Providing a web-interface for a Jade application

[ConvertFromOldNGs]

by allistar >> Sun, 12 Jan 2003 9:33:42 GMT

Hi there,
I have recently developed an Apache (the popular web server) module that allows Jade code to be embedded in a web page. This code is then executed by Jade and results from Jade can be displayed on the web page. I have called it JHP (Jade Hypertext Preprocessor). For anyone who is familiar with PHP it is basically the same (except the code is pure Jade).

I have done this in an effort to make web-ising a Jade application as simple as possible, without requiring jadehttp.dll or being tied to IIS or the Windows platform.

Here is a simple example of the sort of thing you can do:

<HTML></BODY>
The current time is:<BR>
<?jhp
vars
time: TimeStamp;
begin
echo(time.String);
end;
?>
</BODY></HTML>

I am familiar with other ways of providing a web interface to a Jade database (such as an older version of the "Internet Schema" which uses jadehttp.dll and using a "web enabled" application). Both of these solutions make it very hard for the web delevoper to have full control over how data gets displayed. DOing that almost always requires a Jade development license.

This post is to make this new tool known to other Jade developers so they can get benefit from it (I honestly think it makes web-ising a Jade application mush more easy and cost effective than current ways of doing so). There is a free (fully functional) demo of this available on request.
Find more information at: http://www.silvermoon.co.nz/jhp.html

I would be interested in what other people think of this concept, and what possibilities you see for it's use.

Regards,
Allistar.

------------------------------------------------------------------
Allistar Melville
Software Developer, Analyst allistar@silvermoon.co.nz
Auckland, NEW ZEALAND

Silvermoon Software
Specialising in JADE development and consulting
Visit us at: http://www.silvermoon.co.nz ------------------------------------------------------------------

[ConvertFromOldNGs]

by wxv >> Thu, 16 Jan 2003 5:36:03 GMT

I would be interested in what other people think of this concept, and what possibilities you see for it's use.

It looks great, very clean syntax. I know quite a few of us have done things very similar with web development in jade.

I think the biggest benifit by this kind of aproach is that it combines standard web development methodologies and tools and integrates it cleanly with your business objects and data in jade.

Some of the questions i would have are:
- How rich are the programming constructs in the script page? Can you define additional methods (or classes) on the same script page?
- How rich are the utility routines? i.e. HTML & URL Encode/Decode?
- What kind of templating functions or page building methods does it support (ie "custom tags", "page includes", "server side controls", "XSL" ?)
- Can you call the script file directly, or do you have to pass it through as a parameter to the ISAPI DLL, CGI file, or apache mod?
- Do you have easy access read and set information in the HTTP headers of the request and response?
- How cleanly and transparently is session state handled? What kind of options are there to persist the session identifier on the client?
- Can you directly invoke "servlets" inside the database?
- Whats the performance and scalability like? Can you have multiple request being handled simultaniously? Can several web servers and jade clients be used to handle the load? Can large responses be written to the web client as their being generated?
- Can it easily handle other types of content? (i.e. XML, WML, images, SOAP calls)
- Reliablity? Will a application session survive a web server going down? A database restart?
- Security? Are config files secure? Can a session id be faked? Can users read or execute arbritrary code?

Ive had to deal with most of these issues here. Finding the answers for our own solution in Jade was always fun


Wilfred.

[ConvertFromOldNGs]

by allistar >> Thu, 16 Jan 2003 8:09:54 GMT

I would be interested in what other people think of this concept, and what possibilities you see for it's use.

It looks great, very clean syntax. I know quite a few of us have done things very similar with web development in jade.

I think the biggest benifit by this kind of aproach is that it combines standard web development methodologies and tools and integrates it cleanly with your business objects and data in jade.

Some of the questions i would have are:
- How rich are the programming constructs in the script page? Can you define additional methods (or classes) on the same script page?

Each JHP block is one method, that allows you to access anything in the Jade database.

- How rich are the utility routines? i.e. HTML & URL Encode/Decode?

The URL decoding is handled by the Apache module (it parses the parameters from the URL and allows those parameters to be embedded in the Jade code in Perl syntax (i.e. prefixed with a $). This is for both POST and GET type variables).

- What kind of templating functions or page building methods does it support (ie "custom tags", "page includes", "server side controls", "XSL" ?)

The JHP schema is very basic, at the moment it is quite low level in that it allows you to embed Jade code in a web page and display the result in place of the Jade code.

I have intentionally left it quite low level, anything like session security, server side includes etc. is an exercise for the developer (server side includes would be very simple, simple echo back the contents of a file that reside on the Jade server machine (or maybe a SLOB in the database). JHP simply provides the access to the Jade database.

As an aside, I am currently developing a shopping cart/ordering demo using JHP. This has me designing session tracking into JHP (actually in a superschema of JHP).

- Can you call the script file directly, or do you have to pass it through as a parameter to the ISAPI DLL, CGI file, or apache mod?

It is only an Apache module. Any file with the extension "jhp" is passed through the JHP module and processed (just like PHP).

- Do you have easy access read and set information in the HTTP headers of the request and response?

At the moment I haven't allowed the HTTP headers to be modified by the Jade code (although you can put Jade code in between the <HEAD> and </HEAD> tags so you can put in things like META-EQUIV refresh statements).

You can read POST (int the headers) and GET information (from the URL).

- How cleanly and transparently is session state handled? What kind of options are there to persist the session identifier on the client?

JHP is lower level than that. With the ordering demo I am developing I do this by having a shared transient instance that gets created when the user logs in. This is then passed around the web sites as either a GET or POST variable.

- Can you directly invoke "servlets" inside the database?

The Jade code you embed in the web page can do anything you could do in a normal Jade method (except for GUI). This could include executing an external application in Jade, sending emails from Jade, printing. Anything.
The idea is that you build up a framework that sits between your application schema and the JHP schema. That framework could include things such as session management, security, HTML formatting code etc. I hope to have a few such frameworks available, and if JHP becomes popular then I would like to see those shared amongst the community,

- Whats the performance and scalability like? Can you have multiple request
being handled simultaniously? Can several web servers and jade clients be used to handle the load? Can large responses be written to the web client as their being generated?

I have designed this in a listener/worker model. That is that the listener takes the incoming JHP requests and passes them onto a worker. The workers must exist on the same node as the listener as shared transients are used. The number of workers is configurable, and allows multiple requests to be handled at once.

I have not yet done a lot of scalability testing. (I only have a Linux box at home, and the Jade database is 30km away in the city accessable over a PPTP connection over ADSL, which isn;t exactly the most efficient way of running it. Even in that configuration pages are still served with 1-2 seconds (which includes looping through objects in Jade and outputting them to an HTML table)).

- Can it easily handle other types of content? (i.e. XML, WML, images, SOAP calls)

I am going to investigate how to allow a browser to upload files through the Apache module into Jade. I don;t know much about how that works so will have to do a bit of research.

I ummed and arred about using SOAP but didn;t want the expense of unwrapping the XML. Efficiency was a goal and since there is only one thing that this can do - send Jade code - it was a no brainer to implement a simple TCP/IP protocol for the transfer from Apache mod to Jade server.

- Reliablity? Will a application session survive a web server going down? A database restart?

That depends on your implementation of sessions. The way I have implemented session management in my demo is to create a shared transient in the Jade process. This means that is the Apache server goes down the session is still "alive"/ I have also built in a natural timeout on the session (if it is not used within a certain amount of time then it is considered to be "dead").

- Security? Are config files secure? Can a session id be faked? Can users read or execute arbritrary code?

The user cannot inject Jade code to be executed into a webpage. All code is on the server side. Anyone with access to the actual .jhp files can do whatever they want (as with ASP or PHP).

The only config file that needs modifying is: /etc/httpd/conf/commonhttpd.conf
and
/etc/httpd/conf/http.conf

They are as secure as your Linux box is (you need root access to modify them).

Faking session id is up to the way you are implementing them. The way I am doing it for my demo is this:

a session id is valid if:
- a shared transient instance for that id exists
- the client IP address fo the current request is that same as the client IP that created the session
- the session havs not timed out.

Ive had to deal with most of these issues here. Finding the answers for our own solution in Jade was always fun

I have found developing session management interesting. At the moment a session is represented by the object id of the shared transient session object. Not exactly foolproof but I will encrypt that for production.

Thanks for the comments. I am familiar with other ways of interfacing between a Jade database and the web (jadehttp.dll and SOAP) and have recently been playing around with PHP. It struck me that server side preprocessing of HTML allows for very rapid and easy design of a website. I looked at PHP and made the logical jump to PHP.

Regards,
Allistar.

------------------------------------------------------------------
Allistar Melville
Software Developer, Analyst allistar@silvermoon.co.nz
Auckland, NEW ZEALAND

Silvermoon Software
Specialising in JADE development and consulting
Visit us at: http://www.silvermoon.co.nz ------------------------------------------------------------------

[ConvertFromOldNGs]

by JensRichnow >> Mon, 27 Jan 2003 1:06:48 GMT

Good work and I can see many good uses, especially as it is not tied to the number of user licences. Still a long way to go, though, as indicated by the questions by 'wxv'. However, an interesting approach and promising approach. I was trying to run Jade using Apache Web Server but as you might guess without much success. Although I learnt quit a bit about Apache this way.

The approach I'm using (still under development) is to utilise Java's servlet/JSP/JavaBean suit to interface with Jade (either as pure ODB or server applications) using Tomcat in suit with Apache. It allows to take advantage of all web-specific features already implemented in Tomcat and/or the Java web components (such as security, session management, etc.).

It is good to have an alternative to the jadehttp.dll and IIS binding. We are running Apache and PostNuke and without alternatives to the IIS binding there would be no easy way to utilise Jade server applications with web clients, etc.

Good luck! Could I request a demo copy this way?

I just wonder what Jade's intention is re the web client implementation for the forthcoming Linux version. Surely, it must cater for popular web servers.

[ConvertFromOldNGs]

by allistar >> Mon, 27 Jan 2003 1:56:05 GMT

Good work and I can see many good uses, especially as it is not tied to the number of user licences. Still a long way to go, though, as indicated by the questions by 'wxv'. However, an interesting approach and promising approach. I was trying to run Jade using Apache Web Server but as you might guess without much success. Although I learnt quit a bit about Apache this way.

I have been adding functionality, and it can now:
- echo any text back to the browser - method is called "echo()"
- redirect the browser to any page - method is called "redirect()"
- store and retrieve cookies - method is called "getCookie()" and "setCookie()"
- handle sessions (there are so many ways of doing this, and the implementation is still up to the developer of the website, I have implemented one way of doing this).

The approach I'm using (still under development) is to utilise Java's servlet/JSP/JavaBean suit to interface with Jade (either as pure ODB or server applications) using Tomcat in suit with Apache. It allows to take advantage of all web-specific features already implemented in Tomcat and/or the Java web components (such as security, session management, etc.).

I have been interested in learning more about Java myself, especially regarding internet connectivity.

One cool thing about JHP is that is can output JavaScript (that the client executes - is is just text after all). Also it should be
possible to redirect the output of a JHP parsed page through another Apache module, such as PHP - providing the power of both languages.

It is good to have an alternative to the jadehttp.dll and IIS binding. We are running Apache and PostNuke and without alternatives to the IIS binding there would be no easy way to utilise Jade server applications with web clients, etc.

TCP/IP communications is a breeze in Jade, and not too difficult in C
or C++ either. With the power and openess of it you are not limited to any particular platform.

Good luck! Could I request a demo copy this way?

Thanks! I am currently developing a demonstration site using JHP. It
is coming together quite well (it's a basic web based ordering
system). Once it's up and running I will make a link available and let people play with it (I need to purchase a new computer to work as a
Jade server - I don't have any windows boxes at home).

If you want a beta copy of the demo send me an email to info@silvermoon.co.nz and I'll put one together.

(Hopefully the spambots don't catch that address, one good advantage
of these groups being private).

I just wonder what Jade's intention is re the web client implementation for the forthcoming Linux version. Surely, it must cater for popular web servers.

An interesting question. At the moment There are more Apache servers
out there than there are IIS servers, which is a major reason why I targetted Apache and not IIS.

Regards,
Allistar.

------------------------------------------------------------------
Allistar Melville
Software Developer
Auckland, NEW ZEALAND

Greentree International,
Developer of Greentree Financial Software. ------------------------------------------------------------------