Thursday, September 13, 2007

Why Java still sucks but there are some things done right for web development (to me anyway), in 10 minutes

Overview

Writing this will get me banned from the development community for life. Actually, I don't know if I really belong to any development community so I guess I can sleep soundly at night. Basically, unless you are living under a rock, the development world has made great strides in terms of language development. There are at least a dozen popular/mainstream programming languages that are used to perform various computing tasks. Some are open sourced, some are closed. Some are geared towards a specific niche in computing. Some are more general purpose languages. Java, C, C++, C#, Haskell, Common Lisp, Python, Ruby, Erlang Assembly/Machine Language (x86 for example) are probably some you have heard of.

Lets get to the point (this is really about Java); Java and some other imperative languages that are defined by a sequence of steps to define a particular task (which can be cumbersome) are not as productive as declarative programming styles where the step-by-step inner workings are hidden and you only are to focus on the particular goal of the operation based on the given inputs. For example, Haskell is a purely functional programming language that adheres to the declarative programming paradigm. There are probably various studies and analysis comparing lines of code, number of bugs, productivity and other metrics comparing different programming paradigms; the java/imperative/object-oriented, procedual approach seems to lose out. With that being said, Sun (creators of java) have created a complete system that may not include the best language but does include a set of libraries and components that can aid in a variety of different computing tasks. And this may not be the most important statistic, but millions of developers and thousands of companies probably rely on the java platform and it is too costly to which to something else. Me, I work with and write web software for a Financial Services company (sort of online banking); security is important, completing a task on time is important, accuracy, stability, reliability are important. Does a Java/J2EE based system gurantee that? Not 100% of the time? But, it does provide for those things a majority of the time. Would a system based on Rails, Django, Haskell Server Pages, ErlyWeb work? Maybe. My purpose in writing this is to say that there are some things that Sun and Java, J2EE have done right. In the future, there are some things that an emerging language may hijack from the Java platform to sway those developers. From the language developers I have read about and great hackers out there, they don't really care about how many users are using their particular tool. It is really more for the other developers (eg, java developers) who are fed up with things like NullPointerExceptions, Out of Memory Errors, 40 lines to open/read/write a file; these developers are dying to move away from the java platform, but a lack of a SSL library or lack of a database connectivity api held them back from switching to something else.

So, what has Java/J2EE done right?

There are a couple of things surrounding Java that I just find "productive", I have certainly missed a few and you certainly may disagree but by and large I find these things useful. And I know that some of these libraries don't begin and end with Java and are common in other development environments.

Jar files, War files

This is really a small thing. But I guess because of the nature of loading byte code compiled java classes, Sun wanted to create something similar to an executable. They came up with the jar (java archive) file which is basically just an zipped archive of java classes. If you want to get more creative, you can "Secure" your jar files and/or provide meta information like the target jvm and what-not. Personally, I think this is useful just like an binary executable is useful. All of the libraries are typically in one place and normally "read-only". Applications based on interpreted languages like Ruby, which are script driven run of a library of separate scripts as opposed to one archived file. This may or may not be a good thing. Sure, python has "egg", but I think the python developers chose the expanded directories. It is great to be able to edit a script or patch an application just by updating one single file but it has been my experience that "users" tinker with their applications (edit the script files) too often for my comfort, jeopardizing the integrity of the application. Having one file, plug and play library or set of libraries like the jar and war file limits what the developer has to worry about. In the case of the war file, you also can update your entire application remotely by uploading it through an application server web interfaces.

The servlet api

The core servlet api, especially the HttpServlet class is pretty simple and does what you would expect. Given a GET/POST/HEAD request, process the incoming request parameters and then modify the response. Pretty basic.

For example, a doGet handler might look like the following (python pseudo code)

doGet(request, response):
session = request.getSession();
parm = request.getParameter("action");
session.setAttribute("prev.action", parm);
out = response.getWriter();
cookie = new Cookie();
cookie.setAttribute("remember.me", "true");
out.println("");
response.redirect();

JSPs/Taglibs

A corrollary, along the lines of the Servlet class is the Java Server Page (JSP), the J2EE HTML/XML view technology. Think of JSPs as a HTML templating system that parses your java model classes and displays the values to the user surrounded by the rendered HTML or XML. JSP idioms can get ugly, especially when you want to iterate over a collection of beans in a List and then print the values out or perform other "if/choose" operations.

[c:forEach items="${command.mediaList}" var="curmedia" varStatus="status"]
[c:cout value="${curmedia}"]
[/c:forEach]

The default JSP (eg JSP 2.0) system has all but been replaced by taglib driven MVC frameworks like JSF and Struts. The advantage of these newer technologies is that the difficult web tasks like form validation, model driven development, error message handling are handled by the framework.

Filters

Filters are pretty useful especially in a high security application. Basically, you can apply a filter in front of a Servlet request and do post processing before the response goes out to the user. For example, you may want to filter all newline characters (protects against HTTP poisoning attacks) from a request.

doFilter(request, response, chain):
// process incoming input from request and modify output.

I kind of threw a bunch of common api calls in there because those are pretty common. Handling cookies, sessions, the request parameters are easy to get at. You still are limited by the procedural style of Java development, call by call but at least the api is pretty apparent.

Web Archive Layout

The web layout for a Java web application is not entirely intuitive or behaviour driven like the MVC framework Rails, but it is consistent and it does make some sense in a java context.

MY_WEB_APP:
[top level of the web application, called MY_WEB_APP]
[includes view oriented files, jsps, html, etc]
WEB-INF:
[application oriented, byte code classes, libraries]
[web configurations, like web.xml]
classes:
[java byte code classes, packages]
lib:
[java library files, jars, etc]
META-INF:

Consistent Database Connectivity API.

Java does have a general purpose connectivity library that provides an interface to database specific drivers. Some features go unused and some have security holes, but it is easy to connect to your database with a couple of calls. On the other side, some language implementations provide driver specific libraries, ODBC oriented libraries. These are ok and they normally provide interfaces for returning rows, meta information, but with JDBC, it is nice to be able to connect an Oracle or MySQL with the same code and only changing the url connect strings. I am kind of oversimplifying what is involved in database development in java; ignoring object relation mapping, connection pooling but you do have jdbc as a base to start with.

XML Libraries

Security

My knowledge of the java security framework is limited, but I know it is there and it works. I do know that other languages don't have or their security intefaces aren't reliable. What do I want from a security library? Well, the ability to do ssl/https socket connectivity is a start. APIs for the popular encryption algorithms are another plus.

Ant's Build.xml (and maybe Maven)

Ant and their build.xml in the java world is akin to the gnu make utility. It is XML based and may not be the best descriptive language for builds but it does the job of compiling java classes. It does allow for full builds of your application in one call at the command-line. Also can be used for daily builds (see cruise-control) without an over-complicated make/bash script. Outside of java build it provides an inteface for pretty much anything you could think of. FTP, SFTP, JUNIT calls, Copy, Mkdir (Maven, the other java build tool is supposed to be a better "ant", that is what I heard anyway)

Tomcat

Tomcat is a third party web servlet container developed by the Apache software group. It is simple, reliable and does its job; serving up jsp/servlet based applications. It may or may not be what you want in a production environment and will probably require some performance tuning outside of the default configuration.

The others, the other libraries and Applications

Java has certainly matured over the last 10-12 years. With that maturity comes a proliferation of a numebr of libraries for common tasks. Popular librares include:

SpringMVC/Struts (Middleware and MVC framework), Hibernate/iBatis (Object Relational Mapping), Lucene (Full Text Search), Log4j (logging framework), GWT (Google Webtoolkit for Ajax Development), Ant (build tool) JUnit (unit testing), iText (PDFs), dom4j/jdom (XML Processing) Jboss, WebLogic, etc, etc.

JVM Languages

Earlier, I didn't mention an overwhelming fondness for the Java language. Jython, JRuby, Scala, ABCL (Common Lisp) implementations allow the syntatic sugar of their according languages on top of the Java virtual machine. In most cases, you have access to any of the Java API's that are available.

Eclipse IDE (with WTP)

this resource hog wild java/web development environment has a little bit of everything; project management, java/package explorers, profiling tools, java debugging tools, ant tools, junit unit testing interface, custom views/perspectives, plugin support (for example interfaces to SVN, GIT, etc). Some developers despise it and chose something lighter like JEdit, Vim, or even IntelliJ. It does take some getting used to.


References
1. http://en.wikipedia.org/wiki/Category:Declarative_programming_languages
2. http://en.wikipedia.org/wiki/Haskell_%28programming_language%29
3. http://en.wikipedia.org/wiki/Common_Lisp
4. http://java.sun.com/
5. http://en.wikipedia.org/wiki/Java_(programming_language)
6. http://www.paulgraham.com/gh.html Paul Graham on Great Hackers.
7. http://lambda-the-ultimate.org/
8. http://en.wikipedia.org/wiki/Apache_Struts
9. http://en.wikipedia.org/wiki/Apache_Tomcat
10. http://en.wikipedia.org/wiki/Eclipse_(software)
11. http://ant.apache.org/
12. http://java.sun.com/javaee/
13. http://java.sun.com/j2se/1.5.0/docs/guide/concurrency/index.html


1 comment:

George said...

What about kawa scheme my favorite.