Your SlideShare is downloading. ×
0
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
IN4308 Lecture 3
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

IN4308 Lecture 3

1,283

Published on

Lecture on WebDSL for course on model-driven software development at Delft University of Technology

Lecture on WebDSL for course on model-driven software development at Delft University of Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,283
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
18
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. WebDSLa domain-specific language for web programming Lecture 3 Course IN4308 Eelco Visserhttp://eelcovisser.org Master Computer Science Delft University of Technology
  • 2. Model-Driven Software DevelopmentProblem DSL HLL MachineDomain domain-specific models reduce gap between problem domain and implementation
  • 3. Language/Model Composition code model model code code codemodeling aspects of software system with different languages customization/extensibility of models
  • 4. Research: Software Language Engineering Automatically derive efficient,scalable, incremental compiler + usable IDE from high-level, declarativelanguage definition
  • 5. Research: Software Language Design Systematically design domain- specific software languages with optimal tradeoff between expressivity,completeness, portability, coverage, and maintainability
  • 6. A Case Study in Domain-Specific Language Engineering Eelco Visser. WebDSL: A Case Study in Domain- Specific Language Engineering. GTTSE 2008: 291-373
  • 7. The Web Domainbrowser server database web app code runs on server, browser, and database
  • 8. Concerns in Web Programming❖ Persistent data ★ data integrity ★ search❖ User interface ★ data validation ★ styling, layout ★ navigation ★ actions❖ Workflow and m ore ...❖ Access control
  • 9. Separation of Concerns in Web ProgrammingExample❖ Data modeling ★ Java classes with JPA annotations❖ User interface ★ Java ServerFaces XML templates ★ Seam Java classes❖ Access control ★ Acegi configuration/annotation
  • 10. Problems in Web Programming❖ Lack of integration ★ no inter-language consistency checking ★ leads to late (detection of) failures❖ Low-level encoding ★ leads to boilerplate code
  • 11. When Seam FailsWelcome #{user.name} Welcome #{user.nam}
  • 12. When Rails Fails@post = Post.new(params[:get]) @post = Post.new(params[:post])
  • 13. Late Failures in Web Applications Zef Hemel, Danny M. Groenewegen, Lennart C. L. Kats, Eelco Visser. Static consistency checking of web applications with WebDSL. Journal of Symbolic Computation, 46(2):150-182, 2011.
  • 14. WebDSLSeparation of Concerns& Linguistic IntegrationDanny M. Groenewegen, Zef Hemel, Eelco Visser. Separation of Concerns andLinguistic Integration in WebDSL. IEEE Software, 27(5), September/October 2010.
  • 15. WebDSLLinguistic integration of❖ Data models❖ User interface templates❖ Access control❖ Data validation
  • 16. webdsl.org<screenshot webdsl.org>
  • 17. YellowGrass<screenshot yellowgrass>
  • 18. researchr
  • 19. 1,190,303publications http://researchr.org
  • 20. publication recordscorrect & extend
  • 21. authorprofiles
  • 22. bibliographies tagging reputation systemaccess control rules user groups conference calendarcommunity engineering etc.
  • 23. 18,000 lines of WebDSL code138 (generated) tables in mysql
  • 24. Data Models
  • 25. Entity Declarationsentity declaration property
  • 26. Data Model for Wiki object identifier domain-specific type
  • 27. Automatic PersistenceData Entity DBModel Classes SchemaWebDSL Java DBObject Object Records
  • 28. Embedded Queriesentity Page { name :: String (id) content :: WikiText modified :: DateTime}function recentlyChanged(n : Int) : List<Page> { return from Page order by modified desc limit n;}
  • 29. Extending Built-in Typestype DateTime { // includes Date and Time types utils.DateType.format as format(String):String before(DateTime):Bool after(DateTime):Bool getTime():Long setTime(Long)}type WikiText{ org.webdsl.tools.WikiFormatter.wikiFormat as format():String}type Email { utils.EmailType.isValid as isValid():Bool} public class DateType { public static String format(Date d, String s){ return (new java.text.SimpleDateFormat(s).format(d,new StringBuffer(), new java.text.FieldPosition(0))).toString(); } }
  • 30. Importing External Typesnative class org.json.JSONObject as JSONObject { constructor() constructor(String) get(String) : Object getBoolean(String) : Bool getDouble(String) : Double getInt(String) : Int getJSONArray(String) : JSONArray getJSONObject(String) : JSONObject getString(String) : String has(String) : Bool names() : JSONArray put(String, Object) toString() : String toString(Int) : String}
  • 31. User Interface Templates
  • 32. Page Definition & Navigation page navigation (page call) entity A { b -> B } entity B { name :: String } define page a(x : A) { navigate b(x.b){ output(x.b.name) } } define page b(y : B) { output(y.name) }page definiti on
  • 33. Rendering Data rendering values define page page(p : Page) { header{output(p.name)}markup par{ output(p.content) } navigate editpage(p) { "[edit]" } }
  • 34. Templates (Page Fragments) template definition define main() { includeCSS("wiki.css") top() block[class="content"] { elements()template call } parameter } define span top() { navigate root() {"Wiki"} }
  • 35. wiki.cssdefine span top() { navigate root() {"Wiki"}} wiki.css
  • 36. Forms define page editpage(p : Page) { main{ header{output(p.name) " (Edit)"} data form{ binding input(p.content) submit action{ return page(p); } { "Save" } } } } submi t page flowno separate controller: page renders form and handles form submission
  • 37. Forms navigateaction
  • 38. Non-Existing Wiki Pages navigateaction
  • 39. Creating Objects find/create object by iddefine page page(name : String) { var p := getUniquePage(name) main{ header{output(p.name)} par{ output(p.content) } navigate editpage(p) { "[edit]" } }}
  • 40. Modifying Datadefine page editpage(p : Page) { main{ header{output(p.name) " (Edit)"} form{ input(p.content) submit action{return page(p.name);}{"Save"} } }} pass string
  • 41. Core Wiki navigate creates pageaction
  • 42. Page Indexdefine page root() { main{ list{ for(p : Page order by p.name asc) { listitem{ navigate page(p.name){output(p.name)} } } } }}
  • 43. Output Object = Navigationdefine output(p : Page) { navigate page(p.name) { output(p.name) }}define page root() { main{ list{ for(p : Page order by p.name asc) { listitem{ output(p) } } } }}
  • 44. Output Object = Navigation define output(p : Page) { navigate page(p.name) { output(p.name) } } define output(p : Page) { define page navigate page(p) { output(p.name) } root() { main{ } list{ for(p : Page order by p.name asc) { listitem{ output(p) } }custom definition } default definition } }
  • 45. Wrapping XML Templatesdefine menubar(){ var elementid := "menu"+getUniqueTemplateId() includeCSS("dropdownmenu.css") <div class="menuwrapper" id=elementid all attributes> <ul id="p7menubar" class="menubar"> elements() </ul> define appmenu() { </div>} menubar{define menu(){ menu{ <li class="menu" all attributes> elements() menuheader{ "Foo" } </li> menuitems{}define menuheader(){ menuitem{ "Bar" } <span class="menuheader" all attributes> menuitem{ "Baz" } elements() </span> }} }define menuitems(){ <ul class="menuitems"> } elements() } </ul>}define menuitem(){ <li class="menuitem" all attributes> elements() </li>}
  • 46. AJAX AJAXMichel Weststrate. Abstractions for Asynchronous User Interfaces inWeb Applications. Masters thesis, Delft University of Technology, 2009.
  • 47. AJAXDeliver page fragments, not just full pages❖ Replace page elements by new fragments❖ Templates are unit of replacement
  • 48. Placeholders placeholderdefine page page(name : String) { var p : Page init{ p := findPage(name); } main{ placeholder pageBody { if(p == null) { pagenotfound(name) } else { showpage(p) } } }} default view
  • 49. Replacedefine ajax showpage(p : Page) { header{output(p.name)} block[class:=content]{ output(p.content) } block[class:=modified]{ replace "Last modified on " output(p.modified) " " submitlink action{ replace(pageBody, editpage(p)); } { "[Edit]" } } block[class:=contributions]{ "Contributions by " output(p.authors) }} define ajax editpage(p : Page) { action save() { replace(pageBody, showpage(p)); } header{output(p.name) " (Edit)"} form{ par{ label("Text"){ input(p.content) } } submit save() { "Save" } } }
  • 50. Inline Edit Text (Call by Ref) define page page(p : Page) { main{ editableText(p.content) }define ajax editableText(text : Ref<WikiText>) { placeholder showText { showWikiText(text) } }} }define ajax showWikiText(text : Ref<WikiText>) { editLink(text) output(text)}define span editLink(text: Ref<WikiText>) { action edit(){ replace(showText, editWikiText(text)); } submitlink edit() { "[edit]" }}define ajax editWikiText(text : Ref<WikiText>) { form{ input(text) submit action{ replace(showText, showWikiText(text)); }{ "Save" } } submit action{ replace(showText, showWikiText(text)); }{ "Cancel" }}
  • 51. Email AJAX
  • 52. Email Templatesentity Registration { username :: String fullname :: String (name) email :: Email message :: WikiText password :: Secret status :: String created :: DateTime function register() { email confirmEmail(reg); }}define email confirmEmail(reg : Registration) { to(reg.email) subject("Verify your registration") par{ "Dear " output(reg.fullname) ", "} par{ "We have received a registration request for you" } par{ "To confirm the request follow this link: "} navigate registration(reg) {"confirm"}}
  • 53. SearchSearch
  • 54. Search search annotationssearch queries
  • 55. Data Validation Data ValidationDanny M. Groenewegen, Eelco Visser. Integration of Data Validation and User Interface Concerns in a DSL for Web Applications. Software and Systems Modeling, 2011.
  • 56. Data ValidationCheck input & maintain data integrityTypes of validation❖ Data invariants❖ Input assertions❖ Action assertions (see paper)❖ Value well-formedness (see paper)User interface integration❖ Display errors
  • 57. Validation Rules data validation form validationaction assertions messages
  • 58. Data Invariants
  • 59. Data Invariants
  • 60. Input Assertions
  • 61. Customizing Error Messagesdefine errorTemplateAction(messages : List<String>){ elements() block[class="validationErrors"] { for(ve: String in messages){ output(ve) } }}
  • 62. Data Validation Lifecycle
  • 63. Access Control Danny M. Groenewegen, Eelco Visser. Declarative Access Control for WebDSL:Combining Language Integration and Separation of Concerns. ICWE 2008: 175-188
  • 64. Principal representation of principalturn on access control
  • 65. securityContext representation of principalturn on access control
  • 66. Authentication
  • 67. Authentication
  • 68. Authentication
  • 69. Registration
  • 70. Access Control Rules Access Control Rules
  • 71. Access Control RulesConstraints over data model❖ boolean expression over properties of objectsRules restrict access to resources❖ page, template, actionInfer restriction of navigation❖ don’t show link to inaccessible page or forbidden action
  • 72. Access Control Rules ‘may access page f with argument x if boolean expression e is true’
  • 73. Wiki Access Control Rules ‘anyone can view existing pages, only logged in users can create pages’‘only logged in users may edit pages’
  • 74. Wiki Access Control Rules
  • 75. Wiki Access Control Rules
  • 76. Wiki Access Control Rules
  • 77. Wiki Access Control Rules
  • 78. Access Control PoliciesAccess Control Policies
  • 79. Access Control PoliciesStandard Policies❖ Mandatory access control (see paper)❖ Discretionary access control❖ Role-based access controlMixing policies❖ Role-based + discretionary access controlWebDSL❖ No restrictions on access control policies
  • 80. Encoding Access Control PoliciesRules❖ Who may access which resources?❖ Who can apply which actions?Representation❖ How are permissions stored?Administration❖ How can permissions be changed?❖ Who can change permissions?
  • 81. Wiki: Data Model
  • 82. Wiki: User Interface Templates (abbreviated to navigation structure)
  • 83. Wiki: Generic Access Control Rules
  • 84. Mandatory Access ControlSecurity Labels❖ Classification label protects object ★ Top Secret, Secret, Confidential, Unclassified❖ Clearance indicates access of subjectConfidentiality rules❖ Read-down: clearance should be higher than or equal to classification document to read❖ Write-up: clearance is lower than or equal to classification of document to write
  • 85. MAC: representation
  • 86. MAC: predicates
  • 87. Discretionary Access ControlAccess control lists❖ objects have owner❖ owner grants, revokes users access to objectExample: Unix file permissions❖ read, write, execute permissions for❖ owner, group, anyone
  • 88. DAC: representation
  • 89. DAC: predicates
  • 90. DAC: administration
  • 91. Role-Based Access ControlRole: group of activities❖ authorization assigned to roles❖ users assigned to roles❖ robust to organizational changesHierarchical roles❖ least privilege: use minimal permissions for taskSeparation of duties❖ critical actions require coordination
  • 92. RBAC: representation
  • 93. RBAC: predicates
  • 94. RBAC: administration
  • 95. Mixing Access Control PoliciesReal policies❖ Mix of DAC & RBAC❖ AC rules are constraints over object graphWebDSL❖ No policies built-in
  • 96. AccessSummary Rules Control
  • 97. Linguistic Integration❖ Data models ★ automatic persistence❖ User interface templates ★ parameterized definition of page fragments ★ request and response handling❖ Data validation ★ form validation & data integrity❖ Access control rules and policies ★ through constraints over objects
  • 98. Customization and ExtensionBuilt-in❖ Search (Lucene)❖ Email❖ Call-by-ref templatesExtension points❖ Embedded XML, JavaScript, HQL❖ Importing ‘native’ classes❖ Extending built-in types
  • 99. The Future of Quarter 3❖ Lecture 4 (10/2 Thursday!) ★ Zef Hemel: mobl❖ Lecture 5 (15/2) ★ Markus Voelter: DSLs in Industry❖ Lecture Extra (22/2) ★ Sebastian Erdeweg: Sugar Libraries❖ Lecture 6 (1/3) ★ Sander Vermolen: Coupled Data Evolution❖ Lecture 7 (8/3) ★ Andre Boonzaaijer: Domain-Driven Design
  • 100. Workflow Workflow Zef Hemel, Ruben Verhaaf, Eelco Visser. WebWorkFlow: An Object-Oriented Workflow Modeling Language for Web Applications. MoDELS 2008: 113-127Note: WebWorkFlow is not supported by current version of WebDSL
  • 101. WorkflowCoordinating activities by participantsWebWorkFlow- object-oriented workflow definition- integrate all aspects of workflow ★ data ★ user interface ★ access control ★ control-flow- abstractions on top of base WebDSL
  • 102. WebWorkFlow by Example: Progress Meeting
  • 103. workflow procedure workflow object procedure callprocess definition
  • 104. parallel enable next stepiterate
  • 105. access controlaccess control
  • 106. action
  • 107. no user interface
  • 108. condition
  • 109. Workflow RemarksRecursive workflows (see paper)Issue: user interface patterns for workflowIs workflow an anti-pattern?❖ is workflow good interaction design?❖ determine order of user actions❖ what are alternatives?

×