+ All Categories
Home > Technology > Liferay portals in real projects

Liferay portals in real projects

Date post: 09-May-2015
Category:
Upload: ibacz
View: 1,820 times
Download: 4 times
Share this document with a friend
Description:
See what pitfalls companies are facing when running Liferay portal. In the previous year, our company has audited 5 real-life projects based on Liferay Portal which are now running in production mode and serving many users. The audits were focused on architecture, infrastructure, technical design and implementation. During the presentation, we will show you common anti-patterns we have found during the audits and their impacts and consequences on the portal.
41
Liferay in Real Projects Portal Specialist / Consultant IBA CZ, s. r. o. Common mistakes on Liferay projects and ways how to avoid them Aleš Rybák
Transcript
Page 1: Liferay portals  in real projects

Liferay in Real Projects

Portal Specialist / Consultant

IBA CZ, s. r. o.

Common mistakes on Liferay projects and ways how to avoid them

Aleš Rybák

Page 2: Liferay portals  in real projects
Page 3: Liferay portals  in real projects
Page 4: Liferay portals  in real projects
Page 5: Liferay portals  in real projects

Typical problems

● Disfunctions and non-standard behaviour

● Poor performance

● Stability problems

● Security vulnerabilities

● Overloading of integrated systems

● Usability issues

● Liferay's potential not fully leveraged

● Maintenance and service continuity is expensive

● Multi vendor env. doesn't exist

● Hard to implement changes

● Low business flexibility

Page 6: Liferay portals  in real projects

Change needed, but how?

Page 7: Liferay portals  in real projects

What the customer does see

Page 8: Liferay portals  in real projects

What the customer doesn't see

PortletsThemes

Integrations Databases

Customizations Jobs

Page 9: Liferay portals  in real projects

Audit

Page 10: Liferay portals  in real projects

Problem areas

● Architecture & design

● Build & release

● Code & technical realization

– Unit tests

– Frameworks

● Insufficient knowledge about Liferay Portal (not only)

● Governance & processes

Page 11: Liferay portals  in real projects

Absence of Information architecture

● Gap between applications and customer's needs / final state

● Only developed portlets and customizations. Let the customer to do the rest.

● Content first

● Connection between technology and real world problems

● Define structure of content and context for applications

● Base for usability

Page 12: Liferay portals  in real projects

Misusing Liferay plugins

● Use plugins for the right purpose

– portlet plugin for new functionality

– themes and layouts for L&F

– hooks for JSP changes, mild changes via exposed APIs

– ext plugin for more drastical changes

● Use as non-invasive approaches as possible

● Avoid JS hooks

Page 13: Liferay portals  in real projects

Portlet decomposition

● God portlet / Über-portlet

– one big portlet doing everything

– one portlet placed several times in portal with different configuration

● Hard to

– change

– reuse

– optimize

● One portlet per use-case is good start

● merge some to avoid evidently unnecessary IPC

● this needs experience and sort of sense

● when checking roles consider division into more smaller portlets for each role

Page 14: Liferay portals  in real projects

Outnumbered by JavaScript libs

Page 15: Liferay portals  in real projects

“Exotic” infrastructure

● Non-standard deploys

● “Enterprise stack”

– Liferay EE

– Oracle DB

– IBM Websphere AS

– MS Windows Server

● Compatibility problems

● Extra knowledge required

● WAS & WebLogic

– things which take 10 minutes on Tomcat can take hours

● Well tested

– Linux

– Tomcat

– MySQL & Oracle

– Apache

● KISS, use “exotic” components only if you know what you're doing (usually you don't)

Page 16: Liferay portals  in real projects

Build

Optimal solution

mvn clean install...BUILD SUCCESSFUL

● For anything else have documentation and e.g. maven profile

● Use CI / automatic builds

Reality

● Missing artifacts

● Need to build each module separately

● Always needs to connect to VPN

● Side effects (e.g. deleting files on servers, accessing DB)

● Environment variables needed

● OS dependency

Page 17: Liferay portals  in real projects

Snapshot version in production

● Supplier isn't tagging releases

● All changes go to the trunk which is only source

● Customer has no idea

– what is deployed on production

– what to test / accept

– whether reported bugs are fixed

– what's the state of the project

● Very good excuse for supplier

● FIX: release new versions with change log

Page 18: Liferay portals  in real projects

Code and file system anarchy

● Mess everywhere● Every single thing in code is

done in different way● No rules for VCS

● Ad-hoc file/class/... naming and structures (depends on creator's fantasy)

● Backups into different places – no one knows if they are still valid/needed

● Unification

● Automatization

– Scripts / tools for most tasks

● In the code - do things

in a same way even

though it's not the best

way!

Page 19: Liferay portals  in real projects

Code style

● “How to write unmaintainable code”

– http://mindprod.com/jgloss/unmain.html

– if you follow all these rules religiously, you will even guarantee yourself a lifetime of employment, since no one but you has a hope in hell of maintaining the code

Page 20: Liferay portals  in real projects

Code style 2

● High complexity – thousands of SLOC per method

● Unreadable code (sometimes it's better to remove all comments and reformat all sources automatically)

● Wrong decomposition and unclear structure

● Cyclic dependencies

● Massive duplication

● Unreachable code

● Code commented-out

● Bypassing conventions

● and many more (also in next slides)

Page 21: Liferay portals  in real projects

Code and style 3

● Static controls of the code

– CheckStyle

– PMD

– FindBugs

– SonarQube

● Read the book

● Have guidelines

● Do quick code reviews and refactorings

Page 22: Liferay portals  in real projects

Thread danger (the evil brother of Thread safety)

public class MyPortlet extends GenericPortlet {

private PageData data; // to be displayed in JSP

public void processAction(actionReq, actionResp) {data = prepareData(req);

}

public void doView(renderReq, renderResp) {dispatchToJSP(renderReq, renderResp, data);

}

...}

Page 23: Liferay portals  in real projects

Resources wasting

● Not closing streams

● Not closing connections

● Missing cleanup actions (e. g. temp files)

● Use tested mature frameworks where possible

● Use static analysis

Page 24: Liferay portals  in real projects

Logging

● Logging too many messages and unimportant info

● Crucial info is missing

● Missing context info (e.g. user ID, request ID, etc.)

● Logging private data

● Not using LOG.ifDebugEnabled()

● Define rules for logging

● Logs are most used (and sometimes the only) way to find out what went wrong on production

● If using Log4J use LogMF

● Read and analyze your logs – optimize the logging levels

Page 25: Liferay portals  in real projects

Exceptions

● catching Throwable

● disposing caught Exceptions

– not wrapping exceptions

● exception-driven development

● overusing of controlled Exceptions

● FIX: just don't ;-)

Page 26: Liferay portals  in real projects

Unit tests

FIXES: ● define, what to test and how and stick to it● make tests standard part of your delivery

Page 27: Liferay portals  in real projects

Unit tests

FIXES: ● define, what to test and how and stick to it● make tests standard part of your delivery

Page 28: Liferay portals  in real projects

Portlets mistakes

● Big data in session

● Stateful portlets

● processAction instead render

● IPC

– unnecessary

– weird

● Friendly URLs

● Learn how to develop portlets

– start with standard pure Java portlets (read JSR-286 standard)

– look if framework you are using has support for portlets or portlet bridge

● Stick with best practices

Page 29: Liferay portals  in real projects

Frameworks non-usage

● Reinventing the wheel in code

● Developing my own framework

– cache

– JMS

– UI

– formatting dates

– controllers

– file handling

● Look for suitable framework first

– Standards & RI

– Spring

– Apache Commons

– Other sources

● Select the mature supported one

Page 30: Liferay portals  in real projects

JPA / Hibernate

● Doing in Java what DB should do (e. g. list size)

● Combination with pure JDBC

– problem with 2nd level cache

● Cascades

● Explicit entity refresh

● Many requests

– very often can be optimized

Page 31: Liferay portals  in real projects

Security

OWASP Top 10 is the minimum

Page 32: Liferay portals  in real projects

Liferay users, roles, groups, permissions...

● One of the most used Liferay's APIs

● “Patterns”

– one role per user

● only for small number of users

– one global role per organization

● define and use organization roles

– one role per document

● never ever do this

Page 33: Liferay portals  in real projects

Liferay clustering

● Sessions

● Indexes

● Caches

● File storage

● Timers

● Underlying apps. & other frameworks

● web.xml

– distributable

● Session objects

– serializable

Page 34: Liferay portals  in real projects

Business knowledge of Liferay

● Unable to provide consultancy in required or any quality

● Customer is able to maneuver supplier into unnecessary drastic customizations

– “bender and narrower”

Page 35: Liferay portals  in real projects

Technical knowledge of Liferay

● Many customizations are done programmatically

– changes in Java code, JSPs, sometimes across whole solution including interfaces

– some of these changes can be done via configuration

● Examples

– Registration

– no-cache headers

– Changes of tag libs

Page 36: Liferay portals  in real projects

Undefined competences

● Hidden responsibilities and costs for customer

– portal platform

– application servers

– connected systems

– monitoring and maintenance

● Define what is and what isn't part of the project

● Identify risks and owners

Page 37: Liferay portals  in real projects

Final advices

Page 38: Liferay portals  in real projects

● Copy-paste code from StackOverflow – it's in acceptable quality

● Don't make tags or release any versions (this one is final)!

● Read “how to write unmaintainable code” and follow it

● Never test your code!

● Write your own frameworks! The more, the better.

– Never test your frameworks!

● Be agile! = Never write any documentation!

● Act like fools and just don't care!

Page 39: Liferay portals  in real projects

● Copy-paste code from StackOverflow – it's in acceptable quality

● Don't make tags or release any versions (this one is final)!

● Read “how to write unmaintainable code” and follow it

● Never test your code!

● Write your own frameworks! The more, the better.

– Never test your frameworks!

● Be agile! = Never write any documentation!

● Act like fools and just don't care!

● Don't blame Liferay for another application's problems!

Page 40: Liferay portals  in real projects

visit uswww.ibacz.eu

follow us@IBACZ

Page 41: Liferay portals  in real projects

the end


Recommended