Thursday, May 30, 2013

Domain-Driven Design: Referencing Aggregates and Using DTOs

After seeing and reviewing some existing systems, I've been thinking about how to improve the way I practice domain-driven design. In this entry, let me talk about two things that I think helps when implementing DDD:

  • Reference other aggregates by ID.
  • Use data transfer objects.

Reference Other Aggregates by ID

Let aggregates reference other aggregates by ID (identity), not the aggregate itself.

Vaughn Vernon has written about this.

It's quite often that I'd model aggregates and reference other entities/aggregates. But this makes the system more difficult to maintain, as an aggregate would need to know every other entity/aggregate. Take the order and product domain model as an example.

We have an order entity that has one-or-more order items. The order entity forms the aggregate root. Each order item would refer to a product, a quantity, and a total price.

Just to help paint a better picture, we would also have a repository for order (OrderRepository) and a repository for product (ProductRepository).

Usually, we would have the order item reference a product by type. Something like:

class Order {
  private Long id;
  private List<OrderItem> items;
  . . .
}

class OrderItem {
  private Product product;
  private int quantity;
  private Money unitPrice;
}

class Product {
  private Long id;
}

Instead of referencing product by type, we can reference it by ID, like this:

class Order {
  private Long id;
  private List<OrderItem> items;
  public Long id() { return this.id; }
  public List<OrderItem> items() { return Collections.unmodifiableList(this.items); }
  . . .
}

class OrderItem {
  private Long productId;
  private int quantity;
  private Money unitPrice;
  . . .
}

class Product {
  private Long id;
  . . .
}

NOTE: I'm using the Long type for simplicity here. Otherwise, a domain-related value object like ProductId could be used.

NOTE: Notice how getters are not used to expose read-only properties in the Order entity. This seems to be a pattern to help developers get off the JavaBean/getter-setter mindset, and stay with a domain object/entity mindset.

This allows a cleaner implementation, since the order aggregate would not be referencing the product. This also makes the ProductRepository more useful. Otherwise, products would have been retrieved using orders.

If you happen to be using JPA for persistence, you can use the @ManyToOne annotation and specify the targetEntity element:

@Entity
class Order {
  @Id
  private Long id;
  @OneToMany
  private List<OrderItem> items;
  . . .
}

@Entity
class OrderItem {
  @ManyToOne(targetEntity = Product.class)
  private Long productId;
  private int quantity;
  private Money unitPrice;
  . . .
}

@Entity
class Product {
  @Id
  private Long id;
  . . .
}

NOTE: Notice that a uni-directional relation between order and order items is used (not a bi-directional relation). This helps make the implementation simpler, as the order item does not reference its parent order.

The above results to the following DDL.

create table "order" (. . .);

create table order_item (
  . . .
  product_id bigint,
  . . .
);

create table product (
  id bigint generated by default as identity (start with 1),
  . . .
);

. . .
alter table order_item
    add constraint FKxxxxxxxxxxx2
    foreign key (order_id)
    references order;
. . .
alter table order_item
    add constraint FKxxxxxxxxxxx7
    foreign key (product_id)
    references product;
. . .

Given the above simple adjustment, we now have an order aggregate that does not directly reference the product aggregate. This creates a cleaner separation and a more modular domain model. It might even be possible to have an order that can reference a different type of product (as long as the ID type is compatible). This might allow a more re-usable order domain model.

Use Data Transfer Objects

Use simple structures (DTOs) to transfer data from the domain model to an interface and vice-versa.

I often see the domain model entities with all of its fields being modifiable via getters and setters. Also, they have zero-arguments constructors. This makes it difficult to apply invariants or business rules (as the entity can be in an invalid state). And the usual excuse I get for this is because they need to create a UI that allows the fields/properties to be modifiable.

For me, I'd rather have an entity that is always valid.

To preserve the business rules or invariants of the domain model, we cannot afford to have all of the entity fields being modifiable. This is where DTOs are needed.

package order.domain.model;

@Entity
class Order {
  . . .
  public int addItem(Long productId, int quantity, Money unitPrice) {
    . . .
  }
}

@Entity
class OrderItem {
}

. . .

package order.interfaces.dto;

class OrderDTO {
  private List<OrderItemDTO> items;
  public List<OrderItemDTO> getItems() {...}
  public void setItems(List<OrderItemDTO> ...) {...}
}

class OrderItemDTO {
  private Long productId;
  private int quantity;
  // getters and setters
}

The UI shall use the DTOs when displaying and receiving inputs. Once the data is captured in DTOs, assemblers are used to apply the changes to domain objects. This pattern can be seen in the dddsample project.

package order.interfaces.assembler;

class OrderAssembler {
  . . .
  public OrderDTO toDTO(Order order) {
    OrderDTO dto = new OrderDTO();
    . . .
    dto.setOrderDate(order.orderDate());
    dto.setEntryDate(order.entryDate());
    dto.setCustomerId(order.customerId());
    . . .
    return dto;
  }
  . . .
  public Order fromDTO(OrderDTO dto) {
    Order order;
    if (dto.getId() != null) {
      order = orderRepository.find(dto.getId());
    } else {
      order = new Order(..., dto.getCustomerId());
    }
    . . .
    Long productIds[] = dto.getProductIds();
    // Can use IN operator to get products with given IDs
    Map<Long, Product> products = productRepository.find(productIds);
    for (OrderItemDTO itemDTO : dto.getItems()) {
      Product product = products.get(itemDTO.getProductId());
      order.addItem(
          item.getProductId(),
          item.getQuantity(),
          product.getPrice());
    }
    return order;
  }
  . . .
}

This has helped me understand DDD implementations better. I hope it helps others too.

Monday, May 6, 2013

JSTL <c:url> and jsessionid Parameter

Here's a brief entry about the jsessionid parameter that appears whenever you use <c:url/> tags in your JSPs. I've seen several questions on how to remove it, and how to disable <c:url/> tags from generating it. After some research, and some quiet time to think about it, the solution is quite simple, and has something to do with JSPs having session defaulting to true.

The solution is to make sessions optional for pages that don't require them. Simply add a JSP directive <% @page session="false" %>.

JSPs, By Default, Create Sessions

Yes, JSPs create sessions, unless you specify otherwise. By default, JSP files get a HttpSession using request.getSession(true) method. So, by default, JSP files create a new session if none existed.

But what does this have to do with <c:url/> generating/adding a jsessionid parameter to the resulting URL?

The <c:url/> tag checks if the request supports cookies. In cases where the request is the first request (with no cookies sent, at least, none yet), the server could not be sure if the request supports cookies. In these cases, the <c:url/> tag implementation adds the jsessionid parameter when the request does not support cookies. This is called URL session tracking.

When will cookies not be supported?

There are a couple of possibilities. One would be when the browser has it disabled. The other would be when a search bot is crawling your web site.

So, it's not the tag's fault. It's doing what it is supposed to do. It also escapes characters to form a valid URL.

Others might think that simply not using the <c:url/> tag would solve the problem. But I think that creates more problems, as your URLs may not have been escaped properly.

Still others have conjured up filters that would remove the session ID from the URL. Please don't. Making sessions optional may be a better option.

JSPs and Template Frameworks like SiteMesh and Tiles

If you're using template frameworks like SiteMesh and Tiles, you're likely to be using JSPs as decorators or templates (for headers, navigation bars, footers, and others). Note that these JSPs may also create a session, unless you explicitly specify it using the page directive. So, be careful. It might be a good practice to keep these template pages with session creation set to false.

URLs and Crawlers

The problem of inadvertently creating session is more apparent when developing web sites that are crawled by bots (like Googlebot). If you happen to see URLs crawled by the search bot having jsessionid parameters, then you should be looking at the pages that should not have created sessions.

Not only are these session parameters ugly, they simply ruin your web site's search engine results page. Who would want to visit your site with a pre-existing jsessionid?

Conclusion

A good practice would be to keep your landing page (usually an index.jsp, or whatever your welcome page is in your web.xml) with a page directive to turn-off session creation. Another page that should not create sessions would be your login page. The session is only required after the user has logged in (not before).

If a user visits your page with an existing session, it will still work. Remember, we're just making session creation optional. We're not making it invalid.

I hope this brief entry can help several Java developers and save some of our precious time.