MASARYKOVA UNIVERZITA

FAKULTA INFORMATIKY

Æ

Modern Web Application Frameworks

MASTER’STHESIS

Bc. Jan Pater

Brno, autumn 2015 Declaration

Hereby I declare, that this paper is my original authorial work, which I have worked out by my own. All sources, references and literature used or ex- cerpted during elaboration of this work are properly cited and listed in complete reference to the due source.

Bc. Jan Pater

Advisor: doc. RNDr. Petr Sojka, Ph.D.

i Abstract

The aim of this paper was the analysis of major web application frameworks and the design and implementation of applications for website content ma- nagement of Laboratory of Multimedia Electronic Applications and Film festival organized by Faculty of Informatics. The paper introduces readers into web application development problematic and focuses on characte- ristics and specifics of ten selected modern web application frameworks, which were described and compared on the basis of relevant criteria. Practi- cal part of the paper includes the selection of a suitable framework for im- plementation of both applications and describes their design, development process and deployment within the laboratory.

ii Keywords

Web application, Framework, PHP,Java, Ruby, Python, Laravel, Nette, Phal- con, Rails, Padrino, Django, Flask, Grails, Vaadin, Play, LEMMA, Film fes- tival

iii Acknowledgement

I would like to show my gratitude to my supervisor doc. RNDr. Petr So- jka, Ph.D. for his advice and comments on this thesis as well as to RNDr. Lukáš Hejtmánek, Ph.D. for his assistance with application deployment and server setup. Many thanks also go to OndˇrejTom for his valuable help and advice during application development.

iv Contents

Introduction ...... 1 1 Problematic and Basic Terms ...... 2 1.1 Web Applications ...... 2 1.2 Web Frameworks and Design Patterns ...... 3 1.3 Modern Web Application Technologies ...... 4 1.3.1 Code Simplification Technologies ...... 4 1.3.2 Bootstrap ...... 6 1.4 Design Patterns ...... 6 1.4.1 Model View Controller ...... 7 1.4.2 Component Based Architecture ...... 8 1.5 Programming Languages ...... 8 1.5.1 PHP ...... 9 1.5.2 Ruby ...... 9 1.5.3 Python ...... 10 1.5.4 Java ...... 10 1.6 Selection of Comparison Form ...... 11 1.6.1 Comparison Criteria ...... 11 1.7 Chapter Conclusion ...... 12 2 Framework Analysis ...... 14 2.1 Laravel ...... 14 2.1.1 Framework Usage and Properties ...... 15 2.1.2 Comparison Criteria ...... 16 2.1.3 Summary ...... 17 2.2 Nette ...... 18 2.2.1 Framework Usage and Properties ...... 18 2.2.2 Comparison Criteria ...... 20 2.2.3 Summary ...... 21 2.3 Phalcon ...... 21 2.3.1 Framework Usage and Properties ...... 22 2.3.2 Comparison Criteria ...... 23 2.3.3 Summary ...... 24 2.4 Ruby on Rails ...... 25 2.4.1 Framework Usage and Properties ...... 25 2.4.2 Comparison Criteria ...... 26 2.4.3 Summary ...... 27 2.5 Padrino ...... 28 2.5.1 Framework Usage and Properties ...... 28

v 2.5.2 Comparison Criteria ...... 29 2.5.3 Summary ...... 30 2.6 Django ...... 31 2.6.1 Framework Usage and Properties ...... 31 2.6.2 Comparison Criteria ...... 32 2.6.3 Summary ...... 33 2.7 Flask ...... 33 2.7.1 Framework Usage and Properties ...... 34 2.7.2 Comparison Criteria ...... 35 2.7.3 Summary ...... 36 2.8 Grails ...... 37 2.8.1 Framework Usage and Properties ...... 37 2.8.2 Comparison Criteria ...... 38 2.8.3 Summary ...... 39 2.9 Vaadin ...... 40 2.9.1 Framework Usage and Properties ...... 40 2.9.2 Comparison Criteria ...... 42 2.9.3 Summary ...... 43 2.10 Play ...... 43 2.10.1 Framework Usage and Properties ...... 44 2.10.2 Comparison Criteria ...... 45 2.10.3 Summary ...... 46 2.11 Framework Overview ...... 46 2.12 Summary and Comparison Tables ...... 50 2.13 Chapter Conclusion ...... 54 3 Web Application Development ...... 55 3.1 Application Requirements ...... 55 3.1.1 Application for LEMMA ...... 56 3.1.2 Application for Film Festival ...... 56 3.2 Framework Selection ...... 57 3.3 Application Design ...... 58 3.3.1 User Roles ...... 59 3.3.2 Administration ...... 60 3.3.3 Content Management ...... 61 3.3.4 Graphic Design ...... 62 3.4 Application Implementation ...... 67 3.4.1 Development Tools ...... 67 3.4.2 Creating the Project ...... 67 3.4.3 Project Structure ...... 68 3.4.4 General Development Process ...... 71

vi 3.4.5 Content Management Implementation ...... 73 3.4.6 User Authentication ...... 75 3.5 Deployment ...... 76 4 Conclusion ...... 78 Attachments ...... 79 A. Design Diagrams for LEMMA Applications ...... 79 B. Contents of Attached CD ...... 82 Glossary ...... 83 Bibliography ...... 86

vii Introduction

Since the introduction of Web 2.0, website content management has rede- fined the way modern websites are used. There are numerous ways to man- age the content of a certain website to make it secure and user friendly. Most importantly, the whole management system has to be effective. In order to accomplish this, programmers often face a large amount of time consuming development that would later include rewriting parts of code and reusing it in other projects. With countless hours spent on programming from scratch, it is necessary to look for new ways to build high end web applications fast and easily. Web frameworks have become crucial for creating effective web ap- plications, not only for managing its contents. Today we are able to uti- lize over a hundred different frameworks written in various different lan- guages, with often a very distinct way of approaching a certain develop- ment problematic. Web developers were given a powerful tool for creating complex web applications easily and fast, which relieved from the burden of developing each system core separately from the beginning. The aim of this paper is to analyze functionality of modern web frame- works, describe distinctions between them and present different ways of development approach. Since there are over a hundred of these frameworks, this paper includes analysis of a representative sample of them and de- scribes their advantages when using them for certain application type based on requirements of a given application. In the first chapter the paper introduces important terminology used to describe procedures and technologies that are crucial for developing web applications. The chapter also covers the specifications of chosen criteria for the quality assessment of the chosen frameworks. In chapter 2, every framework is verbally described on the base of research and its output is structured in a research summary and transparent comparison tables. The practical part consists of designing the web application for the Laboratory of Multimedia Electronic Applications (LEMMA) and the website of the film festival organized by Faculty of Informatics in the best suited frame- work according to its usability, extensibility and deployment requirements, based on the research conducted in chapter 2.

1 1 Problematic and Basic Terms

This chapter covers the introduction to the web application problematic and briefly describes basic terms and common development approaches used in the thesis. It also briefly covers modern code simplification technologies that allow developers to save time by simply generating large parts of the code or writing such parts using special macros. The last part of the chapter focuses on describing the terminology used in the final selection of tested web frameworks.

1.1 Web Applications

Since early 90’s the internet has become the world’s most popular center of information sharing, advertisement and marketing, and it is responsi- ble for the revolution of information technologies. There is no reason to doubt that it is a headstone for applications that are accessible from any lo- cation using just the internet browser, without any need of installation, yet still maintaining the functionality of a desktop application. Since the inter- net was not originally built for such purposes, numerous new technologies were created to provide developers with the tools needed for building such applications. Thus emerged the term “Web Application”, which refers to any software running in a web browser and created in a browser-supported programming language relying on the browser to render the contents of the application. Web applications have become very popular due to the ubiq- uity of the web browser in a role of a client (known as thin client, because it itself does not contain the application logic). Even though web applications were written to perform and look like desktop applications, there are differences that make them rather unique. Accessing the application from anywhere is its biggest advantage. Users can log in to the system from different destinations simply via browser and manipulate data on the server, giving them access to their own personal settings of the application, bringing the value of portability. Another ad- vantage of web applications is that they can be be operated by more users at once. They can also be used to mediate communication between them, creating a network of operations that is usually required for community- based projects. On the other hand, web browsers were created to browse the web pages, and “Back” and “Forward” functions that are used to navi- gate in website history can be confusing for the application. Also, web ap- plications are unable to access the file system of a client computer, which

2 1. PROBLEMATIC AND BASIC TERMS can be both advantageous and detrimental. Users cannot manipulate with files on their drives but there is also no danger to their security. Access to the web application is mediated by the internet browser, which is closely connected to the client/server architecture. Such architecture rep- resents a server that provides various contents or services to its users. Also, it is possible to connect to it from different locations using a simple ac- cess point – the browser. The client part usually represents the presentation layer and the server represents the application and data layer. According to the extent to which the content is processed on the client side, part of the application on this side is referred to as “thin” or “thick” client. The web browser’s purpose used to be solely browsing a static website that is ac- cessed remotely. The main key was the possibility of enriching such access by dynamic effects by adding JavaScript, Flash, Java etc. The main purpose of web applications is to provide dynamic content generation and access to the distributed sources on the server side. Using technologies such as Java Server or PHP it is finally possible to enrich the websites with real appli- cation functionality and an easy way to access the data in databases. With introduction of the AJAX technology, which allows access from the client part of a dynamic website or web application to the server asynchronously, the client is not disturbed by redrawing the full website but only the cer- tain snippet showing the updated content. This transition from a static to dynamic content has upgraded the web to the version 2.0.

1.2 Web Frameworks and Design Patterns

Since the introduction Web 2.0, web applications have been overtaking the internet and becoming even more popular. Developing such applications has become more complex and the requirements, usually dealing with the same core problem, were increasing. During development, programmers were often meeting problems that have already been solved numerous times before. In order to standardize such problems, various templates and pat- terns designed to solve the repeating problem begun to emerge. Such tem- plates (Design patterns) were created in order to maintain the given stan- dard and order in the source code when creating complex information sys- tems. First basic elements of web frameworks were standardized. Design patterns are closely connected with frameworks. A framework aims to alleviate the overhead associated with common activities performed in web development. For example, many frameworks provide libraries for database access, templating systems and session management, and they of-

3 1. PROBLEMATIC AND BASIC TERMS ten promote code reuse. [1] The Design pattern defines the relations be- tween classes and objects, without concrete implementation. Web frame- work is a development interface, a set of software tools for creating dy- namic websites, applications and services that are a specific realization of an abstract design pattern. Web framework will not, however, provide de- velopers with solution to the given problem. It is but a tool for facilitating the approach of the goal. It depends on a type of framework whether it will determine the structure of the solution and to what extent will the program- mer be able to affect such structure. [2] Thanks to this, the programmer can fully focus on the problems of logic.

1.3 Modern Web Application Technologies

Web applications are connected with using basic technologies for purpose of displaying the content in a browser, such as HTML or CSS. However, even such basic matters originally designed just for creating a website and adjusting its looks tend to be reused, and creating same structures for dif- ferent websites has led to introduction of frameworks used for fast creation of basic website layouts that could be easily adjusted. Such technologies are usually connected with the web framework and are meant to facilitate the application development even further.

1.3.1 Code Simplification Technologies

Main purpose of every web browser is to display the site on the client side using HTML, which has a strict coding standard in order to prevent display errors in various browsers. With introduction of HTML 5, developers were given more freedom when following the W31 standards which allowed eas- ier creation of the front-end part. However some interpretations of HTML go even further. To completely simplify the tags used in HTML, several ab- stract languages have been introduced to facilitate the writing of pair tags with classes and ids. For example HAML is a lightweight markup language written in Ruby that is used to describe the HTML of any web document without the use of traditional inline coding. [3] It was created with an intent to avoid explicitly coding the HTML into the template and thus providing clear HTML structure using only few key tags.

1. The main international standards organization for the World Wide Web.

4 1. PROBLEMATIC AND BASIC TERMS

Listing 1.1: HAML code example %body #header %h1 MyPage %h2 My page # content %h3. title= myPost. title %p.body= myPost.body # f o o t e r

This code example will render the body of a HTML page with three main divs2 with assigned classes and given titles. The HTML code of the same content would be much longer and would also require the tag closing which, when forgotten, may be crucial for the valid display of the website. However, HAML is not the only abstract language for describing HTML. For example SLIM is also written in Ruby and disposes of a different style of coding yet it still preserves the simplicity of a lightweight language. In comparison to HAML, SLIM omits all special characters used for classifying the control commands and its code recalls classic HTML without brackets. Problem of pair tags is solved by line indentation, creating simple and clear lines of code. The Cascade style sheets often meet the same problem of strict stan- dards that may variously affect the visual part of the website if not fol- lowed. However, the main issue with CSS is the constant reuse of code and the absence of a proper nesting which often leads to long, repetitive and unclear lines of code. The solution for these problems came with the introduction of SASS, a style sheet language that extends the functionality of CSS3 by several mechanisms available in more traditional programming languages, partic- ularly object-oriented languages, but that are not available to CSS3 itself. [4] SASS introduced the declaration of variables, proper style nesting, ar- guments, selector inheritance etc., giving the developer a powerful tool for adjusting the looks of a website in a way that is similar to object-oriented programming. In 2009, a dynamic stylesheet language called LESS was introduced. It extends SASS by several more functions and has become the most used tool for dynamic creation of cascade stylesheets.

2. HTML elements used for defining a page layout.

5 1. PROBLEMATIC AND BASIC TERMS

1.3.2 Bootstrap

Technologies mentioned above were created to simplify the writing of the code or to extend it with functions that the original language was not able to provide. Twitter Bootstrap takes the completely different approach by building the website almost like using a block building kit. Bootstrap is a free collection of tools for creating websites and web ap- plications. It contains HTML and CSS-based design templates for typogra- phy, forms, buttons, navigation and other interface components, as well as optional JavaScript extensions. [5] Since the start of the GitHub project in 2010 it has become the most starred GitHub development project and it has been used by institutions such as NASA or MSNBC. The main idea of Bootstrap is to relieve the web developers from coding the very structure of the site and giving them the set of functions that al- low them to build the basic website using just ids of given content, creating a responsive template in minutes. Since Bootstrap is opensource and ac- tive on GitHub, it follows the modern trends in webdesign which are then implemented to its structure. The most time consuming procedure when developing a website is the finalization of the display for various devices, resolutions and web browsers. Since Bootstrap introduces sections and divs that are pre-styled for such conditions, developer is relieved from dealing with this problem by sim- ply following the clearly structured documentation that has already been translated to several languages. Bootstrap is modular and it consists essentially of an extensive series of LESS stylesheets that implement the various components of the toolkit. Reusable components allow developers to avoid styling every section by itself, thus simplifying the whole approach of designing various sections. Thanks to Bootstrap and various code simplification technologies, front- end developers are left with the only concern of finalizing the layout and appearance of the website by given graphic design.

1.4 Design Patterns

Every web framework used for the creation of extensive web applications stands on a given design pattern. These patterns represent solutions for common problems and implement ideas for dealing with them. Not in a mea- ning of a part of the source code or additional library but as a template de- scribing the approach to the solution in various situations. There are vari- ous types and levels of design patterns. For example the MVC architecture

6 1. PROBLEMATIC AND BASIC TERMS is the architectural level of design pattern, SOA is service oriented archi- tecture and there are other component based architectures on a principle of visual and no-visual components and their attributes. This paper focuses more on MVC architecture, because it is recommended for easy introduc- tion to design patterns thanks to its flexible and clear logic architecture.

1.4.1 Model View Controller

The MVC architecture consists of three kinds of objects. The model is the application object, the view is its user interface and screen representation, and the controller defines the way the user interface reacts to user input. Before the introduction of Model View Controller, the user interface was usually strongly connected to the application objects which decreased the flexibility MVC now provides. [6]

Figure 1.1: MVC architecture

MVC divides models and views by establishing a subscribe/notify pro- tocol between them. A view must ensure that its appearance reflects the state of the model. Whenever the model’s data changes, the model notifies views that depend on it. In response, each view gets an opportunity to up-

7 1. PROBLEMATIC AND BASIC TERMS date itself. [6] Dividing mutually related parts lead to fairly connected units which leads to much simpler and better maintained code. MVC also allows to change the way the visual interface responds to user input without actually changing its visual presentation which is one of many features that make this architecture very popular among web frame- works, such as Ruby on Rails, Nette, Zend or Django. Applications created with MVC architecture are flexible and clear.

1.4.2 Component Based Architecture

Component based architecture is a reuse-based approach that separates the concerns of system’s wide-ranging functionality into loosely coupled com- ponents. These components are triggered on specific component events and application logic functions. Component events may alter the attributes of given component or trigger application logic functions. Once user inter- face components are defined, application logic functions are programmed in a manner of classic methods with input attributes that alter component behavior. The database connection is provided either with application logic functions or via connecting database to given non-visual component that is inserted directly within the user interface context. Frameworks such as Vaadin, Flask or Google Web Toolkit are build on this architecture principle. First two of these frameworks are examined in this paper.

1.5 Programming Languages

Programming languages are considered one of the main choosing criteria when deciding which web framework to use. Design patterns, architec- tures and other approaches to development may be overcome by complex- ity or basic knowledge of a certain programming language. Even though the front-end is usually bound to pure HTML and CSS, the programming language approach on the core of the framework may be very distinctive. The programming logic is usually written in typical scripting languages, such as Javascript or Actionscript, or in a specific programming language given to the framework. However, each programming language may have different impact on the requirements of server which will the application run on. The criteria for choosing the right language are also an important skill for a developer. Some programming languages are easier to learn than other, which may represent a much higher cost in language adaption. Such prob-

8 1. PROBLEMATIC AND BASIC TERMS lematic also applies on the amount of code the programmer needs to pro- cess while adapting on a new framework. The cost for learning and under- standing a new programming language may be higher than effort given in creating a more complex application structure in a language already known by the developer. Therefore an extensive documentation of a specific lan- guage based framework is significant for choosing criteria.

1.5.1 PHP

PHP, which is originally a script language, has become the most used script- ing language for web with a share of almost 82 %. [8] It has become popular mostly thanks to its easy usage and large amount of functions. PHP also works great with HTML since it is easily interchangeable with it and thus makes a great introduction to web application programming for beginners. Also most content management systems such as Wordpress or Joomla are written in PHP. Apart from other language based frameworks, that tend to stick with usage of older, yet more certified properties (Such as Ruby or Python), PHP community grasps every new framework and is willing to move on to something new and more powerful rather than using older frameworks such as Zend or Symfony. These frameworks are still widely used, yet ap- proaches of newer solutions differ, giving developers much to chose from. PHP frameworks analyzed in this paper are Laravel, Nette and Phalcon.

1.5.2 Ruby

Ruby is a fully object, interpreted script programming language. It was de- veloped in 1995 by Japanese programmer Yukihiro Matsumoto, who in- tended to create purely object language that would be easy to read and use, yet would still be able to compete with languages such as Perl or Python. At first, Ruby was not getting the popularity it deserved due to lack of proper English documentations. However, now it has been grasped by developers all over the world mostly thanks to the success of the Ruby on Rails frame- work. Ruby’s community is growing day by day mostly thanks to many Ruby based projects on GitHub. By far the most used Ruby based framework is Ruby on Rails. It has been developed and adjusted since 2004 and is still enhanced with new functionality with every new release. Many frameworks (not only Ruby based) tend to copy its properties and transcend it to their language based frameworks. Even though Ruby on Rails is not a recent framework, it is still

9 1. PROBLEMATIC AND BASIC TERMS considered modern, since it is still broadly used and developed by a large community. Ruby based frameworks analyzed in this paper are Ruby on Rails and Padrino.

1.5.3 Python

Python is a dynamic, object oriented script programming language, cre- ated by Guido van Rossum in 1991. [20] It is a simple, interpreted language with minimalistic syntax that supports indentation. Python is developed as an opensource project, offering free installation packages for all main platforms. In most Linux distributions, Python is included in the operating system package. It has become popular mostly due to its easy syntax being a useful tool in introduction to programming. Python is a hybrid language, meaning it allows to write programs us- ing object oriented paradigms, as well as procedural and even functional paradigms. It is easily embedded and thus can work as a scripting lan- guage among other programming languages. Most usable and valuated web frameworks written in Python are Django, Flask or Bottle. This paper analyzes first two of mentioned frameworks.

1.5.4 Java

Java is a class-based, object-oriented programming language for general purpose. It was specifically designed to have as few implementation de- pendencies as possible to maintain maximum portability between devices. It is one of the most used object oriented programming languages particu- larly for client-server web applications. Java’s syntax is derived from C and C++ but it has fewer low-level facilities than either of them. Building web applications in Java has become popular since the introduction of Web 2.0. This was a result of Java based Frameworks starting to be developed and quickly grasped by the programming community. Even though nowadays many modern frameworks are being introduced, developers tend to stick with the most extensive frameworks for building web applications such as Spring MVC or component-based JSF, mostly for the reasons of tested standards. Three alternative Java based frameworks were chosen for analysis in this paper. Grails represents older, yet widely used and highly valuated framework and Vaadin and Play were chosen to represent the younger generation of Java Frameworks. Even though Grails is written in Groovy, which is a language based on Java platform, it is con- sidered a superset of Java, since almost any valid Java code is also a valid

10 1. PROBLEMATIC AND BASIC TERMS

Groovy code. Java is the most commonly used approach for large systems such as enterprise software, including network and web services, and other large-scale, reliable, and secure network applications with multiple tiers.

1.6 Selection of Comparison Form

To simplify the comparison of different web frameworks and to clearly point out their basic pros and cons, it was necessary to choose valid compar- ison criteria. Such criteria that are common for every researched framework are important for describing its key values in a manner of words based on the short time period of testing usage. The criteria were chosen in a way to be easily valued by the developer deciding which web framework to use for their web application according to simplicity and comfort of usage.

1.6.1 Comparison Criteria

• Application development speed – The most important criteria, de- scribing the amount of time needed by the developer to create a work- ing application. It covers the amount of effort and generated and written code needed for the core parts of the application. Some frame- works allow to write extensive e-shops in a manner of hours, some in weeks.

• Learning curve – Defines the complexity of the framework structure and reflects the time needed for learning the programming language and understanding the development procedures.

• Documentation and community support – Proper documentation is also an important criteria, because dealing with an issue in the application with no support can represent an extensive problem. The criteria covers written books on the theme, e-books, manuals and e- support. Also, modern frameworks are now maintained by stable communities of programmers often willing to find the best solution and help with problems on community forums.

• Code length – Describes the physical length of the framework code needed to be written or adjusted. Reflects the amount of automati- cally generated code, because it is important that the procedures that were written many times before are not needed to be rewritten again with every new application.

11 1. PROBLEMATIC AND BASIC TERMS

• Application speed – Reflects the time in which the application is able to react to user tasks or complex calculations.

• Usage – Most of the usage complexity is defined by the developer and by the way the application was written. Some aspects however, are common for the given framework and might represent either an obstacle or a convenience.

• Stability – Describes the application security and resistance against external influences such as slow internet connection or low server performance. It also covers framework’s resistance to attacks such as cross-site scripting or cross-site request forgery.

• Function extensibility – Indicates a range of technologies that can be connected to the application and extend its functionality in any way.

• Evolution – Every application should consider future usage or change of user requirements that might be implemented to the appli- cation after a long time use. This criteria reflects the amount of time needed for such adjustments.

• License – Reflects whether the framework is opensource, or whether its code is proprietary.

• Requirements – Describes various requirements on the server that is running the framework, as well as on the user machine.

• Responsivity – Since nowadays the usage of web browsers is ori- ented mostly on mobile devices, it is of help that web frameworks do not lack the possibility of creating responsive layouts. This crite- ria covers whether the framework provides any tools, functions or simplifications for creating web applications layouts for mobile de- vices.

• Multiplatform support – Extent of devices (Operating systems) the framework is able to run on.

1.7 Chapter Conclusion

First chapter introduced the reader to the the web application problematic and showed the basic definition of terms used in building a web applica- tion using web frameworks. Modern code simplification technologies were

12 1. PROBLEMATIC AND BASIC TERMS briefly described, as they can be used in combination with the chosen de- velopment approach. The comparison form was defined as a list of verbally described attributes used for evaluating the properties of a given frame- work. These criteria are applied in the next chapter.

13 2 Framework Analysis

This chapter focuses on evaluating frameworks using the chosen compar- ison criteria. Each framework is briefly introduced and tested on a simple application determining its key properties as well as its way of usage and system requirements. Last part of the evaluation consists of applying the given criteria on framework’s properties and determining a conclusion. There is a large amount of frameworks currently being used for devel- oping modern web applications. The sample chosen for analysis in this pa- per therefore consists of frameworks that are largely used, have a good user feedback and are repeatedly listed in popular framework articles. The selec- tion of analyzed frameworks was based on various surveys and user experi- ence reviews on popular programming-oriented websites. Surveys showed that users are usually depending on the framework they write on their own and that other users tend to make the choice based on their programming language experience. [8, 23] The sample chosen for evaluation in this paper therefore consists of frameworks with high user ratings, written in differ- ent programming languages. PHP is by far the most used programming language for web application development and thus represents a large part of conducted framework selection. [12, 14, 24, 26] Java frameworks are also very popular mostly thanks to the language’s general usage. [13, 18] Rest of the framework sample is distributed between Ruby and Python based frameworks that are also broadly used mostly by Unix based web applica- tion development communities. [15, 16, 20, 27]

2.1 Laravel

Laravel is a modern web framework, based on Symfony, used for building strong and extensive web applications in PHP. It was developed by Tay- lor Otwell in 2012 and thus is considered rather young framework. Laravel has become one of the most popular PHP frameworks thanks to its roots in Symfony, Composer, Blade, etc. Even though it has been used and main- tained only for several years, it has won the admiration of many PHP devel- opers that were used to work with frameworks like Symfony or Cake PHP. Laravel combines the strength of these frameworks with certified proce- dures inspired by technologies such as ASP.NET, Sinatra or Ruby on Rails and transforms them into PHP syntax. Such synthesis creates a powerful tool for developing strong and extensive applications fast and using mod- ern certified approaches. Laravel stands purely on MVC architecture and is

14 2. FRAMEWORK ANALYSIS distinguished primarily by its real world optimization and the fact that it goes towards developer issues that matter.

2.1.1 Framework Usage and Properties

Laravel’s community provides nice and clear tutorials that help users get to know the framework well. Properly structured documentation covers the installation, introduction to packaging system and explanations for ba- sics such as routing, middleware, controllers and views. After learning the basics, users can navigate through the documentation that describes ser- vices, architecture, foundations and databases, all of which is well inter- preted along with code samples being provided as well. Support for new users is very extensive. Laravel also provides a website laracasts.com that features hours of commented video tutorials both free and subscribed. The framework utilizes Composer, a popular PHP dependency man- ager, to manage its extensions. Therefore it needs to be installed on the developer machine in order to run Laravel. As mentioned above, Laravel stands on the roots of strong PHP frameworks combined with certified pro- cedures inspired by technologies of different languages. One of such pro- cedures is managing the dependencies through a packaging system. Com- poser allows users to work in a console and with a way that is very similar to gem packages in Ruby, they can manage dependencies simply by requir- ing the given packages in the application. These packages may contain tools for various forms, authentication, PHP frameworks etc. Code reuse is one of the greatest head starts in web application development and Laravel al- lows to use it in a certified way as well as automatically generated code for controllers or views. One of the features of Laravel is its exceptional Object Relation Map- per which can be also used as a standalone ORM even though it was first developed for Laravel. The eloquent ORM provides ActiveRecord imple- mentation for working with the database creating a model for every table and allowing to interact with it. Laravel also includes a database schema builder which is a class that allows manipulating database tables in agnos- tic way. Managing tables is therefore possible simply via PHP code and does not require any database management tools. These schemas are typi- cally paired with migrations that allow developers to modify the schema of the database and stay up to date on the current state of the schema. Laravel also allows to adjust the settings of the development environ- ment as much as possible using its own Vagrant virtual machine pack- age. The package is called Homestead and includes Ubuntu 14.04, PHP,

15 2. FRAMEWORK ANALYSIS

MySQL, PostgreSQL and other useful utilities, such as Laravel’s own task manager. Homestead is used for creating the most comfort development en- vironment, that can be then connected to via SSH1. Users then don’t have to install PHP or any database, but after proper Virtual Box2 and Vagrant installation they can install Homestead simply using Composer. This ap- proach can simplify the portability, however running Laravel on an own PHP server can provide compatibility and requirements problems that may be difficult to solve on Windows and Mac systems. Syntax in Laravel is rather expressive and on a first look, it appears to be clean and well readable. It is also understandable and easy to learn. The difference can be in the Controller-View combination that has to be stated manually for the position of the content as well as for the other position models. In combination with with managing the database, routing and con- figuration, it can be quite confusing for beginner developers. The syntax itself however, is handled well.

2.1.2 Comparison Criteria • Application development speed – Fast. Since Laravel combines code reuse using packaging system with generated code. Combining views with controller and routing can be a little time consuming, however database management is very fast. The most time consuming part may be represented by the initial design of application and its con- figuration.

• Learning curve – Very good video tutorials along with a very nice structured documentation provide a perfect start with Laravel. How- ever as an introduction to web frameworks logic and packaging sys- tems, Laravel can get confusing at first. After grasping the basic as- pects and methods of the development, learning is very fast.

• Documentation and community support – Documentation in Lar- avel is well structured, organized, and along with the very active community provides a perfect combination of user support.

• Code length – Standard. The code itself is nicely structured, yet it is dispersed in many files and folders in comparison to other frame- works.

1. A cryptographic network protocol to allow remote login and other network services to operate securely over an unsecured network. 2. An x86 virtualization software package developed by Sun Microsystems.

16 2. FRAMEWORK ANALYSIS

• Application speed – Application speed is fast. Laravel ended up very high in the recent framework speed test. [10]

• Usage – Thanks to packaging system and managing dependencies through composer, the overall usage of Laravel is very good. The only downside can be the file structure orientation.

• Stability – Very good. Laravel proved to be very robust web frame- work. And many security dependencies can be included using Com- poser.

• Function extensibility – Very high, thanks to dependency manage- ment.

• Evolution – Evolution in Laravel is very good thanks to its database system properties. Migrating and Schemas allow to manipulate al- ready stable databases easily.

• License – Laravel is released under the MIT License, with its source code hosted on GitHub.

• Requirements – Besides the newer versions of PHP, Laravel requires Mcrypt PHP Extension, OpenSSL PHP Extension and Mbstring PHP Extension.

• Responsivity – One of the main front-end dependencies is the sup- port of Bootstrap and Elixir that support layout responsivity on a full scale.

• Multiplatform support – All main operating systems are supported, however, Linux based systems are preferred due to their easier con- figuration.

2.1.3 Summary

Laravel is one of the strongest modern tools for building web applications. It can be used for developing extensive systems as well as blogs and content management systems (CMS). It is also one of the most popular frameworks of 2015 and thanks to its community and opensource license, it keeps be- ing developed based on the requirements of skilled programmers that work with it every day. PHP developers want to make sure that it is perfected in every manner with an aim to make it the best tool for creating web appli- cations. Laravel can be a little harder to learn for beginner web developers,

17 2. FRAMEWORK ANALYSIS but after grasping the basic functionality, learning it is very fast and it is possible to build simple dynamic websites with it, even with lack of exten- sive programming skills. Laravel is a very versatile framework and thanks to its extensive amount of plugins and components it can be used to create extensive social networks, e-commerce websites or large video galleries. It may also work with smaller applications even though they still have to be properly configured.

2.2 Nette

Nette is an opensource framework for easy development of web applica- tions in PHP. Its original author is David Grudl, but it is now maintained by Nette Foundation organization, which is a group of individual program- mers that have been developing and providing the support for the frame- work since 2009. [7] Nette is popular mostly between beginner program- mers thanks to its simple usage and introduction. Major part of support and information is available in Czech language, thus making Nette one of the most popular frameworks among Czech developers. It was written in a way that it was easy to use and gave the developer an efficient and un- derstandable syntax that would allow them to learn the framework faster. It implements event driven development and it is mainly based on com- ponent usage. The design pattern of Nette, Model-View-Presenter is very similar to MVC. Model represents the layer working with data that is com- pletely separated from the rest of the application and communicates only with presenter that notifies the views of database changes. Nette is known also for its focus on safety risks elimination and advanced application se- curity.

2.2.1 Framework Usage and Properties

Nette’s homepage provides nice and clear introduction to the framework using structured tutorial for basic blog application. Every step of the learn- ing process is described alongside with the part of the code provided. The installation package includes a requirements checker tool that helps the user validate the resources for the installation. Unlike other modern frame- works, the development process in Nette is built in a way to minimize the configuration and focus on the important parts of the application logic. Nette provides its own database manipulating system known as Ad- miner. It allows to create databases and manipulate tables just as any other database admin system, but it also allows to automatically create foreign

18 2. FRAMEWORK ANALYSIS keys between tables using table name as data type for argument in another table. This function in Nette\Databases is called Selection-API and saves the developer much time when creating table relations. Nette\Database uses foreign keys for solving table relations and thus automatically creates database queries. One of the main advantages of Nette are its security-hole elimination technologies. It allows to automatically prevent cross-site scripting using its context-aware escaping technology that automatically escapes all danger- ous input characters. Even though such attacks are usually the most trivial, there are also the most common. Nette also allows to protect forms against cross-site request forgery which allows the attacker to exploit the website user is currently logged in. Every form in Nette can be protected by a single command. Many other forms of attacks such as URL attacks, control codes, invalid UTF-8 or unwanted session manipulations are automatically pre- vented. The form functionality is described in Nette’s documentation and contains many custom security commands creating “Bulletproof forms”. Nette provides two server running modes. The development mode fo- cuses on offering the programmer as much information about application speed, routing and error logging as possible. In contrast, the production regime pipes error logs into a log file hidden from a basic user. Other useful Nette tools that can also be represented as standalone are its template system and debugger. Latte is a template engine that trans- forms often hard to read PHP and HTML syntax into well readable code structure. Using custom macros, Latte allows to write organized loops, con- ditions or various custom commands in a HTML-like manner, yet still pro- viding mentioned security and automatic variable escaping. Nette’s debug- ger, Tracy, then allows to quickly detect and log errors in the code in a user- friendly visualized manner. Nette’s support of AJAX is also very extensive and easy to configure. Developer defines so called “snippets” that repre- sent pieces of the website to be refreshed after given action. Thus allowing to create a dynamic table of contents, directly connected to a database, in a manner that its contents can be manipulated with on a client side without refreshing the browser window. Nette’s file structure is copying the architecture of MVC, dividing fold- ers to application folder, which contain presenters, views, models and cus- tom components. Rest of the file structure consists of front-end www folder with JavaScript, CSS and various addons and a vendor folder containing the framework files and plugin files. However, users can manage the applica- tion folder systems to their needs as long as they use proper name-spacing in the begging of class headers. This simplified file structure, along with

19 2. FRAMEWORK ANALYSIS a plain configuration file and router, create a well organized introduction to web application frameworks to every developer. Even though Nette does not have as large support of scaffolding as Lar- avel, it is now distributed as a set of reusable independent components that can be used in the initial framework package. Users can define the extensions they want Nette to include or simply use its standalone compo- nents such as Tracy debugger. Same as Laravel, Nette may use Composer for managing its dependencies and extensions.

2.2.2 Comparison Criteria

• Application development speed – The application development is rather fast even without the support of scaffolding. Every view is followed almost only by the presenter and model code and manag- ing database structure is faster thanks to Selection-API. Also Tracy debugger allows to discover and describe errors very fast.

• Learning curve – Learning Nette is very easy thanks to well orga- nized file structure, easy configuration, introduction tutorials and well structured guides found on the framework’s website as well as on Nette’s Youtube channel.

• Documentation and community support – Nette has an active com- munity support on its home forums, which are mostly in Czech. Its website contains nicely structured guides to different parts of the framework. Programmer’s guide is well organized and visually rep- resented in comparison to other frameworks.

• Code length – Short even though code generating is not supported. Nette provides broad functionality automatically.

• Application speed – Several years ago, Nette was one of the fastest frameworks. [9] Nowadays, however, it has been outran by much faster PHP frameworks such as Phalcon. [10]

• Usage – Usage of Nette is very good. After creating first couple of models and presenters, their interaction becomes almost an auto- matic task.

• Stability – Very good. Nette is known to be one of the frameworks with the highest security not only in forms.

20 2. FRAMEWORK ANALYSIS

• Function extensibility – Nette has a large base of addons, plugins and components based on its website. It can even be combined with Zend framework and maintained through Composer as well as Lar- avel.

• Evolution – Evolution in Nette is rather easy thanks to its simple architecture and easily manageable database system. It leads the de- veloper to well designed applications that support future extensibil- ity.

• Requirements – Besides basic PHP extensions such as PDO exten- sion and Bundled GD extension, Nette does not have any special requests on the PHP server.

• License – Nette Framework is shared as a free software for anybody to use. It allows to choose between New BSD and GNU General Pub- lic License.

• Responsivity – No responsivity for Nette is supported in the basic version. However, it can be extended with layout modifications al- lowing further mobile device support.

• Multiplatform support – All main operating systems are supported.

2.2.3 Summary Even though Nette used to be more popular a several years ago and its fame is now outran by newer frameworks, it has been included in the paper mostly because of its popularity among Czech developers and its fantastic learning process. It is a well built framework that is secure and very easy to use and learn. It provides tools to simplify the development as much as possible and focuses on supporting its new users. It is good for developing smaller e-commerce sites, wikis, blogs or CMS. Creating a larger applica- tion with more complex structure can be time consuming due to lack of generated code and straightforward framework structure. However, Nette is capable of running large sites with easier structure. It is used by websites such as Csfd.cz or Bandzone.cz.

2.3 Phalcon

Phalcon is a high-performance web framework for PHP based on the MVC design pattern. It was originally released in 2012 and it is licensed as open-

21 2. FRAMEWORK ANALYSIS source under BSD license. The main difference that distinguishes Phalcon from other PHP frameworks is its speed of processing requests. According to many independent tests, Phalcon was stated as the fastest PHP frame- work so far. [10] Apart from other PHP frameworks Phalcon is written in C and implemented as PHP extension in order to optimize the perfor- mance. One of the disadvantages of PHP is that all files are read from the hard drive, translated and then executed on every request. This issue causes a high performance loss against languages such as Python or Ruby, whose processing speed is much higher. Since Phalcon is interpreted as a PHP module, the whole framework is already situated in RAM, resulting in a large set of files not needing to be processed. The developer is work- ing only with PHP and does not have to expose the core written in C. The performance of web applications was not described as one of the top pri- orities. However in 2010, Google decided to take site speed into account in the search rankings which increased the interest to bringing out the perfor- mance of websites to the maximum. [11]

2.3.1 Framework Usage and Properties

Phalcon offers the classic PHP MVC framework functions such as routing, controllers and view templates, cashing, basic ORM etc. Its website de- scribes the framework as very easy to use and learn, however, the speed is its main advantage. Since Phalcon is interpreted as a model, the installation is very fast and easy on every system. Linux and Mac users simply install the module using the console and Windows users download the dll file and implement it in php.ini configuration file. Phalcon’s website offers a broad installation and compilation guides for all systems and servers such as WAMP, XAMPP, Apache, or Cherokee. Structure of the project file is very straightforward. Since Phalcon works as a module, it does not require any library table and therefore the file structure tree consists only of the app folder containing controllers, mod- els and views and a public folder containing all of the CSS, JavaScript and HTML. The main functionality is operated through the bootstrap file and since Phalcon is loosely coupled, the file structure can be altered to user’s comfort since every file is accessed via the bootstrap that is called on ev- ery request. The controllers and models are autoloaded and can be created anywhere in the project as long as they extend the given parent functions PhalconMvcController and PhalconMvcModel. Extending a class using these functions automatically provides the functionality of models (such as find()

22 2. FRAMEWORK ANALYSIS or save()) or controllers. The code itself is very straightforward and does not require any further investigation. Views on the other hand, do not im- plement any templating system such as Blade or Twig. PHP is hardcoded directly in the HTML within the tags and even though Phalcon provides functions such as built-in flash messaging, this approach is not very well interpreted. Phalcon has its own ORM, Phalcon Query Language (PHQL) which can be used to make database interactions more expressive. PHQL can then be easily integrated with models to define the relationships between tables. It also allows to write raw SQL queries with variables or use a more struc- tured query builder. An excellent feature that Phalcon provides is Phalcon Developer Tools (PHDT). These tools represent a collection of useful scripts for generat- ing the project skeleton, controllers, preparing database settings, generating models and scaffolding. It also includes the usage of packages in web inter- face, making the front-end debugging faster. These tools allow to increase the speed of the development and extensively reduce written lines of code. The syntax itself is easy to read, especially the MVC code. Configuration files, however, come with a slightly different PHP syntax that may be hard to understand at first. The whole C package disguised as PHP works very well, even though it may cause trouble for PHP developer to debug C if a major problem occurs.

2.3.2 Comparison Criteria

• Application development speed – Without PHDT, the development speed would not be as high, however thanks to custom file structure and PHQL, the files can be easily organized. Phalcon’s development speed is rather fast.

• Learning curve – Phalcon’s website focuses user’s attention to its screencasts, which are not very helpful, showing only a couple of videos that are not very informative. Learning through the tutori- als can be tricky due to the differences in server configuration even though the tutorials include pieces of code. Phalcon also allows the possibility of trying the framework online directly in the browser. Learning curve itself is not that steep, but since Phalcon provides a free hand to the user, tutorials are not needed as much as docu- mentation.

23 2. FRAMEWORK ANALYSIS

• Documentation and community support – Documentation in Phal- con is very extensive and provides solutions for all systems. Even though Phalcon is a rather young framework, the community on its website is alive and willing to help with the framework functionality as well as with possible C debugging problems.

• Code length – Again, thanks to PDT, the code length shortens, even though the amount of code is rather average.

• Application speed – Phalcon is very fast. Thanks to its core being written in C, its request processing speed is beyond any other PHP framework.

• Usage – Average. Apart from the fact that Phalcon is the fastest, it can be stated as another usual PHP framework. Also, handling of the view code is not very good.

• Stability – Apart from basic password hashing and cross-site request forgery protection, Phalcon does not provide any further security extras apart from third party security plugins. However applications are stable thanks to the MVC architecture.

• Function extensibility – Phalcon is still rather young and its exten- sibility is based on other PHP extensions.

• Evolution – Phalcon’s ORM allows to transform databases without any major problems.

• Requirements – Apart from newer versions of PHP, Linux and Mac installations of Phalcon require GCC compiler, Git for installation or XCode.

• License – Phalcon is opensource, under the BSD license.

• Responsivity – No layout responsivity for Phalcon is supported.

• Multiplatform support – All main operating systems are supported.

2.3.3 Summary Even though Phalcon’s performance is many times higher than with other PHP frameworks, it is still a young project that is overshadowed by ex- tensible frameworks such as Laravel or Symfony 2. It can be very suitable for web applications that need fast responses and good request handling

24 2. FRAMEWORK ANALYSIS speed, but for simpler applications, it would be easier to use Nette or Sym- fony. However, Phalcon offers a great documentation, very live community that is still developing it and it follows standard MVC pattern and thus it is still one of the most popular modern PHP frameworks.

2.4 Ruby on Rails

Ruby on Rails (ROR) is an opensource MVC oriented framework for build- ing web applications using Ruby language. It was originally developed by Danish programmer David Heinemeier and since 2004 it has been main- tained by Rails Core Team. Now it is one of the most used and highly rated web frameworks among Ruby developers. [16] ROR’s principles stand on the rules “Convention over configuration” and “Don’t repeat yourself”, mean- ing, that developer needs to configure only the parts of the application that differ from usual settings. ROR’s strongest feature is its scaffolding and ex- tensibility. Since there are many certified approaches of building various system modules, ROR focuses on converting such models into templates, that can be easily generated and inserted into the code, leaving the devel- oper with only minor choices of adjustments without needing to rewrite the whole structure. Extensibility in Ruby on Rails is provided by dependency management system known as gems, which can be implemented in the application by be- ing downloaded and installed using one simple console command. These features make Ruby on Rails a very powerful tool for building web appli- cations with agile approach.

2.4.1 Framework Usage and Properties

ROR’s agile development support is approached by the consistent adher- ence to the specifics of the MVC model. The application structure consists of views that provide basic MVC functionality. It can also be extended by further code simplification technologies by simply installing gems such as HAML or Bootstrap. Controllers combine application logic scripts with content passed from the model. Managing the application data through ROR’s model mapping allows full control over the database. Tables, in- cluding data structures, types, limitations and dependencies, can be gener- ated easily via simple console commands. Created table is then converted to a class where each line of the class represents an object instance. Ruby’s gems also provide many further extensions for database manipulating and thus making its management even simpler.

25 2. FRAMEWORK ANALYSIS

Controllers in ROR are closely connected with URL maps which map the project’s URL to relevant views and controllers thus securing that ap- plication URLs are adapted to logically express the part of the application that is current for the user. Making URLs attractive, search engine friendly and easier to remember. As mentioned above, one of ROR’s strong features is the console navi- gation. It allows to install ROR gems, create new project skeletons, generate new models, views, controllers to a given project as well as a block of code using scaffolding. The console also allows to debug the application. Nam- ing objects when using scaffolding is represented using pluralization, thus making the development more real-life-like. Naming objects in English is thus recommended. Application deployment does not require any compilation even though the best solution would be having the server run Ruby on Rails by itself. Such solution allows the easiest application manipulation and configura- tion. ROR can be run on HTTP servers by installing the given module. Even though, Ruby on Rails offers such extensive functionality, easy management and fast development, it is not used by developers as much as PHP frameworks such as Laravel or Symfony. It can be explained by the fact that it may not be not so easy to learn Ruby language for developers that work entirely under the classic HTML / PHP structure. Ruby was created to be easy to write, but at first, its functionality and approach must be under- stood for it behaves differently then other script languages. Also for devel- opers that commonly use other languages, Ruby’s syntax can appear very confusing at the first sight due to its unique structure. However, Ruby has a great developing community, well described documentation and many books have been published about various approaches of ROR based web development.

2.4.2 Comparison Criteria

• Application development speed – Very fast, especially for light ap- plications, thanks to scaffolding and command line based generated code. One of the advantages when using ROR is not having to deal with complicated database connections.

• Learning curve – For a developer that already knows Ruby, it is very steep. For other users it can be hard to understand the functionality of the language first, because it differs from other languages.

26 2. FRAMEWORK ANALYSIS

• Documentation and community support – Communities around Ruby on Rails are very much alive and willing to help other develop- ers. Documentation is extensive and there are many books and web pages available for information.

• Code length – Very short. Skeletons and modules can be generated and thanks to Ruby’s clean syntax and other gems providing code simplification technologies such as HAML, the amount of written code is very low.

• Application speed – Since Ruby is interpreted, the speed is not that high. On the side of the client it may be altered by various JavaScript usage.

• Usage – Working with the framework itself then proves to be easy. Almost everything can be handled by gems or be easily generated.

• Stability – Again, since ROR is very extensible, many security and stability gems are available for including in the framework. Applica- tions do not have any restrictions towards the external influences.

• Function extensibility – Thanks to gems, ROR has a very good de- pendency management system, the extensibility is excellent.

• Evolution – Very easy. All it takes is to alter the source code and the rest is provided automatically. Nothing needs to be compiled.

• Requirements – Ruby on Rails or a module for using the Ruby lan- guage have to be installed on the server in order to run the applica- tion.

• License – ROR is opensource, shared under MIT license.

• Responsivity – ROR supports gems for templating system, directly interdependent with front-end responsivity.

• Multiplatform support – All main operating systems are supported. However, configuration is much more difficult on Windows systems, and some of the gems are not supported by it.

2.4.3 Summary Ruby on Rails is a very good way of building lightweight web applications in agile manner, yet it is not very suitable for building extensive thick client

27 2. FRAMEWORK ANALYSIS graphic web applications. It excels mostly thanks to its packaging gem sys- tem and extensibility as well as thanks to its very fast development. The only obstacle for grasping its functionality is to very well understand Ruby language. Similar approaches that ROR provides were used in developing Laravel framework which can be represented as a PHP alternative to Ruby on Rails even though it still does not have such large extension support.

2.5 Padrino

Even though Ruby on Rails is the highest rated and most used framework among ruby developers, it may not be suitable for every type of application. Many framework alternatives written in Ruby are available and developed on GitHub, trying to follow a rather different approach of Ruby based web application developing. One these frameworks is Padrino, an opensource ruby based web framework built on Sinatra. Sinatra is a very lightweight microframework, or rather a domain spe- cific language (DSL) used for building light web applications. Sinatra is known for its higher speed in comparison to ROR’s bulkiness, since it is very small sized and instead of the MVC pattern, it maps the Ruby code directly on the URL making the creation of APIs and applications easier. In Sinatra, a route is an HTTP method paired with a URL-matching pat- tern. It proven to be a well built alternative to ROR yet still being a very lightweight, Sinatra could not compete with Rails in more extensive ap- plications and the lack of functionality such as database interaction. Even though Sinatra is still broadly used, mostly for its light weight, that gives enough freedom to developers, Padrino was created in order to extend the functionality of Sinatra into a solid framework.

2.5.1 Framework Usage and Properties

Padrino was created as opensource framework in 2010 by Nathan Esque- nazi, Davide D’Agostino and Arthur Chiu and is now developed and main- tained on GitHub. Their goal with Padrino was to stay true to the core prin- ciples of Sinatra while at the same time creating a standard library of tools, helpers and functions that will make Sinatra suitable for increasingly com- plex applications. [17] Padrino takes rather agnostic approach in comparison to pure Sinatra, offering functionality such as the full support for many popular testing, templating, mocking, and database libraries. It offers simple project skele- ton generation by typing commands into the console. This way, same as

28 2. FRAMEWORK ANALYSIS with ROR, models, controllers or views can be created. Even though Sina- tra is not based on the MVC pattern, Padrino stands on its main purpose and is combining it with certified MVC approaches such as dividing the folder tree structure. Also unlike Ruby on Rails, Padrino is principally de- signed for mounting multiple apps, meaning that Padrino project directory can easily mount multiple applications. Padrino itself is a set of modular extensions for Sinatra. [17] These ex- tensions can be represented as standalone by themselves, and installing Padrino gives users the opportunity to choose which extensions to include in the Sinatra installation, and therefore, how much freedom they want to be given. This version of Padrino installation is intended to be used for ap- plications that have already been built and that would benefit from a par- ticular aspect of Padrino such as a mailer or view helpers. One of the features Padrino provides is the Admin interface that can be created by providing a single model. Padrino’s admin also grants a single model account for managing roles, memberships and permissions, ORM agnostics and multilanguage support. Using Padrino can be tricky due to a lack of proper tutorials. Under- standing and grasping the knowledge of Ruby language on a higher level is important. Also, learning Sinatra is one of the Padrino usage assumptions. The framework itself acts more as a collection of intermediate components, but the application deployment is easy and the result projects are stable and working fast. Since Padrino’s extensibility is not very limited, it represents a powerful and elegant tool in building applications and APIs in Ruby that can offer the same functionality as Ruby on Rails.

2.5.2 Comparison Criteria

• Application development speed – Very fast, especially for light ap- plications, thanks to scaffolding and command line based generated code.

• Learning curve – Same as with ROR, understanding Ruby is neces- sary, as well as being able to work with Sinatra. However, Padrino’s developing approach can appear rather complicated before being completely grasped. In comparison with ROR, the syntax does not seem as clear and it can take time for users to understand it.

• Documentation and community support – Tutorials and guides for both Sinatra and Padrino are not as extensive as it is with other

29 2. FRAMEWORK ANALYSIS

frameworks. However, the community and documentation support are very good.

• Code length – Short, depending on the amount of components used, but ability to scaffold and generate code skeletons relieve the devel- oper from writing large amounts of code by themselves.

• Application speed – Although the Padrino framework is built on Sinatra with a lot of helpful features, like in Rails, its performance is still close to that of a clean Sinatra application. [19]

• Usage – Padrino’s usage is rather average. The level of Ruby knowl- edge highly affects the framework usage.

• Stability – Padrino offers many security gems and components and its authentication works very well.

• Function extensibility – Extending Padrino applications is the same in a way of installing ruby gems and the Sinatra itself provides a large amount of available components.

• Evolution – Good. Padrino provides many different ORM tools for manipulating the database structure well.

• Requirements – Server needs to be provided with Ruby interpreter, Ruby 1.9.2 or any other Ruby such as 1.8.7, Rubinius, or JRuby. RubyGems package is also needed. The installation includes all other needed dependencies.

• License – Padrino is opensource, shared under MIT license.

• Responsivity – Padrino supports templating gems that provide lay- out responsivity.

• Multiplatform support – All main operating systems are supported. However, configuration is much more difficult on Windows systems as well as some gems are not supported by it.

2.5.3 Summary Padrino gives the developer the freedom of “Crafting their own framework” based on Sinatra functionality. It preserves Sinatra’s compact and fast de- veloping approach and wraps it with extensive functionality, which cre- ates an independent, adjustable and strong framework. It can be harder to

30 2. FRAMEWORK ANALYSIS grasp, but in the end allows to create both smaller and larger fast applica- tions and has proven to be a quality alternative to Ruby on Rails framework.

2.6 Django

Django is the most used Python based web framework. It is opensource and stands on the base of slightly adjusted MVC pattern. Django was ini- tially designed for content management of The World Company News web- site and later in 2005, it was published under BSD opensource license. [21] Django focuses on the development of complex web applications managed by database. It is a widely used Python web application framework that follows a philosophy called “batteries-included”, meaning that the main and extensive functionality should be included within the framework it- self rather than as a set of standalone extensions or libraries. For example, URL routing, authentication, templating system or data schema migrations are included in the framework in contrast with frameworks such as Flask or Padrino, that believe in the exact opposite strategy that the framework should be as simple as possible and rather extendable. What distinguishes Django from other Python frameworks is a possibil- ity to automatically generate the admin interface from the given database definition. Code generating in Django is highly supported and follows the same rules as Ruby on Rails, saying that, the best and fastest way to achieve the proper result is not to rewrite something that has been written before.

2.6.1 Framework Usage and Properties

Over the past decade, Django application performance, stability and com- munity have grown largely. Detailed tutorials and well structured user man- uals are readily available on the web and in books. Also framework’s func- tionality is growing with every new version, such as database migrations etc. Django’s application logic is written in Python which may be quite dif- ficult to learn through the framework itself, even though Django is a good way to start with Python based web frameworks, it is recommended that users have at least basic knowledge of Python syntax, its usage and prop- erties. Unlike Ruby, Python may be easy to learn even for beginners, thus making the introduction into the web application development simpler. Django’s architecture is based on MVC pattern, but it is divided into smaller parts providing the given functionality. The mediator part repre- sents an ORM that provides relations between the database and models represented by Python classes. Foundation provides a low-level database

31 2. FRAMEWORK ANALYSIS access and entities represent data objects. Mediator works as an interlink between foundation and entities. These parts fall under the model pattern in MVC. Presentation part handles user interface and its requirements and control provides the application logic, but also contains views, that grant view switching on the base of HTTP requests. Application programming in Django follows the basic MVC pattern by editing view templates, providing application logic via controllers and ma- nipulating data using ORM and database models. Many generic views are defined in Django, allowing to reuse components such as lists, forms or var- ious page details. The key points thus remain as the definition of database tables, generating the conventional parts of the application using generic views, adding the rest of the application logic into controllers using Python language and defining the templates that will create the application lay- out. The finishing move may be the automatically generated administration based on the table structure. Additional features of Django include lightweight, standalone web ser- ver for development and testing, validation system for forms, a cashing framework and internal component communication system. Django also provides a designer-friendly syntax for rendering the information to be pre- sented to the user via its own templating language similar to Nette’s Latte.

2.6.2 Comparison Criteria • Application development speed – Very fast, Django combines the lightweight syntax with automatically generated content and cus- tom templating language.

• Learning curve – Rather steep. After understanding the basic syntax of Python, grasping Django is easy thanks to its extensive video tuto- rials, user guides and sample projects. Also the application structure is well organized.

• Documentation and community support – Documentation is very good and well structured. Community is also very live and willing to help other users.

• Code length – Python is known for its short and simple syntax and since Django allows to generate most of application structure and generic views, the code lengths is very short.

• Application speed – Depends on the Python interpretation on the server. However low speed is not Django’s issue.

32 2. FRAMEWORK ANALYSIS

• Usage – Usage of Django is rather good, mostly thanks to the well- arranged application structure.

• Stability – Django provides basic authentication and security mea- sures, other security extensions can be installed separately.

• Function extensibility – Many separate modules are available for Django even though it provides most of the functionality by itself thanks to the “batteries-included’ philosophy.

• Evolution – Nothing needs to be translated, only the code needs to be altered, evolution is very easy.

• Requirements – Server needs to be provided with Apache server with Python module.

• License – Django is opensource, shared under BSD license.

• Responsivity – Older versions of Django did not support mobile layouts. However the newer versions are equipped with modules allowing responsivity.

• Multiplatform support – All main operating systems support run- ning and developing in Django.

2.6.3 Summary

Django works well for the lightweight application development in Python. Using the high amount of scaffolding, its approach is similar to Ruby on Rails and allows to build applications fast and without deeper knowledge of the language. Python is easy to learn and grasping Django should not be hard even for beginner web application developers. Application deploy- ment can be rather complicated especially for the thick client applications which Django is not very suitable for as well as for extensive graphic ap- plications. However, Django still remains a very powerful tool for building web applications in Python and excels with its development approach and application structure.

2.7 Flask

Flask is a lightweight web application framework written in Python. It is sometimes called a microframework, for it keeps its core simple, yet very

33 2. FRAMEWORK ANALYSIS extensible, following the exact opposite philosophy to that of Django frame- work. It was created by Armin Ronacher on April 2010 initially as an April fool’s joke framework that consisted only of one single file. However it proved to be popular enough to make into its own application. [22] Flask does not have a form validation or database abstract layer. It follows the code to be as simple as possible with addition of extending the framework with modules and extensions almost like Padrino framework. Developers are not provided with a basic project structure skeleton, but they start with a blank page. The classic Hello World! Application can be written in a single file on no more than seven lines. Extensions for Flask exist for form validation, object-relational mappers, many various open au- thentication technologies, upload handling, and more. It is commonly used in combination with templating system and ORM, making it a full size framework, yet still very small and simple.

Listing 2.1: Flask Hello World! Application from flask import Flask app = Flask(__name__)

@app.route(’/’) def hello_world(): return ’Hello World!’ if __name__ == ’__main__ ’: app . run ( )

2.7.1 Framework Usage and Properties Flask is based on Web Server Gateway Interface (WSGI), which is a speci- fication for universal interface between Python frameworks or web appli- cations and web servers that is used for lightening the server requirements on Python based applications using a simple interface. Deployment of ap- plications is easier than with Django thanks to Flask’s own development server which is a part of its installation. Development with Flask is also made simpler thanks to its built-in debugger tool. Enabling debugging re- sults in server reloading on code changes and providing its own synoptic debugger. Also, routing in Flask is very easy to configure. Certain parts of URL can be dynamically applied to a variable or a function, which results in creating URLs that are easy to remember by users and also programmable with no complicated configuration. Flask does not have any bootstrapping

34 2. FRAMEWORK ANALYSIS tools since it does not need them. From the above Hello World, a developer with no Python experience is able to start programming instantly. Generating HTML templates using Python can be complicated, espe- cially due to frequent escaping. However, Flask comes in a bundle with Jinja2 templating system that is configured automatically and allows to ren- der templates saved in the application. Jinja2 is a templating language in- spired by Django. It provides more control over its execution environment and more advanced features than Django’s default templating system. For example, it is possible to disable potentially dangerous features to safely execute templates that are considered untrusted or to compile templates ahead of time so that their validity is ensured. One of the security features that Flask provides is a support for secure cookies, on top with client side sessions, providing higher security when managing user roles since the cookies are signed cryptographically, mean- ing that user is able to look at the contents of the cookie but not allowed to modify it unless they know the secret key used for signing. Also unlike other web frameworks, Flask’s file structure is rather ele- mentary and consisting of very few files, still following the ideology of keeping everything simple and extensible. Even though building smaller applications with Flask is more suitable, it provides blueprints which is Flask’s concept of modularity that can greatly simplify the work flow for large applications. Flask uses a concept of blueprints for making applica- tion components and supporting common patterns within an application or across applications.

2.7.2 Comparison Criteria

• Application development speed – Developing small applications is always faster, however Flask takes this approach even further. Even though developers must write most of the code by themselves, the amount of it is very small, making application development speed very fast.

• Learning curve – Thanks to easy configuration and simple structure, everything programmers need to see is still visible. It is also a great way to learn Python and understand web application development.

• Documentation and community support – Flask is fully documented using Docstrings. Communities are very much alive and willing to offer support.

35 2. FRAMEWORK ANALYSIS

• Code length – Code length in Flask is the shortest. It fully embraces the meaning of microframeworks.

• Application speed – Even though it does not excel in speed (similar to other Python applications), it is completely sufficient.

• Usage – Good. Flask’s tutorials explain everything that is needed, even though fully grasping the framework requires some practice.

• Stability – Basic security measures in Flask are well built, it can also be extended with other security modules.

• Function extensibility – Many separate modules are available for Flask, making it very easy to extend.

• Evolution – Nothing needs to be translated, only the code needs to be altered, evolution is very easy.

• Requirements – Depending on the type of the server, it must be pro- vided with certain modules for WSGI and Python installation. Flask itself depends on two external libraries, Werkzeug and Jinja2.

• License – Flask is opensource, shared under BSD license.

• Responsivity – Flask does not support layout responsivity.

• Multiplatform support – All main operating systems support run- ning and developing in Flask.

2.7.3 Summary

Flask is perfect for learning the basics of web application programming. Even though it gives a very different development approach, it helps to un- derstand the functionality of a web application development thanks to its simplified structure. It is effective for stand-alone applications and proto- types that need to be created quickly. It also has a very powerful web-based debugger and supports RESTful3 URL routing. Flask is one of the most ex- tensive microframewroks available and by itself, it provides a large amount of features that are worth applying.

3. Representational state transfer. A complex web service architecture providing requests for services using access URLs.

36 2. FRAMEWORK ANALYSIS

2.8 Grails

Grails is an opensource merge of Java and Ruby based web development approach, written in Groovy (programming language based on Java plat- form). It is a robust and complex building tool for extensive web applica- tions that has been developed since 2005 under the original name Groovy on Rails that was later forced to be dropped. In 2008, Grails was released as a stable version. The framework is a strong solution based on MVC pattern, following the coding by convention paradigm. Groovy is very similar to Java, with extended functionality provided by languages such as Ruby or Perl. It is characterized by its procedure chaining that (as in Ruby) allows to merge the output of a method with input of another method, good support for generating markup languages, or properties such as dynamic typing or operator overloading. Groovy is object oriented and can also be used as a script language for Java platform. Grails is a web framework that allows to effectively develop both dy- namic websites and desktop applications and is focused also on back-end part of the applications.

2.8.1 Framework Usage and Properties One of the strong features provided by Grails are powerful and very easy to use templates for viewing management along with its well built ORM that provides direct database table mapping to objects. Grails also supports the possibility of connecting to Spring framework, which allows it to extend its functionality by many available plugins. It is easy to learn thanks to its Java- like syntax, clear guides and tutorials on its website. Like Django, Grails also allows to completely generate an administrator part of the application for any domain class using scaffolding. Same as Laravel, it tends to grasp the most used and verified properties of Ruby on Rails and transform it to its own language-based framework layout. Development in Grails is maintained by common MVC approach. Model classes (in Grails known as domain classes) are easily mapped on database tables thanks to Grails’ ORM provided by Hibernate4. They allow to au- tomatically generate the administrator section of an application thanks to contained database schema information. Framework controllers are writ- ten in Groovy, but allow to be easily connected with Java classes, therefore providing a good environment for Java programmers that are not yet com-

4. An object-relational mapping framework for the Java language

37 2. FRAMEWORK ANALYSIS pletely used to Groovy. Views are based on GSP (Groovy Server Pages) or JSP (Java Server Pages) markup languages, which can be represented as a HTML with additional special marks for stating controllers. Testing in Grails is well handled thanks to the possibility of testing every component of application easily. Since Grails handles the structure writing, mocking and configuring tests itself, only writing the actual test is left to the developer. Grails does not provide an authentication/authorization mechanism. The idea behind this approach is that users would generally use either Spring Security, Apache Shiro or the authentication plugin instead. This plugin, however, seems to only support authentication, and the rest is up to the developer to implement. Grails therefore relies on Spring Security or another security tool. Development interface in Grails is provided by maintaining the frame- work using a console or a lightweight server for needs of development. Grails is supported by NetBeans, Eclipse and IntelliJ Idea interfaces that allow it to be tested and easily maintained, expanding the support of the framework broadly. Same as with Java, Groovy needs to be compiled to bytecode, which can be then used with Java libraries or Java code. Result Grails application is compressed to a web application archive that is then deployed on the server. Resulting application then runs as thin client and does not require any extensions on a client side.

2.8.2 Comparison Criteria • Application development speed – Developing speed is rather ave- rage. Even though it can be fast thanks to scaffolding and generating interfaces, more complex applications require more time configur- ing.

• Learning curve – Learning Grails is made easier by connection with Java. Allowing users to provide connections with Java classes and slowly transcending to Groovy syntax is a good learning tool. Also since Grails follows classic MVC pattern, it does not require any fur- ther knowledge of structure.

• Documentation and community support – There is a large num- ber of books, guides, tutorials that can be source of information for Grails. Community has grown since Grails is picked up by more de- velopers every day. Also documentation support is good.

38 2. FRAMEWORK ANALYSIS

• Code length – Short. Only large amounts of code are required on application logic. Grails follows Ruby on Rails’ approach in dealing with large amounts of code using scaffolding and additional features that Groovy provides make the amount of code even shorter.

• Application speed – Depends on the interpretation of bytecode on server, however application speed decreases with its complexity.

• Usage – Long term usage of Grails is good. Following MVC pattern in combination with Java-Ruby based approach make Grails very developer friendly.

• Stability – Grails does not provide an authentication/authorization mechanism. It requires other security measures to be implemented by user or tends to rely on Spring Security or another security tool.

• Function extensibility – Grails provide many plugins allowing to extend the framework’s functionality.

• Evolution – After every code alteration, the application must be trans- lated and in a form of WAR file again transferred to server.

• Requirements – Grails can be deployed on any server supporting Java.

• License – Grails is opensource, shared under Apache 2 license.

• Responsivity – Older versions of Grails did not support mobile lay- outs, this issue is now resolved.

• Multiplatform support – All main operating systems support run- ning Grails applications.

2.8.3 Summary

Grails is a robust MVC based solution that apart from other frameworks does not focus on a single application type, but supports them all. It lacks a little in security measures by itself, but it can be easily extended by other security tools available. Same as with Laravel, Grails tend to use Ruby on Rails’ best advantages and properties and transcend it to its own language based framework. After grasping the functionality of Groovy, it becomes

39 2. FRAMEWORK ANALYSIS extensible, robust and stable tool for building Java based applications. De- ployment tends to be a little complicated but the framework itself is pow- erful. It is suitable for e-commerce, CRUD, desktop and also mobile appli- cations.

2.9 Vaadin

Vaadin is a Java-based opensource framework for building rich web appli- cations. First developed as IT Mill Toolkit, it was officially launched and renamed to Vaadin in 2009. Its directory was opened a year later. Vaadin features server-side architecture which allows it to run most of the applica- tion logic on servers in contrast to JavaScript libraries and solutions based on browser plugins. [25] Client side is based on Google Web Toolkit (GWT), which is an opensource set of tools that allows developers to develop and maintain complex JavaScript based front-end applications in Java. Browser side of the application is supported by AJAX, ensuring broad interactive experience for the users. Vaadin is a component based framework, incorporating event-driven programming and widgets that make the programming closer to GUI soft- ware rather than combination of HTML and JavaScript. GWT operates only on the client side, thus does not lead to any trust issues, adding server- side data validation to all actions. Development with Vaadin is supported by unique combination of building on Java Virtual Machine (JVM) and HTML5, thus merging the approach between standard Java systems and web-based applications.

2.9.1 Framework Usage and Properties

Since Vaadin is component-based, apart from MVC pattern, it follows reuse- based approach to defining, implementing and composing loosely coupled independent components into systems. Java is a perfect tool for writing such types of applications with their logic remaining on the server side, en- abling immediate access to data and services through Java. Vaadin’s client side supports using both JavaScript as well as Java on the client side with the included compiler that translates Java to JavaScript, based on GWT, giv- ing developers the full access to the Document Object Model (DOM) struc- ture of the application. Meeting the framework is made very comfortable through its beautiful website. Introduction to Vaadin, describing its functionality and most im- portantly, well documented tutorials for building first application are well

40 2. FRAMEWORK ANALYSIS organized and easy to grasp by users. One of the learning features is the possibility of downloading The Book of Vaadin for free, simply by register- ing on Vaadin’s website. Featured guides also contain sheets with diagrams for better understanding the architecture for Vaadin applications and com- posing the interface.

Figure 2.1: Architecture for Vaadin Applications [25]

Vaadin’s comprehensive component nature provides a large set of user interface components, controls and widgets with built-in lazy loading that helps to facilitate client side development. Other features such as drag and drop support and mobile touch support are provided by AJAX which en- ables to create highly interactive websites with no need for page reload- ing. Looks of the application can be customized by powerful CSS and SASS based component styling and good looking themes that are also provided with custom samples with no need of Java code alteration. Development in Vaadin is purely object oriented, Java only and type- safe, providing a powerful server-side programming model. Vaadin also specializes on secure web application architecture, running the application code, validations and business logic on the server.

41 2. FRAMEWORK ANALYSIS

The trend of enhancing the frameworks with components also takes its place in Vaadin framework. The community provides more than 500 com- ponents that allow to extend framework’s functionality. These include var- ious themes, data components, uploaders and much more. What distin- guishes Vaadin’s extensibility from other frameworks is the possibility of simply dragging and dropping the component into the framework’s inter- face providing a fast extension installation.

2.9.2 Comparison Criteria

• Application development speed – Development speed is moder- ately fast. Vaadin’s architecture allows to keep the file amount low, however, writing a skeleton from a blank page can be a little time consuming. Starting with a theme, on the other hand, can be much faster.

• Learning curve – Having advanced Java skills is an advantage when working with Vaadin, since the server side of the application is pure Java. Understanding structure of application can be tricky at first, but after a few simple projects, developer should be able to create more extensive systems.

• Documentation and community support – Vaadin is well documen- ted with cheat sheets, guides and its own book. The Vaadin commu- nity is very active. Over 150.000 developers use Vaadin in their daily work and answer questions on the forum.

• Code length – Average. The best way to start fast is to use custom themes provided by the community. However, application function- ality code can be shorter in comparison with other frameworks.

• Application speed – Depends on Java Runtime Enviroment speed, however application speed is completely sufficient.

• Usage – Very good. After grasping Vaadin’s functionality, it is easy to build with and provides very attractive developing approach.

• Stability – Vaadin provides server-side user interface state manage- ment, secure parameter and request validation, built-in JSR-303 vali- dation and SSL support. It is also extendable by further security com- ponents.

42 2. FRAMEWORK ANALYSIS

• Function extensibility – Vaadin’s community provides more than 500 components that can be easily dragged and dropped in the frame- work interface.

• Evolution – After altering the code, application must be translated again.

• Requirements – Vaadin supports Java Servlet API 2.3 and later ver- sions and should work with any Java application server that con- forms to the standard.

• License – Vaadin is free and opensource under the Apache 2.0 li- cense.

• Responsivity – Very broad. Applications in Vaadin are written to be platform and device friendly.

• Multiplatform support – All main operating systems are supported.

2.9.3 Summary

Vaadin is designed to build web applications, not just websites. This makes it suitable for application development rather than website development, however, writing a content management system in Vaadin is possible and made easy. Its programming approach is closer to desktop application pro- gramming, allowing to write extensive interactive graphic applications, and it is able to deliver in situations where other web frameworks would not be as suitable.

2.10 Play

Play is an opensource web application MVC framework officially released in October 2009 based on a lightweight, stateless, web-friendly architecture. It is written in Scala and Java programming languages, briefly reminding of Grails’ similar dual language approach. Scala is (similar to Groovy) intended to be compiled to Java bytecode, so that the result is executable on Java Virtual Machines. It is a program- ming language inspired by Java’s shortcomings that has a full support of functional programming and a very strong type system. Apart from Grails, Play allows to choose the programming language for developing applica- tion logic.

43 2. FRAMEWORK ANALYSIS

Play is heavily inspired by Ruby on Rails and Dajngo and is following their concept of modules, development and command line interface. Apart from other Java-centric frameworks, Play uses no Java EE5 constraints mak- ing it easier to work with. For example, it is fully RESTful, meaning its con- nections are Java EE sessions free.

2.10.1 Framework Usage and Properties Installation and creating a project in Play is extremely simple. After down- loading and adding the package, user is asked which application template to load (play-java, play-scala, play-java, minimal-java and minimal-scala) deter- mining the extent of application and language for application logic. After naming the project, it can be easily imported to IntelliJ Idea, Eclipse or other developing interface with basic MVC file tree included. The tree consists of public folder with CSS, JavaScript and other user-visible content. The app folder includes folders for Java classes representing views, controllers and models. Configuration and routing files are separate. Models are mapped the same way as in Ruby on Rails. Every table in database represents a class extending a Java Persistence API and is then created in the database. Tem- plating system is handled by asset compiler for CoffeeScript6 and LESS. From the start, Play behaves and looks like easier, more lightweight Ruby on Rails. Also, introduction video tutorial and documentation on the framework’s website are very convenient. One of the major features that distinguish Play from other frameworks is its native Scala support. Play uses Scala internally, but also exposes both Scala API, and Java API that is deliberately slightly different to fit in with Java conventions. Play is thus completely interoperable with Java. Also, thanks to Scala, application logic can be written in a more functional way, adjusting the approach to some algorithms. Play is also extensible with various modules adjusting its functionality same way as Ruby on Rails or Django, even though its API comes with most requirements built in. Testing in Play is very nicely handled. It uses JUnit7 by default and will create a new process for each test. Another good testing feature is Play’s ability to mock a whole application for the test to use. For example, a tool

5. A widely used enterprise computing platform developed under the Java Community Process. 6. A programming language that transcompiles to JavaScript with syntax improvements inspired by Ruby and Haskell. 7. A unit testing framework for the Java programming language

44 2. FRAMEWORK ANALYSIS like Mockito is required to test out code or infrastructure in other Java based frameworks, unlike Play in JavaTest with FakeApplication, which al- lows developers to spin up a real “fake application” with a real in-memory database. Its debug tool is similar to Nette’s and is making application test- ing much easier. Play also adds support for secure routing and has a strong annotation- based authentication. These features enable developers to increase their ap- plication’s security without needing to write an if block in every method. All that is required is to add @With and @Check annotations thus creating a very convenient approach of handling basic security measures.

2.10.2 Comparison Criteria

• Application development speed – Development speed is fast. Play does a lot of work for the developer and its code generating ap- proach is similar to Ruby on Rails. Easy database object mapping and testing make Play one of the faster developing frameworks.

• Learning curve – Learning to use Play is very easy. Mostly thanks to its clean file structure and strictly MVC oriented approach. Also, learning to create web applications in Java is not that hard as learn- ing it in Ruby or Python.

• Documentation and community support – Play’s community is not so extensive, but it is playing its part. Documentation is well orga- nized and tutorials nicely structured.

• Code length – Average to short. Scaffolding is made possible through a module, yet generated project skeleton covers the most of project setup.

• Application speed – Depends on Java Runtime Environment speed, however the compiler and runtime (JVM) do all the work so that applications can run faster.

• Usage – Combining Ruby on Rails and Django application devel- oping approach with the simplicity of MVC pattern and clean code make the usage of the framework very user friendly.

• Stability – Play provides basic support for secure routing and has a strong annotation-based authentication. Other security modules can be installed separately.

45 2. FRAMEWORK ANALYSIS

• Function extensibility – Play follows the concept of module exten- sibility, making it easy to adjust.

• Evolution – One of the great properties of Play is its hit refresh work flow. After altering the code, only thing needed is to refresh the browser.

• Requirements – Play can be deployed on any server supporting Java. To run the framework, JDK 6 is needed.

• License – Play is free and opensource under the Apache 2.0 license.

• Responsivity – Applications in Play are written to be platform and device friendly. It can also be extended through various modules.

• Multiplatform support – All main operating systems are supported.

2.10.3 Summary

Play is a very good Java based, easy-to-learn option for developers that are fond of Ruby on Rails approach of web application development. It is suitable for building CRUD systems or e-commerce systems. Thanks to its pure MVC pattern structure, it is easy to learn and fast to grasp. It does not have the scale of extensibility or community support as its Java based counterparts, but in framework handling and usage, it beats them all.

2.11 Framework Overview

Laravel is a very powerful tool for building web applications in PHP. It pro- vides the approaches of extensive packaging systems, scaffolding and easy database setup from popular frameworks such as Ruby on Rails and repre- sents it in PHP, mitigating the need of learning more complex programming languages and leaving developers with functions they know from PHP. Lar- avel is based on MVC architecture and is distinguished primarily by its real world optimization and the fact that it goes towards development issues that matter. It is opensource and can be used to develop extensive systems as well as blogs and CMS.

Nette is by far the best option for beginner web application developers. Mostly thanks to its pure MVC approach, straight forward file structure and well distinguished class types. It is designed to be as easy as possible and

46 2. FRAMEWORK ANALYSIS does not require any complicated setup or configuration. Apart from be- ing PHP based, Nette uses custom Latte templating system alleviating the amount of HTML needed to be written. It is a highly secure framework with well protected forms and many custom security plugins. Nette is good for developing smaller e-commerce sites, wikis, blogs or CRUD applications, yet it is not very suitable for complex graphic applications.

Phalcon is a PHP based, MVC framework built for applications requiring high performance. Its core is written in C and implemented in PHP in or- der to achieve high application speed. It comes with a collection of scripts for generating project skeleton, preparing database settings and thus alle- viating the amount of code needed to be written. Also the core written in C is well disguised, even though it may cause trouble for PHP developer to debug C if a major problem occurs. Phalcon is well suitable for applications requiring fast responses and high request handling speed, however when writing a simpler application, using Nette or Laravel would be much easier.

Ruby on Rails offers a very good way of building dynamic web applications. Mostly thanks to its abilities of scaffolding and good support of generating complex parts of application. However, it is not very suitable for build- ing extensive thick client graphic web applications. ROR is very extensible thanks to its gem packaging system and it is a perfect tool for programmers that know Ruby and work on Unix based systems. Not knowing Ruby can be a huge obstacle for beginner users but after grasping it and understand- ing Ruby’s syntax, managing ROR is quite easy. The only issue remains with application deployment and server requirements.

Padrino is based on Sinatra and gives developers the freedom of “crafting their own framework” by preserving Sinatra’s compact and fast developing approach and adding extensive functionality. This creates an independent, adjustable and strong framework. Padrino stands with ideology of making only most needed extensions part of the framework and that the rest should be adjusted to application needs. Even though Padrino can be harder to grasp, especially for developers not so familiar with Ruby language, it al- lows to create both smaller and larger, faster applications and has proven to be a quality alternative for Ruby on Rails framework.

47 2. FRAMEWORK ANALYSIS

Django is another well-built framework solution allowing to build a dy- namic website or a web application in a short period of time. It is recom- mended to be familiar with Python language before using Django, however, grasping its functionality is made easier through its MVC architecture. One of Django’s top features is a well handled database model mapping and the ability to automatically generate application administration. Applica- tion deployment can be rather complicated especially for the thick client applications which Django is not very suitable for, as well as for extensive graphic applications.

Flask is a Python based microframework, well suitable for introduction to web application programming. It does not have a form validation or data- base abstract layer for it follows the code to be as simple as possible with addition of extending the framework with modules and custom component extensions. Flask works well for applications that are standalone or proto- types and require to be developed quickly. It is commonly used in combi- nation with templating system and ORM, making it a full size framework, yet still very small and simple.

Grails is a robust MVC based web application framework solution written in Java and Groovy. Same as Laravel, it uses Ruby on Rails’ best advan- tages and properties and transcends it to its own language. In this case it is Java which is by itself a language created to be a solution suitable for de- veloping web applications. Deployment tends to be a little complicated but the framework itself stays powerful and after understanding the basics of Groovy, it is also easier to learn. Grails is suitable for e-commerce, CRUD, desktop and also mobile applications.

Vaadin is a Java-based opensource framework for building rich web appli- cations. It is a component based framework, standing on event-driven pro- gramming and widgets that make the development closer to GUI software rather than combination of HTML and JavaScript. Developing applications in Vaadin is closer to desktop applications programming, allowing to write extensive applications or interactive graphic programs which most frame- works are not suitable for.

48 2. FRAMEWORK ANALYSIS

Play is a Java based framework that is easy to learn and is suitable for de- velopers that are fond of Ruby on Rails approach of web application devel- opment. It is MVC based and written in Scala and Java languages. Play is suitable for building CRUD applications or e-commerce systems and even though it does not have the scale of extensibility or community support as its similar Java based frameworks, it is very easy to use in comparison to its Java based siblings.

49 2. FRAMEWORK ANALYSIS

2.12 Summary and Comparison Tables

It is clear that in the world of modern web application frameworks, there is plenty to choose from. All frameworks that have been tested for pur- poses of this paper are well written, properly documented and supported and all offer a great solution for creating dynamic web applications. Even though it is clear that some of the frameworks are more suitable for differ- ent development approaches than the others, level of knowledge of a given programming language is still one of the most important criteria. Being in- troduced to a complex framework that is written in a programming lan- guage the developer is not so familiar with can make understanding the framework functionality more difficult. However, for most of highly rep- resented framework languages, there exists an alternative in different lan- guages with similar programming approaches. Ruby on Rails proves to be the best solution for creating e-commerce systems as well as simple CRUD applications in a matter of hours, yet as it was mentioned before, it requires that the developer is familiar with Ruby language. Django and Laravel can be considered very good alternatives in different programming languages for this certain type of agile develop- ment. By far the best introduction to the world of web application devel- oping turned out to be Nette. Especially for users that are not familiar with web application development at all. Vaadin proved to be the best choice for extensive systems and large graphic applications thanks to its desktop- like development approach. If speed should be the main criterion of an ap- plication, then the best solution would be Phalcon with its extremely fast response time. It is not possible to determine the best of all frameworks, because every single one is written in a different way, to solve different problems, and it is up to the developer to choose the most appropriate approach, whether it is agile development, desktop-like approach, easy customization, exten- sibility, or simply learning more about web application programming or a specific programming language. Output from research of tested frameworks according to the given cri- teria is introduced in a series of tables below.

50 2. FRAMEWORK ANALYSIS

Framework Architecture Languages License Laravel MVC PHP MIT Nette MVC PHP BSD Phalcon MVC PHP, C BSD Ruby on Rails MVC Ruby MIT Padrino MVC Ruby MIT Django MVC Python BSD Flask Component Python BSD Grails MVC Java, Groovy Apache 2.0 Vaadin Component Java Apache 2.0 Play MVC Java Apache 2.0

Table 2.12: Comparison table of framework architectures, languages and licenses

Development Learning Documentation Framework speed curve and support Laravel Fast Steep Very good Very good, Nette Rather fast Very steep mostly Czech Phalcon Rather fast Average Very good Ruby on Rails Very fast Steep Very good Padrino Very fast Average Good Django Very fast Rather steep Very good Flask Very fast Very steep Very good Grails Rather average Steep Very good Vaadin Fast Average Very good Play Fast Steep Good

Table 2.12: Comparison table of framework development speed, learning curves and documentation and support

51 2. FRAMEWORK ANALYSIS

Application Framework Code length speed Usage Average, Laravel scaffolding Fast Very good Nette Rather average Average Very good Average, Phalcon scaffolding Very fast Average Very short, Ruby on Rails scaffolding Fast Rather average Padrino Short, scaffolding Fast Rather average Very short, Django scaffolding Average Good Flask Very short Average Good Grails Short, scaffolding Average Very good Vaadin Average Average Very good Play Rather short Rather average Very good

Table 2.12: Comparison table of framework code lengths, application speed and usage

52 2. FRAMEWORK ANALYSIS

Framework Stability, security Extensibility Evolution Very high, packaging Laravel Very good system Very easy Nette Very good High, plugins Very easy Phalcon Average Average Very easy Very high, packaging Ruby on Rails Good, extensions system Very easy Very high, packaging Padrino Good, extensions system Easy High, packaging Django Good, extensions system Very easy Flask Good, extensions Very high, extensions Very easy Average, Spring Grails security High, extensions Hard Very good, Vaadin extensions High, extensions Average Play Good, extensions High, extensions Very easy

Table 2.12: Comparison table of framework security, extensibility and evolution

Framework Requirements Responsivity Templating system Laravel Several PHP extensions support Layout modification Nette Several PHP extensions plugins Phalcon GCC compiler, Git or XCode Not supported Ruby on Rails Ruby module Templating gems Padrino Ruby module, RubyGems Templating gems Django Python module Supported Python module, Werkzeug, Flask Jinja2 Not supported Grails Java JDK Supported Vaadin Java JDK Highly supported Play Java JDK Supported

Table 2.12: Comparison table of framework requirements, and responsivity support

53 2. FRAMEWORK ANALYSIS

2.13 Chapter Conclusion

In second chapter, the chosen frameworks were tested according to speci- fied criteria and their functionality and usage was described. The chapter concluded the research in a summary description and usage recommenda- tion as well as in tables describing the given criteria for each tested frame- work.

54 3 Web Application Development

This chapter consists of the practical part of the paper. It describes require- ments for applications to be developed, and the most suitable framework from last chapter’s research is chosen. After analyzing the requirements and framework options, the chapter describes the design of applications, including diagrams and application structure. Last part of the chapter de- scribes development and testing.

3.1 Application Requirements

Practical part of this paper consists of designing and developing applica- tions for LEMMA – Laboratory of Electronic Multimedia Applications. The laboratory is housed at Faculty of Informatics of Masaryk University and it specializes in technology of multimedia processing and publishing, in- cluding production and post-production of films. The laboratory is very active, its main courses Basics of Film Discourse (PV110) and Production of Audiovisual Artefacts (PV113) specialize in multimedia education and production of student films that are annually presented on a faculty film festival that has been organized by LEMMA since 2001.

55 3. WEB APPLICATION DEVELOPMENT

3.1.1 Application for LEMMA

Even though members of the laboratory are very active and often contribute to the laboratory blog about new equipment, research or events concerning the film festival, LEMMA’s website is rather obsolete. The website is writ- ten and compiled in TEXY1 and every time a member of LEMMA wants to write a blog post or adjust content of a page, the whole application needs to be complied and uploaded on the server again. It was clear that the website needed a complete redesign that would be easily manageable, extensible and that would co-operate with user accounts of members of Masaryk Uni- versity. Requirements for the application were stated as followed.

• New, unifying graphic design that is both modern and transparent

• Mobile device responsivity

• Easily manageable content editor

• Easy application extensibility

• User friendly environment

• University member account authentication

• User manager

• Website page manager

• Blog

• Photo and video gallery

3.1.2 Application for Film Festival

Since 2001, LEMMA’s film festival website’s structure remains unchanged. To alleviate the amount of programming needed by students of multimedia to manage the website consists of plain HTML and CSS that are annually changed according to the theme of the current film festival. Websites from each year are then archived to show the historical changes in film festivals. Even though there is no programming knowledge required for students of the laboratory courses, managing festival website content is

1. Lightweight markup language as well as converter of this format to XHTML, in a form of a library written in the PHP.

56 3. WEB APPLICATION DEVELOPMENT quite time consuming and editing the website header or footer means edit- ing every single static HTML page. Since the application for LEMMA website was meant to be easily ex- tensible, it was proposed that a mutation of the application would be de- veloped in order to alleviate the festival website content management. Re- quirements for festival website application were stated as followed.

• Minimal front-end design to be easily editable for future themes

• Mobile device responsivity

• Easily manageable content editor

• Easy application extensibility

• User friendly environment

• University member account authentication

• User manager shared with LEMMA application

• Website page manager

• Film manager

• Sponsor manager

• Article manager

• Photo and video gallery

3.2 Framework Selection

Since both applications shared most of the requirements, it was clear that one framework would be much more suitable for both, rather than imple- menting two separate solutions. The key request for both applications was easy management and extensibility and even though most of the tested frameworks would have been suitable for this criteria, knowledge of a given programming language had to be considered as well. PHP is the most pop- ular language among web developers. Same as Java, it is taught in most mandatory programming courses on Faculty of Informatics. It is also highly probable that even though students working with the websites will have

57 3. WEB APPLICATION DEVELOPMENT previous knowledge of HTML and CSS, not all of them will possess previ- ous experience with web applications or frameworks. Therefore, the intro- duction to the framework must be made as easy as possible. Also, to miti- gate the requirements on the server it would be suitable to choose a frame- work that is written in PHP. Since requirements cover easy framework us- age and clear introduction to the application, it appears that using Nette framework for the development might be the best solution. Nette is easy to learn and its code and file structure is well suitable for beginner developers. It is easily extensible and does not have any special requirements on the server. Using its templating system would prove to be a good solution when adjusting the front-end of a festival website. It can also be combined with plain HTML and does not require any further configuration. Together with its advanced security and easy customization, Nette would be a good choice for development of these applications.

3.3 Application Design

One of the application requirements is that both applications share user management, so that it would be easier to administer for users managing both websites. This criterion results in a case of a shared database which is easily manageable within the server constrains. Content management can be separated to several sections, each defining a database entity that repre- sents a given content type. The requirements lists allow to create a shared use case diagram that clearly shows types of content to be managed.

58 3. WEB APPLICATION DEVELOPMENT

Figure 3.1: LEMMA applications use case diagram

3.3.1 User Roles

From the use case diagram, it is clear that there are four user types defining the levels of administration where each role possesses use cases of roles beneath it. First role level defines a blogger. User with this permission can manage blog posts, work with photo and video gallery on LEMMA website and upload and manage files and images that can be inserted into blog posts. This user level is typical for a laboratory intern or a member of LEMMA who does not participate in organizing the film festival.

59 3. WEB APPLICATION DEVELOPMENT

Second role defines a film festival website content editor, typically a stu- dent of PV113 whose course task is to manage the festival website. This type of user can alter everything on film festival website including articles, partners, movies, galleries as well as static pages. They are also granted the blogger’s permissions, meaning that this user can also post blog en- tries about film festival news on LEMMA website and manage LEMMA galleries. Next in the hierarchy are LEMMA website content editors. User with this role can manage static pages and home sections on laboratory’s web- site. It is a typical role for a senior LEMMA member that is allowed to update laboratory’s archives. Again, members with this role are granted permissions of a blogger, as well as those of a film festival website content editor. The highest position is defined as a super admin. This user can add new users to the system, manage their role levels as well as deleting them. Super user has all permissions except the permission to delete themselves from the database. User management can be handled both from LEMMA website and film festival website. This role is typical for a laboratory course mentor or a senior member.

3.3.2 Administration For end users, the biggest usage problems with traditional content man- agement systems such as Joomla or Wordpress are its broad administration and large amount of option settings. Even though the tasks that users need to perform to manage the website content might be straightforward, com- mon content management systems usually offer a lot of different settings for developers in the administration. Of course, some of these actions can be hidden from users, however, they will still need to navigate through sev- eral administration steps to get to desired settings. In order to create a website content management application that is user friendly, lightweight and yet still has a powerful administration tool, an “edit what you see” approach is introduced by LEMMA applications di- rectly on the front-end. This form of administration not only alleviates the complexity of an administration module, it completely removes it. Leaving users with administration buttons directly on the front-end of both appli- cations, next to the editable content. These buttons are only visible to users that are logged in and granted given permissions.

60 3. WEB APPLICATION DEVELOPMENT

3.3.3 Content Management Thanks to simplified content administration, the structure of application is alleviated even further, allowing to create a database with minimum con- nections. Since all types of content are separated, there is no need for com- plicated connections between the user and content manager. This structure takes the application extensibility to the maximum, where creating a new content type is equal to creating a table in a database with no need for main- taining connections.

Figure 3.2: LEMMA application class diagram

61 3. WEB APPLICATION DEVELOPMENT

Figure 3.3: Film festival application class diagram

It is plain to see that both applications have a lot in common and have a similar structure. Both websites require management of several types of content that are stored in a database in separate tables. Since Nette is used for application development, it is visible that all content types require just one model represented by given table in a database. Application structure thus remains transparent and easy to extend.

3.3.4 Graphic Design

Modern trends of web design evolve every day and web designers tend to push the limits of websites further with each new approach. Creating a website that is modern, has a good visual side and is also easy to nav- igate may prove to be rather challenging. Even though trends evolve and enhance the ways websites are browsed, for some users, these changes can be confusing and every type of website that is not easy to navigate for ev- eryone is a website that is not working properly.

62 3. WEB APPLICATION DEVELOPMENT

One of the application requirements was to design a new, modern and unifying visual side of the website that would be easy to navigate and will familiarize its visitors with with the laboratory’s work. First impression a website should give, is to present a statement about its purpose and contents. After arriving on a website homepage, it should only take seconds for the users to realize whether or not they are on the right website. LEMMA’s original website has a well structured homepage, yet it over- whelms its visitors with large amounts of texts. And even though the head- ing saying “Who are we?” encourages the visitor to read more about web- site’s content, it is also the first section to attract their attention. However, the first section should not be a question, it should be an answer to the question. LEMMA’s website redesign introduces a rather different approach. It is designed to be minimalistic and easy to navigate. Its homepage instantly greets the visitor with a heading stating the name and purpose of the labo- ratory. To further familiarize its visitors with website content, a large header image is introduced, which can contain a photo of some laboratory equip- ment and members or students attending the film festival. Title info icons introduce the visitor to main purposes of the laboratory using short struc- tured texts. Rest of the homepage contains newest blog posts that inform about current events around the laboratory and a quick overview about lab- oratory members and projects. Website’s subpages are organized in a hori- zontal menu navigation with links to galleries, blog and other static pages. This new layout presents the laboratory in a transparent way and pro- vides all the important information along with easy website navigation. Colors are based on the old design and unified with laboratory logo colors, resulting in a look that is distinguishable and easy to remember. While in administrator mode, every changeable section of the website is provided with administrator buttons that are graphically separated from the website layout and allow to manipulate with website content directly on the front-end. Making navigation and usage easy also for users that are logged in.

63 3. WEB APPLICATION DEVELOPMENT

Figure 3.4: LEMMA’s original website homepage

64 3. WEB APPLICATION DEVELOPMENT

Figure 3.5: Classic mode in LEMMA application graphic design

65 3. WEB APPLICATION DEVELOPMENT

Figure 3.6: Administration mode in LEMMA application graphic design

66 3. WEB APPLICATION DEVELOPMENT

3.4 Application Implementation

Once all requirements are established and necessary design diagrams are made, it is important to choose the right development tools before creating the project.

3.4.1 Development Tools

Since Nette is written in PHP with additional HTML and Latte templates, its projects can be developed in an integrated development environment (IDE) such as NetBeans, which is not only easy to set up and work with, but is also broadly used in programming courses at the Masaryk University. NetBeans IDE 8.1 can be downloaded for free directly from its web- site. [29] It allows to choose from several editions for different program- ming languages. For developing LEMMA applications Net Beans PHP is required. The PHP package contains all tools necessary for creating a Nette application as well as script debugging functions, highlighting PHP,HTML, CSS and Latte syntax, creating empty class templates and generating project documentation. Nette also provides a very good support for team based tools such as Subversion. NetBeans can be easily installed on a machine with any platform and there is no need for complex configuration. Fur- thermore, there are many extensions and plugins that can be downloaded separately, directly via the IDE itself. It can also be used for creating a database for current project and sup- ports running a server for web application development such as Tomcat or Glassfish.

3.4.2 Creating the Project

Nette’s website provides a well written guide for starting a first project. The best and fastest way to create a Nette project is downloading its Sandbox archive. This archive contains everything needed for Nette application de- velopment, such as basic configuration, router setup, basic application file structure, and of course, resources such as Nette framework, Latte templat- ing system, Requirements checker, Tracy debugging system and Adminer database tool. It is also possible to define custom Nette package with cus- tom component selection included and use it to start a new project. Both Tracy and Adminer are set up to be active only on localhost and once the application is transferred to a server, the application switches to production mode and both tools are hidden from users.

67 3. WEB APPLICATION DEVELOPMENT

Developers can use Nette’s requirements checker to find out whether all requirements for running Nette are met, even though all extensions are usually installed initially on the server and there is no need for further in- stallations. The only configuration that needs to be done by user is setting up the database connection in configuration text file. Everything else is taken care of by Sandbox and the project is ready for development. Opening the application folder in NetBeans creates a NetBeans PHP project that assigns every class and template to the project resources and displays project file structure to be worked with.

3.4.3 Project Structure

Nette follows the MVC pattern and it is also visible in the default project file structure which is divided into several key folders. The app folder contains every crucial part of the project back-end. Apart from holding the very core of MVC pattern (templates, models and presen- ters) it also contains a config folder including its two core setup files. First configuration file, config.local.neon, defines the database connection and its optional parameters. The other file, config.neon, lists all other setup items such as timezone, session expiration, presenter definition and used services. It is crucial that it includes all application model names as services in order for the application to recognize them as models. Both of these configura- tion files are tabulator sensitive and must not be made accessible directly through URL. The router directory is another part of the setup, yet in Sandbox it is already set in a default way to display presenter URLs in a manner of pre- senter/action. For example, a page with editing a blog post with id 5 will now have URL set as: /blogpost/edit/5. There are many other options for adjusting URLs in a manner that they are not complicated and easy to read. They are widely described in Nette’s documentation. First line in every PHP class in Nette projects defines its name space (location), so it is up to the developer to create a folder structure that suits them the most. It is only recommended to follow the classic MVC pattern, however, it is not mandatory, as long as each class has a properly defined name space. The model folder contains PHP classes defining database tables for vari- ous types of web content. The base presenter class includes all key database operations such as insert, delete, update, and get by id. Other content type models define a table in a database and contain functions specific for the

68 3. WEB APPLICATION DEVELOPMENT content type. For example, the gallery model includes a function for manag- ing image files into folders and creating thumbnails. All functions in models are working with data. Either with the database or with files on the server. They pass their return values to presenters that inform templates about data alterations. Same as for models, presenter directory contains PHP classes defining presenters for given content types. There are also classes presenting pages on the website that may include more content types such as blog or gallery overview. Presenters work as a middleman in Nette project structure, re- ceiving instructions from models, wrapping them in a way needed by given content type and then sending them to the front-end. They can also inform the user through passed flash messages about changes in data. Similarly to base model, the base presenter class contains functions that are common for all other presenters, such as handling an orphan letter at the end of the line. Since every template can have more views, the template folder contains more directories named after template pages to be displayed. For exam- ple, a blog post can have a template for creating, editing and displaying. Each of these template folders contain several templates written in Latte templating language combined with HTML. Templates can work with pre- senter functions and display its returned values on the front-end. They can also redirect users to given presenter:action URL. Among folders containing content type templates, there exists a file named @layout.latte that repre- sents the website layout shared with all pages. It includes elements such as website header, list of metatags, scripts, or a footer. It also defines locations for displaying website content or a given component. Last item in the app folder is component directory. This directory contains templates and core classes for given components that can be reused and displayed anywhere on the website. Main menu is the only primal LEMMA application component. It defines a list of subpages to be displayed, as well as static pages that are read from database entries. These items conclude the app folder, which defines a default application model. There is also no need for having only one model. For example, if the developer wants to create an administration model with different layout, they can simply create a new folder in app directory and add proper models, presenters and templates as well as new @layout.latte. Once this new model is defined in the router factory, it can be accessible for example by adding /admin after the base URL. Next two folders in the project tree consist of temporary files and logs. The log directory stores HTML files with exceptions thrown during appli- cation run. The application should be able to write in this directory, as it is

69 3. WEB APPLICATION DEVELOPMENT listed as one of the items in requirements checker. The temp directory stores session and cache folder, which accelerates application loading by storing core application files. It is recommended to delete the cache after updating core application files in order to display the changes on the front-end. The vendor directory provides application resources such as Nette frame- work or Latte templating system as well as optional plugins or extensions. For example Composer, a PHP dependency manager that is used for ex- tending the application with other plugins and libraries. The last folder on the list, the www directory, is the only public folder. It contains all public content such as cascade style sheets, JavaScript files, fonts or images used on the website. Both LEMMA applications use Tiny- MCE, a WYSIWYG2 editor for managing user input and uploaded files that are also located in www directory. The folder also contains Adminer direc- tory, that is executable only on localhost.

2. What You See Is What You Get. An editor in which content onscreen during editing appears in a form closely similar to its output.

70 3. WEB APPLICATION DEVELOPMENT

Figure 3.7: LEMMA Application file structure

3.4.4 General Development Process

As it was mentioned in the previous subsection, developing web applica- tions in Nette stands on MVC standards that are represented in application model classes, presenter classes and Latte templates. First part of the development process consists of creating database tables according to application class diagrams. It is clear that tables represent cur- rent content types, as well as users and their user roles. Even though tables can be created in any database management tool, it is recommended to use Adminer when creating new tables, mostly because of its easy table con- nection and InnoDB selection. InnoDB is a storage engine format designed for short transaction handling and is suitable for Nette applications. Once database is created, it is linked with the application through con- fig.local.neon file. Next step consists of creating model classes for the given database entities and defining their functions. All model classes inherit

71 3. WEB APPLICATION DEVELOPMENT properties and functions of the base model class and extend it with a link to a database table and functions needed by particular content types. All cre- ated models then must be added to config.neon file as new services in order to be recognized by the application. The classes in presenter directory define actions of templates connected to presenters and pass return values from models to templates. Same as with models, all presenters inherit properties from base presenter class and extend it with functions for particular content types. Even though most of the programming and data handling is done in model classes, presenters can contain additional functions for data encapsulation. Reusable compo- nents, such as forms that are used repeatedly in a presenter, are defined within its functions. Forms are declared easily by one function with pro- vided parameters and then simply called with a control command on a tem- plate. Nette has an extensive form support and managing and creating them is one of its strong sides since they are an important part of every CRUD application. Presenter classes also handle Ajax snippets. To alleviate page refreshing, several events in LEMMA applications are provided with adjusted links that call an Ajax handling function instead of refreshing the page. These handling functions are situated in the presenters and after being called and having performed the requested action, they refresh only the necessary Ajax snippets on the page. After creating presenters, all templates used in the application are de- fined. Some templates can have multiple actions such as show, create or edit. Therefore they are structured in folders with template names and are named after those actions. Nette templates are written in Latte but can be easily combined with HTML and also allow to write shortened HTML com- mands and tags similar to HAML syntax. Latte is easy to combine with PHP and can use PHP functions by itself through modified syntax, as well as calling presenter functions. Also, iterating through database selections is made easy with foreach statement that automatically creates divs for iterated elements. Front-end of both applications stands on custom HTML template based on Bootstrap and is fully responsive for all types of mobile and desktop devices. Both websites use custom CSS and JavaScript effects for lazy title loading, smart scrolling, parallaxes and popup effects. It is clear that the festival application front-end will be altered every year with a new festival design. In order to alleviate the changes needed to be done while altering the website design, initial festival application lay- out is simplified. Users are able to completely transform the layout of the

72 3. WEB APPLICATION DEVELOPMENT application simply by adjusting @layout.latte file and CSS styling file. This approach is very similar to adjusting a static website and does not require any knowledge of Nette or PHP. Thanks to Nette’s application structure, it is very easy to extend the ap- plication functionality simply by creating a new database table, connect it to a model class that is then added to config.local file and create a presenter with needed templates.

3.4.5 Content Management Implementation

Main focus of both applications is that their users are able to manage their content easily and with no need for source code alteration. Depending on given permissions, users can manipulate with website content directly on the front-end. The highest user permissions are required for user management. Us- ing a user manager, super admins can add and delete new users simply by entering their UCOˇ number which is a unique identification number for people affiliated with the Masaryk University. They can also grant them one of privileges that were mentioned in section 3.3.1. This user manage- ment section is fully based on Ajax snippets and does need to refresh the whole page. Super admins can manipulate user roles using arrow buttons that allow either to increase or decrease the level of permissions. For each administrative action, the checkRole function is called in order to verify per- mission level of a current logged user. Managing content of a website is best done using a WYSIWYG edi- tor that allows to format texts, insert images as well as upload files to the server for later manipulation. For such purposes, LEMMA applications are provided with TinyMCE editor with responsive file manager extension. TinyMCE is a widely used opensource online editor for formatting texts directly on the front-end. Users are able to style texts into headings, tables or item lists in a way that is similar to desktop text editors. TinyMCE en- capsulates input values with HTML tags and stores it into database. When being projected on the front-end of the application, Nette’s smart escaping is turned off and HTML is translated into formatted texts. Most of content management sections in LEMMA applications use this type of input han- dling, because it represents a very fast way to style texts with no need for source code alteration. Responsive file manager is a TinyMCE extension that allows to store data on the server via JavaScript file manager window. This way users can organize files into folders and upload images, videos or text files that can be then linked in the text using TinyMCE’s functions. This

73 3. WEB APPLICATION DEVELOPMENT feature can also be used for storing movie scripts and soundtracks from student films that are stored in the laboratory archive. All forms are secured with Nette form security rules that are stated for every input type in each of the forms, such as file type, maximum file up- load size, character limit or checking whether the input is a valid link. This is one of Nette’s strongest features and it is also easy to configure. Each form input is featured with a list of parameters defining the rules. Also, custom rule functions can be written for more specific cases. Managing Blog entries is based on TinyMCE input handling. Users can upload a thumbnail image using Nette’s file upload, choose the title, and edit content of the blog post. These posts can then be edited in the same way or deleted. Both applications dispose of a main menu navigation that contains fixed items such as homepage or galleries. However, users can also manage static pages with various content, such as a contact page or an about page. Links to these static pages are then automatically displayed in the main menu. They can be altered or deleted in the same way as blog posts in LEMMA application and are also handled using TinyMCE. In addition, the festival application has an option of adding a static page to festival submenu item as it was handled on the website in previous years of the festival. LEMMA application’s homepage consists of several sections that can be edited. Users can change the intro image via simple form by uploading a new file, manage intro info texts or change their images as well as edit sections such as projects or laboratory members. Even though the structure of LEMMA application homepage is rather fixed, it can be easily changed by altering the homepage template file. Galleries in both applications are handled by Nette’s multiple upload form. Users are able to create photo galleries with titles and edit them by adding or deleting additional images. A folder for storing images is created for each new gallery, and thumbnails are generated for all images in order to alleviate page loading. Video galleries are defined as a list of iframes3 with Youtube videos. Using a simple form, users are able to insert a new video easily by entering the video title and a Youtube link. Once all these content management features were introduced in LEMMA application, it was only a matter of hours to extend it in a mutation for film festival website. Both applications have a lot in common and stand on the

3. HTML element used for separating the page to segments with different sources.

74 3. WEB APPLICATION DEVELOPMENT same content management system core, yet the festival application intro- duces slightly extended content types. On festival’s original website, it was required to regularly update festi- val sponsors, registered films and links to articles that were written about the festival. Since these three types of content were being added repeat- edly, a content management system for all of them was introduced in the festival application. For festival sponsors, values such as the sponsor’s ti- tle, type of sponsor or sponsor’s logo are entered by user via simplified forms and then inserted into database. All festival partners and sponsors are then listed on the template. Same content management system is intro- duced for festival articles. Registered films are featured with TinyMCE to format larger amount of texts, such as a list of actors or the plot of the film.

3.4.6 User Authentication

Even though user management in both applications is handled via entering user’s UCOˇ number, one of the key requirements on both applications is that users are authenticated using Masaryk University member account. In order to provide such authentication, the server both applications run on is provided with Shibboleth service. Shibboleth is a Single Sign-On service provider, which allows users to use more network sources using a single login. It handles situations where one person uses more user accounts on independent systems, which makes it necessary to manage each account separately. For these situations, the federation model is used for user authentication. It stands on a principle of a single federation that contains more accounts from different organi- zations. When a user wants to connect to one of these accounts, they use federation authentication services and log in using their home organization login. This way, it is not necessary to remember multiple login names and passwords. Furthermore, organization information systems do not have to maintain the account information, because they will receive them during user authentication. Shibboleth is then used as an implementation of this federation model. [30] In case of both LEMMA applications, Shibboleth is set up in a way that when a user accesses the page via HTTPS, they are automatically redirected to Masaryk University’s Identity provider page that requires the user to log in using their UCOˇ number and password. If the login process is success- ful, they are redirected back to the application page with login information included in HTTP headers. These headers include information about the login, such as cookies, sessions, user login, or university affiliation.

75 3. WEB APPLICATION DEVELOPMENT

Once a user accesses the application page, it checks whether they are logged in the application. If not, HTTP headers are reviewed in order to find out whether the user was redirected after logging in through Iden- tity provider. Once the right constants are found among the headers, ap- plication login function checks the eppn header value, which consists of the name of the person and organization. For Masaryk University users, this value consists of UCOˇ identification number followed by @muni.cz constant. Another important header constant is affiliation. This header con- tains user’s relation to Masaryk University. For example, a university em- ployee’s affiliation value would include a string of “[email protected]:em- [email protected]”. Once eppn header value describes a Masaryk University user and affiliation header contains a string of “[email protected]”, which defines a university member, user’s UCOˇ number is compared with the database entry for application’s registered users. If the user’s UCOˇ matches the application database entry, they are logged in the application. Other- wise, an error warning stating that user is not in the application database is shown. User logout is handled in a two-step way. First, user is logged out of the application itself. The session is terminated and cookies are deleted. However, the user is still logged in the Identity provider and refreshing the page via HTTPS would result in an automatic login. Since Identity provider uses cookies that are stored not only in the browser but also on the Iden- tity provider server, they cannot be deleted by the application. However, Identity provider is equipped with a special logout page for such purposes. Once redirected to this page, both types of cookies are deleted and user is logged out of Identity provider. Redirecting the user to this page concludes the application logout process.

3.5 Deployment

On 12th of November 2015, testing versions of both LEMMA applications were deployed on the server administrated by Masaryk University’s Insti- tute of Computer Science (ICS). They run on Apache 2 application server including PHP 5.6.14. The server was provided with PDO extension, Bun- dled GD extension and Shibboleth service that was set to redirect users to Identity provider page when accessing applications via HTTPS. Dur- ing the development, both applications used an external MySQL database for data storage. When deployed on the ICS server, application data were transferred to PostgreSQL database running on the same server. Because

76 3. WEB APPLICATION DEVELOPMENT

PostgreSQL does not support comparing of different data types and also require all queries to be ordered by given attribute, the migration required further configuration in order for the applications to be compatible both with MySQL and PostgreSQL databases for possible future transfer pur- poses. Members of the laboratory were granted user privileges and were test- ing the application in upcoming month. They were handed a manual for applications management and maintenance, which is listed among attach- ments on this paper’s CD. Users discovered minor bugs, such as a displaced layout of flash messages for several unusual resolutions, wrong external links or a bad authentication for blog comments. These bugs were then fixed in newer versions. They also proposed future changes in the system to alleviate content management even more, such as custom content ordering or optional custom thumbnails for Youtube videos. Overall, the feedback from laboratory members has been very good. Users quickly familiarized themselves with both applications and were very satisfied with the content management implementation as well as with transparent user manuals. On 28th of December, LEMMA application was launched on http: //lemma.ics.muni.cz/ and is since then used and managed by mem- bers of the laboratory. The festival application is currently stored at http: //lemma.ics.muni.cz/pater/fffi/www and is ready to be deployed for the next year of film festival website that will be launched in the next semester within the course PV113.

77 4 Conclusion

Ten popular modern web application frameworks were tested and com- pared for purposes of this paper. All of them were verbally evaluated and their key properties were structured in decision tables to alleviate the choice of preferred framework for readers of this thesis. The most suitable framework for implementation of LEMMA labora- tory applications was chosen from the tested sample and used for appli- cation development. In practical part of this thesis, content management applications for LEMMA laboratory website and annual film festival orga- nized by Faculty of Informatics were developed using Nette framework. Both applications were designed for custom laboratory content types that are easily manageable directly through the front-end. They are connected to university accounts of their users and they use Masaryk University Identity provider for user authentication. Even though the applications were intended predominantly for LEMMA laboratory usage, after minor modifications, they can be utilized for content management of any CRUD based website, instead of bulky content man- agement systems like Wordpress or Joomla, in order to facilitate back-end management. Application functionality can also be extended in the future. Purposed updates may include features such as user activity logs, custom content type ordering or extended user profiles. Both applications are now used by members of the laboratory and stu- dents of the courses PV110 and PV113, and they are utilized on the servers of Masaryk University’s Institute of Computer Science.

78 Attachments

A. Design Diagrams for LEMMA Applications

Figure 4.1: Use case diagram for both applications

79 4. CONCLUSION

Figure 4.2: LEMMA application class diagram

80 4. CONCLUSION

Figure 4.3: Film festival application class diagram

81 4. CONCLUSION

B. Contents of Attached CD

The CD attached to this thesis contains following directories:

• Applications source files

– Film Festival Application – LEMMA Application

• Graphic design source files

• Database dump

• User manuals

Both application folders contain source codes and files used for applica- tion implementation as well as website content data from current state of both websites from 4th of January 2016. Graphic design source files direc- tory contains an editable PSD file with LEMMA application’s graphic lay- out. Database dump includes two SQL files for MySQL and PostgreSQL databases, containing the table structure and data for both applications. PDF files in user manuals folders describe application usage, content man- agement and instructions for application transfer and extension. Editable ODT files are also included in the directory.

82 Glossary

Adminer – Nette’s database tool for managing entities and table connec- tions.

AJAX – Asynchronous JavaScript and XML. A set of web development tech- niques used for development of interactive web applications. It uses asyn- chronous server data access and does not require page refreshing.

API – Application Programming Interface. It is a collection of procedures, functions, classes, or protocols programmers can use.

Bootstrap – An opensource toolkit for creating websites and web applica- tions. Includes design templates based on HTML and CSS, used for typog- raphy, forms, buttons and other interface components.

CMS – Content Management System. System for managing contents of the website without the need of source code alteration.

Composer – PHP package manager that provides a standard format for man- aging dependencies of PHP software and required libraries.

Cross-site request forgery – A type of website exploitation where unautho- rized commands are transmitted from user.

Cross-site-scripting – A type of security vulnerability that enables attackers to inject client-side scripts into web pages.

CRUD – Create Read Update Delete. Four basic functions of persistent stor- age.

Design patterns – A re-usable form of a solution to a design problem.

Flash – A multimedia and software platform used for creating animations, mobile and browser games and Internet and desktop applications.

Framework – A reusable software system design that can use supporting programs, libraries, scripting languages or other tools used for software project component development.

Front-end – Client part of the application that includes user interface and can also contain part of application logic.

83 4. CONCLUSION

GitHub – A web-based repository hosting service that offers distributed re- vision control and source code management.

GUI software – Graphic User Interface. Defines a software that focuses on graphic interface implementation of data to the user.

Java bytecode – An intermediate code that Java source codes are translated to. It is then interpreted using Java Virtual Machine.

Joomla – Extensive, broadly used content management system written in PHP.

Latte – Templating language used by Nette and based on simplified HTML.

Microframework – A minimalistic web application framework that lacks most of common framework functionality such as authentication, ORM or web templating system.

Middleware – A software, which provides services beyond the services pro- vided by the operating system.

MVC – Model View Controller. An architectural pattern that divides the application into three separate internal representations of information.

Routing – A way of defining the appearance and form URLs in web appli- cations.

Sandbox – A limited runtime environment installed on the client computer, capable of running secure applications based on a supported technology.

Scaffolding – In application development, scaffolding refers to a process of generating reusable pieces of code that are frequently reused in the appli- cation.

Session – The way of ensuring that a website or application behaves uni- formly to a single specific use.

Shibboleth – A single sign-on system for computer networks that allows users to sign in using just one identity to various systems run by federa- tions of different organizations.

Single Sign-On service – A property of access control of multiple related, but independent software systems.

84 4. CONCLUSION

Snippet – A piece of code that is forced to refresh using AJAX after perform- ing given action instead of refreshing the whole page.

Subversion – A software revision control system used for managing source code versioning.

Wordpress – Extensive, broadly used content management system based on PHP and MySQL.

85 Bibliography

[1] Multiple. Web application framework. Docforge. Last revision 20th of June 2014 [cit. 2014-10-28].

[2] Chopra, Vivek, et al. Beginning JavaServer Pages. Indianapolis (Indiana), Wiley Publishing c2005. 1262 s. ISBN 0-7645-7485-X.

[3] Niksi´nski,Krzysztof. Instant Haml. Packt Publishing. September 2013. ISBN 9781783283774.

[4] Dan Cederholm. Sass for Webdesigners. New York, NY. : A Book Apart, 2013. ISBN 1-9375-5712-X.

[5] Bootstrap: The world’s most popular mobile-first and responsive front-end framework. Bootstrap. Last revision 2014 [cit. 2014-11-12].

[6] Erich Gamma, Richard Helm, Ralph Johnson, John Vlissides (GOF). Design Patterns: Elements of Reusable ObjectOriented Software. Addison- Wesley Professional, 31. 10. 1994. ISBN 0-2016-3361-2.

[7] About Nette Foundation. Nette Foundation. Last revision 2015 [cit. 2014- 01-12].

[8] Multiple. Usage Statistics and Market Share of Server-side Programming Languages for Websites, February 2015. W3 Techs. Last revision February 2015 [cit. 2015-02-17].

[9] Danˇek, Petr. Velký test PHP framework˚u: Zend, Nette, PHP a RoR - Root.cz. Root.cz Last revision September 11th 2008 [cit. 2015-02-17].

[10] Kujawa, Lukasz. Performance benchmark of popu- lar PHP frameworks. Last revision April 23rd, 2013 [cit. 2015-02-17].

[11] Singhal, Amit, Cutts, Matt. Using site speed in web search ranking. Official Google Webmaster Central Blog. Last Revision 9th of April 2010 [cit.

86 4. CONCLUSION

2015-02-26]. html>

[12] Skvorc, Bruno. Best PHP frameworks of 2014. Sitepoint.com. Last revision 28th of December 2013 [cit. 2015-02-27].

[13] White, Oliver. Top 4 Java Web Frameworks Revealed. Zero- turnaround.com. Last revision 6th of January 2015 [cit. 2015- 02-27].

[14] Drumelis, Vytautas. 20 Best PHP Frameworks for De- velopers. Codegeekz.com. Last revision 19th of Au- gust 2014 [cit. 2015-02-27].

[15] Multiple. 10 Best Ruby Frameworks for Developers. Webdesignmoo.com. Last revision 2014 [cit. 2015-02-27].

[16] Web App Frameworks. The Ruby Toolbox. Last revision 18th of Decem- ber 2014 [cit. 2015-02-27].

[17] The Elegant Ruby Web Framework. Padrino Framework. Last revision at 2014 [cit. 2015-02-27].

[18] Kumar, Ajitesh. Top 10 Java-based Web Frameworks for 2014- 2015. VitalFlux.com. Last revision 17th of November 2014 [cit. 2015-02-27].

[19] Melnikov, Eugene. Performance Comparison of Ruby Frameworks: Sina- tra, Padrino, Goliath, and Ruby on Rails. Last revision 7th of February 2014 [cit. 2015-02-27].

[20] Van Rossum, Guido. Python. Python Foundation. Last revision 12th of April 2010 [cit. 2015-03-02].

87 4. CONCLUSION

[21] About the Django Software Foundation. Django Framework. Last revi- sion 2014 [cit. 2015-03-03].

[22] Ronacher, Armin. Opening the Flask. Last revision 2014. [cit. 2015- 03-10].

[23] Multiple. Find your new favorite web framework. Hotframeworks.com. Last revision 2015 [cit. 2015-03-10].

[24] Shah, Ahmad. Top ten PHP frameworks for 2014. WebHostingReview- Boards.com. Last revision 24th of August 2014 [cit. 2015-03-15].

[25] Grönroos, Marko. Book of Vaadin: Volume 1. Vaadin Ltd. 2014. ISBN 9789526800653.

[26] Skvorc, Bruno. The Best PHP Framework for 2015. Sitepoint.com. Last revision 30th of March 2015 [cit. 2015-04-20].

[27] McLeod, Gavin. 12 Best Python Frameworks for Rapid Development. Codegeekz.com. Last revision 11th of May 2015 [cit. 2015-06-01].

[28] Arora, Sunil. PHP Frameworks: The Best 10 for Modern Web Development. Noteticforce.com. Last revision 8th of Septem- ber 2015 [cit. 2015-10-13].

[29] NetBeans Official website. Last revision 2015. [cit. 2015-12-29].

[30] Kouˇril, Daniel, Kuba, Martin, Osovský, Martin, Peša, Radim, Procházka, Milan. Federace identit aneb spolˇcenítotožností. Zpravodaj ÚVT MU, 2007, roˇc.XVIII, ˇc.2, s. 1–7. [cit. 2016-01-02].

88