1 / 63

Polyglot alchemy: JSR 223 in action

Polyglot alchemy: JSR 223 in action. Fabrice Matrat Marc Campora. Marc Campora Sr Manager Java Middleware mcampora@amadeus.com @ mcampora. Fabrice Matrat System Architect Technical Evangelist fmatrat@amadeus.com @ fabricematrat. Amadeus.

maitland
Download Presentation

Polyglot alchemy: JSR 223 in action

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Polyglot alchemy: JSR 223 in action FabriceMatrat Marc Campora

  2. Marc Campora • Sr Manager • Java Middleware • mcampora@amadeus.com • @mcampora

  3. FabriceMatrat • System Architect • Technical Evangelist • fmatrat@amadeus.com • @fabricematrat

  4. Amadeus • Leading provider of IT solutions for the travel industry • Connect Providers (ex. airlines) and Resellers (ex. TAs) • Provide IT solutions (ex. check-in or inventory system)

  5. System Constraints 600k Terminals 1.6B Transactions/day <0.5s Response time 3.7M Bookings/day 100+ IT changes/day 99.99% Availability

  6. Our products • Inventory • Departure control • Self Booking Tools • Point-of-sale • e-Commerce • Mobile companions

  7. Technical platform • A clear technical strategy • RIA even for the mobile • Community products • SaaS, multi-tenants infrastructure

  8. Problem statement • Community versus specific

  9. From SaaS to PaaS Application UI Application logic Middleware & Framework

  10. From SaaS to PaaS Application UI A P I Custom UI Custom UI Application logic Custom logic Script execution environment Middleware & Framework

  11. Features and ambition

  12. Scripting on JVM Application UI A P I Script Script Script Application logic Script execution environment Middleware & Framework

  13. Scripting for Amadeus PaaS

  14. Language Choice (2010)

  15. Groovy

  16. Embed Groovy Binding binding = new Binding(); binding.setVariable("foo", new Integer(2)); GroovyShellshell = new GroovyShell(binding); shell.evaluate("println 'Hello World!'; x = 123; return foo * 10");

  17. Embed Groovy ClassLoader parent = getClass().getClassLoader(); GroovyClassLoader loader = newGroovyClassLoader(parent); File script = new File("HelloWorld.groovy")Class<GroovyObject> groovyClass = loader.parseClass(script); GroovyObjectgroovyObject = groovyClass.newInstance(); groovyObject.invokeMethod("run", new Object[0]);

  18. Embed Groovy String[] roots = new String[] { "/my/groovy/script/path" }; GroovyScriptEnginegse = newGroovyScriptEngine(roots); Binding binding = new Binding(); binding.setVariable("input", "world"); gse.run("hello.groovy", binding); System.out.println(binding.getVariable("output"));

  19. JSR223

  20. Groovy vs. JSR 223 Bindingbinding = newBinding(); binding.setVariable("foo", newInteger(2)); GroovyShellshell = newGroovyShell(binding); shell.evaluate("println'Hello World!'; x = 123; return foo * 10"); ScriptEngineManagermgr = newScriptEngineManager(); ScriptEngineengine= mgr.getEngineByName("groovy"); Bindigs bindings = engine.createBindings(); bindings.put("foo", newInteger(2)); engine.eval("println'Hello World!'; x = 123; return foo * 10",bindings);

  21. JSR 223 in and out

  22. Multiple script technology ScriptEngineManagermgr = newScriptEngineManager(); ScriptEngineengine = mgr.getEngineByName( "freemarker"); engine.eval("Hello ${who}!"); ScriptEngineManagermgr = newScriptEngineManager(); ScriptEngineengine = mgr.getEngineByName( "groovy"); engine.eval("println'Hello World!'");

  23. Common API

  24. Availability • 800 languages on JVM • Around 60 are maintained • 20 have JSR 223 Implementation

  25. Performance • Compilation Result • JSR 223 No Access • Storage Script Script Script Script Compilation Result

  26. Performance • Cache Byte Code Custom classloader Cache

  27. Hot swapping Groovy • Run 2 versions of the same script Passport.groovy got changed Custom classloader Passport.class new code 1110000011 new hash new code 1110000011 new hash

  28. Sandbox • Script in JVM sharing platform and resources

  29. Sandbox • Bad things can happen • Consume resources (CPU, disk, threads) • Java and Amadeus API is available • java.lang.System.exit(1)

  30. Access control

  31. Compile : How ? • Check every node in AST @ compile time • org.codehaus.groovy.control.customizers.CompilationCustomizer • org.codehaus.groovy.ast.GroovyCodeVisitor

  32. Compile : Design • Deny/Allow/Deny • Blacklist Everything • Whitelist • Blacklist Methods granularity in whitelisted classes • java.lang.System java.lang.System.exit java.lang.System.currentTimeMillis

  33. Compile : Implementation classSecureCodeCustomizerextendsCompilationCustomizer { publicSecureCodeCustomizer() { super(CompilePhase.CANONICALIZATION); } publicvoid call(…) { finalModuleNodeast = source.getAST(); ast.getStatementBlock().visit(new SecureCodeVisitor()); … } } classSecureCodeVisitorimplementsGroovyCodeVisitor { publicvoidvisitMethodCallExpression(MethodCallExpressioncall) { checkMethodAuthorized(call); … } publicvoidvisitStaticMethodCallExpression (…) {…} publicvoidvisitClassExpression (…) {…} … }

  34. Access control

  35. Runtime • Java Security • leverage the JVM's Security Managers • Wrap Primitive/Method • Add Wrapping ((Object)"ls").execute() defobj = ((Object)"ls") // Throw an exception if necessary authorizeStatement(obj, "execute") obj.execute();

  36. Resource Sharing

  37. Sandbox code (for stability) • Timeout enforcement • Protection against infinite loops and other patterns • Injected @ compile time via AST transformation @groovy.transform.TimedInterrupt( value = 10L, unit = TimeUnit.SECONDS ) defconfig = newCompilerConfiguration() def customizer = newASTTransformationCustomizer( [value:10L, unit:TimeUnit.SECONDS], TimedInterrupt) config.addCompilationCustomizers(customizer)

  38. We are not alone • Oracle Application Developer Framework • https://github.com/sjurgemeyer/GR8ConfUS2013/tree/master/JimDriscoll • Jenkins • http://kohsuke.org/2012/04/27/groovy-secureastcustomizer-is-harmful/ • Call to the community for improvement !

  39. Resource Sharing

  40. Remoting • AST can optimize the Contextual information sent to the Execution Farm. REST/Json with application context Application farm Scripting farm(s)

  41. Remoting • Isolation • SandBox Failure • Memory or IO contentions • No Resources Impact on Main application Farm • Customers or staging isolation • On demand provisioning • Fine grain usage reports • Billing Model

More Related