|
Sponsored Links
Resources
Enterprise Java
Research Library
Get Java white papers, product information, case studies and webcasts
|
News
News
News
|
Messages: 15
Messages: 15
Messages: 15
Printer friendly
Printer friendly
Printer friendly
Post reply
Post reply
Post reply
XML
XML
XML
|
 |
Article: JSF Anti-Patterns and Pitfalls
"JSF AntiPatterns and Pitfalls" by Dennis Byrne covers anti-patterns and pitfalls of day to day JSF development. Most of these issues have kept the author up at night; some of these are the same old challenges with a new face. These challenges include performance, tight coupling, thread safety, security, interoperability and just plain ugliness.
A short excerpt:Portlet Issues
I feel sorry for Portlet developers. I really do. These people are always on the mailing lists and forums with problem after problem and it’s never their fault. If any group of people has been bent over by the standards bodies, it is Portlet application developers.
Some parts of the JSF API behave different when inside a Portlet application. If your code is to run within a Portlet application and a regular Servlet container there are a few assumptions that need to be avoided. Here is some code assuming it will always run in a Servlet container.FacesContext ctx = FacesContext.getCurrentInstance();
ExternalContext externalContext = ctx.getExternalContext();
ServletRequest request = (ServletRequest) externalContext.getRequest();
String id = request.getParameter("id"); If your code will run in a Portlet application you must make not make explicit casts to javax.servlet.ServletRequest or javax.servlet.ServletResponse. If this code were used in a Portlet application, ExternalContext.getRequest would return a javax.portlet.PortletRequest, causing a ClassCastException. An interoperable way to obtain a value of a request attribute is to do the following.FacesContext ctx = FacesContext.getCurrentInstance();
ExternalContext externalContext = ctx.getExternalContext();
externalContext.getRequestParameterMap().get("id"); (It's worth noting that Dennis will be presenting at TheServerSide Java Symposium on this exact subject.)
|
|
|
Message #248166
Post reply
Post reply
Post reply
Go to top
Go to top
Go to top
|
|
Re: Article: JSF Anti-Patterns and Pitfalls
Nice write up Dennis-- good tips in there for JSF and non-JSF deployments around modeling objects and managing reuse for applications.
|
|
|
Message #248171
Post reply
Post reply
Post reply
Go to top
Go to top
Go to top
|
|
Your portlet points are well taken ...
I feel sorry for Portlet developers. I really do. These people are always on the mailing lists and forums with problem after problem and it’s never their fault. If any group of people has been bent over by the standards bodies, it is Portlet application developers.
+1.
Portlets could be a lot more widely adopted than they currently are for a variety of reasons but I blame mostly weaknesses in the spec for the lack of adoption. Actually, the idea of creating reusable, JSF based portlets is pretty attractive. If one can work through all of the idiosyncracies of getting the servlet spec, the portlet spec and JSF to cooperate it kind of works. But it's a pain in the arse at times.
For example, I still don't understand at this point why there isn't just a single conversational state object that is defacto for all HTTP communication in JEE. Regardless of whether it's with a servlet, a portlet or a JSF component. Why the conversational state ever got tied to the delivery technology, instead of the protocol, I have no idea.
|
|
|
Message #248181
Post reply
Post reply
Post reply
Go to top
Go to top
Go to top
|
|
Re: Article: JSF Anti-Patterns and Pitfalls
Yes, good write up. For what it's worth:
Because all JSF implementations automatically parse /WEB-INF/faces-config.xml, if it exists, as well as all files specified in the comma separated list of the javax.faces.CONFIG_FILES context parameter. When /WEB-INF/faces-config.xml is specified in the javax.faces.CONFIG_FILES context parameter it can be parsed twice. The PhaseListeners configured in this file are consequently registered twice at startup and invoked twice at runtime.
Mojarra doesn't have The Déjà vu PhaseListener problem. When we're processing config files, we make sure we don't process this file twice.
|
|
|
Message #248194
Post reply
Post reply
Post reply
Go to top
Go to top
Go to top
|
|
View State Encryption
Could you post any more details or links to JSF implementations that allow View State Encryption?
My Google search turned up nothing except for some references to ASP.net.
Thanks.
|
|
|
Message #248202
Post reply
Post reply
Post reply
Go to top
Go to top
Go to top
|
|
Re: Article: JSF Anti-Patterns and Pitfalls
I submit:
JSF *is* an anti-pattern.
Let the flames begin, it's chilly tonight, I could use it!
|
|
|
Message #248232
Post reply
Post reply
Post reply
Go to top
Go to top
Go to top
|
|
Re: Your portlet points are well taken ...
Actually, the idea of creating reusable, JSF based portlets is pretty attractive. If one can work through all of the idiosyncracies of getting the servlet spec, the portlet spec and JSF to cooperate it kind of works. But it's a pain in the arse at times.
Thanks to JSR-301 and the JBoss Portlet Bridge worries are eliminated and the developer only needs to worry about their JSF, Seam, or RichFaces application.
|
|
|
Message #248296
Post reply
Post reply
Post reply
Go to top
Go to top
Go to top
|
|
Re: Article: JSF Anti-Patterns and Pitfalls
JSF *is* an anti-pattern.
+1
I would have thought minimum requirements for a web layer toolkit would include:
- *not* being forward based, e.g. should support Post-Redirect-Get out of the box
- *not* baking in view artifacts, like referencing JSP pages. Use logical view names and allow a view resolver to work out what view technology is being used.
- Having a halfway decent notion of a conversation as well as rich *navigation*.
Its pretty easy to use jQuery + JSP 2.0 tags to build rich pages. What's difficult to do is the rich navigation part, like offered by Spring Webflow.
I wonder how long its going to take for JSF to die, i.e. less or more time than J2EE.
|
|
|
Message #248353
Post reply
Post reply
Post reply
Go to top
Go to top
Go to top
|
|
Re: Re: Article: JSF Anti-Patterns and Pitfalls
JSF *is* an anti-pattern. +1
I would have thought minimum requirements for a web layer toolkit would include:
- *not* being forward based, e.g. should support Post-Redirect-Get out of the box
- *not* baking in view artifacts, like referencing JSP pages. Use logical view names and allow a view resolver to work out what view technology is being used.
- Having a halfway decent notion of a conversation as well as rich *navigation*.
Its pretty easy to use jQuery + JSP 2.0 tags to build rich pages. What's difficult to do is the rich navigation part, like offered by Spring Webflow.
Since you've mentioned a plug on Spring, I'll do one of my own :)
You get pretty much all of this (and much more) with Seam and as a bonus you can dump JSP (and you can still use Spring because it is integrated).
I wonder how long its going to take for JSF to die, i.e. less or more time than J2EE.
I guess WebBeans will be pretty much it for JSF as we know it now...
|
|
|
Message #248415
Post reply
Post reply
Post reply
Go to top
Go to top
Go to top
|
|
Re: Re: Article: JSF Anti-Patterns and Pitfalls
You get pretty much all of this (and much more) with Seam and as a bonus you can dump JSP (and you can still use Spring because it is integrated).
I have looked at Seam, although only for about 2 hrs reading the doco / samples.
It does look good in that it too, like Spring Webflow (SWF) has the notion of rich navigation / conversations.
And yes, I'm working on a JSF app right now as I type this, and able to directly compare it to SWF.
|
|
|
Message #249046
Post reply
Post reply
Post reply
Go to top
Go to top
Go to top
|
|
Wait~you said "using client side state saving in production"?
Hi, Dennis:
You wrote "I strongly recommend view state encryption for public facing JSF applications using client side state saving in production because it prevents web clients from being able to tamper with the view state."
OK, my English level is not excellent and new to JSF.
But I thought using server side state saving to prevents this issue.
How do you think?
Thanks for any comment.
|
|
|
Message #249264
Post reply
Post reply
Post reply
Go to top
Go to top
Go to top
|
|
Re: Wait~you said "using client side state saving in production"
Hi, Dennis:
You wrote "I strongly recommend view state encryption for public facing JSF applications using client side state saving in production because it prevents web clients from being able to tamper with the view state."
OK, my English level is not excellent and new to JSF.
But I thought using server side state saving to prevents this issue.
How do you think?
Thanks for any comment.
Good question, there are better ways to communicate this. All you need to remember is that with unencrypted client side state saving, the view state can be manipulated by the client. By encrypting it, you prevent this problem.
|
|
|
Message #249721
Post reply
Post reply
Post reply
Go to top
Go to top
Go to top
|
|
Lacking solutions to the design patterns
Hi Dennis,
I enjoyed the article and think it is great that someone finally points out what-not-to-do when using JSF. However, I feel that you are missing alternative solutions for some of the anti-patterns. For example, you are mentioning "the Map trick" and "Law of Demeter" anti-pattern without an actual solution (or maybe I'm just not understanding it right).
The readability of the anti-patterns could also be improved if they followed the structure used in other literature about anti-patterns (e.g. background, symptoms, consequences, refactorings, variations, and related solutions).
Nevertheless, I like the article and glad that you are putting focus on the subject! Perhaps a follow-up article could be "JSF Design Patterns" as there seems to be great confusion about the best way to achieve certain functionality in real-life scenarios.
All the best.
|
|
|
| New content on TheServerSide.comNew content on TheServerSide.comNew content on TheServerSide.com |
|
|
Reza Rahman explores the features of the proposed JSR 299, Contexts and Dependency Injection for Java EE (CDI). When approved, it promises to be a key feature of Java EE 6.
(November 2, Article)
SAML is an XML-based standard for exchanging authentication and authorization data between security domains. The single most important problem that SAML was created to solve is the Web browser Single Sign-On problem. Many organizations are debating whether to stay with version 1.1 or move to 2.0. This article makes observations about both options.
(September 28, Article)
Joe Ottinger takes a look at how people learn, and applies it to the practice of programming. He notes that understanding how people learn is an essential part of working in a programming team.
(September 22, Article)
Stephen Maryka gave us an article about the Asynchronous Web and posed a number of questions that get examined like an approach to delivering Asynchronous Web capabilities through extensions to existing Java EE technologies.
(July 14, Article)
JavaServer Faces Flex goal is to provide users capability in creating standard Flex components, part of flexSDK which is open sourced through MPL license, as normal JSF components. This article by Ji Hoon Kim will provide an overview of creating a simple multilingual JSF page consisting of JSF Flex tags.
(June 29, Article)
In this session Jeff explores the key characteristics of successful SOA projects. He covers some of the patterns, and anti-patterns, tool sets, and strategies that he himself learned the hard way. Last, he provides a strategy and blueprint for achieving a high likelihood of success in your SOA project.
(June 23, Tech Talk)
Ari Zilka, CTO of Terracotta, Inc., talks about the new features in Terracotta 3.1, announced during JavaOne and available now.
(June 15, Tech Talk)
In this Tech Talk, Josh Long explores an integration challenge using Spring Integration and walks through the implementation, employing and expanding on the basic patterns of Enterprise Application Integration to tie together components into a function integration solution, and then demonstrates how Spring Integration helps address the integration requirements.
(June 15, Tech Talk)
In this Tech Talk, David Geary teaches you: The basics of Google Web Toolkit; How to implement Ajax-enabled applications in Java; Internationalization; Hooking into the browser history mechanism; Remote procedure calls.
(June 4, Tech Talk)
Jon Kern discusses the best architecture/technical solutions and ensure that they are repeated by all developers. By tackling the architecture up-front in a serial manner, subsequent parallel development will be much more manageable and predictable.
(May 28, Tech Talk)
This keynote describes the frustrations of modern knowledge workers in their quest to actually get some work done, and solutions for how to guard yourself against all those distractions. Neal Ford talks about environments, coding, acceleration, automation, and avoiding repetition as ways to defeat the misguided attempts to sap your ability to produce good work.
(May 26, Tech Talk)
Gil demonstrates how new, aggressive uses of already abundant compute capacity by common applications offer competitive value for application designers.
(May 21, Tech Talk)
Chris Keene introduces WaveMaker as a new way to automate the ability to generate Hibernate classes in order to more quickly bring OR mapping into an application.
(May 19, Article)
In this session Nati Shalom demonstrates how to take a standard Java EE web application and scale it out or down dynamically without changes to the application code. Seeing as most web applications are over-provisioned to meet infrequent peak loads, this is a dramatic change because it enables growing your application as needed, when needed, without paying for unutilized resources.
(May 19, Tech Talk)
Mastering EJB was one of the original and most influential EJB books in the industry. Mastering EJB III now returns with two new expert co-authors, updated for EJB 2.1 and 30% new chapters including security, integration, best practices, open source, and more.
(Book PDF Download)
The Application Server Matrix is a detailed listing of J2EE vendors and their application server products, with information on latest version numbers, J2EE spec support and licensing, pricing, platform support, and links to product downloads and reviews.
(Application Server Comparison Matrix)
|
|
