Author Archives: Diego

About Diego

I’m a software engineer and work as an independent software developer and consultant. Software development is my passion. I usually find some time to write in between my work, and my other passion, enjoying nature and outdoors sports.

Adding HWIOAuthBundle to your Symfony2 project

When it comes the time to add OAuth support to your Symfony2 project, and allow your users to login using their accounts of Facebook, Google, Twitter, Linkedin, etc., it really makes sense to use some of those great third-party bundles that already solve this problem.

One of these bundles is the HWIOAuthBundle. This is a great bundle that allows you very easily to add support for authenticating users via OAuth1.0a or OAuth2 in Symfony2, handling more than 20 providers.

But as today, there is only a little problem… documentation is not as detailed as some may want. This is only my very small contribution after fighting to make it work.

The most simple working example

When installing and testing a new S2 bundle, almost always I do it the same way: testing the most simple example I can, and make it work, so I can start refactoring and adding complexity later. And this was not the exception. What follows is my own very simple example of how to get started with HWIOAuthBundle.

All bundles come with their respective documentation, with instructions on how to install, configure and use it. Why am I repeating it here? In my own experience, following the current version of the documentation was not as “pleasant” as I expected (You can read the official docs here and I encourage you to do so, because I’m not explaining each configuration option in detail here ).

So here it goes my example:

Setting up the bundle

First of all, you need to add the bundle to your composer.json file. Please remember to update your vendors after doing this:

1
2
<code lang="javascript[lines]">{
3
  "require": {
4
    "hwi/oauth-bundle": "*"
5
  }
6
}

Enabling the bundle

Then you must enable the bundle on your AppKernel.php file:

01
// app/AppKernel.php
02
 
03
 
04
 
05
public function registerBundles() {
06
    $bundles = array(
07
        // ...
08
        new HWI\Bundle\OAuthBundle\HWIOAuthBundle(),
09
    );
10
}

Importing the bundle routing

1
hwi_oauth_login:
2
    resource: "@HWIOAuthBundle/Resources/config/routing/login.xml"
3
    prefix:   /login

 

hwi_oauth_redirect:
resource: “@HWIOAuthBundle/Resources/config/routing/redirect.xml”
prefix:   /connect

Configuring your resource owners

In this example, we are adding support for Linkedin. Add the following to your app/config/config.yml:

1
#HWI OAuthBundle
2
hwi_oauth:
3
    firewall_name: main
4
    resource_owners:
5
        linkedin:
6
            type: linkedin
7
            client_id: %linkedin_client_id%
8
            client_secret: %linkedin_client_secret%
9
            scope: r_fullprofile

The firewall_name parameter must match the name of the security.yml firewall. The parameters between %% are defined in the parameters.yml file, but you could add them directly here if you want to. Follow the instructions and links here to know how to work with Linkedin API.

Implementing a user provider

The most simple way you can do this is by creating a class that extends a default implementation of OAuthUserProvider class and configuring it as a service in your project:

1
namespace IB\UserBundle\Model;

 

use HWI\Bundle\OAuthBundle\Security\Core\User\OAuthUserProvider as BaseOAuthUserProvider;

 

class OAuthUserProvider extends BaseOAuthUserProvider { }

and in the service.xml file of the UserBundle in this example project:

1
<parameters>
2
        <parameter key="ib_user.oauth_user_provider.class">IB\UserBundle\Model\OAuthUserProvider
3
    </parameter></parameters>

 


            

 

 

Configuring the firewall

In your security.yml file you should add this:

01
02
security:
03
    ...
04
    providers:
05
        ...
06
        my_custom_hwi_provider:
07
             id: ib_user.oauth_user_provider
08
    ...
09
    firewalls:
10
        main:
11
            pattern: ^/
12
            anonymous: true
13
            oauth:
14
                resource_owners:
15
                    linkedin: "/login/check-linkedin"
16
                login_path: /login
17
                failure_path: /login
18
                oauth_user_provider:
19
                    service: ib_user.oauth_user_provider

 

access_control:
– { path: ^/login, role: IS_AUTHENTICATED_ANONYMOUSLY }
– { path: ^/connect, role: IS_AUTHENTICATED_ANONYMOUSLY }
– { path: ^/, role: ROLE_USER }

Adding the check path to the routing.yml

You should add the corresponding login check route to your routing.yml, under the imported routes (/login and /connect):

1
linkedin_login:
2
    pattern: /login/check-linkedin

And that should be it. You should have now your simple example of HWIOAuthBundle working…

My own sad story…

As I said a few lines above, my initial experience with the bundle was not a happy one. That’s why I created this kind of tutorial of how to setup a minimal working example. These are the steps that I did, and how I tried to solve the problems as they appeared:

Problem 1:

I followed exactly what the docs instructed but got the error: No route found for “GET /login”.

The problem was that the docs only instruct you to import the /connect (redirect.xml) routes. In my example I added the /login (routes.xml) routes.

Problem 2:

Tried again with this little change… step forward it seemed, but I got a different error now: The browser reported a “too many redirections” problem. Reviewing the logs, I saw that the /login route was called over an over in a loop, because “no security token was found”.

So, a firewall problem… what I missed (and the official docs also) was to add the “anonymous: true” to the firewall definition in security.yml. Every time the page was redirected to /login, the firewall intercepted it as a protected URI, and it denied access because no anonymous users were allowed and the current user has no security context… so it redirects to the route configured to authenticate the user, that was… /login… auch!

Problem 3:

Testing again and… wow, it seems to work now. It showed a page with a link with the text “linkedin”. I clicked on it, thinking that I should be redirected to the Linkedin site asking for my permission, but instead… the same page appeared again, with the link “linkedin”. What’s happening? The logs reveal that, again, an infinite loop was taking place, but now on this new page… why? Well, now the link is pointing to the /connect/{service} and this route is inside the firewall, so… whenever I clicked on it, the access was denied, because I didn’t have permission yet to access that route, and it redirected me to the configured route to authenticate myself, which was /login… and this now automatically redirected me again to the page with the “linkedin” link.

Great, found the problem… so now I added the exception to the access_control list to admit the role “IS_AUTHENTICATED_ANONYMOUSLY” to the /connect path.

I guess that this could also be solved by using the same route pattern of /login when importing the redirect.xml, instead of using /connect, but I wanted to preserve as much as I could of the original instructions of the docs.

Problem 4:

Well, at this point it started to work as I expected. I try to enter a protected resource in my example site, it showed this ugly page with a link to go to “linkedin” to get authorization. I identified myself in Linkedin, and clicked the Authorize button… and it tries to comeback to my site, but it shows me a a beautiful Symfony2 ghost error saying: There is no user provider for user “HWI\Bundle\OAuthBundle\Security\Core\User\OAuthUser”…

OMG! This isn’t going to end soon, right? So now what? … I added a “my_custom_hwi_provider” user provider to the “providers” section of the security.yml (You can see it already there in my example).

Of course that to test this part, I had to prepare an “online” environment to be able to receive the control back from Linkedin. This is not going to work if you are testing it in your own developer machine without your server being able to receive requests from the outside world.

Final try…

Now we are talking… it seems to work. I’m now finally seeing my protected resource and I’m very happy to see this in the Symfony2 debug bar:

It's alive!

It’s alive!

Some final thoughts…

This is a great bundle, and it’s a work in progress. The developers are putting a lot of effort and time trying to make a good bundle for all of us… This is my way to try to help some beginner Symfony2 developers that might encounter some problems trying to make this work, and maybe don’t have the time to dig around to find the causes. And if you are like me, that usually copy and paste every example, well… you’ll have to be a little more careful this time.

To hire an expert developer or not to hire it… that is the question

HamletI guess that’s an easy question, right?

It’s fairly easy to know if a developer is an expert in some technical field, programming language or framework. Just read his or her resume and search if the tech is in her assets, check if there is any real working experience with the particular tech and for how long. That would give you a pretty good idea (in theory) of what this “expert” knows. Finally you’ll have the option to test her the first days doing real work and that’s were you can realize if your assumptions where good or not about her expertise. Pretty easy.

So I imagine that your answer will be to try to hire the expert. And you are right, I always try to do that also.

Of course we all want to hire the expert, but a good leader has to see beyond the surface of the evident. Should this question be the main purpose of your search? Should this be the most important factor in determining who will be your next team member?

During these past months I had the chance of meeting a lot of people from the IT area, programmers, startup guys, company owners, CEOs, CTOs, you name it. In some point of the conversation with them we usually started talking about forming teams, how to do it, and how to search for new members for that teams. And almost always people say the same thing: “I want experts in such and such tech”. “I’m tired of people saying they are experts when they are not!”. “If you don’t have an expert in tech X your project’s most likely is going to fail”, “I always search for experts in Z framework, it’s not negotiable!” And a lot more things that what really show is that they are only focused in searching the best expert they can find for a particular technology and nothing more.

This situation keep amazing me all the time I think about it. First of all because, although they have only this objective, most of them fail to detect if the person is really an expert at all; and they realize the lack of expertise well after the hiring process, when the projects have already begun. That doesn’t talk to well of the recruiter abilities! And second, but more important, is that these people are not taking into account a critical factor in their recruiting efforts: technology and software development are always changing and evolving.

Technology and software development change and evolve constantly. Today you are an expert in a language and framework, but tomorrow a new library is published… and what are you now? A “vanishing expert”, so you’re not so cocky now, eh? And if you want to keep your cocky attitude, you should learn the new features. This happens almost daily and with every tech you can imagine. New framework versions, new programming languages releases, problems encountered during development that are only solved using a library that nobody knows, testing libraries and frameworks, version control tools, continuous deployment tools and servers, internal scripts… the list could continue almost indefinitely. So every “expert” in a particular technology, actually is a vanishing expert, her days are counted. So that’s want you’ll get at best when focusing your recruiting efforts in tech experts alone.

After all this, I guess that you are starting to see where I’m going.

When you recruit your next team member, your main focus has to be finding the expert, but not in a particular technology, but instead in learning new technologies. You should search for the guy that enjoys learning new things and evolving, that can become proficient in a small amount of time with the new techs needed, that is not afraid of testing new things, that has the confidence of finding a solution to a problem she has never seen before, that has the capability of investigating new things and learning them. A developer that could meet these requirements, will become automatically a proficient developer with any tech that you put in front of her. And that’s exactly want you should search first!

How to detect these things is the topic of another post. But for now just remember this guy, and ask the Sword of Omens, to give you Sight Beyond Sight, in every recruiting effort:

Sight Beyond Sight“Sword of Omens, give me Sight Beyond Sight!”

And just to make the fans cry:

ThunderCats by ThunderCats on Grooveshark

How to create a dynamic list of checkboxes in Android, part 1

A brief introduction…

The first app that I developed with Android was very simple and the screen that I started with, had a search function. The user could search food stores near a city, selecting the desired type of food. This screen was fairly simple, with these input elements: a city spinner, a group of checkboxes for the food types, and a search button. As simple as it seems, when you are a total newbie to the technology, is difficult to get started.

So my first decision was to tackle only the layout and the user interface at first, with no worries about the source of the data or the search function in the beginning. This lead me to quickly create these two string arrays in strings.xml, just to test the UI of the activity.

01
<string-array name="cities">
02
    <item>Mar del Plata</item>
03
    <item>Buenos Aires</item>
04
</string-array>
05
<string-array name="foodTypes">
06
    <item>Pasta</item>
07
    <item>Pie</item>
08
    <item>Pizza</item>
09
    <item>Grill</item>
10
    <item>Sea Food</item>
11
    <item>Salads</item>
12
    <item>Desserts</item>
13
    <item>Quick Meals</item>
14
</string-array>

Great! Now to the code that would make these items into the UI elements… The spinner was quite straightforward, the layout element in the layout.xml file is (I’m using RelativeLayout, but i’m showing only the spinner):

1
<Spinner android:id="@+id/cities_spinner"
2
    android:layout_width="fill_parent"
3
    android:layout_height="wrap_content" 
4
    android:layout_below="@id/cities_label"
5
    />

And inside the onCreate method of my activity:

1
//create spinner with cities
2
Spinner spinner = (Spinner) findViewById(R.id.cities_spinner);
3
// Create an ArrayAdapter using the string array and a default spinner layout
4
ArrayAdapter<CharSequence> adapter = ArrayAdapter.createFromResource(this,
5
    R.array.cities, android.R.layout.simple_spinner_item);
6
// Specify the layout to use when the list of choices appears
7
adapter.setDropDownViewResource(android.R.layout.simple_spinner_dropdown_item);
8
spinner.setAdapter(adapter);

What’s the logic behind all this code?

First, you need to get the spinner that’s defined in your activity layout file, and to do that in execution time, you could use the findViewById method.

Then, you need a way to load all your string array items into the spinner, and you do exactly that, using an adapter. An adapter is a mediator between the UI element (the spinner in this case), and a source of data (the string array in this example), and is responsible for creating a UI representation of each element of the source data (creating a View object for each one). In this example I used an ArrayAdapter, that is an Android predefined subclass that helps with source data inside arrays. The interesting part here, is that you specify the way you want the elements to display in the spinner, using setDropDownViewResource method from the Adapter. The parameter passed to this method it’s an Android predefined element to show a text as a spinner item.

At last, you set this adapter to your spinner, an is done! Your spinner now shows all the items in the string array that was defined in the strings.xml file.

And now, let’s tackle the checkboxes

Ok, so lets go down to business… this post was about a dynamic list of checkboxes, or not?

I’m sorry for that introduction into spinners, but being this app my first one, I thought it couldn’t be so much complicated to tackle the checkboxes part. It should be quite similar to the city spinner. And it was… at the end. But I got stuck trying to solve this. There are a lot of questions and examples drifting around this issue on the net, and I got confused. So I included that part as an introduction, and as a way to compare the little differences between the spinner and the checkboxes examples.

Remember that my task here was pretty simple, showing a string array as a list of checkboxes that the user could check and uncheck. And here is how I got that running. For the layout, I defined a GridView element, like this:

1
<GridView android:id="@+id/foodtype_list"
2
        android:layout_width="fill_parent"
3
        android:layout_height="wrap_content"
4
        android:numColumns="auto_fit"
5
        android:choiceMode="multipleChoice"
6
        android:layout_below="@id/foodtype_label"        
7
        ></GridView>

And inside the onCreate method of my activity, just under the spinner code, I wrote this:

1
//create checkboxes from string array for the food types
2
String[] foodTypes = getResources().getStringArray(R.array.foodTypes); 
3
ArrayAdapter<String> adapter2 = new ArrayAdapter<String>(this,
4
    android.R.layout.simple_list_item_multiple_choice, foodTypes);
5
GridView gridView = (GridView) findViewById(R.id.foodtype_list);
6
gridView.setAdapter(adapter2);
7
for (int i = 0; i < adapter2.getCount(); i++) {
8
    gridView.setItemChecked(i, true);
9
}

Yes, I know, it’s basically the same thing as with the spinner. But that’s the point here. You create an adapter from the string array, and define it to use another Android predefined element as layout template. In this case, I did this in the constructor directly.

The for block is just to always set all the checkboxes into checked state.

This is not a finished activity, just the first draft of one screen. I’ll be posting updates on this example to show how to evolve this simple and “hardcoded” activity into one that loads the cities and food types from storage, and can get the selections made by the user.

We don’t need another hero!

Hero developers. That breed of super heroes that solve every damn coding problem that arises in our software projects. They are fast, and usually they complement it with lateral thinking, boosting their quickness with solutions that seems taken out of a magic hat. And it seems they are always there when we need them. They have a great commitment to the project, they love to save the day, even on weekends! They seem to have an affinity with programming languages, they even understand the ones they have never seen before… and quickly.

New requirements enter the show with no adjustment in schedule? – No problem, we have Superjavaman with us!

Bugs, bugs and more bugs!!! What are you doing people? PHPman, here… take the key of the office. Stay this weekend, please. We need to be ready to deploy on Monday! Refactor anything you want, I don’t care, but make it work! Oh… yes, and turn off the lights when you finish. Thanks!

Client: “What? I didn’t mean only A and B… What I meant was that we need the app to do A, B, C, D, E, and all the remaining letters of the alphabet!” – Team Leader: Uuuups… better start lightning the C#Signal, we are gonna need Supersharpy right now!

This guys are really great. It’s always nice to have one of them in the team.

But guess what?… If you need heros more than once in a while… you suck as project leader!

Yes, and I’m sorry to tell you this, but it’s true. Don’t take it personally. I have fall into the hero trap myself more than once, so I’m also talking about my own problems here. When a software project has problems, they are usually caused by a bad leadership, and not because of bad developers.

Of course, this is not the way that project leaders want to put it.

“Hey, project leaders don’t code, so why are they responsible of bugs?.”

“Project leaders are not the client, they are not to blame for those unintelligible requirements. The client is!”

“Wait a minute… as a project leader I usually double check all time estimates with a developer, so I’m not the one to blame about bad schedules.”

Really? Is that easy? Are developers so awfully bad coders that they introduce bugs in every code they touch? And if it’s so… you didn’t notice until well advanced in the project schedule?

Aren’t project leaders the responsible of the project, including understanding what the client wants? And if this is not clear enough, don’t they have the responsibility of at least communicate this to the client and try to solve the issue?

Do project leaders come from a parallel universe where time works different than here? Why they can’t understand that time estimates are only that… estimates, not promises? It seems to me that not matter if the project leader was a developer just until yesterday… today is project leader, and now he forgot that a good time estimate requires time. You need to know exactly what you have to do in order to tell accurately how much time is going to take. More time, better estimates; less time, worse estimates.

And all this gets worse at corporate levels. Usually at big companies every one functions in Pontius Pilatus mode, trying to avoid responsibility of any decision. They only lack the water bowl… but if they could have one, the picture would be complete! (I guess that I’m going to code a mobile app of a water bowl, so every time this guys have to take a decision, they can tap the bowl and a voice in latin says something like “The decision is yours… not mine….”).

So please… we really don’t need another hero. We need common, normal, ordinary developers who work good enough to get the job done. But what we really need is good project leaders. The ones that know that software development is a team effort, and know how to facilitate the workflow between team members. The ones that helps them solve problems, and that take the rocks out of the road, not the other way around!

Is your responsibility as project leader to make your team fit together, and to help them not to loose focus in unimportant tasks. Bugs are your responsibility… just ask developers why they have them, and if there is something you can do to help. Requirements are your responsibility… so be sure that everyone understands exactly what has to be done. Schedule is your responsibility… so take the action needed to make the client understand what an estimate means, and don’t fall into the “Holy Bible Syndrome”. And last but not least… please, hear what developers warn you about, they usually make their warnings when there is enough time to do something. If they talk… listen.

So here ends the software development catharsis… After all this, I’m just hoping that I have some readers old enough to remember this:

We Don't Need Another Hero (Thunderdome) by Tina Turner – www.musicasparabaixar.org on Grooveshark

Mad Max: Beyond Thunderdome

Mad Max: Beyond Thunderdome

The case against functional specs

Stack of Documents

Stack of Documents

Is there any single way in which you can develop a piece of software that doesn’t do what users want? Yes, write a functional specification document!

Before saying anything else, I want to clarify that I’m talking about typical software projects… web, desktop or mobile apps; not about space shuttle operating systems, or real time controllers for robots that do brain surgery!

I can almost hear all of those functional spec lovers yelling all kind of things at me. – “Are you crazy? Functional specs are supposed to help us in delivering good software, products that do what the users want.” Well… usually we achieve exactly the opposite by creating this documents.

This is one of those areas where reality shows us again and again, how wrong we are.

Please, try to remember any software that you have developed, that once it was finished, still kept quite close to the initial functional spec… I couldn’t. And I know a lot of good software developers with this same dilema. The reason is simple, functional specs are theory, not reality. Of course, we could try to maintain them close to reality and in tune with all the changes and evolutions as we develop the software, forcing us to strictly change first the specs before doing anything else. But then… why bother? Isn’t it supposed to help us? If we have to change it day in and day out, every time we want to make changes, does it worth it? Does it slow us down?

In my own experience with all the corporate clients that I worked for, they always had required some kind of detailed functional spec before starting to build the software. The best scenario was to have a software very different to the initial spec, but fortunately aligned to the client needs. Sometimes these specs where updated, sometimes not. But we always had a lot of overhead with back and forth discussions with clients about what was a “requirement change” and what was a “misinterpreted requirement”, and then rewriting the specs or writing new ones.

And the worst case scenario? Well… if those were some of the best cases, I guess is not necessary to explain what happened when we weren’t so fortunate.

Over the years I came to discover some truths about software development and functional specs, the hard way… hitting my face over the wall. Most of these issues were addressed by other people, and I only wish now that I could had the chance to understand them better back then:

  • People don’t understand specs the same way. Every time you write a spec, you’ll have people thinking different things about the same issue. I saw this happening a lot of times. Even with a paragraph of 1 sentence. There’s always information that’s implicit and existing only in the brain of one person. And of course that information is obvious for this person, but not for all the others.
  • There’s not enough information to make the real decisions at the time you are writing a spec. Usually the information needed arises once you start the development process. So here we are playing with guesses and assumptions, not making any progress at all, and usually discussing things that will not apply later on.
  • At spec time, there is always the tendency to add a lot more functionality that what is really needed, and what it could be built with the available time, budget and resources. People (and usually programmers too! -yes they are different kind of animal-) like to add a lot of functionality to software, because… – “it’s only a button here and there, how much could that cost?”, or… “yes, we need categories and subcategories for this, and would be nice if they could be user defined. This is just two simple drop down lists, very easy right?”. Until you start thinking about all the support code, CRUDs for those “simple” drop downs, tests for the new modules, new deployment code, migrations for the old data to upgrade to the new software version, etc. What seems simple and tiny, almost always grows bigger when you start building it. And of course, the budget is already written in stone!
  • It’s very easy to fall into “Holy Bible syndrome”. Specs are usually used as signed contracts. And once you are there, it’s really difficult to build a useful software. Reality is always changing, signed contracts are just the opposite, always fighting against change (and both sides of the contract, client and provider, in alternating times, assume the “not change allowed” role). I’m not advocating here against software development contracts or trying to evade responsibility and accountability for what developers produce. But transforming a software spec in a kind of Holy Bible it’s not going to solve the real situation that presents every day in these industry: perpetual change. When we use the specs as a signed contract, we loose a lot of time and effort dealing with which changes are allowed or not, with interpretation details of what was asked to do, what was “in there” and what wasn’t. This is dead time. Assume reality, and please work as a team with the same objective: build a useful software.

“So great genius… if we create no spec, how do we start? Do you suggest start coding right from the beginning?”

No, not at all. But I’m for things that really help you build your software, and don’t get in your way. What I really found that works is to start with a really small description of the product or software that you want to build and some UI draft sketches. This will really help you visualize the software you want to build, and to communicate the ideas easy and with low overhead between team members and with your client. The natural evolution of these steps is to start building the real UI, with no functionality.

“Hey! Wait a minute… isn’t that a kind of spec?”. Yes it is, but a different breed. One which is simple and agile enough to help you and your client to agree, and to move on to the real work… getting the product done! I’ll be writing about this process on some future post.

From my own experience, I got the bests results when I kept focused on less documents, more agility, and using the right tool for the job.