IN4308 Lecture 3
Upcoming SlideShare
Loading in...5

IN4308 Lecture 3



Lecture on WebDSL for course on model-driven software development at Delft University of Technology

Lecture on WebDSL for course on model-driven software development at Delft University of Technology



Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

IN4308 Lecture 3 IN4308 Lecture 3 Presentation Transcript

  • WebDSLa domain-specific language for web programming Lecture 3 Course IN4308 Eelco Visser Master Computer Science Delft University of Technology
  • Model-Driven Software DevelopmentProblem DSL HLL MachineDomain domain-specific models reduce gap between problem domain and implementation
  • Language/Model Composition code model model code code codemodeling aspects of software system with different languages customization/extensibility of models
  • Research: Software Language Engineering Automatically derive efficient,scalable, incremental compiler + usable IDE from high-level, declarativelanguage definition
  • Research: Software Language Design Systematically design domain- specific software languages with optimal tradeoff between expressivity,completeness, portability, coverage, and maintainability
  • A Case Study in Domain-Specific Language Engineering Eelco Visser. WebDSL: A Case Study in Domain- Specific Language Engineering. GTTSE 2008: 291-373
  • The Web Domainbrowser server database web app code runs on server, browser, and database
  • Concerns in Web Programming❖ Persistent data ★ data integrity ★ search❖ User interface ★ data validation ★ styling, layout ★ navigation ★ actions❖ Workflow and m ore ...❖ Access control
  • Separation of Concerns in Web ProgrammingExample❖ Data modeling ★ Java classes with JPA annotations❖ User interface ★ Java ServerFaces XML templates ★ Seam Java classes❖ Access control ★ Acegi configuration/annotation
  • Problems in Web Programming❖ Lack of integration ★ no inter-language consistency checking ★ leads to late (detection of) failures❖ Low-level encoding ★ leads to boilerplate code
  • When Seam FailsWelcome #{} Welcome #{user.nam}
  • When Rails Fails@post =[:get]) @post =[:post])
  • Late Failures in Web Applications Zef Hemel, Danny M. Groenewegen, Lennart C. L. Kats, Eelco Visser. Static consistency checking of web applications with WebDSL. Journal of Symbolic Computation, 46(2):150-182, 2011.
  • WebDSLSeparation of Concerns& Linguistic IntegrationDanny M. Groenewegen, Zef Hemel, Eelco Visser. Separation of Concerns andLinguistic Integration in WebDSL. IEEE Software, 27(5), September/October 2010.
  • WebDSLLinguistic integration of❖ Data models❖ User interface templates❖ Access control❖ Data validation
  • YellowGrass<screenshot yellowgrass>
  • researchr
  • 1,190,303publications
  • publication recordscorrect & extend
  • authorprofiles
  • bibliographies tagging reputation systemaccess control rules user groups conference calendarcommunity engineering etc.
  • 18,000 lines of WebDSL code138 (generated) tables in mysql
  • Data Models
  • Entity Declarationsentity declaration property
  • Data Model for Wiki object identifier domain-specific type
  • Automatic PersistenceData Entity DBModel Classes SchemaWebDSL Java DBObject Object Records
  • Embedded Queriesentity Page { name :: String (id) content :: WikiText modified :: DateTime}function recentlyChanged(n : Int) : List<Page> { return from Page order by modified desc limit n;}
  • Extending Built-in Typestype DateTime { // includes Date and Time types utils.DateType.format as format(String):String before(DateTime):Bool after(DateTime):Bool getTime():Long setTime(Long)}type WikiText{ as format():String}type Email { utils.EmailType.isValid as isValid():Bool} public class DateType { public static String format(Date d, String s){ return (new java.text.SimpleDateFormat(s).format(d,new StringBuffer(), new java.text.FieldPosition(0))).toString(); } }
  • Importing External Typesnative class org.json.JSONObject as JSONObject { constructor() constructor(String) get(String) : Object getBoolean(String) : Bool getDouble(String) : Double getInt(String) : Int getJSONArray(String) : JSONArray getJSONObject(String) : JSONObject getString(String) : String has(String) : Bool names() : JSONArray put(String, Object) toString() : String toString(Int) : String}
  • User Interface Templates
  • Page Definition & Navigation page navigation (page call) entity A { b -> B } entity B { name :: String } define page a(x : A) { navigate b(x.b){ output( } } define page b(y : B) { output( }page definiti on
  • Rendering Data rendering values define page page(p : Page) { header{output(}markup par{ output(p.content) } navigate editpage(p) { "[edit]" } }
  • Templates (Page Fragments) template definition define main() { includeCSS("wiki.css") top() block[class="content"] { elements()template call } parameter } define span top() { navigate root() {"Wiki"} }
  • wiki.cssdefine span top() { navigate root() {"Wiki"}} wiki.css
  • Forms define page editpage(p : Page) { main{ header{output( " (Edit)"} data form{ binding input(p.content) submit action{ return page(p); } { "Save" } } } } submi t page flowno separate controller: page renders form and handles form submission
  • Forms navigateaction
  • Non-Existing Wiki Pages navigateaction
  • Creating Objects find/create object by iddefine page page(name : String) { var p := getUniquePage(name) main{ header{output(} par{ output(p.content) } navigate editpage(p) { "[edit]" } }}
  • Modifying Datadefine page editpage(p : Page) { main{ header{output( " (Edit)"} form{ input(p.content) submit action{return page(;}{"Save"} } }} pass string
  • Core Wiki navigate creates pageaction
  • Page Indexdefine page root() { main{ list{ for(p : Page order by asc) { listitem{ navigate page({output(} } } } }}
  • Output Object = Navigationdefine output(p : Page) { navigate page( { output( }}define page root() { main{ list{ for(p : Page order by asc) { listitem{ output(p) } } } }}
  • Output Object = Navigation define output(p : Page) { navigate page( { output( } } define output(p : Page) { define page navigate page(p) { output( } root() { main{ } list{ for(p : Page order by asc) { listitem{ output(p) } }custom definition } default definition } }
  • Wrapping XML Templatesdefine menubar(){ var elementid := "menu"+getUniqueTemplateId() includeCSS("dropdownmenu.css") <div class="menuwrapper" id=elementid all attributes> <ul id="p7menubar" class="menubar"> elements() </ul> define appmenu() { </div>} menubar{define menu(){ menu{ <li class="menu" all attributes> elements() menuheader{ "Foo" } </li> menuitems{}define menuheader(){ menuitem{ "Bar" } <span class="menuheader" all attributes> menuitem{ "Baz" } elements() </span> }} }define menuitems(){ <ul class="menuitems"> } elements() } </ul>}define menuitem(){ <li class="menuitem" all attributes> elements() </li>}
  • AJAX AJAXMichel Weststrate. Abstractions for Asynchronous User Interfaces inWeb Applications. Masters thesis, Delft University of Technology, 2009.
  • AJAXDeliver page fragments, not just full pages❖ Replace page elements by new fragments❖ Templates are unit of replacement
  • Placeholders placeholderdefine page page(name : String) { var p : Page init{ p := findPage(name); } main{ placeholder pageBody { if(p == null) { pagenotfound(name) } else { showpage(p) } } }} default view
  • Replacedefine ajax showpage(p : Page) { header{output(} block[class:=content]{ output(p.content) } block[class:=modified]{ replace "Last modified on " output(p.modified) " " submitlink action{ replace(pageBody, editpage(p)); } { "[Edit]" } } block[class:=contributions]{ "Contributions by " output(p.authors) }} define ajax editpage(p : Page) { action save() { replace(pageBody, showpage(p)); } header{output( " (Edit)"} form{ par{ label("Text"){ input(p.content) } } submit save() { "Save" } } }
  • Inline Edit Text (Call by Ref) define page page(p : Page) { main{ editableText(p.content) }define ajax editableText(text : Ref<WikiText>) { placeholder showText { showWikiText(text) } }} }define ajax showWikiText(text : Ref<WikiText>) { editLink(text) output(text)}define span editLink(text: Ref<WikiText>) { action edit(){ replace(showText, editWikiText(text)); } submitlink edit() { "[edit]" }}define ajax editWikiText(text : Ref<WikiText>) { form{ input(text) submit action{ replace(showText, showWikiText(text)); }{ "Save" } } submit action{ replace(showText, showWikiText(text)); }{ "Cancel" }}
  • Email AJAX
  • Email Templatesentity Registration { username :: String fullname :: String (name) email :: Email message :: WikiText password :: Secret status :: String created :: DateTime function register() { email confirmEmail(reg); }}define email confirmEmail(reg : Registration) { to( subject("Verify your registration") par{ "Dear " output(reg.fullname) ", "} par{ "We have received a registration request for you" } par{ "To confirm the request follow this link: "} navigate registration(reg) {"confirm"}}
  • SearchSearch
  • Search search annotationssearch queries
  • Data Validation Data ValidationDanny M. Groenewegen, Eelco Visser. Integration of Data Validation and User Interface Concerns in a DSL for Web Applications. Software and Systems Modeling, 2011.
  • Data ValidationCheck input & maintain data integrityTypes of validation❖ Data invariants❖ Input assertions❖ Action assertions (see paper)❖ Value well-formedness (see paper)User interface integration❖ Display errors
  • Validation Rules data validation form validationaction assertions messages
  • Data Invariants
  • Data Invariants
  • Input Assertions
  • Customizing Error Messagesdefine errorTemplateAction(messages : List<String>){ elements() block[class="validationErrors"] { for(ve: String in messages){ output(ve) } }}
  • Data Validation Lifecycle
  • Access Control Danny M. Groenewegen, Eelco Visser. Declarative Access Control for WebDSL:Combining Language Integration and Separation of Concerns. ICWE 2008: 175-188
  • Principal representation of principalturn on access control
  • securityContext representation of principalturn on access control
  • Authentication
  • Authentication
  • Authentication
  • Registration
  • Access Control Rules Access Control Rules
  • Access Control RulesConstraints over data model❖ boolean expression over properties of objectsRules restrict access to resources❖ page, template, actionInfer restriction of navigation❖ don’t show link to inaccessible page or forbidden action
  • Access Control Rules ‘may access page f with argument x if boolean expression e is true’
  • Wiki Access Control Rules ‘anyone can view existing pages, only logged in users can create pages’‘only logged in users may edit pages’
  • Wiki Access Control Rules
  • Wiki Access Control Rules
  • Wiki Access Control Rules
  • Wiki Access Control Rules
  • Access Control PoliciesAccess Control Policies
  • Access Control PoliciesStandard Policies❖ Mandatory access control (see paper)❖ Discretionary access control❖ Role-based access controlMixing policies❖ Role-based + discretionary access controlWebDSL❖ No restrictions on access control policies
  • Encoding Access Control PoliciesRules❖ Who may access which resources?❖ Who can apply which actions?Representation❖ How are permissions stored?Administration❖ How can permissions be changed?❖ Who can change permissions?
  • Wiki: Data Model
  • Wiki: User Interface Templates (abbreviated to navigation structure)
  • Wiki: Generic Access Control Rules
  • Mandatory Access ControlSecurity Labels❖ Classification label protects object ★ Top Secret, Secret, Confidential, Unclassified❖ Clearance indicates access of subjectConfidentiality rules❖ Read-down: clearance should be higher than or equal to classification document to read❖ Write-up: clearance is lower than or equal to classification of document to write
  • MAC: representation
  • MAC: predicates
  • Discretionary Access ControlAccess control lists❖ objects have owner❖ owner grants, revokes users access to objectExample: Unix file permissions❖ read, write, execute permissions for❖ owner, group, anyone
  • DAC: representation
  • DAC: predicates
  • DAC: administration
  • Role-Based Access ControlRole: group of activities❖ authorization assigned to roles❖ users assigned to roles❖ robust to organizational changesHierarchical roles❖ least privilege: use minimal permissions for taskSeparation of duties❖ critical actions require coordination
  • RBAC: representation
  • RBAC: predicates
  • RBAC: administration
  • Mixing Access Control PoliciesReal policies❖ Mix of DAC & RBAC❖ AC rules are constraints over object graphWebDSL❖ No policies built-in
  • AccessSummary Rules Control
  • Linguistic Integration❖ Data models ★ automatic persistence❖ User interface templates ★ parameterized definition of page fragments ★ request and response handling❖ Data validation ★ form validation & data integrity❖ Access control rules and policies ★ through constraints over objects
  • Customization and ExtensionBuilt-in❖ Search (Lucene)❖ Email❖ Call-by-ref templatesExtension points❖ Embedded XML, JavaScript, HQL❖ Importing ‘native’ classes❖ Extending built-in types
  • The Future of Quarter 3❖ Lecture 4 (10/2 Thursday!) ★ Zef Hemel: mobl❖ Lecture 5 (15/2) ★ Markus Voelter: DSLs in Industry❖ Lecture Extra (22/2) ★ Sebastian Erdeweg: Sugar Libraries❖ Lecture 6 (1/3) ★ Sander Vermolen: Coupled Data Evolution❖ Lecture 7 (8/3) ★ Andre Boonzaaijer: Domain-Driven Design
  • Workflow Workflow Zef Hemel, Ruben Verhaaf, Eelco Visser. WebWorkFlow: An Object-Oriented Workflow Modeling Language for Web Applications. MoDELS 2008: 113-127Note: WebWorkFlow is not supported by current version of WebDSL
  • WorkflowCoordinating activities by participantsWebWorkFlow- object-oriented workflow definition- integrate all aspects of workflow ★ data ★ user interface ★ access control ★ control-flow- abstractions on top of base WebDSL
  • WebWorkFlow by Example: Progress Meeting
  • workflow procedure workflow object procedure callprocess definition
  • parallel enable next stepiterate
  • access controlaccess control
  • action
  • no user interface
  • condition
  • Workflow RemarksRecursive workflows (see paper)Issue: user interface patterns for workflowIs workflow an anti-pattern?❖ is workflow good interaction design?❖ determine order of user actions❖ what are alternatives?