You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@oltu.apache.org by Simone Tripodi <si...@gmail.com> on 2010/06/25 16:55:10 UTC
[VOTE] use of the Annotations in Amber
Hi all,
I'm here to call a new vote to define our design direction. Some
threads ago on this ML, Pid and I were discussing about the use, or
not, of Java metadata Annotations to enhance OAuth messages and
tokens.
Pros:
* marshallers/unmarshallers to/from strings could be auto-generated
using the APT;
* the calculation of the base string (just an example) is parameter agnostic.
Cons:
* not so hard writing parsers (JavaCC? AntLR? XText?) and serializers;
* not so hard writing the base string algorithm
So please cast your votes in favor of
[] Pro Annotations
[] Cons Annotations
The vote will stay open for the next 72 hours. It would be nice if the
choice comes with a justification, so everybody can take care about
someone else's considerations.
My vote if
[X] Pro Annotations
I already implemented the base string calculus based only on metadata
discovery and I didn't take care about the parameter retrieving
criteria. I'd love to have a choice to see Annotations in action on
compile-time :P
Cheers, have a nice weekend,
Simo
http://people.apache.org/~simonetripodi/
http://www.99soft.org/
Re: [VOTE] use of the Annotations in Amber
Posted by Simone Tripodi <si...@gmail.com>.
Guys,
I'm sure everybody agrees we reached a "starvation" status but we need
to go over and start progressing quicker. We had the change to discuss
things and finally we called a vote, since there are 2 casting votes
pro annotations use and 1 pro a different approach, and 72 hours
passed since the vote was called, I consider the vote closed and we
proceed modifying the APIs.
Have a nice day,
Simo
http://people.apache.org/~simonetripodi/
http://www.99soft.org/
On Tue, Jun 29, 2010 at 7:55 AM, Simone Tripodi
<si...@gmail.com> wrote:
> Hi David,
> first of all thanks to mentoring that discussion that has been
> continuing for 1 month, and sorry for my late reply but I had to
> terminate 2 contributions for Cocoon3 and Bean Validation :P :)
>
> Just to give you an overview about one of the n possible use cases,
> the original idea of annotations is implemented in the original Amber
> codebase[1][2]: since we're defining an API layer first, we need to
> define a model of OAuth message, and it doesn't mean that
> implementations *have to* be driven by annotations, I did it, someone
> else is free to avoid it and keep them just for documentation
> purposes.
>
> Another use of annotations I was going to experiment is to create
> automatically marshaller/unmarshaller to/from the OAuth the
> Authorization header etc.
>
> Before to proceed I'll wait for your suggestions7feedbacks, thanks in advance :)
> Have a nice day,
> Simo
>
> [1] https://svn.apache.org/repos/asf/incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/message/RequestMessage.java
> [2] https://svn.apache.org/repos/asf/incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/signers/AbstractMethodAlgorithm.java
> (see createBaseString() method)
>
> http://people.apache.org/~simonetripodi/
> http://www.99soft.org/
>
>
>
> On Mon, Jun 28, 2010 at 11:44 PM, David Jencks <da...@yahoo.com> wrote:
>>
>> On Jun 28, 2010, at 1:13 PM, Pid wrote:
>>
>>> On 27/06/2010 15:58, David Jencks wrote:
>>>> <mentor>Are you sure you want to continue this discussion with a vote at this point? It's OK to have votes about anything you want :-) but.... they tend to be polarizing and end up with a losing side who may not be happy. I think that trying to get a consensus on design decisions through discussion is often a better route.</mentor>
>>>>
>>>> <interested party> I don't understand the details of this proposal. Could someone come up with a realistic example showing how the "same" OAuth message would be sent using annotations, and not using annotations, and what would happen internally to this information? It might be obvious to anyone who knows anything about oauth but would help me out a lot </interested party>
>>>
>>> What form would you like the example in, pseudo-code or written description?
>>
>> to the extent I understand the discussion.... :-D
>>
>> How about 2 java classes for the message, one with annotations, and the other using @Override if its implementing an interface, and data for the fields of the objects, and the one or more strings or other data objects extracted and combined from them?
>>
>> thanks
>> david jencks
>>
>>>
>>>
>>> p
>>>
>>>> thanks
>>>> david jencks
>>>>
>>>> On Jun 25, 2010, at 7:55 AM, Simone Tripodi wrote:
>>>>
>>>>> Hi all,
>>>>> I'm here to call a new vote to define our design direction. Some
>>>>> threads ago on this ML, Pid and I were discussing about the use, or
>>>>> not, of Java metadata Annotations to enhance OAuth messages and
>>>>> tokens.
>>>>>
>>>>> Pros:
>>>>> * marshallers/unmarshallers to/from strings could be auto-generated
>>>>> using the APT;
>>>>> * the calculation of the base string (just an example) is parameter agnostic.
>>>>>
>>>>> Cons:
>>>>> * not so hard writing parsers (JavaCC? AntLR? XText?) and serializers;
>>>>> * not so hard writing the base string algorithm
>>>>>
>>>>> So please cast your votes in favor of
>>>>>
>>>>> [] Pro Annotations
>>>>> [] Cons Annotations
>>>>>
>>>>> The vote will stay open for the next 72 hours. It would be nice if the
>>>>> choice comes with a justification, so everybody can take care about
>>>>> someone else's considerations.
>>>>>
>>>>> My vote if
>>>>>
>>>>> [X] Pro Annotations
>>>>>
>>>>> I already implemented the base string calculus based only on metadata
>>>>> discovery and I didn't take care about the parameter retrieving
>>>>> criteria. I'd love to have a choice to see Annotations in action on
>>>>> compile-time :P
>>>>>
>>>>> Cheers, have a nice weekend,
>>>>> Simo
>>>>>
>>>>> http://people.apache.org/~simonetripodi/
>>>>> http://www.99soft.org/
>>>>
>>>
>>>
>>
>>
>
Re: [VOTE] use of the Annotations in Amber
Posted by Simone Tripodi <si...@gmail.com>.
Hi David,
first of all thanks to mentoring that discussion that has been
continuing for 1 month, and sorry for my late reply but I had to
terminate 2 contributions for Cocoon3 and Bean Validation :P :)
Just to give you an overview about one of the n possible use cases,
the original idea of annotations is implemented in the original Amber
codebase[1][2]: since we're defining an API layer first, we need to
define a model of OAuth message, and it doesn't mean that
implementations *have to* be driven by annotations, I did it, someone
else is free to avoid it and keep them just for documentation
purposes.
Another use of annotations I was going to experiment is to create
automatically marshaller/unmarshaller to/from the OAuth the
Authorization header etc.
Before to proceed I'll wait for your suggestions7feedbacks, thanks in advance :)
Have a nice day,
Simo
[1] https://svn.apache.org/repos/asf/incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/message/RequestMessage.java
[2] https://svn.apache.org/repos/asf/incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/signers/AbstractMethodAlgorithm.java
(see createBaseString() method)
http://people.apache.org/~simonetripodi/
http://www.99soft.org/
On Mon, Jun 28, 2010 at 11:44 PM, David Jencks <da...@yahoo.com> wrote:
>
> On Jun 28, 2010, at 1:13 PM, Pid wrote:
>
>> On 27/06/2010 15:58, David Jencks wrote:
>>> <mentor>Are you sure you want to continue this discussion with a vote at this point? It's OK to have votes about anything you want :-) but.... they tend to be polarizing and end up with a losing side who may not be happy. I think that trying to get a consensus on design decisions through discussion is often a better route.</mentor>
>>>
>>> <interested party> I don't understand the details of this proposal. Could someone come up with a realistic example showing how the "same" OAuth message would be sent using annotations, and not using annotations, and what would happen internally to this information? It might be obvious to anyone who knows anything about oauth but would help me out a lot </interested party>
>>
>> What form would you like the example in, pseudo-code or written description?
>
> to the extent I understand the discussion.... :-D
>
> How about 2 java classes for the message, one with annotations, and the other using @Override if its implementing an interface, and data for the fields of the objects, and the one or more strings or other data objects extracted and combined from them?
>
> thanks
> david jencks
>
>>
>>
>> p
>>
>>> thanks
>>> david jencks
>>>
>>> On Jun 25, 2010, at 7:55 AM, Simone Tripodi wrote:
>>>
>>>> Hi all,
>>>> I'm here to call a new vote to define our design direction. Some
>>>> threads ago on this ML, Pid and I were discussing about the use, or
>>>> not, of Java metadata Annotations to enhance OAuth messages and
>>>> tokens.
>>>>
>>>> Pros:
>>>> * marshallers/unmarshallers to/from strings could be auto-generated
>>>> using the APT;
>>>> * the calculation of the base string (just an example) is parameter agnostic.
>>>>
>>>> Cons:
>>>> * not so hard writing parsers (JavaCC? AntLR? XText?) and serializers;
>>>> * not so hard writing the base string algorithm
>>>>
>>>> So please cast your votes in favor of
>>>>
>>>> [] Pro Annotations
>>>> [] Cons Annotations
>>>>
>>>> The vote will stay open for the next 72 hours. It would be nice if the
>>>> choice comes with a justification, so everybody can take care about
>>>> someone else's considerations.
>>>>
>>>> My vote if
>>>>
>>>> [X] Pro Annotations
>>>>
>>>> I already implemented the base string calculus based only on metadata
>>>> discovery and I didn't take care about the parameter retrieving
>>>> criteria. I'd love to have a choice to see Annotations in action on
>>>> compile-time :P
>>>>
>>>> Cheers, have a nice weekend,
>>>> Simo
>>>>
>>>> http://people.apache.org/~simonetripodi/
>>>> http://www.99soft.org/
>>>
>>
>>
>
>
Re: [VOTE] use of the Annotations in Amber
Posted by David Jencks <da...@yahoo.com>.
On Jun 28, 2010, at 1:13 PM, Pid wrote:
> On 27/06/2010 15:58, David Jencks wrote:
>> <mentor>Are you sure you want to continue this discussion with a vote at this point? It's OK to have votes about anything you want :-) but.... they tend to be polarizing and end up with a losing side who may not be happy. I think that trying to get a consensus on design decisions through discussion is often a better route.</mentor>
>>
>> <interested party> I don't understand the details of this proposal. Could someone come up with a realistic example showing how the "same" OAuth message would be sent using annotations, and not using annotations, and what would happen internally to this information? It might be obvious to anyone who knows anything about oauth but would help me out a lot </interested party>
>
> What form would you like the example in, pseudo-code or written description?
to the extent I understand the discussion.... :-D
How about 2 java classes for the message, one with annotations, and the other using @Override if its implementing an interface, and data for the fields of the objects, and the one or more strings or other data objects extracted and combined from them?
thanks
david jencks
>
>
> p
>
>> thanks
>> david jencks
>>
>> On Jun 25, 2010, at 7:55 AM, Simone Tripodi wrote:
>>
>>> Hi all,
>>> I'm here to call a new vote to define our design direction. Some
>>> threads ago on this ML, Pid and I were discussing about the use, or
>>> not, of Java metadata Annotations to enhance OAuth messages and
>>> tokens.
>>>
>>> Pros:
>>> * marshallers/unmarshallers to/from strings could be auto-generated
>>> using the APT;
>>> * the calculation of the base string (just an example) is parameter agnostic.
>>>
>>> Cons:
>>> * not so hard writing parsers (JavaCC? AntLR? XText?) and serializers;
>>> * not so hard writing the base string algorithm
>>>
>>> So please cast your votes in favor of
>>>
>>> [] Pro Annotations
>>> [] Cons Annotations
>>>
>>> The vote will stay open for the next 72 hours. It would be nice if the
>>> choice comes with a justification, so everybody can take care about
>>> someone else's considerations.
>>>
>>> My vote if
>>>
>>> [X] Pro Annotations
>>>
>>> I already implemented the base string calculus based only on metadata
>>> discovery and I didn't take care about the parameter retrieving
>>> criteria. I'd love to have a choice to see Annotations in action on
>>> compile-time :P
>>>
>>> Cheers, have a nice weekend,
>>> Simo
>>>
>>> http://people.apache.org/~simonetripodi/
>>> http://www.99soft.org/
>>
>
>
Re: [VOTE] use of the Annotations in Amber
Posted by Pid <pi...@pidster.com>.
On 27/06/2010 15:58, David Jencks wrote:
> <mentor>Are you sure you want to continue this discussion with a vote at this point? It's OK to have votes about anything you want :-) but.... they tend to be polarizing and end up with a losing side who may not be happy. I think that trying to get a consensus on design decisions through discussion is often a better route.</mentor>
>
> <interested party> I don't understand the details of this proposal. Could someone come up with a realistic example showing how the "same" OAuth message would be sent using annotations, and not using annotations, and what would happen internally to this information? It might be obvious to anyone who knows anything about oauth but would help me out a lot </interested party>
What form would you like the example in, pseudo-code or written description?
p
> thanks
> david jencks
>
> On Jun 25, 2010, at 7:55 AM, Simone Tripodi wrote:
>
>> Hi all,
>> I'm here to call a new vote to define our design direction. Some
>> threads ago on this ML, Pid and I were discussing about the use, or
>> not, of Java metadata Annotations to enhance OAuth messages and
>> tokens.
>>
>> Pros:
>> * marshallers/unmarshallers to/from strings could be auto-generated
>> using the APT;
>> * the calculation of the base string (just an example) is parameter agnostic.
>>
>> Cons:
>> * not so hard writing parsers (JavaCC? AntLR? XText?) and serializers;
>> * not so hard writing the base string algorithm
>>
>> So please cast your votes in favor of
>>
>> [] Pro Annotations
>> [] Cons Annotations
>>
>> The vote will stay open for the next 72 hours. It would be nice if the
>> choice comes with a justification, so everybody can take care about
>> someone else's considerations.
>>
>> My vote if
>>
>> [X] Pro Annotations
>>
>> I already implemented the base string calculus based only on metadata
>> discovery and I didn't take care about the parameter retrieving
>> criteria. I'd love to have a choice to see Annotations in action on
>> compile-time :P
>>
>> Cheers, have a nice weekend,
>> Simo
>>
>> http://people.apache.org/~simonetripodi/
>> http://www.99soft.org/
>
Re: [VOTE] use of the Annotations in Amber
Posted by David Jencks <da...@yahoo.com>.
<mentor>Are you sure you want to continue this discussion with a vote at this point? It's OK to have votes about anything you want :-) but.... they tend to be polarizing and end up with a losing side who may not be happy. I think that trying to get a consensus on design decisions through discussion is often a better route.</mentor>
<interested party> I don't understand the details of this proposal. Could someone come up with a realistic example showing how the "same" OAuth message would be sent using annotations, and not using annotations, and what would happen internally to this information? It might be obvious to anyone who knows anything about oauth but would help me out a lot </interested party>
thanks
david jencks
On Jun 25, 2010, at 7:55 AM, Simone Tripodi wrote:
> Hi all,
> I'm here to call a new vote to define our design direction. Some
> threads ago on this ML, Pid and I were discussing about the use, or
> not, of Java metadata Annotations to enhance OAuth messages and
> tokens.
>
> Pros:
> * marshallers/unmarshallers to/from strings could be auto-generated
> using the APT;
> * the calculation of the base string (just an example) is parameter agnostic.
>
> Cons:
> * not so hard writing parsers (JavaCC? AntLR? XText?) and serializers;
> * not so hard writing the base string algorithm
>
> So please cast your votes in favor of
>
> [] Pro Annotations
> [] Cons Annotations
>
> The vote will stay open for the next 72 hours. It would be nice if the
> choice comes with a justification, so everybody can take care about
> someone else's considerations.
>
> My vote if
>
> [X] Pro Annotations
>
> I already implemented the base string calculus based only on metadata
> discovery and I didn't take care about the parameter retrieving
> criteria. I'd love to have a choice to see Annotations in action on
> compile-time :P
>
> Cheers, have a nice weekend,
> Simo
>
> http://people.apache.org/~simonetripodi/
> http://www.99soft.org/
Re: [VOTE] use of the Annotations in Amber
Posted by Pid <pi...@apache.org>.
On 25/06/2010 15:55, Simone Tripodi wrote:
> Hi all,
> I'm here to call a new vote to define our design direction. Some
> threads ago on this ML, Pid and I were discussing about the use, or
> not, of Java metadata Annotations to enhance OAuth messages and
> tokens.
>
> Pros:
> * marshallers/unmarshallers to/from strings could be auto-generated
> using the APT;
> * the calculation of the base string (just an example) is parameter agnostic.
I'm not dead set against incorporating annotations into Amber, but I
think the same goal /in this case/ can be achieved with less complexity.
What are the use cases which these annotations would be a good solution for?
> Cons:
> * not so hard writing parsers (JavaCC? AntLR? XText?) and serializers;
> * not so hard writing the base string algorithm
* non-trivial code required to generate a base string using this method
>
> So please cast your votes in favor of
>
> [] Pro Annotations
[x] Cons Annotations
p
> The vote will stay open for the next 72 hours. It would be nice if the
> choice comes with a justification, so everybody can take care about
> someone else's considerations.
>
> My vote if
>
> [X] Pro Annotations
>
> I already implemented the base string calculus based only on metadata
> discovery and I didn't take care about the parameter retrieving
> criteria. I'd love to have a choice to see Annotations in action on
> compile-time :P
>
> Cheers, have a nice weekend,
> Simo
>
> http://people.apache.org/~simonetripodi/
> http://www.99soft.org/
Re: [VOTE] use of the Annotations in Amber
Posted by Pid <pi...@apache.org>.
On 27/06/2010 08:56, Tommaso Teofili wrote:
> I vote
>
> [X] Pro Annotations
>
> even if I agree with Pid that sometimes they deserve some more complex
> coding, in the end I think annotations are cleaner and make code more
> extensible without actually changing methods' signature. I.e. as I said for
> Messages in the previous thread I would like to be able to set
> required parameters and default values via annotations.
> Moreover I think that since we chose java6 it sounds reasonable to go
> towards the full exploit of its features.
> Have a nice day,
Apologies in advance for labouring the point.
We are not signing a generic Message object with a
guaranteed-to-be-known-in-advance list of fields that can be annotated,
we are signing a "request" (OAuthRequest in the spec-api, currently)
which may have a list of name+value pairs that we don't know about
during the code authoring phase.
In this situation we can't annotate every parameter item to be included,
so we need a way of handling those parameters. If a Map isn't popular,
then an alternative simple solution is:
interface ParamPair {
String getName();
String getValue();
}
interface OAuthRequest {
...
List<ParamPair> getParams();
void addParam(String n, String v);
void addParam(ParamPair p);
...
String getSignatureBase();
String setSignature(String sig);
}
In the above example, annotations would be unnecessary - even as an
added benefit. The code required to support it will be orders of
magnitude faster to parse a request than the annotated version.
N.B. this code path could be being executed in high load environments
where the overhead of performing a reflection based object analysis and
signature will be extremely unfavourable. We really need to keep this
as simple as possible.
It's also worth considering that a request will likely /start out/ as a
list of name+value pairs and some code would need to turn those pairs
(or Map, or whatever) into the annotated Message object being proposed,
only for our code to parse the annotations, sort the data and turn it
back into a list (of some sort) again to make the base string.
In a Servlet container, HttpServletRequest.getParameterMap() etc will
have already done the work; we just need to do a little sorting to get
the pairs into the order we need. Again, much faster than creating a
Message object and subsequently reflectively parsing annotated
fields/methods.
If we're going to use annotations, please let's annotate configuration
objects, so that we can pass POJO representations of storable objects,
(like OAuthConsumer, OAuthProvider), into the API and parse their
contents to extract data instead of a live Message object which we're
either creating ourselves, or parsing from a list of existing data pairs.
Cheers,
p
> 2010/6/25 Simone Tripodi <si...@gmail.com>
>
>> Hi all,
>> I'm here to call a new vote to define our design direction. Some
>> threads ago on this ML, Pid and I were discussing about the use, or
>> not, of Java metadata Annotations to enhance OAuth messages and
>> tokens.
>>
>> Pros:
>> * marshallers/unmarshallers to/from strings could be auto-generated
>> using the APT;
>> * the calculation of the base string (just an example) is parameter
>> agnostic.
>>
>> Cons:
>> * not so hard writing parsers (JavaCC? AntLR? XText?) and serializers;
>> * not so hard writing the base string algorithm
>>
>> So please cast your votes in favor of
>>
>> [] Pro Annotations
>> [] Cons Annotations
>>
>> The vote will stay open for the next 72 hours. It would be nice if the
>> choice comes with a justification, so everybody can take care about
>> someone else's considerations.
>>
>> My vote if
>>
>> [X] Pro Annotations
>>
>> I already implemented the base string calculus based only on metadata
>> discovery and I didn't take care about the parameter retrieving
>> criteria. I'd love to have a choice to see Annotations in action on
>> compile-time :P
>>
>> Cheers, have a nice weekend,
>> Simo
>>
>> http://people.apache.org/~simonetripodi/
>> http://www.99soft.org/
>>
>
Re: [VOTE] use of the Annotations in Amber
Posted by Tommaso Teofili <to...@gmail.com>.
I vote
[X] Pro Annotations
even if I agree with Pid that sometimes they deserve some more complex
coding, in the end I think annotations are cleaner and make code more
extensible without actually changing methods' signature. I.e. as I said for
Messages in the previous thread I would like to be able to set
required parameters and default values via annotations.
Moreover I think that since we chose java6 it sounds reasonable to go
towards the full exploit of its features.
Have a nice day,
Tommaso
2010/6/25 Simone Tripodi <si...@gmail.com>
> Hi all,
> I'm here to call a new vote to define our design direction. Some
> threads ago on this ML, Pid and I were discussing about the use, or
> not, of Java metadata Annotations to enhance OAuth messages and
> tokens.
>
> Pros:
> * marshallers/unmarshallers to/from strings could be auto-generated
> using the APT;
> * the calculation of the base string (just an example) is parameter
> agnostic.
>
> Cons:
> * not so hard writing parsers (JavaCC? AntLR? XText?) and serializers;
> * not so hard writing the base string algorithm
>
> So please cast your votes in favor of
>
> [] Pro Annotations
> [] Cons Annotations
>
> The vote will stay open for the next 72 hours. It would be nice if the
> choice comes with a justification, so everybody can take care about
> someone else's considerations.
>
> My vote if
>
> [X] Pro Annotations
>
> I already implemented the base string calculus based only on metadata
> discovery and I didn't take care about the parameter retrieving
> criteria. I'd love to have a choice to see Annotations in action on
> compile-time :P
>
> Cheers, have a nice weekend,
> Simo
>
> http://people.apache.org/~simonetripodi/
> http://www.99soft.org/
>