Reactive Web Programming with Lift

Lucas Satabin

[email protected]

Reactive Web Programming with Lift th

July 7 2010

Reactive Web Programming with Lift

2

Lift Books

Available April 2011 Early preview: http://www.manning.com/perrett/

Free online version: http://groups.google.com/group/the-lift-book


3

Lift Tutorials

The lift maven archetypes!

http://www.infoq.com/presentations /lift-web-framework-scala-pollack Official website: http://www.liftweb.net/

“

Lift is the only new framework in the last four years to offer fresh and innovative approaches to web development. It's not just some incremental improvements over the status quo, it redefines the state of the art. If you are a web developer, you should learn Lift. Even if you don't wind up using it everyday, it will change the way you approach web applications. Michael Galpin, Developer, eBay


Lift What is Lift?

‣A framework for writing web applications in Scala ‣Solves elegantly many common problems encountered in web application development

‣Includes the best ideas from all other web frameworks! (Rails, Django, Wicket, …)

‣Write reactive web applications quickly ‣... Once you understood the concepts...

5


Architecture

6


Lift Configuration

‣Application configuration in a Boot class ‣Define the website structure ‣Define the />

index.html

Welcome! Welcome to Lift at !

17


18

The Snippet part HelloWorld.scala

package ctfda.firstApp.snippet import java.util.Date import scala.xml.NodeSeq import net.liftweb.util.Helpers._

class HelloWorld { def sayHello(html: NodeSeq): NodeSeq = bind("hello", html, "date" -> new Date().toString) }


And Voilà! $ mvn jetty:run … A lot of stuffs … [INFO] Starting scanner at interval of 5 seconds.

19


Adding New Pages

‣All accessible pages configured in the Boot class ‣The SiteMap describes the web application structure

20


Session Management Problems and Solution


Session Management A general (and ubiquitous) problem

‣Why do I need sessions? ‣HTTP is stateless → it makes everything difficult ‣Where should sessions be managed? ‣On the client side ‣On the server side ‣On both sides?

22


Sessions in Lift ‣Lift is a stateful framework! ‣LiftSession NOT build on top of HttpSession ‣Implemented with an actor managing the lifecycle of sessions ‣Two main classes: SessionVar and RequestVar ‣No direct reference to the session ‣Type-safe access to the at="content"> Welcome! Welcome to Lift at !
Please give your name

24


Session Variable Result

25


Persistence


The Mapper Component ‣Original persistence framework ‣Closely tied to JDBC ‣Based on two basic traits ‣Mapper → per-instance features ‣MetaMapper → global operations ‣Inheriting from these traits makes the entity persistent ‣Easy to use for > New comment

Name

Comment

36


Comet

37


Comet: Principles ‣Programming technique ‣Allows a server to send messages to clients ‣Better than classical polling ‣Different approaches for implementation ‣Hidden IFrame ‣Long polling ‣Alternative: HTML5 server-sent DOM events

38


Comet in Lift ‣Different implementations ‣Sleeping threads Does not scale! ‣Non-Blocking IO ‣Jetty Continuations when running in Jetty ‣Future: Servlet 3.0 Suspended Requests ‣Actor driven development ‣CometActor does almost everything for you!

39


Comet in Lift: Ideas ‣A dispatcher actor object ‣Publish/Subscribe style ‣Comet actors register with this actor ‣A Comet actor ‣One instance per type per session ‣Update the client content

40


Comet Flow in Lift

‣Gets a Comet request ‣Checks the CometActors to see if there are any messages. ‣If no messages, request suspended, no response to client ‣When your Comet actor receives a message, response is calculated, request resumed

‣Response sent to client

41


Comet Comments case class AddComment(postId: Long, author: String, date: Date, content: String) object Blog { ... def comments(html: NodeSeq): NodeSeq = { ... bind("comment", html, AttrBindParam("cometName", S param "id" open_!, "name"), "newAuthor" -> text("Anonymous", a => author = a), "newContent" -> textarea("", t => content = t), "submit" -> ajaxSubmit("Post comment!", () => { Commenter ! AddComment(id, author, new Date, content) Noop })) } }

42


Commenter Actor object Commenter extends LiftActor with ListenerManager { var postId = 0L def createUpdate = postId override def lowPriority = { case AddComment(postId, author, date, content) => // save the comment ... // save the post id this.postId = postId updateListeners() } }

43


Comet Actor class Comments extends CometActor with CometListener { override def shouldUpdate = { case id: Long if id == name.map(_.toLong).open_! => true case _ => false } def registerWith = Commenter val postId = S.param("id").map(_.toLong).openOr(0L) var comments: List[Comment] = getComments private def getComments = Comment.findAll( By(Comment.post, postId), OrderBy(Comment.date, Descending)) override def lowPriority = { case id: Long => comments = getComments reRender(false) case _ => Log info "other message" } def render = bindComments }

44


Security


Authentication

‣Using the MegaProtoUser class ‣Allows use of Realms ‣For example Single Sign-On ‣Abstractions for Basic and Digest HTTP Authentication ‣Hierarchical role structure

46


XSS Attacks

‣Nonce generated each time a form is loaded ‣Avoid scripting ‣Resistant to the OWASP top 10 vulnerabilities including ‣XSS ‣XSRF ‣parameter tampering

47


Resources Access ‣Strong control over accessible resources ‣Only pages added to the SiteMap ‣WEB-INF and template-hidden directories never directly accessible

‣Use of container access control ‣Configuration in web.xml ‣Works on all Servlet containers

48


To be continued...


What Else? ‣Support for RESTful web services ‣A lot of helpers ‣JSON parser ‣Email ‣Checks ‣… ‣Integration with ‣OpenID ‣XMPP (Jabber) ‣Lucene ‣Facebook

50


And Even More

‣Widgets ‣Calendar ‣Table sorter ‣Tree view ‣… ‣Screens and Wizards

51


Thank you for your attention Any questions?