advanced seaside
DESCRIPTION
Title: Seaside Advanced Topics Speaker: Johan Brichau Title: Advanced Seaside Speaker: Philippe Marshall Thu, August 21, 2:00pm – 3:30pm Description Abstract: If you want to know everything about building sophisticated web applications with Seaside using tightly-integrated client-side libraries and frameworks (jQuery, jQuery++, jQuery-UI, Bootstrap, jQuery-Mobile,...), transparent persistence, RESTful webservices, etc or just about what's new in Seaside, then this tutorial is for you. We will skip the basics (see the excellent online tutorials [1][2] and book [3]) and jump right into the advanced uses of jQuery, the intricate details of ajax callbacks, the extensible framework, the transparent persistence in GemStone Web Edition (GLASS), and much more. We will reserve ample time for Q&A, so bring your questions to the session. Bio: Philippe Marshall has been part of the core Seaside team for several years. He holds a MSc CompSci from the University of Bern and has previously held talks at ESUG. Dale Henrich has been working in Smalltalk since 1985 when he developed an internal application on the Tektronix 4404. The internal application was used at Tektronix for at least 20 years and may still be in use today! Since 1985 he has been lucky enough to work in Smalltalk nearly full-time, spending the last 15 years at GemStone (now GemTalk Systems) give or take a couple of years. Johan Brichau is co-founder and development lead at Yesplan.be, a "Seaside under GLASS"-based web application for event management currently used by over 80 cultural organisations in Belgium and The Netherlands.TRANSCRIPT
Advanced SeasidePhilippe Marschall
ESUG 2014
Advanced Seaside
• WARestfulComponentFilter
• session tracking
• http://smalltalkhub.com/mc/marschall/ESUG-2014/main
• http://ss3.gemstone.com/ss/frank.html
WARestfulComponentFilter
Disclaimer
• REST in this context simply means “pretty URLs”
WARestfulComponentFilter
• new with 3.1
• Norbert’s fault
• this is the missing documentation
WARestfulComponentFilter
• run “front page(s)” without session
• “window shopping”
• run pages behind with session
• central place to recover from expired session
WARestfulComponentFilter
• “REST” filter that runs before the application
• only when no session
• or session is expired
• can start session with any component instance
WARestfulComponentFilter
• if it runs, normal REST filter rules apply
• SeasideRest
• up to you how HTML is generated
• WABuilder/WAPainter
• no callbacks
• …
Example Ⅰ
• counter
• all “pages” handled by filter and component
• not the normal case
• not composable
Example Ⅱ
• one two three
• first page just static content
• link to second page with static content
• third page with counter (and session)
Session Tracking
Session Tracking
• used to be implemented in WAApplication
• had a single flag
• optionally use cookies
Session Tracking 3.1
• factored out into a strategy object
• can implement your own
• handles no or expired session
Session Tracking Fully Customizable
• query fields
• cookie only
• cookie if supported, query field otherwise
• cookie for browser, IP for crawler
• SSL session id (*)
• path parameter (*)
Query Field
• /?_s=KAAWl0x3c6KLnN6Q
• easy for development
• session per tab
• no issue with cookie laws
• no iframe issues (P3P)
Path Parameter
• ;_s=KAAWl0x3c6KLnN6Q/
• like query parameter
• doesn’t have to be hidden field in form
• required by some load balancers
• “JavaEE” way
Cookie Only
• never shows up in links
• never shows up in access logs
• links can be copied and pasted
• links can be sent by email
• session per browser
• crawlers don’t accept cookies
IP
• option for crawlers
• same session for all browsers
• issues with
• mobile clients
• NATs
• Proxies
SSL Session Id
• never shows up
• needs sever (adapter) support (3.1)
• SSL session has to be keep alive
• or client gets same id again
• no SSL session cookies
Session Tracking Fully Customizable
• query fields
• cookie only
• cookie if supported, query field otherwise
• cookie for browser, IP for crawler
• SSL session id (*)
• path parameter (*)
Custom
• variant of any of those
• combination of any of those
• can rename field
• whatever else
• eg. header set by security proxy
• client certificate
Example
• fake JavaEE
• eg. Tomcat, JBoss
• eg. for load balancer
• use existing load balancer infrastructure, configuration, documentation
• jvmRoute left as an exercise
jvmRoute
• sticky session load balancing
• no session replication
• attach image id / JVM id to session id
• /;jsessionid=KAAWl0x3c6KLnN6Q.42
• supported by “JavaEE load balancers”
Example
• jsessionid path parameter name
• JSESSIONID cookie name