BRAP - Trouble Free, Lightning Fast Remoting With Authentication
If you are building a GUI application, chances are you need to access some services exposed on a remote server. In the past, I often landed on Spring HttpInvoker with Spring Security because I wanted to program against interfaces, use binary remoting for optimal performance, and I needed custom authentication/authorization.
While probably being amongst the better solutions for Java-to-Java remoting, this combination comes at a cost:
- Size on the client. You need quite a chunk of the Spring dependencies making your client too heavy for many usecases.
- Cost of initial setup. Getting HttpInvoker up and running is easy enough, but configuring Spring Security to meet your needs can be a daunting task, at least for the first time user.
Enter BRAP. Using native Java binary serialization, encapsulated over HTTP, and with an easy to understand authentication/authorization scheme, the 16k dependency on your client is well worth it! You can easily use your existing domain objects as credentials for authentication, and there is an optional module for "pass-by-reference"-like behavior, so that changes happening to the method arguments on the server will be reflected on the client after the method invocation returns.
Simple example
Accessing a remote service is easy:
MyService myService = (MyService) ServiceProxyFactory
.createProxy(MyService.class, "http://example.com/MyService");
Exposing a service on the server can be done solely in web.xml or with the optional Spring support. Web.xml configuration:
<servlet>
<servlet-name>myservice</servlet-name>
<servlet-class>no.tornado.brap.servlet.ProxyServlet</servlet-class>
<init-param>
<param-name>service</param-name>
<param-value>com.example.MyServiceImpl</param-value>
</init-param>
<init-param>
<param-name>authorizationProvider</param-name>
<param-value>no.tornado.brap.auth.AuthenticationNotRequiredAuthorizer</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>myservice</servlet-name>
<url-pattern>/MyService</url-pattern>
</servlet-mapping>
More info
That's all the configuration you need to get up and running. But don't let the simplicity fool you - BRAP supports powerful customization and some unique features. Read the short and concise documentation or check out some screencasts.
Getting BRAP
BRAP is available in the central Maven repository . Add the following to your pom.xml:
<!-- Client -->
<dependency>
<groupId>no.tornado.brap</groupId>
<artifactId>brap-client</artifactId>
<version>0.9.1</version>
</dependency>
<!-- Server -->
<dependency>
<groupId>no.tornado.brap</groupId>
<artifactId>brap-server</artifactId>
<version>0.9.1</version>
</dependency>
<!-- Optional Spring support on the server -->
<dependency>
<groupId>no.tornado.brap</groupId>
<artifactId>brap-spring</artifactId>
<version>0.9.1</version>
</dependency>
<!-- Optional modification support on the server -->
<dependency>
<groupId>no.tornado.brap</groupId>
<artifactId>brap-modification</artifactId>
<version>0.9.1</version>
</dependency>
There is also something to be said for having read and understood all the code that goes into protecting your remoting services. You can read through all the source code and have a good overview of all the bits and pieces of BRAP within an hour.
I would love to hear what you think of BRAP, and changes/requests are very welcome!
(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)
Comments
Jacek Furmankiewicz replied on Wed, 2009/08/26 - 9:20am
Uhm...are you aware you just re-invented Hessian?
http://hessian.caucho.com/#Introduction%20to%20Hessian
And I believe's Hessian serialization is even more efficient than the base Java one, plus it's actually multilanguage (so you could pass objects from Java to other languages and back).
Edvin Syse replied on Wed, 2009/08/26 - 11:54am
Hi Jacek,
Correct me if I'm wrong, but I think there are quite a few differences:
Thank you for pointing out the Hessian serialization. I will check it out, and if it makes for any improvements, I'll make the serialization mechanism pluggable in BRAP. I though about that for using the Wicket serialization, but I think they are going to can it for native Java serialization.
Jacek Furmankiewicz replied on Wed, 2009/08/26 - 9:01pm
in response to:
Edvin Syse
Good points, but...
a) no one uses applets, really. It's a failed technology (and 6u10 was not much of an improvement)
b) authentication is easy with Spring Security in the context of a larger app
c) interesting, I will look more at that
d) true, I have not tried it personally with other languages. It's been a long time since I wanted to touch PHP :-)
Either way, it's good work you are doing here. I may actually try it out very soon on our current project for inter-server communication.
P.S. Thanks for the Maven integration out-of-the-box.
Edvin Syse replied on Thu, 2009/08/27 - 1:40am
Hi again :)
I have one more treat if you need remoting in an OSGI-controlled client, for example an Eclipse RCP application - all the jars come with OSGI metadata as well :)
I would very much like to hear from you if you try it out in your project!
Jean-Francois P... replied on Fri, 2009/08/28 - 9:23pm
Hi, BRAP seems interesting, I'll probably test it in the coming weeks.
I have a couple of questions though:
Edvin Syse replied on Sat, 2009/08/29 - 1:25am
Hi Jean-Francois,
Thank's for your input!
Edvin Syse replied on Sat, 2009/08/29 - 11:14am
Hi again Jean-Francois,
I must thank you again - I just added generics to the client and the result was actually quite nice :)
You can now do:
And you have type safety!
The functionality is available in trunk now, and will be released with 0.9.2 probably next week.
Peter Salomonsen replied on Tue, 2009/10/27 - 7:54am
Hi,
This is very similar to LMAppletserver which have been around since 2004:
http://pjsjava.blogspot.com/2009/01/accessing-ejb3-session-beans-from.html
LMAppletserver was created addressing the same demands for a java native client-server communication.
regards,
Peter