How to Troubleshoot Apps for the Modern Connected Worker
Adobe Flash Platform for the Enterprise
1. The Adobe Flash Platform in the Enterprise
Mike Slinn
http://micronauticsresearch.com
http://slinnbooks.com
"You can't always get
what you want … (but)
you get what you
need."
-- Rolling Stones
2. Independent software contractor firm
Focus on the Adobe Flash Platform for enterprise computing
• Application development
System integration
Troubleshooting
Evaluations
Distributed system architecture and implementation
• Desktop clients
• Service interaction considerations
• Server facade
• Middleware
We are not designers, but we work with them
Micronautics Research Corporation Focus
3. About Mike Slinn
Principal at Micronautics Research Corporation
Recognized in US Federal court as a software expert
Author of "Flex Data Services, Eclipse and Java" http://slinnbooks.com
Author of DZone reference card "
Getting Started with LiveCycle Data Services ES“
Blog at InsideRIA
Twitter: mslinn
4. Topics Covered In This Presentation
Enterprise Computing and Integration
Visualization for Business Intelligence
SSL/TLS
Single Sign-On
Web Services
Enterprise-Wide Data Services Layer
Distributed Computing Advice
6. Integration includes the planning for and the act of customizing a
standard package and performing other activities so the package can
interact with other packages, processes, data and services
Integration might mean one or more of:
• User interface integration (integration on the desktop or mobile device)
• Service / process integration
• Synchronous or asynchronous (tight coupling or loose coupling)
• Data integration
Portals are a form of UI integration, and are relatively inexpensive
Application, process and data integration
• Mashups are lightweight/inexpensive
• Heavyweight/deep: supply chain integration, product lifecycle integration,
etc.
Deep integration costs often exceed license costs.
Enterprise Computing is All About Integration
7. Let’s use SAP ECC 6.0 as an example,
• License costs range from $500K to $100M
• Integration costs are often 2-3x license costs
• Yearly maintenance ~20%
RICEFW – Legacy Integration Checklist for SAP
• Reports – writing
• Interfaces – mapping one system’s data to another’s
• Conversions – data format conversions
• Enhancement / Extensions – modifying default behavior
• Forms – UI definition and implementation
• Workflow – setting up cascading processes to be triggered by events
Example: SAP ECC
8. Enterprise Software Futures (Gartner)
2010 enterprise software spending in North America forecast to
increase 8.5% to $110.8B (mostly in first half of 2010)
• Will grow to over $143.6B in 2014
Asia/Pacific (excluding Japan) is expected to have the fastest growth in
software revenue of all the regions in 2010 (13%)
• Momentum is expected to continue through 2011
• China and India are #1 and #4 in APAC
• Japan is not looking promising
• Australia (#2) and South Korea (#3) are only spending on maintenance
contracts
Europe, Middle East and Africa (EMEA) will see a 3.4% decline this
year.
• However will increase from $66.8B in 2009 to $76.8B by 2014
• Western Europe will recover slowly
• Eastern Europe, Middle East and Africa will grow more strongly
http://www.gartner.com/it/page.jsp?id=1437613
10. Visualization for Business Intelligence
Flex has a terrific capability for interactive charts and graphs
Dashboards are/should be doorways into immersive data experiences
The best visualizations have interactive graphics with user feedback
like video games
Personalization and sharing views are important
See my YouTube videos on Business Intelligence with Flex
11. Business Intelligence & Flex Skill Sets
“BI” is a big budget team effort
Skill sets for Flex developers and BI report builders (people) are
different
• BI report builders are often glorified DBAs
• Creating Flex component for BI requirements requires advanced Flex
developer skills
BI widgets are Flex components that hook into a data bus
Widgets are driven by report output (historical data)
BI report builders can easily be taught how to place Flex widgets into a
dashboard
• No problem for them to pipe data into pre-existing widgets
13. Distributed Computing Advice
Server facades should be designed and channel characteristics should
be specified after RIA requirements are known
RPC is relatively slow and does not scale
Messaging over streaming channels gives best scalability and
responsiveness
• (Flex data management service is built from messaging)
Proxy servers come in various flavors
• Can solve some types of difficult problems with ease
Use AMF whenever possible instead of SOAP, JSON, REST, etc
POST has very low overhead, except if deserialization is required
Lazy loading is key when a large client-side model is necessary
Flash 10.1 enables RIA to RIA streaming (Chatroulette for the
enterprise!)
14. Flex Data Services Channel Designer
Free for personal use!
http://www.slinnbooks.com/FDSCD/
15. Integration options abound, however architectural principals for
integrating RIAs to servers holding large data sets are not commonly
understood by most enterprise architects
• Poor integration choices can destroy interactivity – if a user has to wait
several minutes between clicks they won’t use an application, and “RIA”
becomes a misnomer
• For example, RPCs do not scale well
• Read my book for more!
• Poor integration choices can cause excessive queries against Teradata,
Netezza, Vertica, ParAccel, and Greenplum – which are expensive
• If this is your team’s first time, find a hands-on consultant with lots of
experience
Warning
17. SSL/TLS Integration – Flash Player
Flash Player uses the browser or O/S HTTP stack
• Direct socket connections via SSL require special skill
• Use WebService, HTTPService, URLLoader and SWFLoader whenever
possible
• Flash security model complicates connections to multiple servers if some
use SSL and some do not
• Be sure to serve the SWF via SSL
• Proxies are extremely helpful, and when used correctly mitigate these issues
• More later
• Flex data services Proxy also improves Flash Player’s POST and GET support
18. SSL/TLS Integration – AIR
AIR 2.0 has SSL socket support beyond what Flash Player provides
• Uses default O/S HTTP stack when available (Mac, Windows)
• Uses CURL HTTP stack under Linux
• No unexpected behavior or HTTP method limitations
• Entire HTTP stack is not exposed, but I have not found any functionality
lacking
Enterprises have been slow to adopt AIR
• This is merely inertia
• There is no technical reason why this must be so
19. SSL/TLS Integration – AIR
AIR 2.0 has SSL socket support beyond what Flash Player provides
• Uses default O/S HTTP stack when available (Mac, Windows)
• Uses CURL HTTP stack under Linux
• No unexpected behavior or HTTP method limitations
• Entire HTTP stack is not exposed, but I have not found any functionality
lacking
Enterprises have been slow to adopt AIR
• This is merely inertia
• There is no technical reason why this must be so
Spread the word: AIR apps are more capable than browser-based
apps!
20. TLS/SSL Recommendations
Serve web pages containing Flex applications from SSL
Use a reverse proxy like Apache Squid to simplify access, or
Use a translating proxy like Adobe BlazeDS or LiveCycle Data Services
ES to mitigate more problematic issues such as
• Streaming data
• Unsupported HTTP methods
• Unsupported web service WSDL
22. Identity Access Management Standards
Security Assertion Markup Language (SAML)
• Enables single sign-on
eXtensible Access Control Markup Language (XACML)
• Pronounced “X-akamull”, “X-A-C-M-L” or “zakamull”
• Provision user accounts with appropriate privileges and manage
entitlements
OAuth – authorize a service to access data in another service without
disclosing credentials
OpenID – user authorization
23. Single Sign-On
Single Sign On means that RIAs must access multiple server sub-
domains via SSL
Recommendations in previous section are important
Two common SSO strategies, both work fine with Flash Player and AIR:
• Homogenous Infrastructure (every application‘knows’ about SSO)
• Proxy (transparent to application)
Most authentication mechanisms can be used, even though they are
not explicitly mentioned in Adobe’s documentation:
• OSF DCE
• Kerberos / Active Directory
• PKI
• Oath
• Etc…
24. SSO - Cookies
Cookies are by far the most common mechanism to support SSO
Cookies contain information that indicates the domains and
subdomains for which they will be accepted
Modern web browsers do not present cookies from one domain to
another
• Cookies issued by a domain are commonly set up to propagate to
subdomains
After authenticating, the application should include the cookie in the
response that contains the authentication token in all future requests
• Web browsers do this automatically
• The name of the cookie varies between SSO implementations
For development, make entries in a local DNS or /etc/hosts for each
test node, so they appear to be part of the authenticated domain
25. SSO – Server-Side Redirects
Server-side redirects are used by virtually all SSO mechanisms
The HTTP stack handles redirects, so they are transparent to the Flash
Player and AIR
26. SAML
An XML-based standard for authentication and authorization
• Identity provider - handles logon
• Service provider - receives logon information
URLs encode SSO requests
SSO is implemented via server redirects
28. XACML
XACML can provision user accounts with appropriate privileges and
manage entitlements
XACML Version 2.0 (OASIS 2005)
• Policies are defined by Rules.
• Rules and Requests use Subjects, Resources and Actions.
• A Subject element defines the entity requesting access.
• The Resource element is a data, service or system component.
• An Action element defines the type of access requested on the Resource.
Adobe Mosaic supports XACML
• Mosaic tiles are selectively enabled by user entitlements
• SunXACML provides Mosaic support for v1.0 and v1.1
29. OAuth
Authorize a service to access data in another service without disclosing
credentials
A shared secret is embedded in the client, which is fine for server to
server communications.
However, for RIA clients and desktop applications:
• Be sure to encrypt OAuth credentials and take care that the entire
decryption algorithm is not readily accessible
• Twitter’s decision to use OAuth was unwise
31. Types of Web Services
SOAP web services are stateless
• a.k.a. "Big" or “Heavyweight” web services
• Very powerful
• Do not design them into a system unless necessary
• Flex WebService component
REST can be stateful
• Flex HTTPService component, or
• URLLoader, URLRequest and URLRequestHeader
• as3httpclientlib, resthttpservice
• Flash Player does not support all HTTP methods
JSON easy to use with Flex (as3corelib)
Cloud computing is also referred to as web services (out of scope)
32. Enterprise integration APIs are mostly SOAP
SOAP in public APIs is decreasing
Public API Trends Differ from Enterprise API Trends
33. SOAP Web Services Standards
W3C WSDL
W3C SOAP
W3C XML Schema (a.k.a. XSD)
W3C XML
A 'profile' is a specific set of versions of the above standards
WS-i Basic Profile v1.0: WSDL 1.1, SOAP 1.1 and XML Schema 1.0
Flex SDK and Flex/Flash Builder support the WS-i Basic Profile v1.0,
and add support for legacy RPC-encoded web services
Flex SDK can also handle WSDL 2.0 and SOAP 1.2 namespaces
SOAP web services are very complex, I do not know of any
implementation anywhere that supports all flavors and options
All implementations are therefore a subset
34. SOAP Faults
Flash Player and AIR pass SOAP faults to the Flex framework when
HTTP status codes 4XX or 5XX are set.
Flex framework (WebService) ignores SOAP faults
If possible, modify the server to set HTTP status code 2XX when
issuing SOAP faults so the Flash/Flex application can detect and
handle the problem.
• A translating proxy can also modify the HTTP status code
35. Dynamic WSDL URI and Endpoints
Do not hard-code the URI in your Flex program, or you will need to edit
and recompile for deploying to each environment (dev, test, q/a, live)
We often use an XML configuration file, loaded at runtime from the
server
• Mechanism for a deployed web application to learn about web services
• The Flex application inspects the URL from which it was loaded, and
• Dynamically loads a configuration file from the server that specifies the web
services to access
36. Web Services Code Generator vs. Runtime
Client models require strong types
For a RIA to be able to decode response data to strong types, there
needs to be a mechanism to generate the ActionScript code for the type
definitions
At runtime a decoder is required that converts the SOAP response to
value objects of the correct type
37. Flex SDK Components
No code generator in the SDK
WebService
ObjectProxy
The Flex SDK has had few changes since v3.x with respect to web
services, in terms of supporting additional standards, bug fixes and
features.
Important undocumented SDK packages
• mx.rpc.soap
• mx.rpc.wsdl
http://opensource.adobe.com/svn/opensource/flex/sdk/trunk/frameworks/projec
ts/rpc/src/mx/rpc
Most known bugs have been deferred
38. Flex/Flash Builder Support for RPC Web Services
Apache Axis code generator
• FB3/FB4 both use Apache Axis2 v1.3
• Supports SOAP v1.1 and WSDL v1.1
• Apache Axis2 only supports doc/literal and rpc/literal
• FB Axis port adds support for rpc/encoded.
• Generates lots of code
• Includes deprecated Flex 2 classes
• Value objects
• Runtime encoders and decoders
• Runtime supports more edge cases than Flex SDK
• Duplicates Flex SDK functionality but in a different way
• Some Flex docs do not apply to generated code
• Many known bugs are deferred
• Closed source
• FDT and IntelliJ do not have SOAP value object generators
The biggest enhancement in FB 4 is the data wizard, which wraps VOs
so they can be subclassed.
39. Rule-based Mapping of SOAP to ActionScript Type
Flex SDK and Axis generator do not support polymorphic collections
I have customized the Flex SDK’s runtime SOAP support
I like to use a rule-based approach to map SOAP types to ActionScript
VOs and collections
Ordered set of regular expressions map fully-qualified SOAP types to
fully-qualified ActionScript packages or classes
Specific rules are listed first; more general rules follow
typeMaps.push(/.*Type42Out.Entity/, "com.xyz.MyService.Entity");
typeMaps.push(/.*.(.*)/, "com.xyz.MyService.$1");
40. Schema Orientation vs. Service Orientation
Enterprise web services often have more than one schema
• For example, Tibco's modeling is schema-oriented, not service-oriented
Shared schemas may not be fully expressed in any given service
Value objects must be created from consolidated schemas
Value objects must be recreated when schemas evolve
A change to a schema may affect multiple services
I wrote a custom tool using AIR for a client that replaces the FB Axis
generator
41. AIR SOAP Code Generator
Schema-Oriented Enterprise Web Services with Adobe Flex and AIR
http://www.youtube.com/v/ubuq79GDhQw?version=3
WSDL Introspector
http://www.youtube.com/v/YzSoweoormg?version=3
43. Enterprise-Wide Data Services Layer Notes
Client-side data models should be built from ActionScript value objects
Consolidated WSDL schemas provide a consistent client-side model
Various code generators are available to map remote types to client
types
Active models with adaptors should drive views
Lazy loading is important
• Deserialization happens on the Flash Player’s main thread
• Don’t let the RIA freeze up
Several data management service implementations exist
Narrowcasting is another useful technique (see my book)
44. Thank you!
"Flex Data Services, Hibernate and Eclipse"
http://slinnbooks.com
Mike Slinn
Micronautics Research
mslinn@micronauticsresearch.com
Image courtesy Ellen Joseph
Notas do Editor
Questions for audience:
Who has integrated Flex with SSL/TLS?
Who has integrated Flex with SSO?
What SSO product did you integrate with?
Who has called SOAP web services from Flex?
.NET server?
Java server?
PHP server?
Other server?
Who has called other types of web services from Flex?
Who gets involved in server-side façade issues?
Who gets involved in client-side Flex issues?
Who does both client-side and server-side?
Who is involved in BI?
Who has already integrated with a dashboard or portal using Flex?
Who intends to do so in the next 12 months?
http://www.slinnbooks.com/FDSCD/
Is this true for Loader.load(), URLLoader.load(), UrlRequest, SWFLoader.load() and WebService.loadWSDL()?
Schema-Oriented Enterprise Web Services with Flex and AIR (v2)http://www.youtube.com/watch?v=ubuq79GDhQw
0:28 Overview
1:26 Multi-schema diagram
2:56 Axis
3:40 VOMassager explanation
4:13 VOMassager demo
7:00 Value objects
8:00 Reference classes
WSDL Introspector for Adobe Flexhttp://www.youtube.com/watch?v=YzSoweoormg
90 second demo of how to use the WSDL introspector