Transcript application servers

Application servers and ZOPE
An overview by many authors:
T.Tammet, P.Browning, K.Birch.
C.Petrelli…
Plain cgi vs server
• Cgi program: started, runs, stops. Ordinary
command-line program.
• Server program: runs all the time, day after
day.
• Server program is used by client programs
which send connection requests to a port.
Server listens to requests, typically creates a
new thread for each, answers.
Plain CGI vs application server
• Plain CGI architecture:
Just file?
http server
Get file from the
file system
Browser
http url
Program?
Run program
on the server
Application server
• Possible app server architecture:
Middleware
http
server
Browser
http url
Files in
file system
App
databases
server
In app
server
Programs
in app
server
External programs
External databases
App server 1
• Essentially, application servers offer an
integrated Web development platform that
allow connection and management of a
variety of enterprise resources such as Web
servers, databases, and legacy
application systems.
App server 2
• Characteristic of an application server is a
three-tiered architecture with an
application's development and deployment
layer between the client and backend of
legacy systems.
• The application server provides a developer
with a set of common otools and services
that most applications need, allowing a new
level of integration among components.
App server 3
• Application servers can link multiple systems and applications over
diverse hardware and operating systems.
• Some application servers provide an integrated development
environment. This can eliminate the need for multiple tools or code
conversion, but it may not allow you to use other tools that you've
used previously.
• Application servers can take advantage of reusable modular
component models such as CORBA, COM/DCOM, IIOP, or EJB
(Enterprise JavaBeans). This means you won't have to reinvent the
wheel over and over again.
• Application servers provide access to a variety of databases, either
through direct support (i.e., SAP, Notes, CICS, etc.), or standardized
interfaces (i.e., JDBC, ODBC, etc.).
App server 4
• With features such as load balancing and pooling and caching,
application servers can give you more control over how applications
run.
• Application servers provide better reliability using using cluster failover, auto-detect and auto-restart, and multiple object instances to
insure prompt response to client requests.
• Application servers usually provide numerous management tools
including remote and local application management, prototype testing
(for use prior to deployment), and system monitoring.
• Security features such as authentication, Secure Sockets Layer (SSL),
certificates, access rights, and encryption can be used and integrated by
application servers with operating systems and directory services.
• Application servers can allow database-intensive business logic to
perform better, lowering network traffic and improving access
performance.
CMS
• Content management system.
• Goal: publish and edit web pages EASILY
by a workgroup (not just ftp ….)
• Example cases: newspaper www
systems,news and discussion sites, portals,
…
• Use case: a large site which is changed
fairly often.
What is a CMS?
“a CMS is a concept and not a product” Lowndes, pers. comm.
(from Ed Ort, see Rezourzes)
CMS Feature Onion
N.B. Only a selection of features is shown in the outer shell
(from Browning & Lowndes, 2001 in. prep.)
Top 6 (out of 41!) features @
IWMW2000
• Self-service authoring/frictionless publishing for nontechnical content providers
• Workflow management – submit, review, approve, archive
• Integration with existing data/databases AND user
authentication systems
• Roles based security
• Flexible output – author once, publish in many formats
• Metadata management
Does the “orthodox” Web deliver these?
Zope - what is it?
• Middleware ++
• Server Unix, NT or Mac (MacOS X)
• An object database that thinks it’s a
filesystem
• Can be entirely browser-driven
• Best “done” rather than described
Zope - For
• Transparency of publishing (Web forms, ftp,
http put, WebDAV)
• A growing number of drop-in objects
(ODBC, Oracle, MySQL, Confera,
Squishdot)
• Open source
• Community
What is Zope?
Web Client
XML-RPC
Web Server
WebDAV
FTP Client
Z Server
Zope Core
Z Classes
Products
ZODB
• A Python Web Application Server
• A transactional object database that
thinks it’s a file system
• It has many elements of a CMS ...
•… and quite a lot more besides
RDBMS
File
System
Demo
• Management screens
• Zope - a Swiss Army Knife for the Web?
examples
• WorldPilot - a third-party Product
What does Zope compete with?
•
•
•
•
•
•
ACS - ArsDigita Community System (TCL)
Enhydra (Java)
Type3 (PHP)
Mason (Perl)
Coldfusion
MS Site Server (IIS, ASP, …)
Among many, many (> 80) others ….
Where does Zope sit in the Application
Server/CMS landscape?
(The descent of WebMan?)
Complexity of applications
Apache &
File System
FilemakerPro
Active Server Pages
ColdFusion
Perl & CGI
Zope suited to lightweight
solutions too
Easing the Webmaster bottleneck
Zope
Enhydra
TeamSite
Spectra
What are the reasons not to use Zope?
•
•
•
•
•
•
•
•
I need to use Apache
I have to script in DTML
I have to author in a browser
I have to put all my content in one file
The documentation is poor
There is no commercial support
You can’t recruit Python programmers
It is not Java
What are the reasons not to use Zope?
• I need to use Apache You can
• I have to script in DTML Use Python or Perl
• I have to author in a browser
HomeSite, emacs, BBEdit, Word, etc
• I have to put all my content in one file You don’t
• The documentation is poor It’s eclectic!
• There is no commercial support DC and others
• You can’t recruit Python programmers Maybe
• It is not Java Correct
Is Zope a CMS? I
Application
Deployment
Content
Integration
and Versioning
User
Interface
Workflow
Data
Repository
User
Management
Is Zope a CMS? II
CONTENT INTEGRATION AND VERSIONING
Core SQLMethods, Search Interface, Undo, Version
Products LocalFS, ZODBCDA, ZOracleDA, ZMySQLDA,
ZopeLDAP, XMLDocument
Utilities load_site.py
Content
Integration
and Versioning
Workflow
WORKFLOW
Products Portal ToolKit (PTK)
Is Zope a CMS? II
APPLICATIONS
Core DTML, Zcatalog, External Methods, MailHost
Products PythonMethods, PerlMethods, SQLSession,
FSSession, ZUBB, Squishdot, Site Summary, Zwiki,
WorldPilot, zCommerce
DEPLOYMENT
Core ZEO
Products SiteAccess, CacheManager, Xron
Utilities ReportLab
Content
HowTos Running Zope off CD ROM,
Integration
Build a WAP site with Zope
and Versioning
Workflow
DATA REPOSITORY
Core Data.fs (ZODB - a transactional
object database that thinks it’s a file
system), ZEO
Products OracleStorage,
BerkeleyStorage, CompressedStorage
USER INTERFACE
Core TTW Authoring &
Management
Utilities HS Extensions,
RadioUserland, ZopeStud
USER MANAGEMENT
Core UserFolder, Users who have users
who have users, Roles, Fine-grained
permissions
Products LoginManager, Membership,
smbUserFolder, ZopeLDAP,
mysqlUserFolder
What is Zope?
Promo answer:
• Zope is the leading Open Source application
server, specializing in interactive content
such as portals and content management
systems.
• Mature system, based on many years of
work in application servers
What is inside Zope?
•
•
•
•
•
A Web server built in.
A Web based interface
An object database
Relational database integration
Scripting language support
Advantages: Customer
• Zope doesn’t just deliver pages to the
customer, it provides the ability to engage in
interactive, customized content.
• URLs that “Mom” can understand
Advantages: Content Managers
•
•
•
•
Everything is through-the-web
Choose your weapon
Content re-use, order prevails over chaos
Flexible searching
Advantages: Developers
•
•
•
•
•
•
Modular architecture
Customizable searching
Rich object model
Integrated object database
Extensible security
Integration of external data
Advantages: Business
• Keeping control.
– Your website is the heart-beat of your electronic
presence. If your site isn’t in business, you
aren’t in business.
– Unfortunately, the most important thing in the
world to your technology vendor is their
business plan, not yours.
– Source code, right to fix, right to modify.
Advantages: Business
• Price Advantage
– Zope’s commercial competitors operate on a simple
principal: account control. Everything is structured to
make you pay a lot and pay repeatedly.
– Competitive software can cost up to $1M just for the
licenses, often $100K+ just to get started. Moreover,
these other alternatives cash in on hidden charges, such
as yearly transaction fees.
– Zope is “free of charge.” Money saved on license feeds
can be applied to actually getting a solution, rather than
a piece of software.
Simple
• Manageable code base
– ~88,000 lines of Python
– ~45,000 lines of C
• For comparison PHP4 is ~150K lines of C
code
• Built on core Python 1.5.2 distribution
• Python has been described best as
“executable pseudo-code.”
Separation of Roles
• Robust security expression
• Differentiation between users, roles and
permissions
• Users may have roles only in a “local”
context. This is granular to the object level.
Delegation of Control
•
•
•
•
Content managers control content
Developers control logic
Administrators control server
You can structure control any way you
desire
Integrated Environment
• Object management through-the-web
• Simple interface
• Provides a unified OO interface to both
Zope data as well as legacy information
True Web Objects
• Conversion of URLs to objects
• Ability to hide the low-level transport
(HTTP) from the developer
• Develop reusable objects which present
themselves via multiple methods
Passionate Community
• Over 1,500 members of the mailing lists
• Lists have reached saturation point in volume
2500
• For reference, 2500/month = over 80/day
2000
1500
Zope-Dev
Zope
1000
500
0
Jan
Mar
May
Jul
Sep
Nov
Scalability
• > 1,000,000 hits/day on commodity
hardware
• Compares favorably with other application
servers
• Tries to play friendly with caching
• Commercial solutions for high-scale
situations (Zope Enterprise Option)
Filesystem
Architecture
RDBMS
UltraSeek
Other?
LDAP
IMAP
RDBMS
ZODB
SMTP
Framework
Python
ZServer/Z Publisher
PCGI/
FastCGI
HTTP/
WebDAV
FTP
XML-RPC/
SOAP
Apache , IIS,
Ne ts cape
http/https
Brow se r
Program
Login
Monitor
Others...
Zope Management Model
• Zope is designed to be managed “through
the web”
• A few operations (e.g. adding products)
require disk access
• Content is not “strewn” around the file
system
Zope Management Interface
• Two-paned UI like Windows Explorer
– Navigator (on the left)
– Workspace (on the right)
• Views along top
• HTML 3.2 with/some JavaScript
• Available at:
http://server.com/. . ./manage
Roles for Managing Zope
• Sneak peek to security:
– Using Zope management interfaces requires
that the user authenticate as a user with the
Manager role
– Immediately following installation there is one
(1) user defined in the access file in the Zope
home directory
– By definition this user has all roles
Zope Management Interface
• Logging In
– Authentication initially controlled with
username and password stored in access file
– access file stored in the root of Zope installation
– format
superuser:{alg}password
• Superuser has all roles!
Authenticating to /manage
• Accessing the /manage interfaces will
challenge the user or a password using
Basic Authentication
– Password is in clear text
– Can be used in conjunction with Secure Sockets
Layer (SSL) for more security
• Although you don’t type it in each time,
login is transmitted on each request
Logging In
• Basic authentication dialog box:
Workspace
Navigator
Zope Management Interface
Zope UI Structure
• Frames-based interface
– Navigator — Structure (i.e., the tree)
– Workspace — Contents (i.e, the leaves)
Zope Management Navigator
• Hierarchy of folders
• Root folder name determined at
installation
– Could be /, /Zope,
/anything_you_want
Zope Management Workspace
• Top of the frame offers
one or more views
behind a corresponding
tab
• Displayed tabs vary
depending on what you
are browsing (e.g.,
document, folder, etc.)
Zope Management Workspace
• For folders:
–
–
–
–
–
–
–
Contents
Properties
Import/Export
Security
Undo
Find
Help
Folder Properties
• Properties are
attributes of a folder
• Useful for
– Content management
– App development
• Data types
– string, boolean, date,
float, int, lines, long,
etc.
Folder Import/Export
• Move folders
– across Zope instances
– backups
– product publishing
• Import must be done from the file system
($ZOPE_HOME/import)
Import & Export
Folder Security
• Manage existing role assignments
• Create new role definitions
• New roles are then available for assignment
to users below the definition!
Folder Security
• Note that each product introduces its own
security behaviors that are unique to its
function
• Example
– Specific ZSQL Methods security
Folder Security
Folder Undo
• Exposes transactions since last database pack
• Stores object, method, user and time
• Undo will not violate object integrity
Folder Find
• Where did I use that property?
• What have I tinkered with since yesterday?
• Expensive
Adding Things
• The Available Objects
– Contains available
objects that can be
added in the current
context.
– Contents of the list
depend on what is
installed!
Adding Things
• The URL Structure
– Objects that are added are directly addressable
with the URL
http://server.com/US/Mktg/NewFolder
which is is not on a file system!
– What is the significance of this?
Adding Things
• Selecting an object to add displays an initial
configuration screen
• Contents of this screen vary with the kind of
object being added
• Examples…
– Image, SMTPHost, ZSQL Method
Cut, Copy, Paste, Rename
•
•
•
•
Often it is useful to re-factor a Zope layout
Facilitated by Cut, Copy, Paste and Rename
Available from the Workspace
Cut not applied until subsequent Paste!
Exporting Objects
• Very useful for moving Zope applications
and/or data
• Click the Export link or the Export button
• .fexp file downloaded or saved to server file
system
Exporting & Inporting Objects
Importing Objects
• The export file must be in import directory
• Avoid import name collisions
The Control Panel
• An important Zope artifact
• Provides a through-the-web UI for database
manipulation
– location
– pack
• Exposes the notion of a levered product
Packing the Database
• The ZODB is a logging database
• Previous versions of objects are kept around
until the database is packed
• Packing reduces the size of the database,
but also eliminates the opportunity to
perform Undo operations
The Zope Process
• Starting, Stopping
– When
– Why
User Databases
• When you provide a username and
password, where does Zope look?
• Every Zope Folder can contain a single
database called a User Folder
User Databases
• A User Folder will use one of several
available “databases” for authentication and
authorization information
• Examples:
–
–
–
–
UserDB (from an RDBMS)
LDAP
IMAPUserFolder
etcUserFolder (e.g., /etc/passwd)
Authorization
• Once we find out who you are, what level
of privilege do you have?
• Your roles define your privilege in the site
Managing Users
• Users are Zope objects
• Information about
users can come from
Zope or foreign
systems
• Zope interface allows
easy add/edit/delete
Customizing Authentication
• It’s possible to
customize
authentication (e.g.,
with UserDB)
• This can be extremely
powerful
Hierarchical Security
• Users defined in a higher folder exist in
subfolders
• Opposite is not true
• Allows safe delegation of control
• Managers of sub-folders can easily add their
own users
Creating & Managing Web
Content
Key Points
•
•
•
•
•
Delegating management
Centralizing content
Content reuse
URLs map to objects
Dynamic everything
What Is Content?
• Zope database is organized like a file
system
• Folder and contents have direct URLs
• Content can be many things:
– Static content like HTML documents, images,
and movies
– Dynamic content threaded discussions
– External content like relational databases,
directory servers, or email servers
Zope Content Breakthrough
• Arcane SQL and object references replaced
by intuitive URLs
• Familiar interface patterned after file
managers
• Powerful objects make information more
useful
• All content is dynamic
• Framework makes content predictable
Tracing A Request
• Before managing Zope’s content, review
how Zope objects live on the web
• What happens when you do:
http://US/Sales/manage_addFolder?id=Accounting
Tracing A Request
• Zope opens the /US/ folder and grabs the Sales
object
• Zope opens the Sales object and grabs the
manage_addFolder object
http://US/Sales/manage_addFolder?id=Accounting
Tracing A Request
• manage_addFolder is a method
• Zope grabs the method and finds out what it needs
to be given as arguments
• Zope finds these arguments (id) and passes them
in
• Zope returns the results of the method
http://US/Sales/manage_addFolder?id=Accounting
Tracing A Request
• If a URL contains an object that can’t be found,
Zope handles it
• If you need to login to grab an object, Zope
handles it
• If a needed argument is present, Zope handles it
http://US/Sales/manage_addFolder?id=Accounting
Tracing A Request
• The Zope management screens automate all of this
• Point and click forms interface
Scenario
• ZACME is forming an Accounting division
in its US region. The Accounting
department will be mostly similar to the
others and will manage some of its content.
Creating Content
• Objects are added through methods on a
folder
• Special folders (e.g. discussions) have
special content that can be added
• Kinds of objects (classes) define the form
used when adding
Adding Accounting
Accounting Home Page
• Go to Accounting folder
• Add and Edit a DTML Method called
index_html
Accounting Home Page
What Happened?
• index_html is a special document
• Two new objects in the database
• The following URL now works:
http://server.com/US/Accounting/
Reusing Content
• How can we centralize the name of the
division?
• We have a Title property on the Folder…
• How can we refer to that in our pages?
Adding DTML
• Document Template Markup Language
(DTML)
• Allows simple programming to be added to
documents
Using title
• Edit the index_html object
What Happened?
• The index_html object was retrieved and
processed by Zope
• It asked for a property called title
• A DTML Method object gets its properties
from its folder
• Zope inserted the folder’s title into
index_html
Properties
• Properties help reuse information across
content
• Objects (folders, documents, images, etc.)
can have properties assigned to them
• Managed with the simple Zope GUI
• Properties can be strings, integers,
sequences, etc.
Adding A Property
• Create a property of the Accounting folder
called contact_email
Use Property In Home Page
• Add <dtml-var
contact_email-->
to index_html
Roles and Permissions
• Security on content can be changed with a
point-and-click interface
• Some kinds of content (e.g. discussions)
have extra options for the special things
they do (permissions)
• These operations can be limited to certain
kinds of users (roles)
Centralizing Content
• Web sites are organized hierarchically
– http://server.com:8080/US/Sales/
• Some information is specific to Sales
• Some is general to US or even ZACME
Acquisition
• Zope lets you “move” content up a URL to
a higher folder
• Objects lower down then just ask for the
content
• Zope uses acquisition to look at all the
parents for the content
Example: webmaster Property
• ZACME has a webmaster that administers
all sites
• Her email address is shared across all
department and division pages
Add webmaster Property
• Add property to top folder
Use webmaster Property
• All objects below can now “acquire” the
webmaster property
• US/Accounting/index_html just “asks” for
webmaster
Use webmaster Property
How Does Acquisition Work?
• First, acquisition is very unique and thus
very tough to explain
• OO is about “is-a” and “in-a” relationships
• A Ford “is-a” Car but a Door is “in-a” Ford
• Inheritance provides “is-a”
• Zope provides “in-a”
Overriding Acquisition
• What if Accounting hired its own
webmaster?
• Just define a webmaster property on the
Accounting folder
• Acquisition will pick the lower one up first