Monday, September 22, 2008

What's wrong with Spring.Net Interceptors?

When I began using of Spring.Net interceptors part of my code stopped working! For example such code:


public class POBlo
{
    private IDataProvider _dataProvider = null;
    // Yes, I know about auto property :)
    protected virtual IDataProvider DataProvider
    {
        get { return _dataProvider; }
        set { _dataProvider = value; }
    }
 
    public virtual void Save (Entity entity)
    {
        // Here we have NullReferenceException :(
        DataProvider.Save (entity);
    }
}

Before I added interceptor all were OK. I could save entity and no exception was occurred.

After some investigation I've found the problem: intercepted target object has right value of this property but proxy object does not expose it!
Finally I opened Spring.Net sources and found the Spring.Proxy.AbstractProxyTypeBuilder's InheritType method the proxies my class:



protected virtual void InheritType(TypeBuilder typeBuilder,
            IProxyMethodBuilder proxyMethodBuilder, Type type, bool declaredMembersOnly)
{
    IDictionary methodMap = new Hashtable();
    IList finalMethods = new ArrayList();
 
    BindingFlags bindingFlags = BindingFlags.Public  BindingFlags.Instance;
    if (declaredMembersOnly)
    {
        bindingFlags = BindingFlags.DeclaredOnly;
    }
 
    // override virtual methods
    MethodInfo[] methods = type.GetMethods(bindingFlags);
    foreach (MethodInfo method in methods)
    {
        if (method.IsVirtual && !method.IsFinal)
        {
            MethodBuilder methodBuilder = proxyMethodBuilder.BuildProxyMethod(method, null);
            ApplyMethodAttributes(methodBuilder, method);
            methodMap[method.Name] = methodBuilder;
        }
    }
    // override virtual properties
    foreach (PropertyInfo property in type.GetProperties(bindingFlags))
    {
        ImplementProperty(typeBuilder, type, property, methodMap);
    }
    // override virtual events
    foreach (EventInfo evt in type.GetEvents(bindingFlags))
    {
        ImplementEvent(typeBuilder, type, evt, methodMap);
    }
}

As you can see, Spring's default implementation creates proxy just for publicly published interfaces of the class. So first obvious solution is to mark all properties "public" instead of "protected". But this is unacceptable because of different reasons: huge reworking and (what is more important) encapsulation violation.

So I've decided to just reimplement this solution. This is quite easy with DI and Spring.Net. Simply follow the steps:
1. Create custom ProxyTypeBuilder.
2. Create custom ProxyFactory
3. Register ProxyFactory in configs.




Create custom ProxyTypeBuilder

Create custom proxy type builder where we define necessary binding flags.



 
using System;
using System.Collections;
using System.Reflection;
using System.Reflection.Emit;
using Spring.Aop;
using Spring.Aop.Framework;
using Spring.Aop.Framework.DynamicProxy;
using Spring.Proxy;

namespace Qulix.Spring.Aop
{
    /// 
    /// Implements proxy type builder that uses inheritance and exposes not only public methods
    /// 
    [CLSCompliant(false)]
    public class CustomInheritanceProxyTypeBuilder : DecoratorAopProxyTypeBuilder
    {
        #region IProxyTypeBuilder Members
        [CLSCompliant(false)]
        protected override void InheritType(TypeBuilder typeBuilder,
                                            IProxyMethodBuilder proxyMethodBuilder, Type type, bool declaredMembersOnly)
        {
            IDictionary methodMap = new Hashtable();
            BindingFlags bindingFlags = BindingFlags.NonPublic  BindingFlags.Public  BindingFlags.Instance;
            if (declaredMembersOnly)
            {
                bindingFlags = BindingFlags.DeclaredOnly;
            }
            // override virtual methods
            MethodInfo[] methods = type.GetMethods(bindingFlags);
            foreach (MethodInfo method in methods)
            {
                if (method.IsVirtual && !method.IsFinal)
                {
                    MethodBuilder methodBuilder = proxyMethodBuilder.BuildProxyMethod(method, null);
                    ApplyMethodAttributes(methodBuilder, method);
                    methodMap[method.Name] = methodBuilder;
                }
            }
            // override virtual properties
            foreach (PropertyInfo property in type.GetProperties(bindingFlags))
            {
                ImplementProperty(typeBuilder, type, property, methodMap);
            }
            // override virtual events
            foreach (EventInfo evt in type.GetEvents(bindingFlags))
            {
                ImplementEvent(typeBuilder, type, evt, methodMap);
            }
        }
        #endregion
    }
}


As you can see I've added extra BindingFlags. This will allow to find and proxy not only public properties and methods.


Create custom proxy factory


Just inherit from one of the implemented Proxy factories and reimplement CreateAopProxy method:



[Serializable]
[CLSCompliant(false)]
public class InheritanceAopProxyFactory : DefaultAopProxyFactory
{
    [CLSCompliant(false)]
    public override IAopProxy CreateAopProxy(AdvisedSupport advisedSupport)
    {
        if (advisedSupport == null)
        {
            throw new AopConfigException("Cannot create IAopProxy with null ProxyConfig");
        }
        if (advisedSupport.Advisors.Length == 0 && advisedSupport.TargetSource == EmptyTargetSource.Empty)
        {
            throw new AopConfigException("Cannot create IAopProxy with no advisors and no target source");
        }
 
        IProxyTypeBuilder typeBuilder = new CustomInheritanceProxyTypeBuilder(advisedSupport);
        Type aopProxy = BuildProxyType(typeBuilder);
        ConstructorInfo constructor = aopProxy.GetConstructor(new Type[] { typeof(IAdvised) });
        return (IAopProxy)constructor.Invoke(new object[] { advisedSupport });
    }
}

Here we just replace creation of ProxyTypeBuilder with our own CustomInheritanceProxyTypeBuilder. Of course, you can parametrize you ProxyFaxtory to accept type of the ProxyTypeBuilder. I do not implement this functionality for simplicity.


Register ProxyFactory in cofig


As last step we need to define what IAopProxyFactory implementation will be used. For this purpose write in the configuration file the following:


 
<object id="IAopProxyFactory" type="Qulix.Spring.Aop.InheritanceAopProxyFactory, Qulix.Spring" />
 

That's it. Now we just need to define the reference to our ProxyFactory implementation. For example:



<object id="POBloProxier" type="Spring.Aop.Framework.AutoProxy.ObjectNameAutoProxyCreator, Spring.Aop">
    <property name="AopProxyFactory" ref="IAopProxyFactory" />
...

I hope this will help you. And you will help me to find easier and more clearer solution.

kick it on DotNetKicks.com
Share this Post:

Facebook
Digg DelIcioUs

Wednesday, September 17, 2008

Security implementation tips

How do you implement security in your ASP.NET application?

I propose to use AOP and interceptors. Short sample.

You have business logic methods like:

public List<Action> GetActions();
public void ExecuteAction(Action action, object data);


And you don't care about security there. You just do your job: create list of all supported actions and return it in GetActions and execute any supported actions in ExecuteAction. Smart, clear and straightforward.

But where is security? In interceptors.

You create interceptor that wraps these two methods. These interceptor knows about allowed actions and has access to such list of actions.

On every execute of GetActions it intersects List of returned actions with list of allowed actions and returns the result of intersection.

On every execute of ExecuteAction it checks whether action is allowed or not.

So you:
1. Have separate security mechanism that works independently.
2. Do not care about security during business logic development.
3. Can split these tasks and divide them between different people.
4. Can use other tips mentioned below :)


And few more tips with security:

1. Always try to separate logic from security as much as possible. This allows you to separate concerns, divide work and allows developers to concentrate on their narrow task.

2. Add possibility to switch off the security. Sometimes it's necessary to test if error occurred because of business logic failure or security failure. It's hard to do if there is no possibility to switch off security. It's not a hard task but it could save time during testing and stabilization.

3. Remove possibility to switch off security from production version. There is a risk that somebody could change your configuration parameter directly or indirectly and in such way perform leverage privileges attack. To avoid this, remove security switch off from production code. But do not delete code! Just use the following:


private bool IsSecurityEnabled
{
    get
    {
#if DEBUG
        return Configuration.IsSecurityEnabled;
#else
        return true;
#endif
    }
}

4. Avoid possibility to delete last administrator. To prevent system from being "unadministrable" add code that will check all delete operation on subject of is there any administrators in the system or last one is deleted. Or select one "Super Administrator" that could be removed from the system.

5. Make security as fast as possible. Create User permissions tickets to save all user allowed actions, cache actions etc. Security should be quick because may be used often.

6. Check security on business logic level. Do not rely on GUI. On UI level you should concentrate on UI as much as possible and do not make security checks where allowed. Or GUI could be even compromised, or UI developer could forget to exclude operation from UI. Moreover, later customer could ask you to write another client based on current application logic level.


To be continued... :)

kick it on DotNetKicks.com




Share this Post:

Facebook


Digg


DelIcioUs

How to be with config files

Often (more precisely - always) we meet the situation where we should store information in configuration files. But when we commit this files to our Version Control System other developers obtain our settings and try to connect to our DB, web service etc.

How to avoid such situation?

Just use templates.

Instead of commiting Web.config, for example, you create Web.config.template that is the copy of Web.config and commit it.

Then every developer during first obtaining of sources renames template file into necessary one and change configuration parameters.

It also helps with build automation - you store config file with the settings that are good for automation server. During every commit (or by schedule - it depends on how you configure you Continuous Integration server) scripts rename files and compilation and unit testing passed successfully.

One tip: templates should contain such default values that allow to build and run tests successfully without changing them in standard environment.

How to implement a task

Here is I tried to describe what I require from my subordinaries for task implementation.

During obtaining the task it's necessary to do the following:
1. Listen attentively.
2. Think
3. Write a letter in which you should indicate the following:
a) Task description
b) Splitting task to subtasks with short description of solution (if non trivial)
c) Estimation of the task with division to subtasks
4. Send e-mail and start implementation (but only after you fix remarks and bugs or write tests)
5. Approve the task (by receiving comments and approval of estimation)

Task is considered as completed if:
1. Unit tests are written
2. Task is implemented completely.
3. Whats New information file is filled
4. Files are commited to Version Control System.
5. If necessary, correspondent paragraph is added to project knowledge base.

Before starting implementation of the task (after writing task description letter to manager), following steps should be performed:
1. Fix all Critical and Major errors.
2. Fix all remarks that are not marked as POSTPONED

I hope this will help you to organize your work.

Please, advice me what could be improved here.

Thanks.

Tuesday, February 12, 2008

One more Debug.Fail

I wrote about Debug.Fail usage earlier (Debug.Fail). One more usage - in the exception handling routine. You can't throw an exception there because this exception will go to the client and client will be confused. So I recommend not to throw an exception (if e.g. HandleException method obtains null as one of the mandatory arguments) but do something like this:

Debug.Assert (exc == null, "Exception passed to the ExceptionHanlder.HandleException can not be null");
 
or 

if (exc == null)
{
    Debug.Fail("Exception passed to the ExceptionHanlder.HandleException can not be null");
    throw new MeaningfulException();
}

This prevents system from sending wrong confusing exception. Instead of this we can for example send SoapException with the message that operation couldn't be completed.

Friday, January 18, 2008

Debug.Fail

Formerly I thought why should we use Debug.Fail and not to use exception throwing? About a year ago I thought out the case where Debug.Fail will be better than exception throwing. But... I didn't write it down so I've forgotten it :(
But now I want to note an another case:
If we use, for example Abstract Factory of Factory Method we could use Debug.Fail.
Consider the code (it's just a sample to demonstrate one practice not all!):



public IReporter GetStrategy(Type entityType)
        {
            if (entityType == typeof (DictionaryEntity))
            {
                return SimpleMenuStrategy();
            }
            else if (entityType == typeof (ProgramEntity))
            {
                return ExtendedMenuStrategy();
            }
            else
            {
                throw new ArgumentException("Unknown type of entity" + entityType, "entityType");
            }
        }

Than you add some others entities, quantity of them grows quickly. One day (usually it happens right before the build :) ) you add one more entity type and forget to define strategy for it. Oh, damn! Exception is generated. Not good solutions, especially if the function was missed by tester and client will see the exception message.
So, let's rewrite the code:



public IReporter GetStrategy(Type entityType)
        {
            if (entityType == typeof (DictionaryEntity))
            {
                return SimpleMenuStrategy();
            }
            else if (entityType == typeof (ProgramEntity))
            {
                return ExtendedMenuStrategy();
            }
            else
            {
                Debug.Fail("Unknown type of entity" + entityType);
                return SimpleMenuStrategy();
            }
        }

Now we get an exception only during Debug time no runtime on the customer's side. We just return a strategy that can perform only the minimum set of functionality. May be it's even will be good enough to customer and won't turn into the fatal error that should be fixed ASAP (e.g. minimal menu will contain "Open" and "Delete" items, but won't contain "Call this person" which absence is not critical for customer for a time).

Yes, it's a fake code and a little far-fetched solution. But it works and I think works better in the second case than in first one. And general rule: call Debug.Fail where the developer's mistake that you should cover with some solution, and throw exception in other cases.

Thursday, January 17, 2008

Code competition

I read "Code complete" (http://cc2e.com), it's boring a little. But wow! One idea immediately awakes me.
Approximately a half year ago one idea appeared in my mind: code competition. But as usual I criticized it and put it to the backyards of my memory thinking I'm fool and this wouldn't help.
But now I met the same idea in that book and I decided to try it again.

So, every week developers, tester or whoever wants send me a letter with the description of the piece of work they did this week. This piece should be done in the best way and will participate in the competition. For example, developer could send the description of the module he designed, another one could send the description of the improvement she's done that greatly affects the system performance, usability or whatever else, tester could report on great job of automation library creation or full test coverage of the application etc.

Then the best one (or more) work will be chosen. The winner will be rewarded with the honor and later with the bonuses.

I think it could partially make quality better, allow to show the best approaches, code etc. But the results should be unbiassed and all the team shouldn't envy the winner in a bad way.

Could it work?

Exception rehandling

Sometimes problem of exception rehandling is occurred in the application.Consider the following situation:
  • You have a class with two methods: LoadData and GetEntity
  • You have ExceptionHandler class that handles exceptions and manages it in something way.
  • Caller classes could call both LoadData and GetEntity
  • You decided to around LoadData and GetEntity methods' bodies with try-catch and handle exceptions using ExceptionHandler.

All is ok. But imaging you call GetEntity from LoadData method and error is occurred in the GetEntity method (e.g. requested entity was deleted). Exception handler handles the exception, process it (e.g. shows message box "Object was already deleted from the storage") and .. what to do further?

  1. Return null signaling that object was not loaded.
  2. Return fake object that signaled the object was not loaded
  3. Rethrow the exception
  4. Throw another exception

Let's consider pros and contras of every approach:

Return null

Pros:

  • You signal that object is not loaded, so no data will be shown;
  • Caller could check for null and make a decision of what to do;

Contras:

  • Caller should always check null instead it gets NullReferenceException (the one of the worst exception I know);
  • Because null is not an often case unnecessary checks will be performed;
  • All the callers have to know about this peculiarity;
  • We should make check and make a decision again of what to do in every place we return null (in Load method and in its caller).


Return fake object

It means returning something like NullValueObject

Pros:

  • NullReferenceException is avoided;
  • If null check is missing in some place we just bind an empty object;
  • Load method could not take into account return value and transmit responsibility on decision making to the caller transparently;

Contras:

  • If no checks made Bind method (that binds data to the form) could bind empty object and it is good if no exception occurred;
  • We should create NullValueObject for the data for every entity. And if the quantity if entities is big and we couldn't support small count of NullValue entities support and creation of such entities could be very hard;

Rethrow the exception

I think it's a bad method at all - to rethrow an exception. E.g. if we rethrow the exception in GetEntity method, then it will be catched in LoadData method and processed in ExceptionHandler again, and there message will be shown again. I think it will confuse user (seems like, "Hey you, you can't understand it from the first time!").

Throw another exception

Pros:

  • Rethrowing another exception (e.g. ExceptionHandledException) allows us to not handle in in the ExceptionHandler again but up on stack as higher as necessary;
  • It allows us not to process incorrect return values;
  • We definitely won't process empty data;
  • Load method shouldn't take care on the possible double error handling and other staff.

Contras:

  • We should catch ExceptionHandledException on the highest level to not obtain UnhandledException
  • If, e.g. absence of data should be processed normally (or in another way than just catching exception) then we should try-catch all the operations that could throw the exception and process it separately in catch.
  • We should know the internals of ExceptionHandler

There are many any pros and contras in every approach. I listed only general.

So as usual, decision depends on the circumstances but the best approaches are: NullValue and ExceptionHandledException. In any case we should clearly define what is error and define the strategy on the application level.

Tuesday, January 15, 2008

Prototype it

Prototype big and/or complex methods on the natural language, write as you think, write all you think to not forget when you will start writing code. And then start coding. It helps you to avoid forgetting of something - when you started coding having clear enough plan in your mind, but something was going out of your head when you typed the code (there were so many holes, that some though in any case will slip away certainly).

I used this approach for a long time and recently found very similar one in the "Code complete". So, if earlier I thought that few people did it, now i can recommend it to use.

Monday, January 14, 2008

How to meeting

Meetings are necessary (evil). It's truth and it isn't a theme for discussions. It helps. But sometimes it can hurts the process.
One of the aspects of good meeting organization is frequency.

Every day. Actually, It wastes much time, but it doesn't give many benefits with respect to the expended time.

One time per several days (week). To organize meeting you should distract people from the working places. Because such meetings could be tightened, some people can't endure this torture and going to be bored or going away.

So how to organize the meetings? Any ideas?

Thursday, January 10, 2008

He or she?

After several remarks, united by the common theme "Why do you call tester 'she'?" (see my post http://asliborsky.blogspot.com/2008/01/automate-testing.html) I had decided to explain the reason of this.
Earlier I wrote "he/she" or "her or his" etc trying to be quite polite. But it was so ugly. So I've decided to rotate "he" and "she" in my posts. So there was "her" turn in the article about automated testers team.

Tuesday, January 8, 2008

Automate testing

If your tester have to do the same movements from day to day to check the main functionality, that is especially actual on the project release stages, than she will have not much time to test the application "intellectually". Accordingly - the quality come down. And customer's satisfaction of the project results comes down too.

I see the following outlet from this situation (this is not complete solution - but required part of problem decision process):
  1. Allocate  dedicated automation functional testing team (quite possible, it's necessary to partly put this team work cost into the project price). Why separate team? To rear an automation tester from every functional tester is expensive, long and ineffective (and sometimes is almost impossible).
  2. Tester should write a testing plan (e.g., Minimal acceptance test plan) for the automation testers.
  3. Tester should know how to execute automated tests and to analyze their results.
Thanks to this we have:
  1. Well-qualified team of automation testers, services of which could be sold and which perform automation tasks quick and with high quality.
  2. The minimal set of regressive tests, that could be run in a nightly manner, for example, for every build. It should decrease the number of overlooked errors.
  3. Increase of time, that tester spends testing the complex and/or new functionality.
  4. Quality growth
It remains just to convince boss of the truth of my words :)

Thread interruption

I think, there is a problem - thread interruption - when somebody is absorbed in his problem, and suddenly he is drawn away. May be he was diverted just for 5 minutes, but this is enough - man loses  thought and it takes much more time to collect his thoughts again, very often more than 5 minutes. He was pulled out from the thread.
If it occurs once a day, it's may be ok, but if he is important enough, it may occurs 5-10 times. Calculate the loss.

I havn't found any effective solution of this problem. But I tried several methods:

Help request via e-mail. It hadn't justify hopes. Extracts from the reports:
“Help request via e-mail, taking into account the speed of message delivery etc., was "failed", so I want to forget about it.”
“Personally, it's inconveniently for me, it's simpler when smb asks for help via Skype/ICQ with the message a-la «If you will have a minute, please, come to me" - requests of such type, properly speaking, came in the team.”

"I'm busy marks" exposure. All who is busy should exposure a special mark, for example - red serviette or something else. Was met by laugh and pessimism.

Nevertheless, all team members admitted that the problem exists, but solutions remain the old - to ICQ or Skype someone for help with the messages like "Whistle when you'll be free" or to say "Sorry, I'm busy" when somebody tries to disturb you.

Friday, January 4, 2008

Estimated development

Entrust tasks estimations  to developers, testers, technical writers and analysts.
Give them chance to estimate tasks that they will implement. Doing in such a way you will be able to plan more carefully (of course after some time during which your guys and girsl will learn to estimate correctly).
After some period of time you will see how they work - slow or fast, lazy or responsible etc. And you will be able to say - "hey, guy, you work too slow and your estimations is so-o-o big. " On the other side, you also can say - "Good job! Really good job! You grow!"

But the pitfall is in the fellows' minds. They can decide that you trust them in all and they can overestimate their work. So check the estimations, especially at first time. And if you see that somebody overestimated his/her job, stop it and talk with he/she.
And if it will continue, estimate the tasks by yourself. So you save your time and prevent dev from saying that he said that he could done the task for X days but manager said him to complete the task for Y hours.

I, for example, trust developer about 2 weeks. I think this time is not critical for most projects. The question is - should we trust from the beginning of the project, or we should set duration of the tasks and only after some time trust our devs.
The controls, of course, is necessary from the early beginning. But of what level of intention and in what form?

Tester-analyst

This idea was appeared in my head earlier but I thought that it was wrong. Many thank to Olga Gerasimenok for helping me to understand that it's not bad.

So, we propose that periodically (say - one time per 2-3 weeks) business analyst should quickly test the system and review whether the functionality is implemented correctly not from functional point of view but from "business requirements" side.

We think it's necessary because nor tester neither developers don't understand how it should be really implemented completely right. On development side only business analyst understand it right, on other side - only customer (and even not always) understand it. But rare customer will review the functionality so often and in full measure. So this duty rest on analysts' shoulders.

I've experimented with this one time. Analyst said - "it was really right solution to do this test! Good job!"

So, I think we will continue to apply this practice.

Ideas discussion

Have an idea to discuss all new approaches, methods, ideas (sorry :) ) here with the best of my colleagues to prevent from hitting bad ideas into real projects. Sometimes (I think) I produce not good ideas, even ugly ideas, but my subordinates don't tell me about this or understand the horror of idea after I announce it, and think that "It's too late to change something".
May be this blog helps us to stop bad ideas, or improve ideas before they go into production.
So the plan is:
  1. Discuss ideas  in an intimate circle.
  2. Extend the circle to all the members of the team.
  3. Publish ideas on corporate wiki.
Also I plan to write the (un)success stories about ideas implementation.
Is that right?

Brainstorm alert

Sometimes we are confronted with difficulties that can not be solved by ourselves. Especially it concerns junior developers. But their problems could be easily solved by senior developer or architect. 
But what if we struggle for a day with the problems that couldn't be solved easily even by expert. Solutions is to:
  1. Google
  2. Post a question to some forums.
  3. Brainstorming
First two points are good if the problem is common or easily describable. But what if problem is specific?
I propose to use the third solution - brainstorm alert.
Brainstorm alert is a signal to the team that some problem is occurred and it can be solved only by common efforts. This signal could be given by e-mail, IM etc. When team receive such signal they convoked and accumulate ideas may be even without immediate criticism. After the ideas will be expressed the time for criticism comes. And then the best ideas come to production.

The pros of this approach are:
  1. One head is good, more heads are better.
  2. Team feel the pulse of work and participate in complex problems resolution (I hope guys and girls will be couraged with this)
  3. Team members learn to think
  4. Young team members see how to solve complex problems and how to analyze solutions.
The contras are:
  1. Team members spend their time to solve somebody's problems
  2. Junior (and sometimes not only junior) members don't understand what is happened on such meetings.
  3. Some devs can be bored.

Other pros and contras exist, of course.  But in general, does this idea have chances to survive?