I work in a small organization that has built an enterprise SaaS solution. Up until this point our workflows have had no programmatic interface. We're moving to a model that will allow for an end user to do anything programmatically that can be done in the UI. I'm looking for suggestions in terms of the language/framework that you would use to build that programmatic layer.
From an organizational perspective I would like the current UI team to also have ownership of the API. That team is familiar with PHP, Rails, and Javascript. Our current back-end code is written in Scala. I'm leaning toward not doing the APIs in Scala because it doesn't seem like the right tool for the job and the lack of subject matter expertise around it on the UI team.
From a functionality perspective most of the APIs will be fairly simple database operations (CRUD) with perhaps some simplistic business logic applied on top (search for example).
I'm a bit intrigued by using Node.js for this as everyone on the team is really strong with Javascript. That being said I don't just want to hop on the semi-new technology bandwagon. Because it is enterprise software, unit testing frameworks, reusability, and extendability are all important considerations as well.
Any suggestions?
I realize this question was about technology options, but there's a fundamental concern that seems really important to call out:
From an organizational perspective I would like the current UI team to also have ownership of the API.
While this sounds like a logical approach, it may not work out well unless you're UI team is made up of really solid engineers. SaaS API development is arguably one of the most challenging aspects of modern software design. A great API will make everyone's lives easier, while a poor API will bring your system to its knees and leave you completely clueless as to why.
As a quick example, if you don't solve the end user's needs in the right way, you're likely to force a number of n+1 problems on them (and thus, on you.)
There is a bunch of great material out there about how to design great APIs and even more about the pitfalls of designing a bad one. Generally speaking, most of the UI devs I've worked with, particularly ones that are only familiar with scripting languages, are not people I would entrust to API design. Instead I would utilize them as customers (in a Scrum sense) who guide the design by describing end-user needs.
I faced something like this on a previous project, where we ended up going with a combo of Esper and our own DSL written using ANTLR 3.0. Our biggest concern with using a fully funcional runtime, was sandboxing the user's code.
That said, I think Node.JS would be one of the easier ones to sandbox and it fits your needs. Maybe using something like this: http://gf3.github.com/sandbox/ or looking into Cloud9's code to see how they keep things safe. I also like that with Node.js you could give your users a pretty niffy editor using Ace.
Also check out this post: How to run user-submitted scripts securely in a node.js sandbox?
I have 2 applications that are going to be built (possibly a 3rd API), all are going to use the same database. What is the best way to use the same models across all applications.
Also, what are some of the caveats you have experienced or foresee with this method. Looking for the best solution to this.
Rails, as opinionated software, prefers a single app, rather than shared models. I've tried it both ways. Are you going to just have copies of the models that can get out of sync? Are you still planning to use Rails' migrations? When you have multiple apps, migrations become difficult. Do you use just one app for migrations? Then you lose the ability to check in migrations along with the code it refers to. Automating builds can become very difficult. You can possibly find a way share migrations too, but that requires some source code management sleight-of-hand which ultimately makes it more difficult to do separate apps and still get everything Rails has to offer. At that point you may want to look into Sinatra.
On the other hand, there's a lot of organizing you can do in a single app that keeps the model domain shared, yet separates the controllers, such as using namespaces or engines. I'd recommend those techniques.
With all this talk of Authlogic or Devise, which ones easier to install and useful etc. (Can't decide which one I like more so far.)
I've just been blindly using then and assuming they both have rock-solid security.
So my question is, what is the security like behind these plugins and which offers the best protection to the user? Or they the same?
Is one better than the other, and are there any security issues?
If using Rails 3, I suggest Devise.
When I moved from rails 2 to 3, I made the switch from Authlogic to devise. Comparing Devise to Authlogic isn't exactly apples to apples, although used without any customization they do offer the same key functionality. Devise itself comes with Warden, another gem for implementing authentication Strategies, one of which could actually be Authlogic. To me, the key difference then is really how the software is architected. Warden is a rack-based implementation, and built using standard web app patterns. Rails 3 is also a rack-based solution, which implies the architectures are more in sync. On top of Warden, Devise provides convenient session query methods and User model integration. Further, Devise has a pretty solid integration with Omniauth, which allows your app to easily use external authentication providers (facebook, twitter, linkedin, etc.).
The question of which provides better security is really moot. In either case you need to make configuration choices which will dictate "how secure" your application is. And there are other considerations beyond password encryption and session management not provided by either (e.g., when to use SSL, what encryption algorithm you use, password and password recovery policies, etc.).
Definitely do read the wiki and make sure you understand all the configuration options and make conscious choices. And never use "assume" in the same sentence as "security".
I tend to think that it's sometimes better to build things yourself than rely on gem magic. With that in mind, building user authentication and session management can be done in just a few hours (or much less if you = coding ninja). The http://ruby.railstutorial.org/ I thought gave a good step by step process on how to go about it. There are a few things to watch out for though... Anyway just my two cents.
Is OpenSwing a good framework for developing professional desktop application?
I was recently using the OpenSwing Framework. I can say only the best for the functionalities which are provided with the framework. It is a multitier concept with excelent data binding possibilities. My App uses a small Derby DB in background and I’m managing it with hibernate.
I’m sure, you will be able to advance very fast and provide a working prototype very quick. I would advice you to read the available doc first and to run the provided examples (http://oswing.sourceforge.net/).
However, it has another side which you should be aware of and you will probably notice by yourself if you run the examples. The GridFrame, GridFrameControler, DetailFrame, DetailFrameControler etc classes are not really generic. There are a lot of dependencies bult in and you will have to customize them again and again for every single implementation (can be seen in the demos).
I had another approach, I invested some time in building my own classes which are generic and using the unchanged OpenSwing classes in the background first. Now I’m only setting the properties file where all details are pre-defined. The rest is generic and I don’t have to re-code again and again for every single frame.
I hope this will help.
Regards
I used the openswing in team for more than two years.
It's a pretty nice swing framework for the enterprise development used in the Internal.
It provide great component based by MVP pattern ,such as grid , document ...
If you try it , It's a good article for you about Model-View-Presenter
And try the demo in the source,It's quite good.
The JAllInOne is also a good demo for the framework also made by the mcarniel
and It's a personal project only developed by mcarniel. Thanks mcarniel's great work.
I spend a lot of time (actually too much time) developping back-office applications whose main purpose is content management and web application configurations. Here is how I can describe these apps :
- Made with PHP
- Using a MySQL or Postgres or SQLite database
- Made of a lot of pages and features
- Very simple features, mostly data CRUD (create+read+update+delete into the database)
- Mostly made of forms
- UIs are usually quite simple (html + css + very basic javascript)
All of the data access code in these apps relies on a library I developped years ago and re-use every time I can. This part is not time-consuming.
What's time-consuming is the UI part, and mostly designing data-lists and forms. Using a WYSIWYG editor would make a lot of sense here, except those I tried (Dreamweaver, Frontpage, Expression, Eclipse, ...) don't really make it much faster, because the generated code is often bloated, and these tools can't rely on custom libraries such as the one I made and use.
I figured using a Web Tookit could be another way to spend less time developping these tools. So before I spend too much time looking for the perfect toolkit, I would appreciate your opinions and experiences on that kind of matter.
Disclaimer : I'm not looking for advices on how MVC is the way to go and how CodeIgniter/Zend/WhatEver is the framework I should use. My question is not about the frameworks or the design patterns I should build my applications upon. My question is about using the right tool to make simple web-applications development faster, and their code even more re-usable.
Is there an awesome web-application RAD tool I don't know about ?
Which toolkit do you use for simple but form-heavy web applications ?
Are there good, light, non-bloated, reliable toolkits written in PHP ?
Thanks in advance !
Edit : Not getting much feedback so far :/ I'm aware that my question is very broad, but I'm sure lots of people work on the same kind of projects I'm talking about, and have improved their productivity by using toolkits such as GWT, Wicket and such. Tell me about it, please :)
September 28 edit : Thanks everyone for the interesting answers. What I'm looking for is not covered by any framework I could try in the past months. PHP is probably not the best language to use for my vision of RAD, but since it's a language I know very well, and since I don't want to spend too much time learning Python as well as I know PHP (for the moment), I decided to do it by myself. Everytime I have a specific need for a widget, I code it in the most re-usable way...so far so good :)
I might open-source that toolkit at some point, and will let you guys know.
The PHP project I've been working on the past few years is a lot like that. Heavy on forms, heavy on server-side logic, but lots of redundant form coding. Too make matters worse, it wasn't all forms, sometimes we actually need to do fancy layout (even just doing a tree control is a pain without a library), and the home-grown nature of the UI meant that I would be battling browser quirks from start to finish.
So, I got to thinking about what a better architecture would be. We needed very powerful form controls, rich grids, rich trees, advanced layout, and we needed to migrate to that gradually. None of the PHP frameworks seemed to fit. Then I took a step back and realized that it didn't have to be PHP, it could be javascript also. We already had a requirement on javascript, so it was fine to go the distance with it. First I looked at the smaller libraries, jquery, prototype, but it became obvious that they didn't do enough. So I looked at Dojo, ExtJS, YUI, all the really heavy javascript toolkits, and settled on ExtJS as having the best controls.
We had a UI structure that relied heavily on iframes, a navigation frame on the outside, application frames inside that, feature frames inside that, and so on. What we ended up with is we're migrating those from the outside in. It's all becoming ExtJS, and it's all living in the same page. The server-side code is kept the same, but it's migrated into web services. At the same time we've integrated zend framework, and are porting some of the stuff you really shouldn't do home-grown to it, like authentication and translation.
The end goal is being able to write just the business logic without having to mess with all the boilerplate. It's too early to know if my approach will pan out, but I think my message would be to be critical towards your code base and decide which parts you want to keep writing yourself, and which parts you want to outsource to a library.
Please try http://agiletoolkit.org/. I think it's what you need. Results with minimum time/code.
At the moment I'm using a solid forms class to render HTML forms with client- and server-side validation, and a database class to write the SQL. I can get a CRUD section of my admin console up in about 10 lines of code. I wrote those classes myself so I can re-use them in all my projects. Hopefully that gives you some ideas?
I would stay away from WYSIWYG tools personally.
I'm testing NuBuilder.com, I discovered it does
within days, at first looks promising. If you take a look
please send me your feedbacks!
Maybe adopt or create an "app-based" infrastructure like Django's? In Django's case, the community has created some powerful baselines like Pinax.
I think Symfony may be the way to go because, like your apps:
it's written in PHP
ORM based on Propel/doctrine (so you can use MySQL, Postgres or SQLite)
Architecture and patterns used will help you with complex applicatons
You'll find tools helping you to debug, document, and test your application
Forms creation, validation, l10n & i18n, testing, AJAX is easy (forms within symfony explained here, check it out)
prototyping you webpages while developing your application is easy
Other tools/practices implemented in the symfony framework that will make your life easy:
full configuration using YAML syntax (easy to read and understand)
the scaffolding feature generates for you a simple CRUD interface for editing your data.
you don't have to worry about coding form sanitization, security, caching, ACL; configuration is needed, but no heavy coding.
The only downside, you need to read some documentation to understand "the symfony way of doing things". But hey, a good framework is 20% code and 80% good practices.
My point is, even if you don't want to use Symfony for your project, you should check its features and built-in tools, because that's the kind of tools you want for your project.
I started using Django and it has very helpful features, esp. the built-in admin (for general CRUD stuff) and really great form-handling code & widget rendering. I'd suggest taking a look, even if you don't plan on using python, just to get an idea.
You mentioned that you don't want advice on "Use X framework", since this is more about RAD & UI/forms than system architecture. But I've found that a good framework helps just as much with the UI & forms side of things as it does the architecture. That means that while frameworks are great for big projects, they're also very helpful in reducing code redundancy. I started creating my own helper functions in PHP that I would copy from app to app that would automatically render an HTML form based on a few parameters. Even after a lot of work, this was very rudimentary compared to what Django offers, and basically I was writing my own framework.
I think you may be looking for a GUI-style tool to help, but you might find that a good PHP framework is more helpful in this case. At the very least, have you tried creating your own helper libraries? I know those helped me a lot.
Simple Example:
function renderInput($name, $value="") {
print "<input type=\"input\" name=\"" . htmlentities($name) . "\" value=\"" . htmlentities($value) . "\" >";
}
function renderRadios($name, $value="", $choices=array()) {
for ($choices as $cvalue) {
print "<input type=\"checkbox\" name=\"" . htmlentities($name) . "\" value=\"" . htmlentities($cvalue) . "\" " . ($cvalue == $value ? "checked" : "") . ">";
}
}
And build up from there. Stupid things like this tend to make form creation just that much faster. A good framework will blow this out of the water. And I'm sure the above has some typos, I haven't done PHP in a little bit.
If this isn't what you're looking for, could you add some more to the question? I'm curious.
Although you're asking for PHP + MySql, I would like to recommend you to give a try to the OutSystems Agile Platform.
You can create a simple CRUD app in less that 10 minutes and grow it as you go to a more complex system.
Download the Community Edition for free at www.outsystems.com.
Best,
Not sure but looks like Tibco General Interface (http://www.generalinterface.org ) is what your looking for.