Wednesday, May 06, 2009

Architecture of Evil



Update: I think the magnitude of the evil can only be appreciated if you see the JSP (yep, that's all of it, that's my "middleware"):

<%@ taglib uri="http://java.sun.com/jsp/jstl/sql" prefix="sql" %>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<%@ page contentType="text/x-json" %>

<sql:query var="rs" dataSource="jdbc/postgisdb">
${param.sql}
</sql:query>

{"type":"FeatureCollection",
"features":[
<c:forEach var="row" items="${rs.rows}">
{"type":"Feature",
"geometry":<c:out value="${row.st_asgeojson}" escapeXml="false" />,
"properties":{
<c:forEach var="column" items="${row}">
<c:if test="${column.key != 'st_asgeojson'}">
"<c:out value="${column.key}" escapeXml="false" />":
"<c:out value="${column.value}" escapeXml="false" />",
</c:if>
</c:forEach>
}},
</c:forEach>
]}

Update 2: Yes, I am being a bit sarcastic. Being able to compress the layer between the Javascript and the database into something this narrow is diabolical, and only possible because there is so much smarts in OpenLayers. I, for one, welcome our new hipster Javascript overlords.

Update 3: The "evil" is passing SQL unmediated from your browser directly into your database. It's fun in a workshop (which is what I wrote this abomination for) but it's not to be let out of the lab, lest global pandemic ensue.
 

16 comments:

James Fee said...

JSP is the work of the devil!

Matt Priour said...

Paul, are we working on the same project?!? Ugh, I'm getting very familiar with that "Architecture" as well.

roschler said...

Access of Evil? (couldn't resist)

TheSteve0 said...

Are you being sarcastic. I would ditch the JSP and replace it with a straight servlet, you are not displaying HTML with this server side piece so why involve JSP.

I actually think this is a great architecture and one I love using.

Cameron Shorter said...

Any chance you could expand on your reasons for calling this architecture Evil?

TheSteve0 said...

Given your update I am going to even stronger to ditch the JSP - servlets rock and it is all Java - you can leverage your IDE. Try it, I promise it will make your life better and your code more maintainable

Paul Ramsey said...

@Steve0, do I look like the kind of guy who has an IDE? :) I was actually happy to discover JSTL tag libs, all the terseness of PHP, and I can run it in Tomcat, and I don't need an IDE! Apparently, it really does take all kinds of people to fill the world :)

TheSteve0 said...

rightttttt - I forgot that masochistic stripe in you ;)

mcahornsirup said...

This is evil - but leightweight : )

Regina Obe said...

Hey Paul -- I think I'll steal your code and convert it to a PHP Smarty template.

I despise JSP -- yuck but its amazing how easily that can be flipped into a smartified template.

And to Steve0 - are you nuts thinking of stuffing that in a Servlet except for the query part - yap SQL has no place in JSP or ASP.NET aspx for that matter. :) Clearly the second part is a presentation issue (not all presentations are html) and rightfully belongs in some sort of template.

Okay I have given my high and mighty all of you are going to hell. As you were.

TheSteve0 said...

Regina, I am not sure what you are saying is wrong with my suggestion. I am saying use a servlet bc all Paul's JSP page is doing is accepting a request, making some SQL, and returning JSON to the client. There is no presentation tier in his JSP page and so a servlet would be a technically better solution. That being said quick and dirty works for demos and classwork which is what he intends here.

Regina Obe said...

Steve,

Wrong was a bit of a harsh term. This is a bit of a gray zone.

To me JSON is a document format just as SGML (XML, HTML, KML what have you) that gets handed over to a client and may be formatted in a specific way.

As such I would want to output it in a language designed for outputting markup that more or less preserves the layout of the format. I don't see java servlets being suitable for that especially since I may want to keep the rest of the logic say the sql genereation and swap out my document layout.

In this case Paul isn't doing anything terribly interesting so it really doesn't matter.

Paul Ramsey said...

@roschler, due to the power of mental transposition I managed to read your very punny "Access of Evil" as the (completely unpunny) "Axis of Evil" until just now. Salut!

roschler said...

@Paul,

Thanks. I always heave a great sigh of relief when someone gets my geeky humor because my "programmer nerd card" is deeply punched at this point. LOL.

There was also the other intended meaning of Microsoft Access, but that one's for us old timers. :)

Keyur Shah said...

If experience is the mother, she has taught me 2 lessons:

1. JSP taglibs are good and elegant and all until you need to run it on servers from 7 different vendors and 3 different versions. That's 21 ways those taglibs could work differently if lucky and not work outright if it's a-server-that-shall-not-be-named.

2. Generating JSON from JSPs is really not bad. But with the right json library, it's actually easier generating directly in Java code.

Dr JTS said...

It's not the JSP that's evil, it's passing raw SQL into your DB via a Web connection. I think mebbe I'll browse me the catalog and run a few "DELETE * FROM table" commands...

About Me

My Photo
Victoria, British Columbia, Canada

Followers

Blog Archive

Labels

bc (37) it (29) postgis (19) icm (11) video (11) enterprise IT (10) sprint (9) open source (8) osgeo (8) cio (6) foippa (6) gis (6) management (6) spatial it (6) enterprise (5) foi (5) foss4g (5) mapserver (4) outsourcing (4) politics (4) bcesis (3) oracle (3) COTS (2) architecture (2) boundless (2) esri (2) idm (2) natural resources (2) ogc (2) open data (2) opengeo (2) openstudent (2) postgresql (2) rant (2) technology (2) vendor (2) web (2) 1.4.0 (1) HR (1) access to information (1) accounting (1) agile (1) aspen (1) benchmark (1) buffer (1) build vs buy (1) business (1) business process (1) cathedral (1) cloud (1) code (1) common sense (1) consulting (1) contracting (1) core review (1) crm (1) crockofshit (1) custom (1) data warehouse (1) deloitte (1) design (1) digital (1) email (1) essentials (1) evil (1) exadata (1) fcuk (1) fgdb (1) fme (1) foocamp (1) foss4g2007 (1) ftp (1) gds (1) geocortex (1) geometry (1) geoserver (1) google (1) google earth (1) government (1) grass (1) hp (1) iaas (1) icio (1) industry (1) innovation (1) integrated case management (1) introversion (1) iso (1) isss (1) isvalid (1) javascript (1) jts (1) lawyers (1) mapping (1) mcfd (1) microsoft (1) mysql (1) new it (1) nosql (1) opengis (1) openlayers (1) oss (1) paas (1) pirates (1) policy (1) portal (1) proprietary software (1) qgis (1) rdbms (1) recursion (1) redistribution (1) regression (1) rfc (1) right to information (1) saas (1) salesforce (1) sardonic (1) seibel (1) sermon (1) siebel (1) snark (1) spatial (1) standards (1) svr (1) taxi (1) tempest (1) texas (1) tired (1) transit (1) twitter (1) uber (1) udig (1) uk (1) uk gds (1) verbal culture (1) victoria (1) waterfall (1) wfs (1) where (1) with recursive (1) wkb (1)