OAuth2 discussion - part1

Sometimes pronounced with one syllable "oath", but I like it better with two syllables "Oh Auth", add a 2 at the end and here is OAuth2, an open standard for authorization. It allows users to share their private resources (e.g. photos, documents etc...) stored on one site with another site or application without having to hand out their credentials. Widely adopted from Google to Facebook, easy and less cumbersome than his elder brother OAuth1, let's see together how to practice the OAuth2 dance.

Actually, the dance comparison is often used to describe OAuth2, but I think it's more a 3 players discussion so we're going to use a script metaphor. Here is our casting: Mr Google (our cloud based service provider), MyGoogleDrive app (our native mobile app which main functionality is to list Google Drive files) and Bob our end user who want to access his Google drive content via MyGoogleDrive app. We want to write a native iOS client app using third party backend.

Before we start, MyGoogleDrive developer has already registered his app to consume Google Drive services.  Each provider offers an admin console: GoogleCloud console... Depending on provider, you can choose want kind of access you need (read/write). Once registered you should get a client id, a client secret and a callback URI.

Bob starts MyGoogleDrive app on his iPhone.

1. Hello, Mr Google I'm GoogleDrive app, could I get access to Google Drive services? Here is my client id and the URL you can call me back on.
2. Which account, please identify yourself?
3. I am Bob, here's my login and password
4. Hello, Bob, do you want to grant access to GoogleDrive app?
5. Yes I do. I trust this app.
6. Ok fine, Let me use the client callback URL to get back to the app. Here is an access code for you GoogleDrive.
7. Thanks. Mr Google may I exchange my code for an access token?
8. Here's your access token GoogleDrive Enjoy.
9. So Mr Google could I get access to Bob's list of files, here's my access token.
10. Let me see if your access token is still valid, ok fine here's the list your requested.

Easy peasy.
One of the reasons of OAuth2 (apart from the cryptographic signatures vs SSL/TLS protection) is the need to serve not only web app but also, mobile app. OAuth2 defines 3 type of profiles: web application (end user has no access to credentials, access tokens), web browser client (OAuth credential not trusted, some provider won't issue a client_secret) and native application (dynamically issued credentials such as access tokens or refresh tokens can receive an acceptable level of protection).

For native app one of the main challenge is somehow to include a third party UI to grant access either by forwarding your app to a web browser or by embedding a WebView and, once successfully authenticated and authorized, to go back to the original app. With minimal provider configuration, AeroGear libraries handles it for you.

In the second part of this blog, we'll see how using AeroGear iOS libraries, we managed the OAuth2 back and forth discussion easily and how the OAuth2 implementation integrates transparently with Pipes.

Tweet

Keep it secret!

With the latest release, AeroGear iOS 1.3.0 comes with more enhanced security features. Latest adding is encryption. In this release we deal with symmetric encryption.

Symmetric encryption: what is it?

Sometime talking about security topics might seem a bit overwhelming. But no worries, let's get the right vocabulary. When talking about encryption, there are actually two basic techniques for encrypting information: symmetric encryption (also called secret key encryption) and asymmetric encryption (also called public key encryption).

Today, we're going to delve into symmetric encryption as asymmetric one will be included in next AeroGear release. As said, symmetric encryption is when the same key is used to encrypt and decrypt data. Again, let's get the right jargon. Private key encryption is best defined with the following concepts:

• Encryption key is a block of bytes of a _specific length_. Key can be derived from password using for example, PBKDF2 algorithm. Key must be kept secret.
• IV (Initialisation Vector) is a random value that is used to encrypt data. Encryption algorithms usually work on fixed-size blocks, IV defines the first encrypted block.

You can derive the encryption key using a password or phassphrase and salt with AGPBKDF2.

• Password is easy to remember and usually defined by user and must be kept secret. A password is not a key.
• Salt is a random value that is used together with a password to derive an encryption key. A salt value does not need to be kept secret.

AeroGear-Crypto symmetric encryption provides you an easy way to encrypt your sensitive data. No need to be a security expert to use the library. See by yourself.

An example please: Xmas

Christmas is coming, it's all around us. Papillotes (french Christmas chocolate) and clementine is in the air. Surrounded by nephews and friends, it's time to organize your Santa Claus list. But you don't want your secret list to leak. Here comes into the scene your aerogear-crypto libraries.

In Xmas, we want to achieve local encryption of the present description but keep information like to whom the present is for, clear and searchable. The flow is simple you add a present to the list with an associated password and you saved it. It is first encrypted and then locally saved.

The list of present is displayed with a generic picture. If you want to remember what the item is. just click on it entered the password used for encryption, and the card will be flipped to show you the content description in clear.

Show me the code

Derive Key

First of all, to encrypt your data you need an encryption key. Your key can be derived from your password using PBKDF2 algorithms.

 -(NSData*) getKeyFromPassword:(NSString*)password {
     AGPBKDF2* derivator = [[AGPBKDF2 alloc] init];
     
     return [derivator deriveKey:password salt:_salt];
 }

To derive you key from your password you need to introduce some randomness (remember we talked about salt). For random generation of salt or IV, use AGRandomGenerator. By default, AGRandomGenerator generates 16 bytes key, but you can also specify the length if you wish.

    NSUserDefaults *defaults = [NSUserDefaults standardUserDefaults];
    
    _salt = [defaults objectForKey:@"xmas.salt"];
    
    if(!_salt) { // if first launch, initialize params for subsequent reads
        _salt = [AGRandomGenerator randomBytes];
        [defaults setObject:_salt forKey:@"xmas.salt"];
        [defaults synchronize];
    }

You need to store your salt to be able to regenerate the exact same key when you want to decrypt this description information. In this example, we've chosen to store this information in NSUserDefaults.

Encrypt

Once you've got your encryption key, use AGCryptoBox to do the actual encryption. With AGCryptoBox, you can encrypt/decrypt data using your encryption key and a randomly generated IV as shown below:

 -(void) saveAndEncryptData:(id)gift withPassword:password {
     // Generate key from password
     NSData* key = [self getKeyFromPassword:password];
     
     // Use CryptoBox to encrypt/decrypt data
     AGCryptoBox* cryptoBox = [[AGCryptoBox alloc] initWithKey:key];
     
     // transform string to data
     NSData* dataToEncrypt = [gift[@"description"] dataUsingEncoding:NSUTF8StringEncoding];
     
     // encrypt data
     gift[@"description"] = [cryptoBox encrypt:dataToEncrypt IV:_IV];
     
     // Store data with encrypted description
     [_store save:gift error:nil];
     
     [self.gifts addObject:gift];
 }

Same as for the salt, IV need to be store to be able to decrypt the encrypted data. We'll put it into NSUserDefaults too.

Decrypt

To be able to decrypt, fetch salt, prompt the user for password, regenerate the encryption key. Fetch IV data and decrypt!

 -(NSString*)decrypt:(NSData*)data {
     NSData* key = [self getKeyFromPassword:_password];
     AGCryptoBox* cryptoBox = [[AGCryptoBox alloc] initWithKey:key];

     return [[NSString alloc]
             initWithData:[cryptoBox decrypt:data IV:_IV] encoding:NSUTF8StringEncoding];
 }

That's all folks!
If you want to see it all in action, git clone cookbook, go to xmas app and pod install it :)

Tweet

Storyboard and unwind segue

With iOS 5, storyboards made their entrance, with iOS6 they went popular and with iOS7, there're well settled. I've sparely used storyboard in the past and when a friend of mine told me about unwind segue, I thought it was time to revisit it. Here's my story:

A bit of history

First there was Interface Builder

Interface Builder (IB) allows you to work on a graphical interface to define you app layout and components. Customising a table view cell through IB saves you tone of UI code that clutters your app.

Does IB generate code behind the scene? Not quite, it's not really code that is generated when you use storyboards or nibs. The views are encoded into a binary file (using NSCoder) and decoded at runtime. Think of it as the objects being created and frozen in Interface Builder, then defrosted during runtime.

Then came Storyboard

Storyboard goes one step further...

As the name said it all, it's about putting the story of your app on a board. With IB you can work with one view, with storyboard you can have multiple views on a same board. It introduces segues. Segues represent transitions between screens. Opening a storyboard and your have pretty good idea of the UI flow at a glance. In XCode 5, application templates scaffold storyboard by default (no check box to ask you). So when I switch to iOS7, I thought it was time to give storyboards another trial and I had a perfect use case for that.

On the AeroGear project, we have a great Android Cookbook where you demo the features of the libraries without being cluttered by too much UI code. I thought having a version for iOS will be wonderful.

Storyboard and its segue

So I settled on writing one and I thought it was a great use case for using storyboard. I was new to it, I already tried and actually blog about it here. Coding with storyboard I've discovered unwind segue and I love it. You can replace delegate with unwind segues. Making even less to write.

Let's see it with an example

Taken from iOS cookbook, Xmas is a short example where we have 2 view controllers: "Gifts list" controller (let's name it VC1) and "Add present" controller (VC2) as shown in XCode storyboard.

We are going to create a segue from scene one (list controller) to scene two (add present), implementing prepareForSegue:sender: in VC1.

Going from VC1 to VC2

In storyboard with the magic keys combinaison ctrl+drag from VC1 to VC2, choose the push segue. In the code implement prepareForSegue:sender: to move data from VC1 to VC2:

- (void)prepareForSegue:(UIStoryboardSegue *)segue sender:(id)sender {
 if ([segue.identifier isEqualToString:@"addPresent:"]) {
        // nothing to do
 }
    if ([segue.identifier isEqualToString:@"updatePresent:"]) {
        // pass selected gift from VC1 to VC2
        AGAddPresentViewController* destinationController = segue.destinationViewController;
        destinationController.toWhomTextField.text = [_store read:_currentGiftId];
 }
}

But what about transitioning and sending context back in the other direction? with iOS 6, we have a new technique named unwind segues...

Going back: VC2 to VC1

Now you add a new present and you want to be able to hist save and go back to the list controller. Prior to iOS6, going back was implemented using well known Delegate approach. With iOS6, we can do it with unwind segue. In you VC1 controller (the controller you want to unwind to), you have implement an IBAction method with one parameter segue, called it whatever you want. Then, from the story board ctrl+drag from ViewController to its exit icon. Xcode gives you a list of possible unwind methods (here we have implemented only one), choose it and you're done!

-(IBAction)unwindToRootVC:(UIStoryboardSegue *)segue {
    AGAddPresentViewController* source = segue.sourceViewController;
    
    // Get data from source
    NSMutableDictionary* dict = [[NSMutableDictionary alloc] init];
    dict[@"toWhom"] = source.toWhomTextField.text;
    dict[@"description"] = source.description.text;
    
    // save data in the list
    [self saveData:dict withPassword:source.password.text];
    [self.collectionView reloadData];
}

Elegantly in a few lines of code and some ctrl drag and drop magic we've got everything settled. You can find the complete code for this example in my github repository.

Tweet

JavaOne 2013 is over, But have I learnt from it?

On a sunny day, JavaOne took place downtown San Francisco. JavaOne is already over, let me share with you my experience. My personal interests being on mobile technologies and polyglot languages, this was the guiding theme of the sessions I attended.

Monday

I started on Monday as early as 8:30 and already with a cornelian dilemma: which session to choose: the one with my team mates “Notify Your Mobile Clients by Integrating Push Networks and Java EE 7” or the one with my soulmate (and dear husband) “Polyglot Alchemy: JSR223 in action” ? I won't tell which one I attended :)

My next session was with Hans Dockter presenting “Gradle and the New Android Build System”. Starting with a scary image of feet corpse, to make you measure how important is an efficient fully automated build system. Why did Google choose Gradle for their build system? Even a simple android project is more complex that a plain java project. Live cycle phases are more complex and can me declined in different flavors. The key success of Gradle build is about mixing declarative build system with flexible and rich object model. I was even surprised to learn Gradleware is also working on C++ build system.

I also did a couple of Nashorn sessions. "Nashorn: JavaScript on the JVM" with Jim Laskey. With JavaScript on the JVM, programming is fun again ;) Full of concrete examples on how to use JavaScript for scripting, how to mix JavaScript and Java with binding. The one that hurts a bit the eyes (personal feeling here) is nashorn + JavaFX. Interesting debugging IDE askari POC but to be honest, what we really wish for is to have IntelliJ/Eclipse support.

It was time to give my 2 hours tutorial session on "Embedded DSL: Groovy and Scala Fair Duel" with my co-speaker Pascal Cohen. Our presentation was full of code samples assuming knowledge in both Groovy and Scala syntax. If you want to try them by yourself, here is the link of the presentation. Eventually, you can also play the game. That was great fun!

Tuesday

"Developing with Java on iOS and Android: Introduction to Oracle ADF Mobile" with Shay Shmeltzer. Oracle ADF mobile is for Java developers that don't want to see their skills become obsolete. Don't need to learn HTML5/JavaScript. Quoting Shay: "JavaScript is meant to do DOM manipulation but for serious logic, JS is slowing you down", ADF mobile allows you to write all your code in Java and under the hood HTML5 is used. You can write your own ADF module in XML.
Break. Too much for me. JS is a poor language, XML is a great tool for developer. Isn't it late by a few years?

Let's have a session on JavaScript, how funny to see JS used server side too. To do serious logic. "Server side JS on the JVM with Nashorn and avatar.js" by Akhil Arora. Avatar is an implementation of nodejs for the JVM, it was open sourced last Sunday on java.net. Some of the features:

• support multiple event loops: one single event loop in node js.
• multiple java threads support
• compatible with node v0.10.18, of 584 node unit tests 470 passed without patches (80%)

Avatar implementation is based on libuv (cross platform asyn io lib), node’s http-parser(synchronous http parser very fast) and _wrap module.

"RIA Technologies and Frameworks Panel" featuring Stephen Chin, Max Katz, Sven Reimers, Andres Almiray, Gerrit Grunwald and Kevin Nilson was an interesting and informal session with a good focus on mobile technologies. Attendees ask questions to the panel.

"Play vs Grails smackdown" with James Ward and Matt Raible, very entertaining session where Play (Scala web framework) get compared with Grails (Groovy web framework). Fair battle too :)

"Embedding JVM Scripting Languages" of Anton Arhipov. Everything you need to know on JSR223.

"Teaching Java with Minecraft, Greenfoot, and Scratch" by Arun Gupta (proud dad of Aditya who did the Community keynotes on Thursday) and Daniel Green, gives you a good overview of the different software to use. From Scratch to Minecraft. Targeting your audience is key.

"Experimenting with the Boundaries of Static Typing" with Paul King. With code samples, you can compare full blown static type code vs. dynamic code.

Wednesday

"Testing the Enterprise Layers: The ABCs of Integration Testing" with Andrew Rubinger and Aslak Kntusen Welcome earthlings! said alien Arquillian. The session gives a good overview of different test phases and if you need more in-depth you could read the purely open source book.

"Functional Groovy" - Paul King. Always a pleasure to attend Paul's presentation. The good thing is you can review slides and code back home, the content is rich.

"Polyglot JVM: Who, Why, When, and How" starring Ixchel Ruiz and Andres Almiray

"NoSQL Overview" with Tobias Lindaaker. As the title says it all, you get out of the session with a good overview. Categorisation borrowed from excellent book from Martin Fowler.

"Android and iOS Development with Java EE 7" Have you heard of AeroGear? This was the introduction session to get a broad knowledge of how jBoss tools plays nicely with AG and where they fit in the JavaEE landscape.

Thursday

I am not a big fan of keynotes, but unlike Larry I haven't skip that one. If there is only one thing I should recall from that keynote, it is Aditya Gupta opening Eclipse and explaining the audience: this is Eclipse...
So much like my son.
I did a couple of sessions to finish:

"Groovy and Concurrency with GPars" with Paul King

"Polyglot Enterprise Development on the JVM" with Thomas Enebo

"Truly Native Java Apps on iOS with RoboVM" with Niklas Therning. Interesting subject: How to bring Java and other JVM languages to iOS devices. Funny enough to see code in Java implementing CocoaTouch. The project does not generate Objective-C code but rather compiles bytecode into machine code. However you still need all Xcode installed and you need to run on a mac.

This is the end

Sessions all finished. I had a great time at JavaOne. Nice to meet you guys :)

Tweet

Going to JavaOne? Join us for a tutorial session on DSL

Next Monday at JavaOne, I will be giving a tutorial session "Embedded DSL: Groovy and Scala Fair Duel" with my co-speaker Pascal Cohen.

I invite you to join us and here is a couple of reasons why (in a very objective view of course):

• You want to learn more on Domain Specific Languages. 

• You've heard so much about polyglotism: here a session where you've got a chance to see in action 2 very popular languages on the JVM in the same session! Scala and Groovy are seen theoretically strongly opposed but we will show you how, using different techniques, we achieve the same DSL.

• You want to see code and really learn something concrete. We'll show you step by step how to build KissingTurtles language. If you bring along your computer you can even do it yourself.

• You're not into Groovy or Scala. Fancy a tour in Scala and Groovy land? Even code your first script. 

• You're interested by XaaS buzz words. What are the challenges of platform as a service. Running client code (not to mention when client is 6 years old) can be risky and tricky. 

• You have kids too. You want to see what is KissingTurtles. 

• You love french accent. Two Frenchies on stage with a pure lovely accent. 

• You want to have fun.

But I've already said too much. I love chatting, but this is supposed to be a teasing...

See you Monday at 4:30pm Hilton - continental Ballroom 1/2/3. I'll be there. Will you?








Tweet

AeroDoc push notification application, step by step

Last AeroGear release (1.1.0) main focus is on push notifications. Push notifications are heavily used in today mobile apps. They become key features, changing the UX in a push-notification-enabled application. Notifications' role is to wake up applications to provide updates, and that simple feature fulfils thousands of business use cases.

However, with the broad variety of proprietary Push notification solutions: APNS (Apple Push Notification Service), GCM (Google Cloud Messaging), AMD (Amazon Device Messaging),  WNS (Window Push Notification Service), even the web push is on its way with SimplePush notification for Firefox OS, it mays quickly sound like cacophony to a developer willing to target multiple market places. Here comes UnifiedPush Server, a solution to treat push notifications in cross platform approach. Push in the Open.

But AeroGear UnifiedPush Server, in short how does it work?

A picture is worth a thousand words:

1. Push application registration: UnifiedPush server is based on PUB/SUB model, you need to register you application. After registering your app, you will get a pushApplicationId. A push application can target different platforms. You can add variants to it. A variant contains platform specific properties, such as Google API key for Android, certificate credentials for Apple, or a PushNetwork URL for SimplePush. Out of the variant registration, you get a variantId and its associated secret.

2. Installation registration: This is the actual device registration. Given the pushApplicationId and VariantId and associated secrets, the device will register itself on first connection.

3. Send notifications: All set with registration, now your backend app wants to broadcast push notifications to all devices. Using sender API with its fluent message API, it's easy. You can do broadcast and selective send.

4. Underneath, UP server allows you to work with APNS, GCM or simply over the web with SimplePush

5. Receive push notifications whether you're online or offline.

And maybe we can do more than just talking about it let's see it in action. First of all we need a use case.

Our use case: AeroDoc

AeroDoc is a company in the health care industry, selling a revolutionary medial products. The company's sales department has a call center agents, doing phone calls all day and mobile sales agents, most of their time on the road, attending conferences and meeting potential clients.

As soon as a call agent get a lead, he uses AeroDoc Admin app to filter out available sales agents in the neighbourhood of the company interested by the products. Call center agents can send mobile sales agents push notifications.

Sales agents receive the notifications on their smart phones. Once a mobile sales agent accepts the lead on his mobile device (using either iOS AeroDoc client app or Android AeroDoc app), the other agents get a push notification that the lead is taken care of. In a highly competitive market, being able to process a lead directly is for sure a competitive advantage :)

Let's start our step by step approach

Step1: Deploy UnifiedPush Server

UnifiedPush server should be up and running. To install it on Wildfly, follow instructions from aerogear unified push server github repo. Alternatively, you can used the cloud deployed version in OpenShift.

Step2: Deploy AeroDoc Admin app

Let's start cloning aerogear-aerodoc-backend github repository. AeroDoc backend should be deployed. Follow instructions from AeroDoc backend.

Step3: Register process

You have 2 options: either use the Admin UnifiedPush Server or do it simply with curl command. It depends whether you're more a UI person or command line addicted.

• Login (reset password if needed) 
• Register your application to get your pushApplicationID and a masterSecret
• Register your iOS variant. Start using development variant, you will need your apple provisioning as explained in prerequisites. You should get a variantID and a secret

Step4: AeroDoc backend configuration

AeroDoc backend needs to know:

• which url is your UnifiedPush Server, it could be local or running on OpenShift. 
• what is your pushApplicationID and masterSecret

You can configure it using its UI as shown below:

Extracted from LeadSender, the service responsible to do selective send, get a feeling of the sender API:

public void sendLeads(List users, Lead lead) {
        if (getActivePushConfig() != null) {
            Map categories = new HashMap();
            categories.put("lead", "version=" + leadVersion++); 
            UnifiedMessage unifiedMessage = new UnifiedMessage.Builder()
                    .pushApplicationId(getActivePushConfig()
                   .getPushApplicationId())
                    .masterSecret(getActivePushConfig().getMasterSecret())
                    .aliases(users)
                    .simplePush(categories)
                    .attribute("id", lead.getId().toString())
                    .attribute("messageType", "pushed_lead")
                    .attribute("name", lead.getName())
                    .attribute("location", lead.getLocation())
                    .attribute("phone", lead.getPhoneNumber()).sound("default")
                    .alert("A new lead has been created").build();

            javaSender.sendTo(unifiedMessage);
        } else {
           ....
        }
    }

Here we're sending to a list of users (see aliases method) of any variants of AeroDoc application, a message with a version and business attributes like name, location... Notice some native specific attributes like alert/sound.

Step5: iOS AeroDoc app configuration

Let's start with cloning aerogear-aerodoc-ios github repo. In config file, let's configure your varianId and secret :

#define URL_AERODOC @"http://localhost:8080/aerodoc/" 
#define URL_UNIFIED_PUSH @"http://localhost:8080/ag-push/" 
#define VARIANT_ID @"YOUR_VARIANT" 
#define VARIANT_SECRET @"YOUR_SECRET" 
#define ENDPOINT @"rest" 

You're all ready to launch the application on your iPhone. Notice that for Push notification test you can not use your iOS simulator, you need to test it on actual device.

How does your iOS app enable push notification?

First register your iOS app for Apple:


Once the application is started the first time, it prompts you with a dialog box, where you have to agree that the application may receive "Push Notification Messages"

< How does your iOS app register to AeroGear push notification? Once you get registered with APNS, you get a deviceToken:

- (void)application:(UIApplication> *)application didRegisterForRemoteNotificationsWithDeviceToken:(NSData *)deviceToken {
  [self.viewController setDeviceToken:deviceToken];
}

It's now time to register to UnifiedPush server. It's done in application: didRegisterForRemoteNotificationsWithDeviceToken: where you register using the deviceToken provided by Apple with the variantId and secret you got when registering your iOS variant:

- (void) deviceRegistration {
#if !TARGET_IPHONE_SIMULATOR
    AGDeviceRegistration *registration = 
     [[AGDeviceRegistration alloc] initWithServerURL:
        [NSURL URLWithString:URL_UNIFIED_PUSH]];
    
    [registration registerWithClientInfo:^(id clientInfo) {
        [clientInfo setVariantID:VARIANT_ID];
        [clientInfo setVariantSecret:VARIANT_SECRET];
        
        // if the deviceToken value is nil, no registration will be performed
        // and the failure callback is being invoked!
        [clientInfo setDeviceToken:self.deviceToken];
        
        UIDevice *currentDevice = [UIDevice currentDevice];
        [clientInfo setAlias: [[AeroDocAPIClient sharedInstance] loginName]];
        [clientInfo setOperatingSystem:[currentDevice systemName]];
        [clientInfo setOsVersion:[currentDevice systemVersion]];
        [clientInfo setDeviceType: [currentDevice model]];
        
    } success:^() {
       ...
    } failure:^(NSError *error) {
       ...
    }];
#endif
}

How to push lead to my iOS app?

• go to AeroDoc admin UI
• login as john with password 123
• go to your iOS app login as maria/123
• john create a new lead, select it, search for an available sale agent, select Maria and push a  lead to Maria.

and Maria received a new lead!
Maria is Minnesota, AeroDoc admin sends the lead to her.

1. lead Alpha is pushed to Maria

2. Maria accept the lead

3. lead Alpha is broadcasted as accepted and remove form available leads.

Step6: Android AeroDoc app

You're not an iOS person and want to see it in java, follow the readme on aerogear-aerodoc-android.

Step7: Web based AeroDoc app

You're neither an Objective-C nor Java guy, you want to see pure JavaScript. Look at readme on aerogear-aerodoc-web.

Stay tuned!

UnifiedPush server is one feature of AeroGear project, there is more in it and more to come.






Tweet

Gr8Conf: what a great conference!

It's not just a pleonasm, it really is a great conf!

And do you know what makes it so good? People. It's an event where you meet smart people, and even better where you can talk to them. 

The conference started on Sunday 21st July in gorgeous Minneapolis. Sunday was dedicated to workshops. I was running the Grails Mobile workshop with Fabrice Matrat, my geek husband presenting in action the 3musket33rs Grails plugin. 18 attendees for our 3 hours workshops and it always ends up being too short! Fun to run a foursquare clone on your mobile.

Monday morning, conference started with Peter Ledbrook giving an inspiring talk on open source contributions. "Open source and you" makes you feel engaged.

As always, the most difficult part is always to choose your track, specially when you have four choices. I decided to stick to the Groovy track for the first day. I started my day attending Jim Driscoll presentation on "Turtle Graphics in Groovy", a talk on Groovy DSL so close in content to the one I gave in the afternoon with co-speaker Fabrice Matrat. Attending the second talk, Oracle ADF (Application Development Framework) with Jim and co-speaker JR Smiljanic, it turned out that our inspirations have some common roots. We've been dealing with very similar subjects. Oracle has been working on enforcing Security and Web debugging while integrating Groovy inside ADF to provide a customization platform. 

Whereas, when I was working in Amadeus, I was part of the business team (web based SellConnect) designing a Groovy DSL for travel agents to customize cryptic commands. I used to work closely to the architecture team (Fabrice Matrat &Vincent Bersin) in charge of implementing PaaS using Groovy for server side scripting and Aria Templates for UI customization. I certainly think there is some good ground for open source contributions here! Working on the open side is my motto. I am proud to be Red Hatter :)

Carry on Groovy, with “Type checking your DSLs” by Cedric Champeau. Using Groovy as a scripting platform you may want to get errors as early as possible, at compile time. Do you offer DSL to your end users? With Groovy 2, you can go a step further and type checked your DSLs. With powerful AST transform and the usage of a DSL (Groovy developers love DSL), you can hook into the compiler and makes it Grumpy :) Cedric also shows us a very interesting example on how to type check your builder. Suppose you have your XML schema, you can type check your custom XML Groovy builder.

I finish the day giving “Groovy DSL for kids” presentation with Fabrice, moving the Turtle around is always fun.

I started day 2 with “Lift-off with Groovy 2.1”,  to kick off the day. Next session I attended was BDD using Cucumber with Groovy by Marco Vermeulen. Quoting Dan Worth (from a tweet) to give a definition of BDD is just great! Live coding examples on how to practice it is fun too! I really enjoyed this session: packed with information, I even learnt about accelerated agile. You can have any doubt about it, Marco is for sure a BDD addict, his second talk on GVM was named “GVM: an example of BDD in action”.

Last, Vankat Subramanian’s key note was brilliant. Showing closure to talk about functional programming in  a Groovy conference because “off course I know you know Groovy” is just so gooood.

See you next year !

Tweet