124 CHAPTER 5 PERMUTATIONS PATTERN To understand this way of linking, consider the following example book definition retrieved from the URL http://mydomain.com/books/12345 that has been abbreviated to illustrate the referencing of comments:
Please visit our professional web hosting services to find out about cheap and reliable webhost service that will surely answer all your demands.
CHAPTER 5 PERMUTATIONS PATTERN 123 An Example Book Application Assuming that you do not need to implement the Permutations pattern, there are some rules of thumb with respect to URL design. When a URL is a resource, it references a piece of data and you need to design a URL. For URL design purposes, let s go through a library example. In terms of functionality, books can be added, manipulated, and deleted. An individual can add books to a list and have comments associated with them. Additionally, a user can create a wish list that contains the books that he would like to have in his library. Defining the URLs When defining URLs, the idea is not to define everything but to define the operations that the web application exposes. The URL is defined in the same way that a JavaScript function is defined, in that specifics are bound when used. The following URLs would be used to realize this application: http://mydomain.com/books/[ISBN]: Associates the URL with a book that has the indicated ISBN number. http://mydomain.com/books/[ISBN]/comments: Associates the URL with the comments of a book identified by the ISBN number. http://mydomain.com/books/[ISBN]/comments/[username]: Associates the URL with a user s comments about a book identified by the ISBN number. The user is identified by username. http://mydomain.com/users/[username]: Associates the URL with a user identified by username. http://mydomain.com/users/[username]/books: Associates the URL with the books owned by the user identified by username. http://mydomain.com/users/[username]/comments: Associates the URL with the comments made by the user identified by username. http://mydomain.com/users/[username]/wishlist: Associates the URL with the wish list of books wanted by the user identified by username. http://mydomain.com/search/books: Associates the URL with a search for a specific book. http://mydomain.com/search/users: Associates the URL with a search for a specific user. Looking at the different URLs, you can see that what is being illustrated is the logical organization of data associated with a URL. The first URL returns a representation of the book that may include comments about the book. Yet the comments associated with a book have their own URLs. A bit of thought about the implementation of the book URL would have the returned content include the comments of the book. What happens is not the inclusion of the comments in the book, but the inclusion of links to the comments of the book. When multiple items are being requested, do not create a URL that represents a list of resources. As in the example, associate the list of resources with a root-like URL (for example, /[ISBN]/comments). The included comments links would be associated with a description.
In case you need quality webspace to host and run your web applications, try our personal web hosting services.
122 CHAPTER 5 PERMUTATIONS PATTERN the request is maryjane and therefore allows access to the URL. Like the login, the resource /bankaccount/maryjane has an associated representation, /servlet/bankaccount/maryjane. Comparing Figure 5-9 to Figure 5-8, you can see that the authorization, resource, and representation have been separated from each other. The solution in Figure 5-9 is better because it allows a developer or administrator to update one component (for example, authorization) without having to update the other components (for example, resource and representation). There are multiple ways to authorize a user, and they are defined as follows: Cookies: Cookies are identifiers sent in the HTTP header between the client and the server. The server is responsible for generating a cookie, and the client is responsible for sending the cookie to the server for a given URL and its descendents. URL rewriting: To identify the client, the URL is rewritten, and the client uses the new URL for all requests. For example, instead of requesting the URL /bank/account, the URL is rewritten to /session12345/bank/account. The URL is rewritten dynamically, and a router component will capture the rewritten URL to identify the user. HTTP authentication: By using HTTP authentication, it is possible to authenticate a user. Then, whenever the user requests content for a given URL realm, the authorization information is sent by the client. HTTP authentication is similar to a cookie, except that users must authenticate themselves. HTML form addition: Another variation of URL rewriting is not to rewrite the URL but to rewrite the HTML forms that send content. Hidden fields are added to identify who is sending the content. Using Cookies HTTP cookies1 have a bad reputation, partially undeserved, and therefore many will argue that you should not use cookies. The problem with cookies is not their theory, but their implementation and their ramifications. To compare the use of cookies to real life, consider entering a shopping mall. At the entrance somebody gives you a token, which you can refuse. After you refuse the token, all of a sudden all the store doors close. You can wander the mall, but can only look at the merchandise through the windows. You can still view the content and everything that the store offers, but it is behind glass. Now imagine that you accept the token. The store doors remain open, and you can browse all the products. To be helpful, the store clerks offer recommendations and best offers in the mall. Yet there is a dark underside: the shopping mall is watching every step you make, and everything you look at is being tracked. Of course, the shopping mall assures you that the information will not be used for other purposes, but the question is, where did those recommendations come from? Or how about the best offers? The tokens or in the real world, cookies are being used to track people. I am split regarding the use of cookies. I find nothing extremely disturbing about them, nor am I enthused about them. HTTP cookies are a means to an end. 1. http://en.wikipedia.org/wiki/HTTP_cookie
You want to have a cheap webhost for your apache application, then check apache web hosting services.
CHAPTER 5 PERMUTATIONS PATTERN Resources can be assigned individual representations, meaning that multiple versions of data can coexist with each other. When URLs become resources, some developers become hesitant because it means added complexity. For example, imagine sending out an e-mail saying, Hey, buy this and you will get credited with 1000 points in your bank account. Forget for the moment that this is a famous phishing attack. Just take the sentence at face value and assume you will be sending out e-mails to people who can access their bank accounts. The question a developer has is, what URL will be sent in the e-mail? The answer is a general URL that after a login becomes specific, as illustrated in Figure 5-9. Figure 5-9. URLs used to access a bank account In Figure 5-9, the Permutations pattern is used twice, but in two different contexts. To understand the URLs, let s relate them back to the e-mail example. The bank sends out an e-mail that includes the URL /bankaccount/login. When a user receives the e-mail, the user clicks on the link. The HTTP server uses the Permutations pattern to load the appropriate content, which is HTML, and that means the URL /bankaccount/login.jsp. The URL /bankaccount/login is an interface, and the URL /bankaccount/login.jsp is its implementation. The login could be carried out by using HTTP authentication or an HTTP cookie. What you should notice is that the login is a separate process from the application itself. After being authenticated, the user is redirected to the URL /bankaccount/maryjane with an associated HTTP cookie. When the HTTP server sees the request for /bankaccount/maryjane, it checks for either HTTP authentication information or HTTP cookie information. The information is required to verify that the request can be carried out. The HTTP server sees that
In case you need affordable webhost to host your website, our recommendation is ecommerce web host services.
120 CHAPTER 5 PERMUTATIONS PATTERN The generic URL approach with specific content on authentication is promoted by web application frameworks because it is easy to implement. Web technologies are not constructed to process URLs in a manner more appropriate for Ajax applications. Without going into a deep URL design discussion, let s illustrate the problem by considering how to implement the home pages of the individual users who use the tilde character. When using Apache on the Linux operating system, the mapping of the tilde character and cgross identifier to a directory would be /home/cgross/public_html. If the user maryjane existed, the mapping would be /home/ maryjane/public_html. These two individuals have two separate mappings. Now imagine you are building a web application and you want cgross and maryjane to have identical default pages that are implemented by the ASP.NET page default.aspx. To achieve the goal, you would have to copy the ASP.NET page to the directories /home/cgross/public_html and /home/ maryjane/public_html. The default.aspx page has to be copied because the URLs /~cgross and /~maryjane are two distinct URLs, even though the default page functionalities are identical. Current web technologies cannot cope with such a scenario. Therefore, current web technologies take the other approach and say you have a common URL that needs to be specialized by using authentication, as illustrated in Figure 5-8. Figure 5-8. Associating a bank account with a user Figure 5-8 shows the JSP page /app/bankaccount.jsp. If either maryjaneor cgross wanted to access their bank account, each would perform a login, and an HTTP cookie would be associated with each login. Then both cgross and maryjane would access their bank account information from the same URL. This is a bad way of designing a URL for the following reasons: A user can use only one data set because there is no way for a super user to exist. For example, if resource-based URLs were used, a user could be authenticated but be able to access multiple resources. Security is put into the hands of the web application developer. To ensure that only authorized people are allowed access to certain pieces of information, the web application developer has to add barriers. The barriers are written into the web application, which all too often results in security problems. HTTP security is well known, well defined, and stable, and those who manage it administrators are well aware of any security holes. Programmers, although capable and intelligent, are not security specialists.
If you are looking for affordable and reliable webhost to host and run your business application visit our ftp web hosting services.
CHAPTER 5 PERMUTATIONS PATTERN Figure 5-7. Rearchitected application using the Permutations pattern Using Cookies and HTTP Authentication to Authorize Access Only A problem with URLs is that they associate a user with a URL based on some extra information. It is a bad practice because it does not allow a URL to be copied. For example, I issue the URL http://mydomain.com/~cgross. The tilde character (~) indicates, Please download the content from a user s directory. The user s directory is specified after the tilde character, and in this example is cgross. If I do not happen to be cgross, I can still access the information from cgross. If cgross implements authentication, then I as a user other than cgross need to be authorized to view the contents of cgross. Let s take another example URL: http://mydomain.com/~. Does the HTTP server know which user s directory is being specified? The answer is no, because the HTTP server cannot know who is being referenced. The HTTP server could resolve which user is being referenced by asking the user to log in. So if, for example, I logged in as cgross, the HTTP server could resolve the URL from http://mydomain.com/~ to http://mydomain.com/~cgross. This example is what most websites do. Most websites give you a generic URL that gives user-specific content only if you are authenticated.
We recommend you use shared web hosting services, because many users agree that it is cheap, reliable and customer-satisfying webhost.
118 CHAPTER 5 PERMUTATIONS PATTERN In the example source code, the class Factory has a static method, Instantiate, that creates an instance of IBase by instantiating Implementation1. In the class method UseIt.Method, an instance of IBaseis instantiated by calling the method Factory.Instantiate. The class UseIt has no idea whether Implementation1 or Implementation2 is instantiated. The class UseIt uses the interface as defined by IBase and expects the interface methods to be implemented correctly. Those users of dynamic programming languages such as Ruby or Python do not implement interfaces. Dynamic programming languages use contracts where functionality is implied. Let s relate this to URLs and separate the resource from the representation. The resource is the interface, and the representation is the implementation. Right now most web technolo gies bind together resource and representation or use implementations directly, as the URLs http://mydomain.com/item.aspx and http://mydomain.com/item.jsp illustrate. The direct bindings are the extensions .aspx, and .jsp, and the proper interface-defined URL would have been http://mydomain.com/item. Ironically, all web technologies implement the separation of resource from representation for the root URL /, as illustrated by the following HTTP conversation. (Note that the conversa tion has been abbreviated for explanation purposes). Request: GET / HTTP/1.1 Host: 192.168.1.242:8100 User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; . en-US; rv:1.7.8) Gecko/20050511 Response: HTTP/1.1 200 OK Server: Apache/2.0.53 (Ubuntu) PHP/4.3.10-10ubuntu4 The requested URL is /, and it is returned by the server as index.html or index.jsp or index.php or even default.aspx. If web technologies are capable of separating the resource from the representation for the root URL, why can t they carry this throughout the entire web application? It is a truly puzzling question. The root URL implements the Permutations pattern, and many other URLs would implement the pattern, but the pattern does not need to be used everywhere, as illustrated in Figure 5-7. The URL /account[user] has two representations, HTML and XML. Which representation is returned depends on the preference of the client. The preference of the client is determined by the Accept header. Let s say that the client wants the HTML content. Contained within the HTML content is a link to the file details.aspx. If the URL were theoretically pure, the URL /account/[user]/details.aspxshould have been /account/[user]/details. However, in some situations being theoretically pure is the wrong approach. Just as with interface-driven development, you do not always reference interfaces. However, in the content of details.aspx, the resource-based URL /account/[user]/transactions is referenced. The resource-based URL is referenced by two representations: details.aspx and details.xml. When implementing the Permutations pattern, what you are implementing is interface- driven development for the Web. A resource is an interface, and the representations are implementations. The current batch of web technologies supports web application components, but their granularity is too coarse.
Visit our web design programs services for an affordable and reliable webhost to suit all your needs.
CHAPTER 5 PERMUTATIONS PATTERN 117 Understanding Why the Resource Is Separated from the Representation The need to separate the resource from the representation has not been adequately explained, and some developers may wonder why it is necessary at all. After all, many websites work well and nobody has complained too loudly. The reason why many websites work well is because they have probably implemented the separation of resource from representation. And those that have not done so have received complaints. Separating the resource from the representation is not complicated, but it is associated with quite a bit of grunt work. What makes matters more complicated is that many of today s web application frameworks get it completely wrong as they bind resource with representation. It s not that today s web application technologies cannot manage resources and representations properly, but the fact is that they don t do it. To illustrate the separation of resource from representation, consider the following C# code: interface IBase { void Method(); } class Implementation1 : IBase { public void Method() { } } class Implementation2 : IBase { public void Method() { } } The interface IBase defines a method and is implemented by two classes, Implementation1 and Implementation2. This is called interface-driven development because when the client uses either of the implementations, the client doesn t use the implementations but the interface of the implementations, as illustrated by the following source code: class Factory { public static IBase Instantiate() { return new Implementation1(); } } class UseIt { public void Method() { IBase obj = Factory.Instantiate(); // … } }
We would like to recommend you tested and proved virtual web hosting services, which you will surely find to be of great quality.
116 CHAPTER 5 PERMUTATIONS PATTERN The main idea behind the Permutations pattern is to present the right content at the right time. It is about creating content and presenting it appropriately based on the requirements of the end browsing device. By using the Permutations pattern, content is created like that of Google and Yahoo! From an end user perspective, that means users will need to remember only a single URL such as http://mydomain.com/bank/account/cgross, and then be assured regard less of device that they will be presented with similar content. Applicability The Permutations pattern is a core pattern that can and should be used as much as possible. However, it is a pattern that requires extra work, and that extra work should not be underestimated. For example, both Yahoo! and Google provide a similar, but different, user interface for their mobile clients. When implementing multiple user interfaces, a significant amount of work is associated with creating each one of them. Also understand that the Permutations pattern is not only user-interface related, but should be considered device related. With respect to current URLs used by current web application frameworks, the Permutations pattern may require redefinition. This means this pattern will revisit topics that seem already solved, such as session identification and authorization. The following contexts define when the Permutations pattern should be used: For the main entry points of a web application (such as http://mydomain.com/ application) or for a specific user (for example, http://mydomain.com/account/user). The idea is that if the end device and/or user has been identified, you don t have to keep re-identifying what or whom the device is. For web applications that are more Internet than intranet in nature. Controlling the end devices accessing an intranet web application is easy. In contrast, it is not possible to control the end devices accessing an Internet web application, nor should any attempt be made to control them. Associated Patterns The Permutations pattern is the basis of all patterns defined in this book. The Content Chunking and Persistent Communications patterns use the Permutations pattern directly, and the remaining patterns use it indirectly. The only pattern that does not explicitly use this pattern is Cache Controller. Architecture The big-picture architecture idea behind the Permutations pattern is to separate the resource from the representation. This means that when a URL is referenced, the data that is returned from the URL is not bound to the resource. This section explains the details of why you should separate the resource from the representation and how to do that.
We recommend high quality webhost to host and run your jsp application: christian web host services.
CHAPTER 5 PERMUTATIONS PATTERN Figure 5-5. WAP browser presentation of http://www.yahoo.com Figure 5-6. Incorrect web user experience when using a nondefault browser
From our experience, we are can tell you that you can find a reliable and cheap webhost service at Java Web Hosting services.