Ruby Class with Mass assignable attributes
Well, this is very weired again, but it seems ruby class does not allow me to have mass assignable attributes as you could do with the ActiveRecord models using attr_accessible or attr_accessor.
Its very painful to have too many getters and setters in the class and to assign them manually when you create an object of that class or to have constructor which has those hundreds of params.
So, how do we achieve that. Well there are two ways.
1. The hacky way:
class Woo
attr_accessor :f_name, :l_name
def initialize(params)
#instance_eval &block
params.each do |key, value|
eval("self.#{key}= '#{value}'") if self.respond_to? "#{key}="
end
end
end
woo = Woo.new(:f_name => "first_name", :l_name => "last_name")
What we are doing here is that we are trying to assign these instance variables in an eval loop. So the constructor to the method just takes all your parameter hash and then tries to see if your class responds to that method setter (which it should as you have defined the att_accessors for those instance variable already), and then assigns them the corresponding value from the hash.
2. The cleaner way, but which hides what you have inside as attributes
require 'ostruct'
Class woo < OpenStruct
end
woo = Woo.new(:f_name => "first_name", :l_name => "last_name", any_no_of_craps...)
OpenStruct is nothing but another container like a hash in ruby which just gets better when it comes to serialization of these objects (which in my own case is a need)
Hope that helps a bit to someone!!
no such file to load — capistrano-ext
If you are using capistrano and capistrano-ext together, please note that the following line in you environment.rb might not be sufficient:
config.gem “capistrano”
config.gem ‘capistrano-ext’
In this case, you might get the error :
no such file to load — capistrano-ext
bla-bla-bla
All you need for your app to find the gem (I am assuming that you have already installed the gem by running the command : rake gem install capistrano-ext) is following:
config.gem “capistrano”
config.gem ‘capistrano-ext’, :lib => ‘capistrano’
Mocha should be loaded after Shoulda with rails 2.3
Well, this one really drove me crazy. So I decided to finally pen it down. May this help somebody else in future. This might not be very new, but really crazy stuff.
If you are using Mocha and Shoulda both, then please load Mocha after you have loaded Shoulda. Like following:
config.gem “shoulda”, :lib => “shoulda”, :source => “http://gems.github.com”, :version => “>=2.11.3″
config.gem ‘mocha’
If you load Mocha before Shoulda, what happens is that Mocha gets crazy with the expectations. You might see your tests failing because of some weird expectations that are not set in the current failing test but were set somewhere else in some other test.
So, in a nut shell, Mocha starts keeping the expectations across tests instead of wiping them off after each test, as it is expected to do.
class_eval and instance_eval
Hey guys this is the most amazing and funny thing I have learnt in my life time. I started laughing like anything when I learnt how this behaves and things started going over my head for some time 
Then I happened to watch Dave Thomas’s video on metaprogramming as many as thrice to really sink in whats going on. It’s so dam! confusing in start, I must say. But once you sink in the fact is that even all the classes in ruby are instances of the type Class at the end of the day, it all starts making sense.
So lets see what is this:
To start with lets say we have a class Animal {}
Now if I say, Animal.class_eval { # some code here may be a method definition}, what this will do is induce methods on the instance’s of the class Animal. Yes you read right, it’s the instances of the class Animal who will get methods defined inside the class_eval block of a class and not the class Animal itself.
Why so… if at all like this, then why is this stupid naming convention there to confuse the learners anyways. Exactly this went just now through your mind, right? So it did through my mind when I read it for the first time. But think it like this. Who is the receiver of the class_eval here. Receiver is the class Animal. So the methods will go in Animal class. Now if the methods go in the class Animal, then obviously they are available to the instances of Animal. RIGHT?
Now look at the other one, Animal.instace_eval {# some code goes here may be some method definition}. Now where are these methods goign to go. Lets analyze this in a logical manner. Who is the receiver here. Receiver is instance Animal. So the methods should go to the instance Animal and not the class Animal. Now, as I said a little while ago, every class is an instance of class Class. And therefore, there methods will go in the metaclass Animal (Represented as A’). This, in terms of Dave Thomas, is called ghost class or anonymous class which we cannot instantiate but does come in to play when any class is evaluated as an instance.
The above things would be easily get cleared to those who are familiar with the go-one-step-right for methods in ruby funda!
So, for those who do not know this, I would recommend watch the Dae Thomas’s videos on metaprograming. For those who hae forgotten and need some hint, read the following:
Ruby simply says, that the instances are behaviors are kept side by side, the object (receiver of the method call) being on the left and the methods that can be called on it are on the right side of it.
a ->(instance methods go in one step right to) Animal -> (class methods go in one step right to) Animal’
Still confusing, then u have really forgotten, go and read more
Thanks for reading (I am really lazy in giving good graphical examples, I am sorry for that. But that you might find out in some good book )
Ruby Metaprograming
The very hot and controversial topic I would say in the dynamic language world is Metaprograming. I am saying controversial, coz if not used properly it may lead to too many magics happening all across your application and it might become a nightmare to maintain it.
Definition : “The phenomenon of a piece of code writing another piece of code on the fly at the run time is metaprograming”
Definition seems to be very simple, but the implementation is not that simple, at least for me
I am just introduced to this (metaprogramming) world. Learnt about it, because I started following Dave Thomas, the pragmatic programmer. I watched the seven videos presented by him about the ruby metaprgramming, mixins, bindings, lamda, procs etc. I would say the videos are worth watching and so is the book Agile web Development with Rails by him. It’s very well written !! I must say.
So, I got exited after the videos and the book and couldn’t stop myself from penning down a few words about, what made me mad the most : “Metaprograming”.
To start with lemme ask you a question “Have you ever wondered how come the things like att_reader or attr_accessor allow you to access the attributes of a particular modle in Ruby?“. Although Ruby as a language says that all the attributes of a model are inherently private. For example, let’s say I have a class
class Vehicle
attr_accessor :no_of_wheels
def initialize(no_of_wheels)
@no_of_wheels = no_of_wheels
end
end
vehicle = Vehicle.new(2)
puts “The vehicle has #{vehicle.no_of_wheels} wheels”
vehicle.no_of_wheels = 4
puts “The vehicle has #{vehicle.no_of_wheels} wheels”
Running the above program gives you the following output :
The vehicle has 2 wheels
The vehicle has 4 wheels
How is that possible!!! If you are a JAVA guy (like me), you will definately start pulling your hair when this is working inspite of not finding any getter or setter defind for the same in the class hirarchy any where. What is this magic. How come I am not getting the error on accessing the private instance variable @no_of_wheels in the Vehicle class. Hmmm… thats insane.
Here is Metaprogramming coming to play. In fact, what just happened here is that as soon as you say attr_accessor :instance_var_name, ruby inserts the gettetrs and setters as two instance methods on the fly in the Vehicle class for you. so in effect that single line of code makes the ruby class look like this:
class Vehicle
def initialize(no_of_wheels)
@no_of_wheels = no_of_wheels
end
def no_of_wheels() #getter
@no_of_wheels
end
def no_of_wheels=(no_of_wheels) #setter
@no_of_wheels = no_of_wheels
end
end
So at the run time, the no_of_wheels is available on the instances of the Vehicle class!! This is metaprogramming!
Now this also doesn’t happen out of the thin air. The code for the attr_accessor is present in Module class an is implemented in such a way that it generates the getters and setters for you.
OK, let’s do this. Let’s write our own implementation of the attribuet accessors. You will find mostly this example lying around all over the internet and the reason is probably that this is the most simply explained and makes most sense as the ruby newbie’s, like me, already see a lot of’em lying around as soon as they start with this monster language.
So here we go. In this example I’ll try to open the class Module and add my attribute accessor to it. Let’s call our attribute accessor as : access_vars
class Module
def getter_setter_for(*vars)
vars.each do |var|
class_eval
“def #{var}”
“@#{var}”
“end”
“def #{m}=(val)”
“@#{m}” = val”
“end”
end
end
end
And now in our class we can just say :
class Vehicle
getter_setter_for :no_of_wheels
def initialize(no_of_wheels)
@no_of_wheels = no_of_wheels
end
end
And this will just get us the getters and setters inserted on the fly when the class is loaded.
So here, the one line of code getter_setter_for or attr_accessor can write code on the fly. This is what metaprograming is!!
That’s it.
Secure Socket Layer : A Netscape Baby
Netscape created the first version (1.1) of the SSL protocol in 1994 and since then it has evolved and the final version 1.3 has been accepted as a standard in the web community for secure wire transfers. SSL is used to send data in encrypted data over the wire. Encryption is necessary when you are sending sensitive data like any funds transaction, credit card related data, or any sh*t in this world that you feel should be secured from an unautherised access and should reach in safe hands.
SSL is meant to ensure that your data reaches the safe hands. How does it all happens but? Before we can actually discuss the process lemme tell you some key terms that are you need to know for better understanding of the whole of the process.
Certificate: A certificate or digital certificate is an electronic document that is used to establish trust between the two parties (client and server) who want to communicate on the wire. It has following information which is used in establishing the authenticity and trust between two parties:
- Information about the owner of the certificate, like e-mail address, owner’s name
- Certificate usage, duration of validity
- Resource location or Distinguished Name (DN) which includes the Common Name (CN) (web site address or e-mail address depending of the usage) and the certificate ID of the person who certifies (signs) this information.
Lets also have a look at how beautiful a certificate look:
Certificate:
Data:
Version: 3 (0×2)
Serial Number: 1 (0×1)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=FJ, ST=Fiji, L=Sanjeev, O=SOPAC, OU=ICT, CN=SOPAC Root CA/Email=administrator@directi.com
Validity
Not Before: Nov 20 05:47:44 2001 GMT
Not After : Nov 20 05:47:44 2002 GMT
Subject: C=DI, ST=DIRECT, L=Mansha, O=DIRECT, OU=ICT, CN=www.directi.com/Email=administrator@directi.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:ba:54:2c:ab:88:74:aa:6b:35:a5:a9:c1:d0:5a:
9b:fb:6b:b5:71:bc:ef:d3:ab:15:cc:5b:75:73:36:
b8:01:d1:59:3f:c1:88:c0:33:91:04:f1:bf:1a:b4:
7a:c8:39:c2:89:1f:87:0f:91:19:81:09:46:0c:86:
08:d8:75:c4:6f:5a:98:4a:f9:f8:f7:38:24:fc:bd:
94:24:37:ab:f1:1c:d8:91:ee:fb:1b:9f:88:ba:25:
da:f6:21:7f:04:32:35:17:3d:36:1c:fb:b7:32:9e:
42:af:77:b6:25:1c:59:69:af:be:00:a1:f8:b0:1a:
6c:14:e2:ae:62:e7:6b:30:e9
Exponent: 65537 (0×10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
FE:04:46:ED:A0:15:BE:C1:4B:59:03:F8:2D:0D:ED:2A:E0:ED:F9:2F
X509v3 Authority Key Identifier:
keyid:E6:12:7C:3D:A1:02:E5:BA:1F:DA:9E:37:BE:E3:45:3E:9B:AE:E5:A6
DirName:/C=FJ/ST=Fiji/L=Suva/O=SOPAC/OU=ICT/CN=SOPAC Root CA/Email=administrator@directi.com
serial:00
Signature Algorithm: md5WithRSAEncryption
34:8d:fb:65:0b:85:5b:e2:44:09:f0:55:31:3b:29:2b:f4:fd:
aa:5f:db:b8:11:1a:c6:ab:33:67:59:c1:04:de:34:df:08:57:
2e:c6:60:dc:f7:d4:e2:f1:73:97:57:23:50:02:63:fc:78:96:
34:b3:ca:c4:1b:c5:4c:c8:16:69:bb:9c:4a:7e:00:19:48:62:
e2:51:ab:3a:fa:fd:88:cd:e0:9d:ef:67:50:da:fe:4b:13:c5:
0c:8c:fc:ad:6e:b5:ee:40:e3:fd:34:10:9f:ad:34:bd:db:06:
ed:09:3d:f2:a6:81:22:63:16:dc:ae:33:0c:70:fd:0a:6c:af:
bc:5a
—–BEGIN CERTIFICATE—–
MIIDoTCCAwqgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBiTELMAkGA1UEBhMCRkox
DTALBgNVBAgTBEZpamkxDTALBgNVBAcTBFN1dmExDjAMBgNVBAoTBVNPUEFDMQww
CgYDVQQLEwNJQ1QxFjAUBgNVBAMTDVNPUEFDIFJvb3QgQ0ExJjAkBgkqhkiG9w0B
CQEWF2FkbWluaXN0cmF0b3JAc29wYWMub3JnMB4XDTAxMTEyMDA1NDc0NFoXDTAy
MTEyMDA1NDc0NFowgYkxCzAJBgNVBAYTAkZKMQ0wCwYDVQQIEwRGaWppMQ0wCwYD
VQQHEwRTdXZhMQ4wDAYDVQQKEwVTT1BBQzEMMAoGA1UECxMDSUNUMRYwFAYDVQQD
Ew13d3cuc29wYWMub3JnMSYwJAYJKoZIhvcNAQkBFhdhZG1pbmlzdHJhdG9yQHNv
cGFjLm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAulQsq4h0qms1panB
0Fqb+2u1cbzv06sVzFt1cza4AdFZP8GIwDORBPG/GrR6yDnCiR+HD5EZgQlGDIYI
2HXEb1qYSvn49zgk/L2UJDer8RzYke77G5+IuiXa9iF/BDI1Fz02HPu3Mp5Cr3e2
JRxZaa++AKH4sBpsFOKuYudrMOkCAwEAAaOCARUwggERMAkGA1UdEwQCMAAwLAYJ
YIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1Ud
DgQWBBT+BEbtoBW+wUtZA/gtDe0q4O35LzCBtgYDVR0jBIGuMIGrgBTmEnw9oQLl
uh/anje+40U+m67lpqGBj6SBjDCBiTELMAkGA1UEBhMCRkoxDTALBgNVBAgTBEZp
amkxDTALBgNVBAcTBFN1dmExDjAMBgNVBAoTBVNPUEFDMQwwCgYDVQQLEwNJQ1Qx
FjAUBgNVBAMTDVNPUEFDIFJvb3QgQ0ExJjAkBgkqhkiG9w0BCQEWF2FkbWluaXN0
cmF0b3JAc29wYWMub3JnggEAMA0GCSqGSIb3DQEBBAUAA4GBADSN+2ULhVviRAnw
VTE7KSv0/apf27gRGsarM2dZwQTeNN8IVy7GYNz31OLxc5dXI1ACY/x4ljSzysQb
xUzIFmm7nEp+ABlIYuJRqzr6/YjN4J3vZ1Da/ksTxQyM/K1ute5A4/00EJ+tNL3b
Bu0JPfKmgSJjFtyuMwxw/Qpsr7xa
—–END CERTIFICATE—–
Besides the above information, you can notice that there is a public key information also in the certificate.
Public Key / Private Key: The key is based on prime numbers and their length in terms of bits ensures the difficulty of being able to decrypt the message without the having the key pairs. This is the key using which the data to be transferred on wire is encrypted. The process is known as Public-key cryptography, or asymmetric cryptography. By asymmetric we mean that the keys used to encrypt and decrypt the message are different. The private key is nothing different than the public key, the only difference being, as the name suggests, it is always kept secret. The message encrypted with the public key can only be decrypted using the private key and vice versa.
Now after knowing all these terms, I would like to pen down the simple steps in which the whole encryption/decryption process happens:
- A client (browser) requests a secure page (https).
- The web server first sends it’s public key enclosed within a certificate.
- The client checks that the certificate was issued by a trusted party (usually a trusted Certificate Authority), that the certificate is still valid, and that the certificate is related to the site contacted.
- The client uses the public key of the certificate to encrypt the data and sends it to the server.
- Teh server decrypts the message using the private key.
- The server then process the request and encrypts the result data using its private key and sends it back to the client.
The above type of encryption mechanism is known as Asymmetric Cryptography as the keys which are involved in encryption and decryption are different. But there is a flaw in the above process. The data that is being sent by the server back to the client, can be decrypted by any of the clients who have ever contacted the server. This is because all those clients would have the public key of the certificate (as you know the public key is distributed openly with the certificate). So basically the above process just offered one way protection of the data.
In order to solve this problem, the above process need to be modified a little. The solution is to have some key that only the client and the server know about and is unique for every single session. This is achieved by the process called Key Exchange. In this process after receiving the public key for the first time from the server certificate, the client generates a random key and encrypts it using the public key. This key is then sent to the server which server decrypts and thus they have a key which only the lint and the server know about. Any further communication between the client and the server happens using this key thereafter. That is the server then uses that key to encrypt the message sent to the client and the does the client. In fact the same key is used to decrypt the messages. So the same key is used for encryption and decryption both. And therefore this process is also known as Symmetric Cryptography. Since the same key is used this process o communication is relatively faster than the asymmetric one.
For the symmetric encryption, the above process is changed as follows:
4. The browser then uses the public key, to encrypt a random symmetric encryption key and sends it to the server with the encrypted URL required as well as other encrypted HTTP data.
5. The web server decrypts the symmetric encryption key using its private key and uses the symmetric key to decrypt the URL and HTTP data.
6. The web server sends back the requested html document and HTTP data encrypted with the symmetric key.
7. The browser decrypts the HTTP data and html document using the symmetric key and displays the information.
SSL Limitations:
- Point to Point Security: SSL only offers point to point security rather than end-to-end. By end to end we mean that when the data needs to go form one one end to the other passing through various nodes in between, where in the data needs to be processed by each node then it requires cumbersome task of encrypting and decrypting data at each point where any processing is required till the data reaches the final destination.
- Acts at the Transport layer and not on the Message layer: This means that SSL provides security only as long as the data is in the wire i.e. online and as soon as the is downloaded on the physical disk, the security is lost.
- Its atomic encryption: In SSL if you want to encrypt or secure a part of a long file and keep the rest as such, then it is not possible. It either does the whole data encryption or does not do at all for the whole data.
Anonymous Inner Class
“Meri bheegi bheegi si palkon pe rah gaye, jaise mere sapne bikhar ke – ANAMIKA“. Indian readers can find the relevance here
An anonymous inner class is one which does not have any name. Anonymous inner classes are created on the fly just in time. They introduce the weirdest looking java syntax. Following code shows an example of the anonymous inner class:
class Test
{
public void foo()
{
System.out.println(“main class foo method”);
}
public static void main(String[] args)
{
Test t = new Test()
{
public void foo()
{
System.out.println(“Anonymous class’s foo method”);
}
};
t.foo();
}
}
In this case look at the line in the main method that creates the instance of the Test class. Isn’t the syntax looking weired. Whats happening here is that we are actually creating an anonymous class which is a subclass of the Test class and overriding the foo() method. This is very useful when you just require to override one or two methods of a class, but do not want to create a new class all together for it. Here the anonymous class is created just-in-time and when the above program is run, it prints “Anonymous class’s foo method”.
Anonymous inner classes can also be used as an argument to a method call. The following code shows the same:
class Test
{
public void foo(Test t)
{
t.foo();
}
public void foo()
{
System.out.println(“main class’s foo called”);
}
public static void main(String[] args)
{
Test t = new Test();
t.foo(new Test()
{
public void foo()
{
System.out.println(“Anonymous class’s foo method”);
}
});
}
}
In the above we are calling an overloaded foo() method that takes an object of the Test class. We want to pass in an object that has a different behavior for the foo() method. So what we do is we create a just-in-time anonymous inner class and pass it as an argument to overloaded foo method. So when the no-arg foo method is called on the Test object from within the overloaded foo method, the anonymous inner class’s version of the no-arg foo method is called instead of the Test class’s original no-arg foo method. When this program is run it prints “Anonymous class’s foo method”
I would like to discuss one more case of the anonymous inner class case here. Sometimes you might require passing a just-in-time implementation of an interface which is not yet created. Consider a scenario that you have an interface and you do not have any class implementing that interface. You want to call a method that accepts the interface type. hat do you do? Simple ion this case also you would create an anonymous inner class and pass it as an argument to that method. The following code shows you the same:
class Test
{
public void foo(AnInterface i)
{
i.method1();
}
public static void main(String[] args)
{
Test t = new Test();t.foo(new AnInterface()
{
public void method1()
{
System.out.println(“Created just in time implementation class of the AnInterface”);
}
});
}
}
interface AnInterface
{
void method1();
}
Here we just created an anonymous inner class that is an implementation of the AnInterface interface and passed it to the method foo which takes the AnInterface type as a parameter. You can see that the anonymous inner class has to give the implement the method1() present in the AnInterface (obviously ). When this program is run, it prints “Created just in time implementation class of the AnInterface”.
This is it for the anonymous inner classes . Will keep coming up with more topics till the time I finish preparing for SCJP
