Breaking it down further (Application Tier)

As mentioned in my earlier posts, the logical tiers that make up "Application Architecture" are (in my mind) the Client Tier, Application Tier, and the Integration (or Data) Tier. Some of the application architecture tiers can be further broken down into logical layers.

As application designers/developers/architects, we are generally most concerned with the Application Tier, because that is where the bulk of most application logic and functionality reside (with the notable exception in the Web 2.0 world that is moving more and more presentation and business logic down to the client tier, but that is another matter).

Application Tier
For design purposes, the Application Tier can then be further broken down into into several discrete Application Layers, which provide a logical separation of concerns for our application.

As you can see, the application layers include:

• Presentation Layer
• Business Layer (Services and Objects)
• Integration/Data Layer

Presentation Layer
The aptly named presentation layer is pretty much exactly what you would expect.  It is the presentation of the application to the user, delivered generally as a group of UI components as well as UI Process components.  It basically orchestrates the response to any application requests, which for web applications are generally HTTP requests originating from a browser (web service applications are a bit different in implementation, but similar in concept).

Depending on the nature of the application and the technologies in place, this layer can be delivered as a wide variety of components.  Regardless of the technologies used, one over-riding pattern that is generally considered the best approach for managing the interactions between UI and UIP components is the Model-View-Controller (MVC) pattern, whose responsibilities include:

• receiving and handling user events, acting as the overall request "controller"
• calling out to service classes to build the "model" data for the response
• creating appropriate "view" responses and sending to the caller

An interesting point that is often overlooked is that the Presentation Layer is generally the only "stateful" layer within the application architecture (since it is responsible for managing the user sessions/state). Ideally, the Business and Integration/Data Layers of an application are "stateless" (to open up the possibility for re-use of these components by other clients/callers).

Business Layer
The business layer is where the 'guts' of the business logic is stored.  This is generally where the real functionality of the application is implemented.  Components in this layer are generally structured around real-world business concepts, and encapsulate the business logic (or business rules) for the application functionality being delivered.

Many times, these functions are broken down into more logical services (aka Business Services), and delivered through some sort of application facade, often referred to as a Service Interface.  Now, this doesn't necessarily mean that it uses Web Services, but that is one method for having a more technology-agnostic approach for developing business functionality and making it available to applications leveraging multiple technology stacks.

Similarly, there are often software components that represent their real-world counterparts that are often called the Business Objects (like Invoice, Employee, Customer, etc.).  These are generally just containers for managing related data and presenting it in a meaningful way.  While these objects often originate in the Business Layer, they can be used to pass the structured data between layers (to the Presentation Layer, for example).

Integration/Data Layer
The Integration Layer is the interface for the Business Layers to interact with any enterprise systems (including databases).  This is where the distinction between Layers and Tiers is most useful.  Most business applications are centered around delivering "data", which often resides in some sort of back-end repository, like a database (although there are many other possibilities, like ERP systems, LDAP trees, Web Services, etc.).  The components in the integration layer (or data layer) are responsible for exposing the data from these repositories to the business layer.

The Integration Layer is often implemented using Data Access Objects (DAO) for database access or Adapters for other enterprise integrations (Web Services, RSS, etc.).  Continuing the practice of separating design from implementation, one preferred approach here is to define an interface for the DAO, like StudentDao, and then provide an appropriately named implementation, like JdbcStudentDao (if JDBC based, could also be HibernateStudentDao).

As just mentioned, Object-Relational-Mapping tools (ORM) like Hibernate are another option for the Integration/Data Layer, but they can add a level of complexity that is not always required for business applications (particularly those that are "view-only").

Stored procedures are an interesting case., and can complicate the logical separation of layers and tiers.  While the stored procedures can often contain "business logic" that would be considered part of the Application Tier, the actual implementation (code) resides within the database itself - on the Data Tier.  This murkiness is generally undesirable, and as such I generally prefer to avoid stored procedures when possible.  There are cases when their use makes sense, but keep in mind that it can complicate your application architecture.

Breaking it down further (Integration/Data Tier)

As mentioned in my earlier posts, the logical tiers that make up "Application Architecture" are (in my mind) the Client Tier, Application Tier, and the Integration (or Data) Tier. Some of the application architecture tiers can be further broken down into logical layers. The Integration/Data Tier generally doesn't fall into that category, so I'll just spend a little time talking about what I mean when I refer to the Data Tier (from now on, I'll generally refer to this as the "Data" tier, as that is what is most often used in business applications).

Integration/Data Tier
The Data Tier is generally responsible for managing the persistent application data. This data management typically includes:

• Storage/retrieval of data
• Managing updates to the data
• Allowing simultaneous, or concurrent access (by more than one middle-tier process)
• Providing security for, and ensuring the integrity of the data

In most business applications, these services are provided by a RDBMS. However, the Integration/Data Tier is used to refer to whatever back-end repository is being used as a persistence mechanism for the relevant application data (ERP system, image repository, web service, etc.).
Frequently (but not always), the database is separated physically onto its own tier. However, the performance of an application can suffer greatly if this physical separation from the application tier is too great. When planning the application, work with the appropriate teams (e.g., enterprise architecture, DBA, etc.) to determine the appropriate physical server location and configuration for your Data Tier - taking into account the Application Tier (which will be discussed next).

Breaking it down further (Client Tier)

As mentioned in my earlier post, the logical tiers that make up "Application Architecture" are (in my mind) the Client Tier, Application Tier, and the Integration (or Data) Tier. Some of the application architecture tiers can be further broken down into logical layers (see my previous blog about how I differentiate between "tiers" and "layers"). Let's start with the Client Tier.

Client Tier
These days, the client tier generally maps to the browser, as is the case with any web application. When referring to "Client-Server" type applications where there is a separate application client program installed on the client machine, things are a little different (and there would be cases where it makes sense to break this down into logical layers), but in the web-world, the client is generally used only as a presentation vehicle for the application user.

The Web 2.0 model has complicated that a bit as well (with AJAX having the potential to move functionality/business logic to the Client Tier). This would be another case where it makes sense to break the tier down into additional logical layers. However, that is a topic for another day.

Thus, the Client Tier (for non-AJAX web applications) is generally responsible for:

• Display of HTML resources
• Issuing HTTP requests for resources,
• Processes HTTP responses

Generally, this means that the Client Tier will be mainly interacting with the Application Tier, sending requests and receiving responses that are then rendered for the user. Pretty straightforward stuff here (except when you bring this whole "Web 2.0" thing and the AJAX that goes along with it).

Application Architecture - Tiers or Layers?

While application architecture is complicated enough by itself, the ambiguity or multiple interpretations of words or concepts adds yet another wrinkle. One example of this that I've run into recently has to do with the separation of the logical and physical components within an application.

Most developers/architects will agree that there are (at least) 3 separations that are meaningful enough to warrant their own grouping:

• Client "stuff"
• Application "stuff"
• Data "stuff"

But are these "layers" or "tiers"? There are a lot of people that use these terms interchangeably, and until somewhat recently, I did too. That changed while I was doing some online research to pull together documentation for a recent project.

I stumbled upon a couple of articles that made a differentiation between the two that I think makes a lot of sense (thanks to Pranshu Jain's Blog and the Guidance Share Wiki for their insight).
Physical separation versus logical separation is the distinction. If the layers are physically separated (or have the potential to be physically separated), then they can be referred to as tiers. Logical separation (particularly for design concerns) is indicative of architecture layers.

So, as mentioned above, most web applications have 3 tiers:











I plan to continue to use this distinction moving forward, because I think there are some places where it can really add value (which I will discuss in more detail within future blog entries).

JavaMail Quirk

While creating a fairly simple program recently, I stumbled upon some odd behavior with the latest release of the JavaMail API (1.4.5).  OK, maybe its not that odd, but it seems different from how I remember things.

Basically, one of the requirements for the program is to send emails with file attachments.  No real text is required within the email body.  It should be no surprise that I'm using the Spring Framework for this project, and as such I am using the MimeMessageHelper to create my message and then send it.

The issue arises when I try to send an email without any body text.  In this case, here is the error that I see:

org.springframework.mail.MailSendException: Failed messages: javax.mail.MessagingException: IOException while sending message;
  nested exception is:
      java.io.IOException: javax.mail.MessagingException: Empty multipart: multipart/related;
      boundary="----=_Part_1_30254491.1359131496129"; message exceptions (1) are:
Failed message 1: javax.mail.MessagingException: IOException while sending message;
  nested exception is:
      java.io.IOException: javax.mail.MessagingException: Empty multipart: multipart/related;
      boundary="----=_Part_1_30254491.1359131496129"

Not very informative, is it?

After doing some research (aka lots of googling), I found out that the MIME spec apparently does not allow multi-part messages with no body parts (see javadoc).

There are two ways to get around this:

• Simply add some text to the body of the message (easy)
• Turn off this restriction which prevents empty messages

Fortunately, if your requirements dictate an email with no body, you can change the default behavior by setting a system property:

System.setProperty("mail.mime.multipart.allowempty", "true");

Hope this helps someone save some time in the future...

Even better tool for testing Web Services (soapUI)

I know that awhile back I was extolling the virtues of tcpmon, but I've since stumbled upon an even better tool to use for testing web services - soapUI. Here is where to get it:

http://www.soapui.org

This is a open source tool from eviware that is licensed under the terms of version 2.1 of the GNU Lesser General Public License. There are several versions of the tool available on a few different platforms. It integrates with most major IDEs, including:

• Eclipse
• NetBeans
• Intellij

There is also a 'Pro' version that is vendor-supported (with enterprise users in mind). So far, I have only used the freely available eclipse plugin. It is a very handle little tool for creating, sending, and receiving SOAP messages. Here is what it looks like:



Its pretty simple to use - just point it at the WSDL file, and it will create a test SOAP request envelope that you can edit prior to sending. And then you can view the fill SOAP response (including the transmission details, if desired).

If you are looking for a tool to produce SOAP messages/responses, look no further...

Managing certificates with Java (the keystore is the key)

This is not a very difficult task, but I'm putting out here to mainly help me remember the syntax for the keytool utility (that comes with the JDK).

How to install a certificate:

1. Procure the desired certificate for installation into the keystore and copy it to the keystore installation location (see additional instructions at the end for details on how to do this from different browsers (if you don't already have the *.cer file).
   
   
2. Open a command window and navigate to the appropriate directory containing the keystore that you wish to modify (e.g. C:\Program Files\Java\jdk1.6.0_10\jre\lib\security\cacerts is the default keystore).
   
   
3. Execute the following command to import the certificate (from the *.cer file) to the keystore:
   
   keytool -import -file newcertificate.cer -alias new-certificate-name -keystore keystore-name
   
   where:
   
   newcertificate.cer is the name of the certificate file
   new-certificate-name is the name used to store that certificate (doesn't really matter, just something descriptive)
   keystore-name is the name of the keystore being updated (e.g. cacerts).

How to view the certificates already installed in a keystore:

1. Execute the following command to list all of the certificates in the keystore:
   
   keytool -list

How to retrieve a certificate using your browser:

1. Navigate to the desired URL (using https://), then depending on your browser, there are several ways to retrieve the cert:
   
   IE
   Either click on the small padlock icon in the lower right corner, or select File | Properties | Certificates from the menu.
   
   
   
   Then, select Details | Copy To File, and it will launch a wizard to export the certificate to a file (I typically use Base-64 encoded X.509)
   
   
   
   Firefox
   Very similar process, but instead of clicking the padlock, you click the highlighted logo on the left side of the address bar.
   
   
   
   And then select More Information | Details | View Certificate | Export.