Armbruster IT Blog

Today I’ve released a minor update to the Grails Webdav plugin. Compared with the previous version a few bugs have been fixed.

Last week I attended the gr8conf, a really great conference. One of my favorite event was the Hackergarden. In the evening after the regular talks ~30+ people came together (should I call them nerds?), split up into small groups and did some hacking on Groovy & Grails related topics. I found myself together with Davide Rossi to do some coding on deploying a Grails application to multiple tomcat nodes and manage a loadbalancer in front of them. The original goal was to finish the task at end of evening. Unfortunately we set our goal too high, and did not manage to release some code at that evening. During the last weekend I took some time to finish this and did a release today.

This plugin‘s goal is to simplify the deployment of a grails application to a cluster consisting of multiple tomcat instances and an Apache httpd mod_proxy_balancer.

It assumes you have an Apache mod_proxy_balancer running in front of multiple tomcat instances in order to provide a) high-availability and b) load-balancing to your Grails application. In such a scenario, upgrading the running application to a newer release is painful and error-prone when done manually. This plugin’s goal is to simplify that procedure by performing a “rolling upgrade”. Calling ‘grails tomcat redeploy’ performs these actions:

1. take first node offline in loadbalancer
2. undeploy app on first tomcat node
3. deploy app on first tomcat node
4. check if app responds on first tomcat node
5. take first node online in loadbalancer
6. proceed the same procedure with next node

To solve this, we’ve forked the 1.3.1 release of the tomcat plugin an added the following capabilities:

1. deploying to multiple hosts and
2. emitting lifecycle events: PreDeploy, PostDeploy, PreUndeploy, PostUndeploy
3. provide support for ‘grails tomcat redeploy’

These changes have been included in a pull request to the upstream plugin, so I’m hoping they will find their way into Grails 1.3.2.

The rest of the work has been put into the modproxybalancer plugin, taking care of remote controlling the loadbalancer  by catching up these events. mod_proxy_balancer comes with a simple management frontend called balancer-manager. This consists of some simple HTML forms that can be easily triggered using htmlunit. When the forked tomcat plugin emits a “PreUndeploy” event, the loadbalancer disables the respective tomcat node, then a normal undeploy und deploy happens. After this, the freshly deployed tomcat is checked for availablity and taken back online in the loadbalancer.

The plugin is licensend under the WTFPL.

Side note: this is my first Grails plugin with it’s sources residing on github.com. Thanks to Peter Ledbrook’s excellent blog post, I was able to use GitHub pages for the documentation.

A common requirement for many web applications is that some parts (aka controllers) should only be accessible from specifc ip addresses. Typically controllers doing some administrative or maintenance work must be protected from non-authroized access. The most complete solution for this is using a full blown security framework like the Grails Acegi plugin. But there’s also a lean and quick solution for this in Grails: use a controller interceptor:

def beforeInterceptor = {
   if (!["127.0.0.1", "0:0:0:0:0:0:0:1"].contains(request.remoteAddr)) {
      render(status: 401, text: 'Access limited to localhost')
      return false
   }
}

Grails calls the beforeIntereceptor closure prior every action in a controller. Only if it returns true, the action is executed. In the code above if the client has a non-local IP address, a 401 error is returned with an error message. Note that localhost in IPv6 is 0:0:0:0:0:0:0:1, so it work both in IPv4 and IPv6 networks.

Today I released a minor update of the Grails Neo4j plugin. The changes are:

• performance improvement by no longer calling map constructor in createInstanceForNode
• fixed transaction handling by replacing interceptor with a “real” servlet filter
• support for primitve arrays as properties in domain classes
• bugfix: handling of bidirectional many-to-many relationships
• bugfix: setProperties does no longer null out properties that have not been set
• support for encodeAsXXXX methods from CodecsGrailsPlugin. In previous versions encoding did not work, since the ‘node’
  property of the domain classes could not be encoded (it’s a neo4j internal class!). Workaround: add getNode()==null method
  in AST transformation.

Everyone using the 0.2 release is recommended to upgrade.

PKCS12 defines a file format that contains a private key an a associated certifcate. These files might be used to establish some encrypted data exchange. In the current use case, OpenVPN is used to connect to a remote network. The pkcs12 is being issued by a CA (certificat authority) tool. For security reasons, the private key contained in the pkcs12 is normally protected by a passphrase. This has the downside, that you need to manually type the passphrase whenever you need to establish the connection. But there’s a way to get around this. OpenSSL is a swiss-army-knife toolkit for managing simply everything in the field of keys and certificates. Since it’s a command line tool, you need to understand what you’re doing. So it took me a little to figure out how to remove a passphrase from a given pkcs12 file. Here’s what I’ve done:

openssl pkcs12 -in protected.p12.orig -nodes -out temp.pem
 
openssl pkcs12 -export -in temp.pem  -out unprotected.p12
 
rm temp.pem

The first command decrypts the original pkcs12 into a temporary pem file. pem is a base64 encoded format. The second command picks this up and constructs a new pkcs12 file. During this, the new passphrase is asked. By simply typing ‘return’ here, it set to nothing. When using unprotected.p12 in the OpenVPN connection, you’re no longer asked for a passphrase.

A word of warning: I do not recommend doing this generally. From my perspective it’s okay, if your unprotected pkcs12 file is protected by other means, e.g. harddisc encryption.

My favorite gadget for the last few months is definitely the Nokia N900. It’s a geeky device with a real Linux OS aboard. In opposite to it’s locked down competitors, the N900 runs Maemo, a platform consisting (mostly) of open source software. So I wonder if it’s possible to use Groovy on that. And yes, it is possible! Read more…

Today an important update of the Grails Neo4j plugin has been released. Neo4j is a graph database, it’s main concepts are described in brevity in a previous post.  The plugin provides a convenient way to use Neo4j as a persistence layer for Grails domain classes.

The key features / changes of this release are:

• domain classes managed by Neo4j can now co-existing with traditional domain classes (aka mapped by Hibernate)
• Upgrade to Neo4j 1.0
• usage of Grails dependency resolution instead of embedding the jars in /lib directory
• added a seperate controller to inspect the Neo4j node space
• major refactoring using AST transformation, just like in the couchdb plugin
• support for the Neo4j indexer
• support for non-declared properties
• support for traversers

Read more…

Since about 1 month I’m a proud owner of a Nokia N900. This gadget is really impressive, combining powerful hardware with a open source based operating system. Since it’s the very first Meamo based phone out there, it’s obvious that not everything is perfect for now.

One thing I have been struggling with is synchronizing my PIM data. On the notebook or desktop computer I’m using thunderbird together with the lightning extension (and some other useful addons) holding my contact and calendar data. This stuff should be synced to and from the N900.

The N900′s default solution for syncing is Nokia’s PC suite. Since I’m on Linux, this is no option at all. I tried to use Opensync – without succeeding. A few days ago the InternetTabletBlog published a great german article on syncing the N900 against ScheduleWorld.com. Using this information, it was pretty simple to adopt the procedure to work with Funambol.

Setting up Funambol

The installation procedure of the Funambol server is very well documented, so I’ll cover here only the main steps without going into detail.

• Download the Funambol Server from https://www.forge.funambol.org/download/
• sudo sh ./funambol-8.0.2.bin installs the server software by default to /opt/Funambol
• startup the server: /opt/Funambol/bin/funambol start
• Using funambol’s admin tool, set the server’s URL to a reasonable value
• check if http://<servername>:8080/funambol/ds return a page like this:

  Funambol Data Synchronization Server v.8.0.1
  
  Man=Funambol
  Mod=DS Server
  SwV=8.0.1
  HwV=-
  FwV=-
  OEM=-
  DevID=funambol
  DevTyp=server
  VerDTD=1.2
  UTC=true
  SupportLargeObjs=true
  SupportNumberOfChanges=true
  Ext=X-funambol-smartslow

Setup thunderbird

• Install Funambol Mozilla Sync Client and configure it to use the URL from the previous step.
• Provide an arbitrary login and password, Funambol adds an user accout automatically.
• Run the sync, your PIM data should now be copied to the Funambol server
• Check if data was transferred by logging into http://<yourserver>:8080/funambol/webdemo

Configuring the N900

This is described in detail here, so I’ll just repeat the main steps:

• install syncevoltion from http://people.debian.org/~ovek/maemo/syncevolution_0.9.1-0_armel.deb
• create a syncevoltion profile:

  syncevolution -c Funambol

• edit the config file of the created profile to match your setup:

  leafpad /home/user/.config/syncevolution/Funambol/config.ini

• run the sync:

  syncevolution Funambol

… and hopefully your done.

When Grails binds data e.g. when the controller’s bindData method is called, it instantiates a GrailsDataBinder to take the action. GrailsDataBinder configures itself with  some basic ProperyEditors. The neat thing is you can extend that behaviour by adding an arbitrary named PropertyEditorRegistrar implementation to the application context. The PropertyEditorRegistrar registers one or multiple PropertyEditors.

A recent use case was the ability to look up some domain instance by a given key and use this for data binding. Coding a seperate PropertyEditor for each domain class would not really be DRY, so I decided to go the groovy way: a DomainClassLookupPropertyEditor:

public class DomainClassLookupPropertyEditor extends PropertyEditorSupport {
 
    Class domainClass
    String property
    boolean doAssert = true
 
    String getAsText() {
        value."$property"
    }
 
    void setAsText(String text) {
        value = domainClass."findBy${StringUtils.capitalize(property)}"(text)
        assert doAssert && value, "no $domainClass found for $property '$text'"
    }
 
}

The PropertyEditor calls the domain class’ findBy<Property> method to look up the desired instance. The PropertyRegistrar looks like this:

public class MyPropertyEditorRegistrar implements PropertyEditorRegistrar {
    public void registerCustomEditors(PropertyEditorRegistry propertyEditorRegistry) {
        propertyEditorRegistry.registerCustomEditor(Author, new DomainClassLookupPropertyEditor(domainClass: Author, property: "name"))
        propertyEditorRegistry.registerCustomEditor(Book, new DomainClassLookupPropertyEditor(domainClass: Book, property: "isbn"))
    }
}

Last, we need to configure that in resources.groovy:

beans = {
    myEditorRegistrar(MyPropertyEditorRegistrar)
}

A few months ago I started to use Hudson for continuous  integration. Installing and running Hudson is very simple and well documented. There’s a plugin for Grails available.

In most of my Grails projects, I’m using the Acegi Plugin. By default, this plugin utilizes EhCache for caching user data. In principal this is a good idea but it comes to trouble when using multiple Grails apps in Hudson. The default configuration uses /tmp/userCache.data for this cache. Since multiple apps use the same cache directory, it’s obvious that we get in trouble.

The most simple solution here is to completely disable the user cache. This can be easily done in grails-app/conf/SecurityConfig.groovy by adding

cacheUsers = false

Another (and probably better) option would be using a more sophisticated cache configuration e.g. by including the application’s name in the cache store dir. Or, even better, disable the cache in development and testing environment and configure it with a unique path name for production.

As mostly always: use the simplest solution that could probably work.

Over and out.