As you may have seen my Twitter tweets, I spent last week at the Java Posse Roundup in Crested Butte, Colorado. It was simply amazing. Some of the brightest minds in our industry were there and the conference setting was very cozy with around 40 attendees. It was a very diverse crowd with attendees from all parts of the US (incl. 4 people from Atlanta and 1 from Nashville) as well as quite a few folks from Europe (UK, Denmark, Norway) as well as Israel.


James Ward was there (Flex Evangelist for Adobe), Bruce Eckel (Author of "Thinking in Java"), ???? Joe Darcy (Lead at Oracle for Project “Coin” [JDK7]), Bill Pugh (Findbugs) and many more.

Here are the sessions I attended at the Roundup:

Tuesday

  • NoSQL Databases
  • Apple and HTML 5 versus Flash (What Does the Future hold) and UI Framework experiences GWT vs Flex vs ? 
Wednesday
  • Measurable ≠ Meaningful (Business)
  • Architecture standardisation
  • JavaFX - What else do we want?
Thursday
  • Alternative Views of SW Development (Convention over configuration, static vs. dynamic, Rockstar dependencies)
  • When companies transition from awesome to sucky corporate environments
  • Project Coin, JDK7, Language Evolution
Friday
  • Source Control Systems (Server based (SVN) vs. Distributed VCS (Git, Mercurial)
  • When the wheels come off agile
  • Share your IDE/Editor tips and tricks
On Tuesday and Wednesday, there were Lightning Talks. Every attendee could sign up for 5 minute mini-presentations on any topic (technical, personal, informational you name it). This was really cool. Did you ever attend an IT conference where you could see fire eating? Bill Pugh did it!!!

On Thursday, I did a lightning talk on YSlow and JAWR which I think went pretty well (considering that I only prepared for it 1 hour in the afternoon that same day).
Thursday night, the 300th episode of the JavaPosse was recorded. It has been a lot of fun. The podcast episode was released on Friday!


This was my first JavaPosse Roundup conference. I am sure that I will return next year. It was an incredible learning experience and a ton of fun! A massive THANK YOU to Dick Wall, Tor Norbye, Carl Quinn, Joe Nuxoll and Bruce Eckel for organizing this amazing experience!

Tuesday, March 9, 2010

DevNexus Day One

Alright, this is just a super quick update on day one of our DevNexus conference. Day 1 went very smoothly with no major hick-ups. We have around 340 attendees (Incl. sponsors, speakers etc.), which constitutes a 40% growth compared to last year!!! Thanks to all that attended!

I attended the following sessions:
  1. "Better Software with Java and Flex" (James Ward)
  2. "Next Generation Development Infrastructure: Maven, M2Eclipse, Nexus & Hudson" (Jason van Zyl)
  3. "Google App Engine: Cloud vs Cluster" (Toby Reyelts)
  4. "The 90-Day Startup with Google AppEngine: A Case Study" (David Chandler)
  5. "Effective Java" (Venkat Subramaniam)
  6. "Smithing in the 21st Century" (Neal Ford)
The day finished off with a cocktail hour and I met some nice folks from The Home Depot and I spent the rest of the eventing chatting with the hard core of the crowd which involved mostly speakers such as Toby Reyelts, Charlie Collins, Barry Hawkins, James Ward, Pratik Patel and Greg Luck. After dropping Greg off at his hotel, I finally made it home right around midnight.

This has been a very good day. Time to get some sleep. See you all tomorrow at day 2!

Monday, March 1, 2010

DevNexus has its own Android App

Pretty cool - Charlie Collins created the first Android phone app for the DevNexus conference. Check it out at: http://code.google.com/p/and-conference/. Thanks Charlie!

Also, in case you haven't registered for DevNexus, yet. Please sign-up because registration is closing March 3rd.

Tuesday, February 2, 2010

Atlanta DevNexus 2010 Conference - Status

We at AJUG are humming along preparing for DevNexus (March 8-9, 2010). Today we got confirmation that Jason van Zyl from Sonatype is speaking at our event. He is the founder of Apache Maven and Sonatype. I added his bio and abstract to the website tonight. Thus, check out our presentation line-up for details.

Also, we got our very own Twitter account (Many thanks to Barry Hawkins for organizing this!!). Over the next few day I will add it to the DevNexus website and we will post noteworthy updates through that channel.

Thus, start following us at: http://twitter.com/devnexus/

Saturday, January 30, 2010

Plaxo OpenID Recipe

Plaxo was probably one of the first main sites where I saw OpenID support for your user credentials. But only today did I notice that they also have a really nice write-up of of their OpenID implementation, which could serve you as a guide/recipe for implementing your own OpenID supporting user registration process.

Check it out at: http://www.plaxo.com/api/openid_recipe

Wednesday, January 27, 2010

Automating User Registrations with OpenID and Spring Security 3.0 - Part 3

Preparing heavily for DevNexus 2010, I did not have as much time as I hoped for in order to continue my series on using OpenID with the new SpringSecurity 3.0 (See Part 2 for details) Thus, today I would just like to cut and paste some of the code from my little 'home-POC'. In the coming weeks I still hope to incorporate it properly into jRecruiter.

Here is the JSP snippet for the OpenID login form:
<div id="openid-registration">
  <form name='oidf' action='/jrecruiter-web/j_spring_openid_security_check' method='POST'>
    <fieldset id="openIdLoginSection">
          <legend>Login with OpenID Identity</legend>
          <div class="required">
            <label for="openid_identifier">Identity</label>
            <s:textfield id="openid_identifier" name="openid_identifier" required="true" maxlength="80" tabindex="1" size="30"/>
          </div>
          <div class="submit">
            <input type="submit" value="Login"/>
          </div>
    </fieldset>
  </form>              
</div>


Here is the relevant piece of my Spring context file:

<security:http  auto-config="true" access-decision-manager-ref="accessDecisionManager" >
  <security:intercept-url pattern="/s/admin/**" access="ADMIN"                        requires-channel="https"/>
  <security:intercept-url pattern="/**"         access="IS_AUTHENTICATED_ANONYMOUSLY" requires-channel="any" />

  <security:form-login login-page="/login.html" default-target-url="/admin/index.html"
                       authentication-failure-url="/login.html?status=error" />
  <security:logout logout-url="/logout.html" invalidate-session="true" logout-success-url="/show.jobs.html"/>
  <security:session-management>
     <security:concurrency-control max-sessions="1" error-if-maximum-exceeded="false"/>
  </security:session-management>
  <security:custom-filter ref="openIDFilter"                   position="OPENID_FILTER" />
</security:http>

<bean id="openIDFilter" class="org.jrecruiter.web.security.RegistrationAwareOpenIDAuthenticationFilter">
  <property name="authenticationManager" ref="authenticationManager"/>
  <property name="consumer" ref="attributeAwareOpenIDConsumer"/>
  <property name="authenticationSuccessHandler"        ref="openIDFilterSuccess"/>
  <property name="authenticationFailureHandler"        ref="openIDFilterFailure"/>
  <property name="registrationTargetUrlRequestHandler" ref="openIDFilterRedirectToRegistration"/>
</bean>

<bean id="openIDFilterRedirectToRegistration" class="org.jrecruiter.web.security.RegistrationTargetUrlRequestHandler">
  <property name="defaultTargetUrl" value="/registration/signup.html"/>
</bean>
<bean id="openIDFilterSuccess" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
  <property name="defaultTargetUrl" value="/admin/index.html"/>
</bean>
 
<bean id="openIDFilterFailure" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
  <property name="defaultFailureUrl" value="/login.html?status=error"/>
</bean>

<bean id="attributeAwareOpenIDProvider" class="org.jrecruiter.web.security.AttributeAwareOpenIDProvider" scope="prototype">
  <constructor-arg ref="userService"/>
</bean>

<bean id="attributeAwareOpenIDConsumer" class="org.jrecruiter.web.security.AttributeAwareOpenIDConsumer"/>


I did some customization: public class AttributeAwareOpenIDConsumer extends OpenID4JavaConsumer {
  public AttributeAwareOpenIDConsumer() throws ConsumerException {
         super(Arrays.asList(UsedOpenIdAttribute.FIRST_NAME.getOpenIdAttribute(),
                                     UsedOpenIdAttribute.LAST_NAME.getOpenIdAttribute(),
                                     UsedOpenIdAttribute.EMAIL.getOpenIdAttribute(),
                                     UsedOpenIdAttribute.AX_FIRST_NAME.getOpenIdAttribute(),
                                     UsedOpenIdAttribute.AX_LAST_NAME.getOpenIdAttribute(),
                                     UsedOpenIdAttribute.NAME_PERSON.getOpenIdAttribute()));
  }
}
I also created a custom class AttributeAwareOpenIDProvider which extends org.springframework.security.openid.OpenIDAuthenticationProvider. It overrides public Authentication authenticate(Authentication authentication) Thus, I can hook into the actual authentication process and inject my own logic.

For example,  if the OpenID authentication succeeds it does not necessarily mean that your account exists, yet. Therefore, if OpenID authentication succeeds (if (status == OpenIDAuthenticationStatus.SUCCESS)), I try loading the user from my application's database (userDetailsService). If then a UsernameNotFoundException is thrown I collect a series of OpenID attributes from the org.springframework.security.openid.OpenIDAuthenticationToken. Once finished, I am throwing a custom AuthenticationSucessButMissingRegistrationException. I use it to redirect to the registration page and pre-populate the registration form with some of the collected OpenID attributes.

I hope this gives you some ideas of how you can integrate OpenID into your SpringSecurity infrastructure. I am myself still in the early learning phase regarding OpenID and I still need to figure out how to best manage multiple authentication realms within my application. But that may be a reason for another blog post.

Friday, January 22, 2010

Remote Profiling of JBoss using VisualVM

I ran into an issue while trying to setup profiling (using VisualVM) of a remote JBoss server instance. It turns out that the default steps I have found on the internet, assume that your target server (Where JBoss is running on) is accessible via the hostname not only by IP address. Well, just in case you live in an environment where you can access your server via IP but not via hostname, this blog post may hopefully save you an hour googling the solution. In order to setup remote profiling I did:

To my run.conf file (JBoss/bin) I added:

JAVA_OPTS="$JAVA_OPTS -Xdebug -Xrunjdwp:transport=dt_socket,address=8787,server=y,suspend=n"
JAVA_OPTS="$JAVA_OPTS -Dcom.sun.management.jmxremote.port=6789"
JAVA_OPTS="$JAVA_OPTS -Dcom.sun.management.jmxremote.ssl=false"
JAVA_OPTS="$JAVA_OPTS -Dcom.sun.management.jmxremote.authenticate=false"
JAVA_OPTS="$JAVA_OPTS -Djava.rmi.server.hostname=IP_ADDRESS_OF_MY_JBOSS"

Particularly, the last line was very important. Without it I was able to telnet to port 6789, thinking everything is cool, however I was unable to connect to it via VisualVM. This missing line caused a few frustrations.

Anyway, once these lines were added, you need to configure jstatd. I created a policy file (I called it tools.policy) for the JVM containing:

grant {
  permission java.security.AllPermission;
};

Then, I would be able to start up jstatd:

jstatd -p 1099 -J-Djava.security.policy=tools.policy

And finally, I was able to startup JBoss and connect to my server from VisualVM.

Thursday, January 14, 2010

Registration Opens for DevNexus 2010

Here is an annoucement that I would like to get out regarding the Atlanta Java Users Group's (AJUG) professional developer conference:

The DevNexus conference will be held in Atlanta March 8–9, 2010 and registration is now open. DevNexus covers a wide range of the most exciting topics related to the Java™ platform.
This year, our sophisticated line-up of speakers covers dynamic programming languages such as Scala and Groovy, as well as Rich Internet Applications (RIA) such as Adobe Flex and Google Web Toolkit (GWT). Furthermore, we have a dedicated track on Google technologies, which not only covers GWT but also Google App Engine and Google Wave. Additionally, DevNexus has sessions covering popular open source projects such as Spring, Maven and HtmlUnit, as well as presentations on software architecture, agile software development methodologies and much more!
Please join us for this exceptional event.
The organizers of DevNexus are focused on making sure the conference provides the best possible educational value by offering attendees a special early bird rate of $150 if they register between now and February 16. Regular admission for the two-day conference is $185, a group discount is also available. The ticket price includes the two-day conference pass as well as meals.
This is the second DevNexus event, which is the continuation of the annual AJUG developer conferences that started in 2004.
For further information: http://www.devnexus.com/

Tuesday, January 12, 2010

DevNexus 2010 Conference Updates

I have spent a few late nights lately, to get the preparations for the Atlanta DevNexus conference into the final stage. The line-up of speakers is getting fuller by the day. I am personally really excited that James Ward (Adobe), Keith Donald (SpringSource) and Lex Spoon (Google) are presenting and we have many, many more presenters covering a ton of material.

I will try my best to update the website (http://www.devnexus.com) with the current list of speakers and presentations, soon.

Which also reminds me to finalize our press-release to announce the conference...I hope to get all that done within the next 2 days. Thus, watch http://www.devnexus.com/ for updates. And please sign-up!
For that price, you won't get a better educational value (...brought to you by your friendly Atlanta Java Users Group)

Friday, January 1, 2010

Automating User Registrations with OpenID and Spring Security 3.0 - Part 2

This is the continuation of part 1. See also part 3.

Spring Security provides support for OpenID out of the box. It is fairly easy to setup basic OpenID authentication. It even can automatically generate the respective login forms for you. But for my use case I wanted something more elaborate. Here is a basic flow of my "Spring Security OpenID integration solution" (early working draft):

Step 1: User starts the login process using OpenID.
Note that the 'OpenID' between providers varies quite a bit.




Step 2: After pressing the Login button, Spring Security processes the request and using openid4java under the hood, you are redirected to the login page of your OpenID provider in this case Google.

 

Step 3: In step 2 you authenticated successfully (with Google in this case), but you don't have a valid account with jRecruiter itself, yet: In this instance, grab all the useful information that is available through the OpenID account/profile and then forward (Redirect) to the registration page. There pre-fill the form with the grabbed information (E.g. email, first name, last name etc.)


 


Of course I need to add some more sophistication around my user registration process. Nevertheless, I hope the general flow is clear. While OpenID is a fairly widely adopted standard, there seems to be a bit of fluctuation in regards to what data sets providers will allow you to fetch, as well as how to fetch them (e.g. different name-spaces). Thus, it looks like in order to automated an OpenID-supported registration process, you need to be aware (code for) specific providers. I need to explore that area a bit more.

In my next posting I will finally provide some source code. If find some time, take a look and play around with openid4java. The OSS project provides various examples, and the 'simple-openid' example is really helpful for understanding the actual openID registration process. Stay tuned.