Google App Engine for Business 101 #s2gx

How to Build, Manage & Run Your Business Applications on Google’s Infrastructure
Christian Schalk – Developer Advocate, Google

  • not really an advocacy position
  • still in engineering, but work a lot more with users directly
  • go out to companies to help them be successful

What is cloud computing?

  • lots of different definitions
  • pyramid of (bottom up): 
    • infrastructure as a service 
      • joyent, rackspace, vmware, amazon web services
      • provides cooling, power, networking
    • application platform as a service 
      • GAE falls in this category
      • tools to build apps
    • software as a service 
      • google docs, etc.

GAE

  • easy to build
  • easy to maintain
  • easy to scale 
    • appengine resides in google’s overall infrastructure so will scale up as needed
  • started with only python
  • with java support, opened the doors for java enterprise developers

By the Numbers

  • launched in 2008
  • 250,000 developers
  • 100,000+ apps
  • 500M+ daily pageviews 
    • 19,000 queries per second — has almost doubled since January

Some Partners

  • best buy
  • socialwok
  • xylabs
  • ebay
  • android developer challenge
  • forbes
  • buddypoke 
    • 62 million users
  • gigya 
    • do social integration for large media events (movie launches, sports events) — huge spikes in traffic so GAE just handles it
  • ubisoft
  • google lab
  • ilike
  • walk score
  • gigapan
  • others
  • point here is it’s very easy to drop specific apps on GAE without running litearlly everything on GAE
  • very popular among social networking apps because of easy scalability

Why App Engine?

  • managing everything is hard
  • diy hosting means hidden costs 
    • idle capacity
    • software patches & upgrades
    • license fees
  • “cloud development in a box”

App Engine Details

  • collection of services 
    • memcache, datastore, url fetch, mail, xmpp, task queue, images, blobstore, user service
  • ensuring portability — follows java standards 
    • servlets -> webapp container
    • jdo/jpa -> datasource api
    • java.net.URL -> URL fetch
    • javax.mail -> Mail API
    • javax.cache -> memcache
  • extended language support through jvm 
    • java, scala, jruby, groovy, quercus (php), javascript (rhino)
  • always free to get started
  • liberal quotas for free applications 
    • 5M pageviews/month
    • 6.5 CPU hours/day

Application Platform Management

  • download and install SDK 
    • Eclipse plugin also available
  • build app and then deploy to the public GAE servers
  • app engine dashboard
  • app engine health history 
    • shows status of each service individually across GAE as a whole

Tools

  • google app engine launcher for python
  • sdk console 
    • local version of the app engine dashboard
  • google plugin for eclipse 
    • wizard for building new app engine apps
    • can run the entire gae environment locally within eclipse
    • easy deployment to app engine servers
    • in process of building a new version of this with more features

Continuously Evolving

  • aggressive schedule for providing new features
  • may 2010 — app engine for business announced

What’s New?

  • multi-tenant apps with namespace API
  • high performance image serving
  • openid/oauth integration
  • custom error pages
  • increased quotas
  • app.yaml now usable in java apps
  • can pause task queues
  • dashboard graphs now show 30 days
  • more — see http://googleappengine.blogpost.com

Getting Started

Creating and Deploying an App

  • demoing eclipse plugin
  • can create a new Google Web Application, optionally with GWT
  • projects follow the typical java webapp structure
  • before deployment, can test/debug locally just like any Java project in eclipse
  • even the datastore is available locally for development/testing
  • new features tend to be introduced in python first, then java gets them later
  • to deploy, right click the project, choose “google,” then deploy 
    • this brings up a window where you put in your application ID and version, then uploads to the GAE servers
  • can log into GAE dashboard and configure billing with maximum charges if your app will exceed the free quotas
  • can use your own custom domains, this ties into google apps
  • can assign additional developers to GAE applications by email address
  • can deploy new versions of applications and keep the old ones as well, can toggle between versions and choose one as default

What about business applications?

  • GAE for Business
  • same scalable cloud hosting platform, but designed for the enterprise
  • not production quite yet
  • enterprise application management 
    • centralized domain console (preview available today)
  • enterprise reliability and support 
    • 99.9% SLA
    • direct support 
      • tickets tracked, phone support, etc.
  • hosted SQL (preview available today) 
    • managed relational sql database in the cloud
    • doesn’t replace the datastore–available in addition to the datastore
  • ssl on your domain 
    • current core product doesn’t offer this
  • secure by default 
    • integrated single signon
  • pricing that makes sense 
    • apps cost $8/user, up to a max of $1000 per month

Enterprise App Development With Google

  • GAE for Business
  • Google Apps for Business
  • Google Apps Marketplace
  • Firewall tunneling technology available (Secure Data Connector)

App Engine for Business Roadmap

  • enterprise admin console (preview)
  • direct support (preview)
  • hosted sql (limited release q4 2010)
  • sla (q4 2010)
  • enterprise billing (q4 2010)
  • custom domain ssl (2010 – 2011)

SQL Support

  • can run this all locally in eclipse
  • demo of spring mvc travel app running on GAE with the SQL database 
    • have to explicitly enable sessions
    • had to disable flow-managed persistence

Become an App Engine for Business Trusted Tester!

Developing Social-Ready Web Applications #s2gx

Craig Walls – SpringSource

  • working on Spring Social, which is the brains behind Greenhouse (web/mobile conference app for SpringOne)

Socializing Your Applications

  • why would you want to do this?
  • this is where your customers are–lots of people spend a LOT of time on Facebook
    • if they're there, you want to be there with them
  • Facebook–over 500 million active users
    • third largest country in the world
    • 50% log on to Facebook on any given day
    • there's even a movie about it–that says something
  • Twitter — over 100 million users
    • more than 190 million unique visitors monthly
    • more than 65 million tweets per day
  • Others: LinkedIn (80 million members), TripIt (230,000 trips planned per month)
  • More: FourSquare, YouTube (2 billion videos viewed per day), MySpace, Gowalla, Google, Flickr
  • how do you use this to better your application?
    • really depends on the customers and applications
    • don't want to make people come to you, better to interact with people where they already are
    • you can have your customers tell you things about themselves and this data would be hard to get otherwise

Types of Social Integration

  • widgets
    • facebook xfbml/js; the "like" button
      • xfbml — tag library that's interpreted on the client by javascript
    • twitter @anywhere
    • linkedin widgets / linkedin jsapi
      • jaspi resembles xfbml
  • embedded
    • facebook applications
    • igoogle gadgets
    • myspace applications
  • rest api
    • provided by virtually all social networks
    • consumed by external and embedded applications

Widgets

  • facebook connect
    • xfbml tag on page adds the login button to any page (<fb:login-button …>Connect to Facebook</fb:login>
    • demoing "find my facebook friends" functionality (<fb:multi-friend-selector …> — fbml tags that run on the server)
  • twitter @anywhere offers some javascript-based widgets, e.g. follow, connect with twitter
    • can also linkify and hovercard text–does this with a class to add the links and javascript handles adding links (hovercard is the thing that shows the little twitter profile boxes for users)
    • twitter anywhere has great examples in their documentation

Facebook Embedded Applications

  • hosted on your own servers, but look seamless when you're on facebook (look like they're part of facebook)
  • can leverage widgets, REST APIs, javascript apis, etc.
  • most often used for games, quizzes, surveys, etc.

Accessing Social Data with REST Social APIs

  • common operations
    • get user profile
    • get/update status
    • get list of friends
  • specialized operations
    • facebook: create photo album, create a note, etc.
    • twitter: create/follow a list, view trends
    • tripit: retrieve upcoming trips, view friends nearby
  • all done with restful apis
    • most support both json and xml representations

Searching Twitter RestTemplate rest = new RestTemplate(); String query = "#s2gx"; String results = rest.getForObject("http://search.twitter.com/search.json?q={query}", String.class);

  • if you want to get friends on twitter, you get the user IDs back, so you have to make another call back to get info about the user based on the user id

Facebook Graph API

  • interesting form of REST API
  • two basic url patterns
  • if you don't have an authorization key you only get very basic info back (name, gender, country)

Securing Social Data: OAuth is the key to social data

  • most social data is secured behind oauth
  • authentication takes place on social provider
  • consumer application given an access token to access user's profile
    • this gets around having to give another application your login credentials
    • also lets you revoke access for specific applications
  • consumer never knows the user's social network credentials
  • demo of trying to post a tweet without being authorized–throws a 401 error
  • when you sign in via oauth you're signing into the originating application (e.g. facebook) and then facebook tells the application "yes, the provided the correct authentication and have given you permission to do what you told them you were going to do"
    • click "connect with facebook" button from an application
    • box pops up from facebook where the user logs in and grants permissions
    • facebook then makes the connection and gives the application an access key

Comparing OAuth and OpenID

  • openid
    • primary concern is single sign-on
    • shared credentials for multiple sites
    • authentication takes place on your chosen openid server
  • oauth
    • concern is shared data
    • sign into the host application
    • host application then gives some other application access
  • if you sign on via oauth the underlying mechanism could be openid

Versions of OAuth in Play

  • OAuth 1.0: tripit
  • OAuth 1.0a: twitter, linkedin, foursquare, most others
  • OAuth 2: still in draft; early adoption by facebook (not quite full oauth 2) salesforce, gowalla, github, 37signals
    • on target to go final by the end of the year

Signing a request: OAuth 1.0a

  • construct a base string that includes …
    • the http method
    • the request url
    • any parameters (including post/put body parameters if the content type is "application/x-www-form-urlencoded")
  • encrypt the base string to create signature
    • commonly hmac-sha1, signed with api secret
    • could be plaintext or rsa-sha1 (if supported)
  • add authorization header to request

The OAuth 2 Dance — much simpler than oauth 1

  • request authorization from user
  • return to consumer with the authorization code in the request
  • exchange auth code and client secret for access token
  • return access token to consumer for use in REST API calls

Easy Facebook OAuth

  • <fb:login-button perms="email.publish_stream,offline_access">Connect to Facebook</fb:login-button>
  • offline access = the application can access your facebook account at any time
  • oauth 2 gives you the option to create an access token that will expire after a period of time
  • oauth 2 also has a renewal token so you can renew expired tokens, but facebook doesn't support renewal tokens yet
  • if you give the application the "give this app access at any time" it's really just a way to not have the access token expire
    • currently access tokens expire after about an hour
  • once you authorize with FB, you get a cookie back called fbs_appKey (where appKey is your application's key)
    • cookie also includes the access token and user id
  • if you store access tokens in your application's local database, you should store them encrypted
  • once you have the access token, you make the same call to facebook but pass the access token, and then you get a lot more of the profile info from facebook

Social REST API Challenges

  • signing a request for oauth 1.0(a) is difficult when using Spring's RestTemplate
  • each social provider's api varies wildly
  • getting a facebook access token requires parsing the cookie string
  • how should various http response codes be handled?

Spring Social

  • supports social integration in Spring
  • born out of Greenhouse development

TwitterTemplate

  • simplifies signing of OAuth 1 requests through RestTemplate
  • Offers consistent API template-based API across social providers
  • extends spring MVC to offer Facebook access token and user ID as controller parameters
  • maps social responses to a hierarchy of social exceptions
  • Spring Social can get at the actual response to a 4XX error code which you can't get if you're using RestTemplate directly
  • similar to using JdbcTemplate which gives you more detail than the raw sql exceptions
  • Spring Social includes TwitterTemplate to make interacting with twitter much easier

FacebookTemplate

  • a bit simpler since all that's needed is the access token
  • FacebookTemplate facebook = new FacebookTemplate(ACCESS_TOKEN);
  • String profileId = facebook.getProfileId();
  • also linkedin template and tripittemplate

Spring Social Next Steps

  • expanding available operations in social templates
  • more social templates for other providers

Session Notes – Spring WebFlow in Grails

Presenter: Joseph Nusairat, Integrallis About This Talk

  • discuss web flows
  • what are spring web flows
  • show some basics of webflow
  • live demo
  • Grails web flows didn’t really mature until Grails 1.1.1

What is Web Flow

  • allows for controlling the flow of items via steps, substeps, other flows
  • use when you want to control the sequence in which events occur in a series of events
    • e.g. buying a plane ticket on travelocity–goes through a specific series of steps
    • can’t go to point D without going through A, B, and C first
    • also support branches
  • control is not on the page but in a DSL
  • can keep components open for a longer period of time
  • where do you store the information for something like an uncompleted plane ticket order?
    • can store in the database, but would require cleanup for things that never make it to checkout
    • general way people have done this is via session data
      • check out spring memory management session recording on infoq
      • don’t want to use up a lot of your server RAM with sessions that are unused
  • at the end of the flow, data is persisted to a database or somewhere more permanent
  • when you remove the flow aspect of things from the pages themselves, it makes things more flexible and configurable
  • SEAM allows for different timeouts for conversations and sessions themselves

WebFlows in Spring

  • was new in Spring 2.0
  • great integration with JSF for rich UI
  • allows control over the scoping of objects for a limited period of time
  • cannot have multiple conversations
  • uses xml
    • xml is great for transferring objects, but not great for configuration
    • configurations aren’t generally that black and white

Creating a WebFlow

  • WebFlow in 1.2 M3 doesn’t work at the moment
  • GRAILS-5185
  • demo will be in 1.1.1
  • in 1.2 WebFlow is a plugin (grails install-plugin webflow)
    • in 1.1.1 it’s built in, but in 1.2 you have to install the plugin to use it
  • flows live in the controller
    • look just like an action, except ends with “Flow”
      • e.g. def bookingCartFlow = {}

Defining a View

  • views represent the individual pages
  • demo of hotel booking flow
    • “do you want to pay via paypal?” — decision point with branch
  • def bookingCartFlow = {
    start() {}
    }
    • whatever is defined first is the starting point–doesn’t have to be called start
  • DSL used to direct the flow, e.g. on(“submit”).to “end”

Domain Model

  • don’t have to worry too much about the domain model except for the object that’s used to track the conversation
  • Booking class is what’s used to track the conversation and isn’t persisted until the end
    • must implement Serializable in order to work

Creating a Controller and Actions

  • create a controller as per usual, but create an action ending with “Flow”
  • def bookingCartFlow = {
    start() {
    on(“next”) {
    // do work here
    log.info “inside start”
    }.to “stepA”
    on(“done”).to “end”
    }

    stepA() {
    on(“prev”).to “start”
    on(“done”).to “end”
    }

    end() {
    // define action state
    action {
    log.info “finish what you’re done with”
    }
    }
    }

  • make sure to follow the DSL–doesn’t necessarily error out if you aren’t following the DSL
  • examples here are all done in the controller but in a real app you’d be using a service layer
    • according to the docs transactional needs to be set to false, but it doesn’t work this way currently (1.1.1)
    • can do with transaction inside services if you’re trying to save states in a particular order

Views

  • in flows you can have subfolders below the view directory for the controller
  • class HotelController {
    def index = { redirect(action:’bookingCart’) } // this will go to the bookingCartFlow

    def paypalFlow = {
    pay() {
    on(“submit”) {
    log.info “Was it paid? ${params.paid}”
    }.to “evaluatePayment”
    }

    evaluatePayment() {
    action {
    if (params.paid == ‘yes’) {
    conversation.booking.paid = true
    return paidInFull
    } else {
    return paymentDeclined()
    }
    }
    }
    }

    def bookingCartFlow = {
    start() {
    action {
    log.info = “-start the booking-“
    }
    on(“success”).to “findHotels”
    }

    findHotels() {
    on(“showHotels”) {
    // find the hotel
    def hotels = Hotel.findAllByNameILike(“%${params.hotelName}%”, [max:10])
    [hotelResults : hotels]
    }.to “hotelListPage”
    }

    hotelListPage() {
    on(“view”) {
    flow.hotel = Hotel.get(params.id)
    }.to “hotelView”

    on(“back”) {
    }.to “findHotels”
    }

    hotelView() {
    on(“back”).to “start”
    on(“book”).to “bookingPage”
    }

    bookingPage() {
    on(“proceed”) {
    def booking = new Booking(params)
    booking.hotel = flow.hotel
    conversation.booking = booking
    if (!booking.validate()) {
    return error() // returns back to the page they came from and outputs errors
    }
    }.to “saveBooking”
    }

    saveBooking() { // the parens here are optional
    // no corresponding view to “saveBooking” so this is a decision node
    action {
    if (params.paymentType == “creditCard”) {
    return creditCard()
    } else {
    return paypal()
    }
    }
    on(“creditCard”).to “creditCard”
    on(“paypal”).to “paypal”
    }

    paypal() {
    subflow(paypalFlow)
    on(“paidInFull”)
    }

    creditCard() {}
    }
    }

  • to identify an event in a flow, you can use the name of a g:button as the event you want to trigger when the button is clicked
  • to use an event in a g:link, add event parameter to g:link, e.g. <g:link event=”view” … />

Scopes Available in Flows

  • request
  • params
  • session
  • flash
  • flow
    • lasts for the duration of the flow
    • removed when flow ends
  • conversation
    • lasts for the length of the flow and nested subflows
    • subflows are good for things like different payment methods–can be reused across multiple flows
  • best practice point: don’t refer to anything about flows or conversations in gsps
    • this ties the view to a specific flow or conversation and reduces the ability to reconfigure and reuse things

What are subflows

  • ability to create alternative flow paths
  • call subflows via flows
  • are their own flows themselves
  • name with “Flow” at the end
  • calling a subflow
    • subflow(subflowName)

Can you call to flows in different controllers?

  • yes, but it gets a bit funky
  • define flow in another controller as per usual, but declare the flow as static
  • in other controller, do def creditcardFlow = BillingController.creditcardFlow
  • still have to put the billing views under the hotel views as opposed to the billing views

How do you end the flow?

  • if a flow doesn’t do a transition or a redirect, the flow ends

Final thoughts

  • don’t call services with transactions–can cause unexpected problems
  • in grails 1.2 flows are a plugin
  • webflow moves objects from flash to request scope between transition states
  • don’t include the scope prefix when calling on the page
    • merge flow/conversation to local scopes

http://github.com/integrallis/grails_web_flow_demo

SpringOne2GX – Day 1 Keynote

Brain dump of the SpringOne2GX day 1 keynote featuring Rod Johnson, Graeme Rocher, and others.

  • Major tenets of SpringSource
    • simplification
    • community
    • innovation
  • simplification
    • amount of code in Spring apps has decreased over time as the amount of code in Spring itself has increased
    • framework does more so you do less
    • nice chart showing number of lines of code in Spring sample apps over time
  • community
    • large–Gartner estimates at about 3 million developers
    • traits of community: passionate, highly skilled, think for themselves
    • get involved!
      • ask/answer questions on mailing list and forums
      • submit features and bugs to JIRA
      • participate in events (UGs, meetups, etc.)
      • start a UG or meetup in your area if there isn’t one
      • contribute code
        • doesn’t necessarily have to be core code–extensions, tests, plugins, etc.
  • innovation
    • everything can be improved
    • always new challenges to overcome

Spring 3.0

  • simplify configuration
  • MVC improvements
  • REST support built in
  • support for JSR-330 (DI via annotations)
  • Spring Integration — demo
    • concept: “have Spring all the way down in your stack”

Groovy/Grails

  • all about productivity
  • integration all done for you
  • more prescriptive
    • while Spring is about choice, that means more configuration
    • Grails takes away some choice, but the trade-off is increased productivity
  • Groovy/Grails state of the nation
    • huge growth in recent months–150% increase in traffic to web sites
    • Groovy 1.7 and Grails 1.2 released coming soon
    • big performance improvements in Grails 1.2
    • plugin ecosystem very healthy
      • 25 million lines of user contributed code in 300+ plugins
      • cool stuff going on with alternative persistence mechanisms (e.g. CouchDB), RIAs, etc.
      • iPhone ads: “there’s an app for that” — Grails: “there’s a plugin for that”
    • Challenges
      • IDE support–gets much better with newest SpringSource Tool Suite (STS)
      • hosting/cloud — need better support, easier deployment

Lifecycle and Tools

  • Build -> Run -> Deploy
  • tc Server developer edition — free download
    • really nice dashboard with performance and health insight
  • Spring Insight Dashboard demo
    • real-time performance graph
    • huge amount of detail you can drill into by clicking on a request
    • links back to STS–takes you right to the relevant spot in the code
    • app health screen tracks performance by component over time
      • uses 99th percentile so you’re focused on what most users are experiencing
  • SpringSource Tool Suite
    • Eclipse based
    • single download for everything, including tc server

Keys to Future

  • developers
  • simplification
  • innovation
  • community
  • SpringSource + VMWare
    • VMWare committed to community and open source
    • VMWare serious about middleware