gist JS

Tuesday, August 29, 2006

Seam's audacious approach

Well, this thread on tss pointed me to a pretty damn interesting podcast from our friend Gavin about Seam. Pretty amazing actually.

Getting around the fact that Gavin can be something of an unrestrained ass, he is also clearly clairvoyant about some things. In fact, if I were to offer up my own flash of amateur psychology (and what else are blogs good for?) I'd say that it's simple audacity that makes Gavin King tick, and that that's why he's been so successful at shifting the landscape. If you're not a fan of his, you should listen to this too. While I myself have cursed Hibernate & the sometimes brusque forum, it is understandable that you'd be a bit frustrated the 6000th time somebody pisses & moans that the free framework you developed doesn't serialize the entire DB and send it over to fix your lazy load problem.

Coming into this podcast I was really skeptical of annotations. They seemed like a separation of concerns nightmare waiting to happen. Deployment specific tags just waiting to be incompatible. I say give me the nice clean lines of a pure & simple POJO.

But now I'm not so sure.

There's a real point to be made that my POJO's are really nothing without Spring's DI, and the rest of my Spring MVC web tier is of course tied closely to SpringMVC. In fact there's nothing really wrong with this either, and I've found Hibernate/SpringMVC/Freemarker to be an eminently workable combo. Plugging Acegi in was cake & my simple GWT wrapping site with user administration was the work of an afternoon.

Moreover, there sure was a lot of power in those annotations. And would it be any more embeded and than switching from what I've got now? I do have to disagree with a bit of his disdain for layers however. I really DID switch my database tier out the other day (db4o to hibernate) and the process was lovely. New DAO impl's, new appicationContext-hibernate.xml and... off she goes! Well, up until GWT bonks on a hibernate PersistantList, but that's for another day.

The main revelation in the podcast is Gavin's defense of stateful web applications. After some amusing IBM potshots, he really starts to make some sense (interestingly, the more expletives/minute the more sense he seems to make.) The only real issues I've had with Spring MVC have been
  1. Inefficiencies from not wanting to use the session, because.. well the session was verboten at work due to vapor-concerns about scalability

  2. Back-Button, refresh, history...

  3. Lazy Loading, NonUniqueIdentifier etc. exceptions

Seam's great solution is to just go ahead and use the session, but to introduce the idea of conversational scope. While this is precisely what Spring WebFlow does as well & I could've solved a couple of the problems above more easily with access to the session, I have to admit that Seam's implementation was pretty darn slick. I'd love to hear a good debate about the relative merits of the two (well, a bit flamey, but still good), as well as somebody to rebut Gavin's assertion that stateful session beans are not as unscalable and unworkable as we'd all been led to believe.

And back to audacity. Finishing up that podcast I really wonder whether being such a... so forthright, about his opinions really leads to more willingness to innovate. I love the Spring project, but I wonder if it will end up too much of a fixed J2EE and not enough of a revolution.

I'd really love to see a little more about Seam's Ajax capabilities. That's on the things to google list. Right now I'd definitely consider Seam vs my Spring MVC for a new traditional web app. However for the project at hand, the guts in GWT land and I wouldn't throw away my ability to manipulate DOM code like a Swing-set for all the component based wonderful-ness on offer.

Just don't load my site in two tabs at the same time ;)

Thursday, August 17, 2006

java MD5 password hash

So you want to hash a password, store in the DB and go on your merry way. Not being wise in the way of hashing you might think that a simple google for "java MD5 hash" will do you right, but you'd be wrong. In fact it has a good shot of leading you to something like the following (at least 2 examples that I found), which has a cute little bug lurking beneath the surface.

private String hashPassword(String password) {
String hashword = null;
try {
MessageDigest md5 = MessageDigest.getInstance("MD5");
BigInteger hash = new BigInteger(1, md5.digest());
hashword = hash.toString(16);

} catch (NoSuchAlgorithmException nsae) {

return hashword;


but the right answer is:
(note the '0')

The trick of course is that the integer 045 == 45, even in bigInteger land.

A simple

return pad(hashword,32,'0');
private String pad(String s, int length, char pad) {
StringBuffer buffer = new StringBuffer(s);
while (buffer.length() < length) {
buffer.insert(0, pad);
return buffer.toString();

will sort you.

Glad I chose "test" as a test password or I might have found this at a more unfortunate juncture as the other 3 test users I created worked without a hitch. Amazing to think that in this day and age, blindly copying code from the Internet into you app is still an imperfect method of application development.

Of course if you copy & paste this code, well, that's totally different. It's been tested.. er.. well visually inspected for at least.. um.. a minute.

OMG there's a new Neal Stephenson book.

Wednesday, August 16, 2006

NoSuchRequestHandlingMethodException for your MultiActionController?

Make sure you're returning the right type of ModelAndView from your MultiActionController.

import org.springframework.web.servlet.ModelAndView; --good--
import org.springframework.web.portlet.ModelAndView; --bad, and very frustrating--

Sunday, August 13, 2006

Thoughts GWT, SCM, etc

So just slammed into subversive's:
170002: Unknown authorization method

after switching my project over from subclipse 20 minutes before since I'd become totally fed up with strange 'this directory is already in the repository' comments and general arcane error messages that must be cleared with oddly named menuitems. Do I lose cool points for saying I'd be more than happy to go back to cvs? I understand the svn arguments, but really scm is 99% the eclipse plugin and 1% source code management theory for me.

Thankfully Igor at Polarion seems to have sorted subversive in 1.0.1... Oh except for the fact that 1.0.1 seems to rogered everything and now it tries to connect to svn%20ssh instead of svn+ssh. Sweet. He says it'll be fixed Friday. I think that was 2 days ago.

happily reverting subversive 1.0.0RC2 seems to have worked, although it did delete all of my repository information & disconnect me automatically for all of my projects without asking nicely...

Thankfully GWT continues to be a favorite bauble. Most of my complaints are based simply on my impatience. Integrating Acegi is going allright, although it has exposed some tradeoffs that are important to keep in mind. If you'd like you com.myco.client.domain.User to implement acegi's UserDetail... you're in for a bit of frustration as even once you figure out that you need to have the source included in you 3rd party acegi.jar, you're still stuck with futsing with module.xml's and inheritance etc that will soon make you run for cover.

com.myco.server.domain.ServerSideUser extends User has sorted me for now, although the proliferation of workaround code continues.

Starting to poll for developers to enlist in aid of my new project. This is not a dig on my friends, but I'm starting to wish I'd spent a bit more time playing video games in college and getting to know the code kittens. These artsy well rounded types can program worth a damn.