Metadata for Struts & Hibernate

Recent entries from Emmanuel and Cedric have me seriously thinking about the long term impact of JSR 175, the standard metadata interface for Java. I don’t think the average user will have much use for defining their own metadata interfaces, but I do think there is a great deal of room for application frameworks to rethink the way they configure their apps.

The use of XDoclet and the creation of this spec seem to be a reaction to the XML hell that many frameworks create. In frameworks like Struts and Hibernate, the idea of using XML to decouple your mappings from your objects is somewhat of a red herring, in that the very objects you’re writing are tied to that framework, tied to that metadata. What good is a StrutsAction without Struts? And for Hibernate, you have to include information about your class in the mappings, so they’re still tightly coupled. The only other flexibility given by xml configurations is the ability to tweak the application without rebuilding the app, but how often will you roll in a production change without first at least running some tests on it in another environment? Is typing “ant” really that hard?

Still, the inability of XDoclet to handle many scenarios for frameworks (Hibernate composite-id generation) and its non-standard nature have prevented its full adoption as a means of code generation. The metadata spec seems to offer enough flexibility to overcome this, and combined with the ability to inspect the metadata programmatically at runtime I believe it can be a powerful alternative to XML config files.

What if a Struts action looked like this?:

        @ActionForward(name=”success”, path=”index.jsp”),
        @ActionForward(name=”failure”, path=”error.jsp”)
public class IndexAction extends Action

So when ActionServlet initializes, it can search the classpath for classes with StrutsAction annotations and register them into its configuration. Additional metadata provided in an extension of ActionServlet could give instructions on what classpath to search for annotated struts elements. ActionForm could be similar designed and discovered.

Does it make your code pretty? Not necessarily. But are XML mapping files pretty? No. But metadata can simplify the number of files we need to maintain for these frameworks while still giving full control over the configuration. It’s more standard, more complete, and more strongly defined than XDoclet.

The following metadata interfaces would back up the suggested approach:

public @interface StrutsAction {
  ActionMappings mappings();

public @interface ActionMappings {
 ActionMapping[] value();
public @interface ActionMapping {
  String path();
  String form() default””;
  String input() default “”;
  ActionForwards value();

public @interface ActionForwards {
  ActionForward[] value();

public @interface ActionForward {
  String name();
  String path();

P.S. – If I’ve got the syntax wrong, let me know. There’s not much example code out there at the moment.

Update: After looking at Matt Raible’s thoughts on the look of this code, I cleaned it up a little bit – consolidating the lines for the ActionForwards.


Fahrenheit 9/11 is not a documentary

Nor is pretty much anything Michael Moore puts on film. It’s flat out appalling how much credence the media lends to Moore’s films by surrepetitiously calling them documentaries. What’s a documentary?

doc·u·men·ta·ry -  2. Presenting facts objectively without editorializing or 
inserting fictional matter, as in a book or film.

That’s right, objectively without editorializing. Moore’s Fahrenheit 9/11 is detailed on the Cannes Film Festival Site as “a documentary that denounces the errors of the Bush government’s policies”. How can an a film “objectively without editorializing” denounce the errors of anyone? Denouncing implies judgement, which obliterates objectiveness. To the average person, calling a film a documentary suggests that it has taken an objective, fact-based approach to the subject matter. By calling the film a documentary rather than a film editorial, they are advancing the agenda that this film is fact rather than what it is – a slanted look at current events – an opinion editorial on film.

Moore intentionally refuses to cover different angles on his subjects, because that wouldn’t satisfy his political agenda. Clearly he has an agenda, his books and public comments are sufficient to establish that. A better documentarian could separate opinion from fact, and give an issue that intrigued them a fair treatment – the director of “Super Size Me” has made it a point that his goal is not to blame the fast food industry, and that the subject also involves personal choice. Moore invokes no such balance in his filmmaking, choosing to give topics treatments that serve his subjective purposes. He deserves a category all his own for feature-length editorials.


Hibernate Metadata Explored

JSR-175, standardized metadata, may have more potential to simplify configuration of Hibernate than of Struts. Why do I say this?

  • Hibernate has a one-to-one relationship between mapped objects and mapping files.
  • Shortcomings in XDoclet make it impossible to generate composite-id mappings, so there’s an immediate value-add.
  • Unlike Struts, there’s no large configuration file shared by the whole framework. is small and used only for configuration.
  • The mappings are generated at the attribute level, so more of the bindings (return type, etc) can be determined by reflection rather than the user needing to enter them (Xdoclet can generate this).

Let’s take a look at an example (supplemental code will be at the bottom):

@HibernateMapping( table="employees")
public class Employee
    private Name name;  //Yes, name as primary key is dumb
    private String job;
    private Date startDate;

      @HibernateCompositeIdAttribute(name="firstName", column="first_name"),
      @HibernateCompositeIdAttribute(name="lastName", column="last_name")
    public Name getName() { return name;}

    public Date getStartDate() { return startDate; }

    public String getJob() { return job; }

    //The setters go here

In this case, the metadata approach almost matches the line length of the XDoclet tags to accomplish the same task, and as mentioned, exceeds XDoclet’s capabilities in capturing the composite-id in metadata. (Don’t get me wrong, I like and use XDoclet.)

Don’t give me this story about the advantage a separate config file gives you (in this specfic case). There’s 2 main types of change that affect an hbm.xml file – one is changes to the class. That’s where the existing approach can be a pain – you have to add/remove/change the attribute in the class and the mapping. The other case is a database change, which isn’t a trivial thing. The planning that goes into making changes to a production database can certainly include planning to change the metadata and rebuild your app. It could help you if you have different table and column names in your different environments, but that sounds like a recipe for disaster anyhow.

Because annotations can be reflected at runtime, Hibernate could automatically detect @HibernateMapping classes and add them to its Configuration. Clearly, an @Configuration annotation would be needed to specify some configuration parameters, and could even give a limited classpath to search (e.g. com.kischuk.*) to speed the search for persistable classes. The metadata approach also causes at least some constraints on the format of the metadata to be enforced at compile time rather than runtime.

Supporting code follows (4 different interfaces):

public @interface HibernateMapping
   String table();

public @interface HibernateAttribute
    public String column();

public @interface HibernateCompositeId
    public HibernateCompositeIdAttribute[] value();

public @interface HibernateCompositeIdAttribute
    public String name();
    public String column();

DevCon security talk done, slides available

Thanks to the Atlanta Java Users Group for the opportunity to present at the first annual AJUG DevCon. I thought that it was a good program – good value for money. Where else can you get a day full of solid technical content and interaction with other developers plus 2 meals for $50?

My slides and example code are available here. From the glance I got at the evaluations, it seemed that many people enjoyed the presentation, and many people found it to be too low level. If you have any other comments on how I can deliver a better presentation, I welcome them – my email address is in the presentation slides, or you can just post comments here.


J2EE Security Presentation Preview

An early draft of the slides and code for my presentation at tomorrow’s AJUG Java DevCon 2004 are posted here. The presentation and code are a bit further along, but I want to solicit feedback on this earlier version to see what you think, and so that people will actually attend tomorrow.

The focus of the presentation is on the components of J2EE application security that help manage user authentication and authorization, but are often overlooked. In keeping with my tendencies, the focus of the presentation is on the practical, meat-and-potatoes functionality that can be used in every day applications, not on exotic and esoteric themes that you may use some day in the distant future. Post your thoughts and feedback here – I’ll be glad to consider them for inclusion in the final presentation. What’s missing? What’s unclear? What could use additional illustration?


J2EE, HP/UX threads, and OutOfMemoryError

We recently experienced regular java.lang.OutOfMemoryError exceptions on HP/UX any time our J2EE application came under significant load. We have since determined that it is due to a native issue with threading.

The HP/UX kernel has a parameter named max_thread_proc, which sets the maximum number of threads that a process can have. Apparently the default is 64. Considering that JBoss starts up with almost 60 threads when it’s doing nothing, this cap of 64 is quite low.

There are 2 options to fix the problem. One is to pass the -green parameter to the JVM when you start your app server. This causes the JVM to use its own green threading model rather than that of the operating system. The advantage of this approach is that it can be tested and implemented quickly. The disadvantage is that Java’s green threading model isn’t as sophisticated as the native threading model of the underlying operating system (Sun has said as much), so you may pay a performance penalty for this.

The other option is to recompile the HP/UX kernel with a higher max_thread_proc value. We set it to 3000, just to be safe, although we haven’t exceeded 250 yet. The biggest disadvantage to this is that you have to recompile the kernel. The other disadvantage is that you haven’t completely avoided the problem, you’ve only moved the threshold at which it will occur. The advantage is that you get the performance, monitoring, and tuning of using the native thread model.

I don’t think that Linux users need to worry. I believe that Linux’s threading model is native green threading. Note that this is still different from the JVM’s green threading, so -green should still not be used in this case either – Linux will handle it for you.


Atlanta Java DevCon 2004 Tentative Schedule Announced

The AJUG sponsored Atlanta Java DevCon ( has released a tentative schedule (but not posted it on the web). The $50 registration fee gets you breakfast and lunch in a day that runs from 8 am to 6 pm. My talk on J2EE security is scheduled for 1:15 pm, just after lunch, and runs for an hour and a half. It’s been smartly positioned opposite a talk on Swing & JGoodies – good call. I’m covering a J2EE topic opposite a J2SE topic. Something for everyone.

I’m also looking forward to Jason Chambers’ case-study style session on large web apps (is big enough for you?) and Neal Ford’s talk on Open Source MVC Frameworks. I’ve entrenched myself in Struts not because I know it’s the best, but because it’s the de facto standard. This talk will give me a jump start getting into Tapestry and WebWork (Cocoon just seems like overkill).