Databinder gets personal (Authentication!)Databinder gets personal (Authentication!)

The auth-roles module of Wicket 1.2 is good stuff. I haven’t talked it up too much here since integrating it into a Databinder 0.5 project is a clumsy affair. (Sorry. We know the mutually incompatible WebApplication subclasses used by Databinder, auth-roles, and everything else are not ideal. Wish we had type enhancers.)

So it’s been my aim since 0.5 to merge AuthenticatedWebApplication into a DataApplication subclass. Check. And we need a new DataSession subclass. Done!

I could have left it at that, but I’ve decided to do the unthinkable—at least in Java programming. I’m providing a default, annotated User implementation that creates user tables automatically. Yes, we’re crossing that line, the toolkit is touching your database. Don’t like it? Make your own IUser class.

Now, for those who aren’t too scaaarrred to let this thing loose on a development database, follow these steps:

  1. Ensure you’re configured for updates.
  2. Bump your Databinder version to 0.6-SNAPSHOT.
  3. mvn -Declipse.downloadSources=true eclipse:clean eclipse:eclipse (Or not. Whatever.)

Then adjust your DataApplication subclass, and add roles to pages:

public class MyApplication extends AuthDataApplication {
...
    public byte[] getSalt() {
        return "Something totally random".getBytes();
    }
...
@AuthorizeInstantiation(Roles.USER)
public class MyPage extends WebPage {

That’s it! Depending on your typing speed and technical factors, I’m estimating ten minutes to take your application from no-login to login. Oh and did I mention you get a free registration page too? It must be Christmas somewhere.

This is pushing the limits of toolkit behavior even for Databinder. I was emboldened in part by the auth-roles module’s inclusion of a sign-in page—a first for Wicket modules I think. But also, it’s time to stop pretending that scripted Web applications do not exist. And that they don’t dwarf those written in Java in size, diversity, popularity, and creativity.

In the past decade PHP-based sites have, in their clumsy way, brought all kinds of ideas to life that never would have happened with a Java “architect” nay-saying at every step. Sometimes you need the prototype in two days instead of two weeks, and you need to add login in one hour instead of one week.

And now that scripters have learned to twist the MVC lingo as well as any Model 2 graybeard, the jig is up. Lighten up, Java programmers, or prepare to be replaced by people who don’t spend half their days manipulating a collection of unnecessarily interface-abstracted beans in XML.

By the way, has anyone noticed that Spring is calling itself full-stack these days? If they’re going to crib jargon from Rails, it’s time to break out the flip-flops. Spring is over.

Oops. Sorry for that outburst. I have a little Jekyll/Hyde thing going on when I think about this guy’s headshot. The point is, Databinder is going to let you add login and registration even faster than a 17-year-old PHP programmer. On top of that, yours will store a uniquely salted SHA hash of passwords, while his will leave them in the clear. Then some hacker will steal his passwords, the users will sue, that company will go out of business. You’ll go on to rule your Web turf.

And some people will “consult” and write big books full of pompous nonsense, make more money than all of us, and life will continue to not be fair. Cheers!

Codercomments

Well, hey. I decide to use Databinder and auth-roles together, and run into the incompatibility issues. I don’t get far talking to other Wicket users, shelve it and go on holiday for two weeks.

By the time I get back, you’ve solved the problem for me.

Cheers!

Sounds great! Databinder just has one question: where’s its postcard?

Add a comment