Errai: The browser as a platform

Friday, January 27, 2017

Errai 4.0.0.CR1 released!

Since our last post we've done several beta releases, but today I'm happy to announce our first candidate release of Errai 4! Since we haven't blogged about our last few Beta releases, this post will contain highlights of all the changes introduced since 4.0.0.Beta4.

  • Client-side support for the CDI @Typed annotation
  • Global translation keys for Errai i18n
  • Removed ResponseCallback
  • Message bus enhancments (better clustering and CSRF protection)
  • General purpose gatekeepers on @Pages

Without further ado, let's dive right in.

Client-side support @Typed

The @Typed annotation allows you to restrict the types of injection sites that a bean may satisfy. What does that mean? To explain, we'll use the example from the @Typed javadoc. Consider the following class:

With normal CDI resolution, this bean will satisfy any unqualified injection site for any the following types, because the bean is assignable to any of these: Shop, BookShop, Business, and Object. Typically this is desirable, but we could reasonably want this bean to only satisfy injection sites of type Shop so that other developers don't depend on the implementation.

The @Typed annotation allows us to specify a subset of this bean's assignable types as its bean types, like so:

With this declaration, BookShop now only satisfies injection sites with types Shop or Object, preventing other developers from injecting this as a BookShop or a Business.

Global Translation Keys in Errai i18n

If you use Errai i18n, then you know that translation bundles use templated class names as prefixes for the keys. For example, consider this templated bean.

If we used Errai i18n to translate the "hello" data-field, we would define the translation of this element with the key "I18nTemplatedBean.hello-key". The disadvantage of this prefixing is that it made it impossible to share translations of common words between templates, leading to lots of duplication.

Now Errai i18n supports unprefixed translation keys that can be used in any template. Global translation keys have a lower priority than prefixed translations, and so they will only be used to translate a data-field if there is no translation key for the field specific to that template. So we could use the value associated with the key "hello-key" to translate the data-field in the above example provided there is no value for the key "I18nTemplatedBean.hello-key".

No more ResponseCallback for JAX-RS RPCs

The ResponseCallback was introduced to Errai to allow developers to access the underlying Response object returned from a JAX-RS RPC call. Unfortunately, this feature caused a serious problem for client-side RPC interceptors (including those used by Errai Security), where it became impossible to intercept the result of an RPC calls without a ClassCastException in some cases.

To solve this problem, we've removed the ResponseCallback, so that every RPC method has a single expected callback type that directly corresponds to the return type of the RPC method. In cases where a Response object is needed, you can modify your JAX-RS method to return a, allowing you to use a RemoteCallback<> from the client call site.

Message Bus Enhancements

Clustering Fixes

This release fixes a bug where the message bus could enter a reconnect loop after failover in certain clustering setups. With this fix the message bus is now more resilient at handling failover when working behind a load balancer.

CSRF Protection

The Errai Bus now provides basic CSRF protection. This protection is disabled by default. It can be enabled setting this property to true (as a System property or in errai.bus.enable_csrf_token

When enabled, a CSRF token is generated on the server that must be included as a header in every bus request. This token can be embedded on a GWT host page with a provided filter, or else negotiated as part of the message bus connection.

General purpose gatekeepers for @Pages

Since the release of Errai Security it has been possible to control access to pages via required roles, but there was no general way to redirect before a page was displayed based on business logic.

As a recent change, you can now intercept navigation by adding a NavigationControl parameter to a @PageShowing method like so:

We on the Errai team would like to thank Ben Dol for both suggesting and implementing this feature.

Still Time for Feedback

As always, we encourage and welcome community feedback. If you are still on Errai 3, consider checking out our migration guide and trying out Errai 4 today!

Until the next time, happy coding!