Compiler Construction | Lecture 5 | Transformation by Term Rewriting
IN4308 Lecture 3
1. WebDSL
a domain-specific language for web programming
Lecture 3
Course IN4308
Eelco Visser
http://eelcovisser.org
Master Computer Science
Delft University of Technology
3. Language/Model Composition
code model model
code code code
modeling aspects of software system with different languages
customization/extensibility of models
4. Research: Software Language Engineering
Automatically derive efficient,
scalable, incremental compiler +
usable IDE from high-level,
declarativelanguage
definition
5. Research: Software Language Design
Systematically design domain-
specific software
languages with optimal
tradeoff between expressivity,
completeness, portability, coverage, and
maintainability
6. A Case Study in Domain-
Specific Language Engineering
Eelco Visser. WebDSL: A Case Study in Domain-
Specific Language Engineering. GTTSE 2008: 291-373
7. The Web Domain
browser server database
web app
code runs on server, browser, and database
8. Concerns in Web Programming
❖ Persistent data
★ data integrity
★ search
❖ User interface
★ data validation
★ styling, layout
★ navigation
★ actions
❖ Workflow
and m ore ...
❖ Access control
9. Separation of Concerns in Web Programming
Example
❖ Data modeling
★ Java classes with JPA annotations
❖ User interface
★ Java ServerFaces XML templates
★ Seam Java classes
❖ Access control
★ Acegi configuration/annotation
10. Problems in Web Programming
❖ Lack of integration
★ no inter-language consistency checking
★ leads to late (detection of) failures
❖ Low-level encoding
★ leads to boilerplate code
13. Late Failures in Web Applications
Zef Hemel, Danny M. Groenewegen, Lennart C. L. Kats, Eelco Visser.
Static consistency checking of web applications with WebDSL. Journal of
Symbolic Computation, 46(2):150-182, 2011.
14. WebDSL
Separation of Concerns
& Linguistic Integration
Danny M. Groenewegen, Zef Hemel, Eelco Visser. Separation of Concerns and
Linguistic Integration in WebDSL. IEEE Software, 27(5), September/October 2010.
28. Embedded Queries
entity Page {
name :: String (id)
content :: WikiText
modified :: DateTime
}
function recentlyChanged(n : Int) : List<Page> {
return from Page order by modified desc limit n;
}
29. Extending Built-in Types
type DateTime { // includes Date and Time types
utils.DateType.format as format(String):String
before(DateTime):Bool
after(DateTime):Bool
getTime():Long
setTime(Long)
}
type WikiText{
org.webdsl.tools.WikiFormatter.wikiFormat as format():String
}
type Email {
utils.EmailType.isValid as isValid():Bool
}
public class DateType {
public static String format(Date d, String s){
return (new java.text.SimpleDateFormat(s).format(d,new StringBuffer(),
new java.text.FieldPosition(0))).toString();
}
}
46. AJAX AJAX
Michel Weststrate. Abstractions for Asynchronous User Interfaces in
Web Applications. Master's thesis, Delft University of Technology, 2009.
47. AJAX
Deliver page fragments, not just full pages
❖ Replace page elements by new fragments
❖ Templates are unit of replacement
55. Data Validation
Data Validation
Danny M. Groenewegen, Eelco Visser. Integration of Data Validation and User Interface
Concerns in a DSL for Web Applications. Software and Systems Modeling, 2011.
56. Data Validation
Check input & maintain data integrity
Types of validation
❖ Data invariants
❖ Input assertions
❖ Action assertions (see paper)
❖ Value well-formedness (see paper)
User interface integration
❖ Display errors
57. Validation Rules
data validation
form validation
action assertions messages
63. Access Control
Danny M. Groenewegen, Eelco Visser. Declarative Access Control for WebDSL:
Combining Language Integration and Separation of Concerns. ICWE 2008: 175-188
64. Principal
representation of principal
turn on access control
65. securityContext
representation of principal
turn on access control
71. Access Control Rules
Constraints over data model
❖ boolean expression over properties of objects
Rules restrict access to resources
❖ page, template, action
Infer restriction of navigation
❖ don’t show link to inaccessible page or forbidden
action
72. Access Control Rules
‘may access page f with
argument x if boolean
expression e is true’
73. Wiki Access Control Rules
‘anyone can view
existing pages, only
logged in users can
create pages’
‘only logged in users may edit pages’
79. Access Control Policies
Standard Policies
❖ Mandatory access control (see paper)
❖ Discretionary access control
❖ Role-based access control
Mixing policies
❖ Role-based + discretionary access control
WebDSL
❖ No restrictions on access control policies
80. Encoding Access Control Policies
Rules
❖ Who may access which resources?
❖ Who can apply which actions?
Representation
❖ How are permissions stored?
Administration
❖ How can permissions be changed?
❖ Who can change permissions?
84. Mandatory Access Control
Security Labels
❖ Classification label protects object
★ Top Secret, Secret, Confidential, Unclassified
❖ Clearance indicates access of subject
Confidentiality rules
❖ Read-down: clearance should be higher than or
equal to classification document to read
❖ Write-up: clearance is lower than or equal to
classification of document to write
91. Role-Based Access Control
Role: group of activities
❖ authorization assigned to roles
❖ users assigned to roles
❖ robust to organizational changes
Hierarchical roles
❖ least privilege: use minimal permissions for task
Separation of duties
❖ critical actions require coordination
97. Linguistic Integration
❖ Data models
★ automatic persistence
❖ User interface templates
★ parameterized definition of page fragments
★ request and response handling
❖ Data validation
★ form validation & data integrity
❖ Access control rules and policies
★ through constraints over objects
99. The Future of Quarter 3
❖ Lecture 4 (10/2 Thursday!)
★ Zef Hemel: mobl
❖ Lecture 5 (15/2)
★ Markus Voelter: DSLs in Industry
❖ Lecture Extra (22/2)
★ Sebastian Erdeweg: Sugar Libraries
❖ Lecture 6 (1/3)
★ Sander Vermolen: Coupled Data Evolution
❖ Lecture 7 (8/3)
★ Andre Boonzaaijer: Domain-Driven Design
100. Workflow Workflow
Zef Hemel, Ruben Verhaaf, Eelco Visser. WebWorkFlow: An Object-Oriented
Workflow Modeling Language for Web Applications. MoDELS 2008: 113-127
Note: WebWorkFlow is not supported by current version of WebDSL
101. Workflow
Coordinating activities by participants
WebWorkFlow
- object-oriented workflow definition
- integrate all aspects of workflow
★ data
★ user interface
★ access control
★ control-flow
- abstractions on top of base WebDSL
112. Workflow Remarks
Recursive workflows (see paper)
Issue: user interface patterns for workflow
Is workflow an anti-pattern?
❖ is workflow good interaction design?
❖ determine order of user actions
❖ what are alternatives?