Edvin has posted 8 posts at DZone. View Full User Profile

BRAP - Trouble Free, Lightning Fast Remoting With Authentication

08.24.2009
| 3707 views |
  • submit to reddit
Location: 
http://brap.tornado.no

If you are building a GUI application, chances are you need to access some services exposed on a remote server. In the past, I often landed on Spring HttpInvoker with Spring Security because I wanted to program against interfaces, use binary remoting for optimal performance, and I needed custom authentication/authorization.

While probably being amongst the better solutions for Java-to-Java remoting, this combination comes at a cost:

  • Size on the client. You need quite a chunk of the Spring dependencies making your client too heavy for many usecases.
  • Cost of initial setup. Getting HttpInvoker up and running is easy enough, but configuring Spring Security to meet your needs can be a daunting task, at least for the first time user.

Enter BRAP. Using native Java binary serialization, encapsulated over HTTP, and with an easy to understand authentication/authorization scheme, the 16k dependency on your client is well worth it! You can easily use your existing domain objects as credentials for authentication, and there is an optional module for "pass-by-reference"-like behavior, so that changes happening to the method arguments on the server will be reflected on the client after the method invocation returns.

Simple example

Accessing a remote service is easy:

MyService myService = (MyService) ServiceProxyFactory
.createProxy(MyService.class, "http://example.com/MyService");

Exposing a service on the server can be done solely in web.xml or with the optional Spring support. Web.xml configuration:

<servlet>
<servlet-name>myservice</servlet-name>
<servlet-class>no.tornado.brap.servlet.ProxyServlet</servlet-class>
<init-param>
<param-name>service</param-name>
<param-value>com.example.MyServiceImpl</param-value>
</init-param>
<init-param>
<param-name>authorizationProvider</param-name>
<param-value>no.tornado.brap.auth.AuthenticationNotRequiredAuthorizer</param-value>
</init-param>
</servlet>

<servlet-mapping>
<servlet-name>myservice</servlet-name>
<url-pattern>/MyService</url-pattern>
</servlet-mapping>

More info

That's all the configuration you need to get up and running. But don't let the simplicity fool you - BRAP supports powerful customization and some unique features. Read the short and concise documentation or check out some screencasts.

Getting BRAP

BRAP is available in the central Maven repository . Add the following to your pom.xml:

<!-- Client -->
<dependency>
<groupId>no.tornado.brap</groupId>
<artifactId>brap-client</artifactId>
<version>0.9.1</version>
</dependency>

<!-- Server -->
<dependency>
<groupId>no.tornado.brap</groupId>
<artifactId>brap-server</artifactId>
<version>0.9.1</version>
</dependency>

<!-- Optional Spring support on the server -->
<dependency>
<groupId>no.tornado.brap</groupId>
<artifactId>brap-spring</artifactId>
<version>0.9.1</version>
</dependency>

<!-- Optional modification support on the server -->
<dependency>
<groupId>no.tornado.brap</groupId>
<artifactId>brap-modification</artifactId>
<version>0.9.1</version>
</dependency>


There is also something to be said for having read and understood all the code that goes into protecting your remoting services. You can read through all the source code and have a good overview of all the bits and pieces of BRAP within an hour.

I would love to hear what you think of BRAP, and changes/requests are very welcome!

0
Published at DZone with permission of its author, Edvin Syse.

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)

Comments

Jacek Furmankiewicz replied on Wed, 2009/08/26 - 9:20am

Uhm...are you aware you just re-invented Hessian?

http://hessian.caucho.com/#Introduction%20to%20Hessian

And I believe's Hessian serialization is even more efficient than the base Java one, plus it's actually multilanguage (so you could pass objects from Java to other languages and back).

Edvin Syse replied on Wed, 2009/08/26 - 11:54am

Hi Jacek,

Correct me if I'm wrong, but I think there are quite a few differences:

  • BRAP is 16k on the client, Hessian is 277k. In an applet for example, that makes for quite a difference in load-time.
  • Hessian does not have authentication/authorization built-in.
  • Hessian does not have "pass-by-reference"-like behavior, which essentially empowers you to to write the remote client in exactly the same way you would when using local services (with respect to changes that occur to the method arguments while the service call executes)
  • Hessian's cross-platform support is not very well implemented, at least not for PHP. Try it and see if you have any hair left :)
  • Thank you for pointing out the Hessian serialization. I will check it out, and if it makes for any improvements, I'll make the serialization mechanism pluggable in BRAP. I though about that for using the Wicket serialization, but I think they are going to can it for native Java serialization.

Jacek Furmankiewicz replied on Wed, 2009/08/26 - 9:01pm in response to: Edvin Syse

Good points, but...

a) no one uses applets, really. It's a failed technology (and 6u10 was not much of an improvement)
b) authentication is easy with Spring Security in the context of a larger app
c) interesting, I will look more at that
d) true, I have not tried it personally with other languages. It's been a long time since I wanted to touch PHP :-)

Either way, it's good work you are doing here. I may actually try it out very soon on our current project for inter-server communication.

P.S. Thanks for the Maven integration out-of-the-box.

 

Edvin Syse replied on Thu, 2009/08/27 - 1:40am

Hi again :)

I have one more treat if you need remoting in an OSGI-controlled client, for example an Eclipse RCP application - all the jars come with OSGI metadata as well :)

I would very much like to hear from you if you try it out in your project!

Jean-Francois P... replied on Fri, 2009/08/28 - 9:23pm

Hi, BRAP seems interesting, I'll probably test it in the coming weeks.

I have a couple of questions though:

  1. Why don't you use Java 5 generics (at least for the proxy on the client side, that would avoid all these casts)?
  2. I see you require the server side interface put in web.xml. Will this work with Guice-servlet (with which you don't need to do anything to web.xml anymore, all servlet, filter... config is in Java?

Edvin Syse replied on Sat, 2009/08/29 - 1:25am

Hi Jean-Francois,

Thank's for your input!

  1. I will investigate the use of generics for the ServiceProxyFactory.
  2. You can easily create the ProxyServlet programmatically without using web.xml, I did it with Jetty Embedded a couple of weeks back. If there is any need for configuring BRAP with the HTTP-server included with the JDK, I could add that as well :)

Edvin Syse replied on Sat, 2009/08/29 - 11:14am

Hi again Jean-Francois,

I must thank you again - I just added generics to the client and the result was actually quite nice :)

You can now do:

MyService service = ServiceProxyFactory.createProxy(MyService.class, "http://example.com/MyService"); 

And you have type safety!

The functionality is available in trunk now, and will be released with 0.9.2 probably next week.

Peter Salomonsen replied on Tue, 2009/10/27 - 7:54am

Hi,

 This is very similar to LMAppletserver which have been around since 2004:

 http://pjsjava.blogspot.com/2009/01/accessing-ejb3-session-beans-from.html

LMAppletserver was created addressing the same demands for a java native client-server communication.

 regards,

 

Peter

 

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.