Aranea Blog

This is the first in the series of tutorial articles laying out the foundations of Aranea Integration in practical way. It introduces the base classes of Aranea Integration which form the core of server-side integration—handle sessions, requests and responses in a way that allows hosted components to function (keep this diagram open while reading!).

Base interface for Aranea components that host components/actions from whatever framework is called HostComponent.

and has just one method -- for retrieval of session attributes managed by the hosted component. The request and response are tuned to hosted components needs too, but since request and response in HTTP protocol are stateless, these need not be part of HostComponent interface but can be managed separately and statelessly. HostComponent base implementation is extremely simple:

As one can see it completely lacks methods for actual management of session attributes.The class that manages session access is called SessionWrapper:

SessionWrapper ensures that the session modifications by hosted component will affect only the concrete hosted component. It is created anew at each request by IntegrationRequestWrapper (note that only way to access session in a web application is through current request).

Other base wrappers that make hosted component feel at home are already mentioned IntegrationRequestWrapper and IntegrationResponseWrapper. IntegrationRequestWrapper is created by some concrete HostComponent implementation, passing in the original request and itself.

The IntegrationResponseWrapper takes care that everything that is done to it only affects the wrapped instance -- so that original request is left unchanged and can be passed to any number of other Aranea components or hosted components (in which case it is obviously wrapped in its own IntegrationRequestWrapper). Often some parts of original request are preprocessed in some way in IntegrationRequestWrapper extensions -- i.e. the fully hierarchial component based request parameters that Aranea uses are converted into flat namespace for action-based frameworks, i.e.

where preprocessRequestParameters() takes all the 'scoped' data meant for hosted component and converts this into flat namespace parameters that action based frameworks expect. This allows to reuse actions many times on one page, as each action can receive separate data.

Foreign response itself is held in IntegrationResponseWrapper which allows HostComponent to post-process response when needed. Postprocessing is most often done to scope the request parameters expected by hosted component in a way that they will be unique. How exactly this is done is highly dependent on hosted framework. For action-based frameworks this might mean post-processing HTML forms, for component based frameworks the postprocessing might even be unnecessary when the hosted components' 'root' component is given the right scope to begin with (i.e. with JSF NamingContainer).

Other crucial part of the IntegrationResponseWrapper is the overriden encodeURL(url) method. By servlet specification, all URLs that are to generate requests to (hosted) web application must go through this method before written out to response. IntegrationResponseWrapper overrides this method so that later incoming request can be identified as request to component hosted by Aranea. Identification is done by AraneaIntegrationFilter which is quite ordinary servlet filter, except it prevents the request from directly reaching the hosted framework and directs it to Aranea component hierarchy where it will be processed by all interested components including the HostComponent implementation which originally generated the request.

This briefly covers all current integration base classes. For more detailed information, one can take a look at org.araneaframework.integration.common package in the Aranea Integration project.

Finally we are ready to unveil what Aranea team has been so busy on. As time went by we realized that one of the main problems impeding developer productivity was lack of class reloading facilities in Java Virtual Machine. We have been working on this for almost a year and today we can show the results.

JavaRebel reloads changes to Java classes on-the-fly without redeploy or restart including new methods and fields. It is a generic solution that works for standalone Java applications as well as application servers.

Watch the demonstration screencast (~5 mins), read the feature list or just download JavaRebel from ZeroTurnaround.com and give it a try. Disclaimer: JavaRebel is commercial software with a free trial for 14 days and developer seat cost at 99$.

ZeroTurnaround is a spinoff of Webmedia, Ltd. that focuses on Java developer productivity tools. Currently we are developing JavaRebel, a generic Java class reloader, and JSP Weaver, an instant JSP interpreter.

Todays online systems can be implemented in tons of technologies and they can be web 0.1 or web 3.0. There are some guidelines on how to do certain things.

Whenever you've given your username, email and a password to a site you can never know if the password was saved in plaintext or just a hash of it. If it was stored in plaintext you can think about the different security implications yourself. Whenever the password remainder sends you your password it was stored in plain text.

One more thing that systems should not do is store these passwords inside cookies in plain-text. See about Cross-site scripting from Wikipedia.

I was working on a project that was using WordPress as a CMS and there was a password protected todo list. As I was inspecting a cache issue I was checking the headers of static files with Firebug and I stumbled upon on some request/response fields. I noticed that one of the cookies had the password of the TODO item in plaintext.

I googled for it and found that it has been reported. The comment to the report is 'Well it's not like other sites can access the cookie or anything :)'.

Whenever I use software that has been around for a while (at least a year) and it has a userspace I expect it to follow at least the most basic guidelines. I hope it gets fixed.

Introducing the new approved Aranea Development Model. Pair programming at its best, demonstrated by Jevgeni and Toomas.

We had somewhat longer gap between releases of M3 and M4 than usual, due to team taking vacation in July and being temporarily involved in three different projects as of late. But now for some highlights of 1.1-M4:

• standardized tab widget (javadoc)
• optional background server-side form validation (while end-user is filling form)
• support for modal processes
• LocalizationContext support for locale change listeners

Also, there's support for context menus in browsers, new control that is hybrid of text and select controls, plus for everyones coding pleasure FormWidget.addElement* and FilterHelper.* methods do not throw checked Exceptions anymore. See full changelog here.

Separate 1.1 demo application is also up. Obviously demos contain more explanations and stuff than mentioned here, so take a look! For everyone who has not yet noticed—already since early 1.0 days there are Widget source and Template source links in our demos (they are not easily spotted sometimes, look at the bottom left corner next to side menu :)).

NB! It was not mentioned in changelog that comes with distro, but StandardFlowContainerWidget (standard implementation of FlowContext) was modified in a way that is incompatible with some older uses. Namely, when call stack is empty and parent FlowContext exists, StandardFlowContainerWidget.finish() and cancel() methods return control to parent FlowContext (meaning that once active StandardFlowContainerWidget is gone for good). In cases (mainly in menus) where this is unwanted, one must take care and call StandardFlowContainerWidget.setFinishable(false).

1.0.11 fixes issue with FormWidget.restoreBaseState(). There is some more though, details here.

Although not directly connected to Aranea we are proud to present the first release from our spin-off ZeroTurnaround. The spin-off will focus on increasing developer productivity by reducing development turnaround time.

Our first product JSP Weaver is a JSP interpreter. Usually JSP is first translated to regular Java code and then compiled into a Java servlet. JSP Weaver eliminates the Java generation and compilation stage by interpreting the JSP files on-the-fly. This reduces the time taken to reload a JSP up to 50 times bringing it from seconds down to milliseconds.

Although we will provide full support of JSP standard in the final release, this milestone does not yet include support for the non-XML old style JSP syntax and provides limited support for scriptlets. If you are using XML syntax for your JSPs have a go at it and be amazed by the speedup.

Disclaimer: JSP Weaver is a commercial product that costs about 49$ per developer seat. You can try it out for free with no limitation, but must buy it for development.

I have been away from Aranea for almost a year. Now that I'm back I need to have my development envrionment set up. As I'm doing it the third time now (my laptop), I thought I'll share the experience of getting an Aranea checkout built and tested (via sample app). This will differ from setting up an development environment but still will provide some insight.

What do you need?

• JDK at least 1.4
• SVN client
• Apache Ant

First off do a checkout of the project. The trunk branch is named latest in Changelogic - so we'll be working with the latest and greatest.

A directory aranea was created by the checkout command. Now you have all the source and build files present but you're still missing the libraries to compile the source code. Execute:

The script contacts the ibiblio maven repository using the ivy dependency manager and fetches the jar files. This can take from 3 minutes to 18 (my current record), the time depends on what not

Lets compile the code and the examples:

On my 2Ghz laptop running at 800Mhz it took 52 seconds. find . -iname "*java" -exec cat {} \; | wc -l shows 82653 lines of source files.

So now you have aranea built and ready to see the example applications. As we'll just check the main application right now, we need to start the bundled database. Open up another shell in the aranea directory. Traverse to examples/main. Run:

This will start the bundled HSQLDB with the sample data. Traverse to examples/main with another shell and execute:

Now you have launched jetty webserver on port 2000 and JPDA dt_socket connection on port 5999. Head over to http://localhost:2000/mainExample/main and you should see a login screen. Click "Bypass login" and you're in to see the demo app.

Well you're done now. You have the source, built class files and working samples. See the other samples in the examples directory (they all obey the ant run-app target) and check out what we have in store.

If your fingers are still itching then head off to the issue tracker. Choose a bug. Debug & fix it. Test it. Send a patch our way.

If you had any troubles with the guide just drop a comment about it we'll try to solve your issues.

PS. If you're in Barcelona and wondering where to stay the night give Hotel Aranea a try (not affiliated, have not stayed there but what a name :)).

There are quite few changes in this latest update to 1.0 branch, so I will list and comment on them all.

• BeanFormWidget.readBean() method destroyed the content of sub-beans when writing nested form to a bean. This was both counterintuitive and wrong because the root bean and the child beans were handled differently (root bean fields were only updated, but child beans always created anew). This has been fixed
• As the naming of BeanFormWidget.readBean() was very confusing, this method is now deprecated in favour of writeToBean(). Analogously, BeanFormWidget.writeBean() is deprecated in favour of readFromBean(). BeanFormWidget's readBean() and writeBean() will be removed in 1.1 branch.
• TcdAndTldMerger utility that was distributed only in source form and had to be compiled separately is now included in aranea.jar. Its purpose and usage are documented here.

TheServerSide.com has released a tech brief about Aranea Framework. It is a video interview with our lead Jevgeni Kabanov. He talks about legacy migration with Aranea and gives a sneak peak of the other upcoming projects. Check out the other tech briefs also.