
We are pleased to announce the release of mORMot 2.1.
The download link is available on github.
The mORMot family is growing up.
2023-08-24
2023-08-24. Open Source › mORMot Framework
We are pleased to announce the release of mORMot 2.1.
The download link is available on github.
The mORMot family is growing up.
2021-11-16
2021-11-16. Open Source › mORMot Framework
EKON 25 at Düsseldorf was a great conference (konference?).
At last, a physical gathering of Delphi developers, mostly from Germany, but also from Europe - and even some from USA! No more virtual meetings, which may trigger the well known 'Abstract Error' on modern pascal coders.
There were some happy FPC users too - as I am now.
I have published the slides of my conferences, mostly about mORMot 2.
By the way, I wish we would be able to release officially mORMot 2 in December, before Christmas. I think it starts to be stabilized and already known to be used on production. We expect no more breaking change in the next weeks.
2016-12-19
2016-12-19. Open Source › mORMot Framework
JSON Web Token (JWT
) is an open standard (RFC 7519) that defines a compact
and self-contained way for securely transmitting information between parties as
a JSON object. This information can be verified and trusted because it is
digitally signed. JWTs can be signed using a secret (with the HMAC algorithm)
or a public/private key pair using RSA or ECDSA.
They can be used for:
JWT
to any HTTP request allows
Single Sign On user validation across different domains;See http://jwt.io for an introduction to JSON Web Tokens.
Our mORMot framework now implements JWT
:
HS256
(HMAC-SHA256) and ES256
(256-bit ECDSA)
algorithms (with the addition of the "none"
weak algo);HS256
verification under x64), with optional in-memory cache if needed (e.g. for
slower ES256
);dll
, works
with Delphi or FPC);2015-04-06
2015-04-06. Open Source › mORMot Framework
When publishing SOA services, most of them are defined as
stateless, in a typical query/answer pattern - see
Service-Oriented Architecture (SOA).
This fits exactly with the RESTful approach of Client-Server
services via interfaces, as proposed by the framework.
But it may happen that a client application (or service) needs to know the state of a given service. In a pure stateless implementation, it will have to query the server for any state change, i.e. for any pending notification - this is called polling.
Polling may take place for instance:
It may therefore sounds preferred, and in some case necessary, to have the ability to let the server notify one or several clients without any prior query, nor having the requirement of a client-side timer:
Our mORMot framework is therefore able to easily implement
asynchronous callbacks over WebSockets,
defining the callbacks as interface
parameters in service method
definitions - see
Available types for methods parameters.
2014-01-07
2014-01-07. Open Source › mORMot Framework
We have just committed some enhancements to interface-based service process.
TSQLRestRoutingREST
will now recognize several URI schemes,
like new root/Calculator/Add?n1=1&n2=2
alternative could
be pretty convenient to be consumed from some REST clients.
Please find here a documentation update.
2013-06-07
2013-06-07. Open Source › mORMot Framework
Our mORMot framework tries to implement security via:
- Process safety;
- Authentication;
- Authorization.
Process safety is implemented at every n-Tier level:
- Atomicity of the SQLite3 database core;
- RESTful architecture to avoid most synchronization issues;
- ORM associated to the Object pascal strong type syntax;
- Extended test coverage of the framework core.
Authentication allows user identification:
- Build-in optional authentication mechanism, implementing both per-user
sessions and individual REST Query Authentication;
- Authentication groups are used for proper authorization;
- Several authentication schemes, from very secure SHA-256 based challenging to
weak but simple authentication;
- Class-based architecture, allowing custom extension.
Authorization of a given process is based on the group policy,
after proper authentication:
- Per-table access right functionalities built-in at lowest level of
the framework;
- Per-method execution policy for interface-based services;
- General high-level security attributes, for SQL or Service remote
execution.
We will now give general information about both authentication and authorization in the framework.
In particular, authentication is now implemented via a set of classes.
2013-04-24
2013-04-24. Open Source › mORMot Framework
Another great video by warleyalex. This time, a full FishFacts demo in AJAX, using mORMot and its SQLite3 ORM as server. See it on YouTube! Feedback is welcome on our forum. Update: I've just uploaded the corresponding source code to our repository. See sample 19 - AJAX ExtJS FishFacts. You need to […]
2013-04-02
2013-04-02. Open Source › mORMot Framework
Two nice videos, posted by a framework user. The first one presents a remote RESTful access of a SQLite3 database, hosted by a mORMot server: After one post in the forum, warleyalex was able to easily add remote filtering of the request: In addition to the previous video about security (by which the […]
2013-01-27
2013-01-27. Open Source › mORMot Framework
A new mORMot user notified on our forum that he just made a short video, about authentication and security with our framework, from the perspective of an AJAX Client. Many thanks for sharing your experiences! This video illustrate how RESTful authentication is implemented by mORMot. It compares also […]
2012-11-20
2012-11-20. Open Source › mORMot Framework
By default, the hash of the user password is stored safely on the server side. This may be an issue for corporate applications, since a new user name / password pair is to be defined by each client, which may be annoying.
Since revision 1.18 of the framework, mORMot is able to use Windows Authentication to identify any user. That is, the user does not need to enter any name nor password, but her/his Windows credentials, as entered at Windows session startup, will be used.
Thanks a lot Chaa for making public your
code proposal!
Open Source is so great sometimes!
Keep the good work!
2012-09-06
2012-09-06. Open Source › mORMot Framework
On the mORMot roadmap, we added a new
upcoming feature, to implement one-way callbacks from the
server.
That is, add transparent "push" mode to our
Service Oriented Architecture framework.
Aim is to implement notification events triggered from the server side, very easily from Delphi code, even over a single HTTP connection - for instance, WCF does not allow this: it will need a dual binding, so will need to open a firewall port and such.
It will be the ground of an Event
Collaboration stack included within mORMot, in a KISS way.
Event Collaboration is really a very interesting pattern,
and even if not all your application domain should be written using it, some
part may definitively benefit from it.
The publish /
subscribe pattern provides greater network scalability and a more
dynamic SOA implementation: for instance, you can add listeners to your main
system events (even third-party developed), without touching your main
server.
Or it could be the root of the Event Sourcing part of
your business domain: since callbacks can also be executed on the server side
(without communication), they can be used to easily add nice features like:
complete rebuild, data consolidation (and CQRS), temporal query, event
replay, logging, audit, backup, replication.
2012-07-12
2012-07-12. Open Source › mORMot Framework
If you discovered the mORMot framework, you may have found out that its implementation may sound restricted, in comparison to other ORMs, due to its design. It would be easy to answer that "it is not a bug, it is a feature", but I suspect it is worth a dedicated article.
Some common (and founded) criticisms are the following (quoting from our
forum - see e.g. this
question):
- "One of the things I don't like so much about your approach to the ORM is the
mis-use of existing Delphi constructs like "index n
" attribute for
the maximum length of a string-property. Other ORMs solve this i.e. with
official Class
-attributes";
- "You have to inherit from TSQLRecord
, and can't persist any
plain class";
- "There is no way to easily map an existing complex database".
I understand very well those concerns.
Our mORMot framework is not meant to fit any purpose, but it is worth
understanding why it has been implemented as such, and why it may be quite
unique within the family of ORMs - which almost all are following the
Hibernate way of doing.
2012-04-25
2012-04-25. Open Source › mORMot Framework
In a discussion with Henrick Hellström, in Embarcadero forums, I wrote some high-level information about mORMot.
It was clear to me that our little mORMot is now far away from a simple Client-Server solution.
The Henrick point was that with Real Thin Client (RTC), you are able to write any Client-Server solution, even a RESTful / JSON based one.
He is of course right, but it made clear to me all the work done in
mORMot since its beginning.
From a Client-Server ORM, it is now a complete SOA framework, ready to serve
Domain-Driven-Design solutions.
2012-04-20
2012-04-20. Open Source › mORMot Framework
Our latest mORMot feature is interface-based service implementation.
How does it compare with the reference of SOA implementation (at least in the Windows world) - aka WCF?
"Comparaison n'est pas raison", as we use to say in France.
But we will also speak about Event Sourcing, and why it is now on our
official road
map.
Comparing our implementation with WCF is the opportunity to make our framework
always better.
2012-04-19
2012-04-19. Pascal Programming
Did you hear from the great Smart project?
It is an IDE and some source runtime able to develop and compile an
Object-Pascal project into a HTML 5 / CSS 3 / JavaScript embedded
application.
It does target AJAX Mobile application creation (i.e. Android and
iPhone/iPad apps running Web-Kit).
You'll get an unique .html
file containing the whole client-side
application: it won't need any server side implementation. Using a third-party
tool like PhoneGap, you'd be able to supply your customers with true
native applications, running without any network, and accessing the full power
of any modern Smart Phone.
Smart is a great candidate for implementing rich client-side AJAX applications, to work with our client-server mORMot framework.
In order to interface Smart code with mORMot, we started implementing some low-level code to work with our RESTful authentication scheme.
So we'll need to implement some Smart dedicated Open Source code implementing crc32 and SHA-256 hashing.
2012-03-28
2012-03-28. Open Source › mORMot Framework
As stated by this previous article, the default answer format is a valid JSON object.
In some cases, it may be useful to have a service operation (i.e. an interface method) returning any content, e.g. some plain TEXT, HTML or binary data (like a picture).
2012-03-07
2012-03-07. Open Source › mORMot Framework
SQLite3/Samples/14
- Interface based services
" folder of the supplied source code
distribution, a dedicated sample about this feature.
Purpose of this code is to show how to create a client-server service, using interfaces, over named pipe communication.
2012-03-07. Open Source › mORMot Framework
You will find out in SQLite3Commons.pas
all classes
implementing this interface communication.
There are two levels of implementation:
- A services catalog, available in TSQLRest.Services
property, declared as TServiceContainer
(with two
inherited
versions, for each side);
- A service factory for each interface, declared as
TServiceFactory
(also with two inherited
versions,
for each side).
In fact, TServiceFactory.Create constructor
will retrieve all
needed RTTI information of the given interface, i.e. GUID, name and all methods
(with their arguments). It will compute the low-level stack memory layout
needed at execution. And the corresponding "contract" will be computed, to
validate that both client and server expect the exact same
interface
.
On the server side, TServiceFactoryServer.ExecuteMethod
method
(and then a nested TServiceMethod.InternalExecute
call) is used to
prepare a valid call to the implementation class code from a remote JSON
request.
On the client side, a TInterfacedObjectFake
class will be
created, and will emulate a regular Delphi interface call using some on-the-fly
asm code generated in the TServiceFactoryClient.Create
constructor.
2012-03-07. Open Source › mORMot Framework
Once the service is registered on the server side, it is very easy to use it in your code.
In a complex Service Oriented Architecture, it is pretty common to have services calling each other. Code re-usability is a key here. So you'll have to consume services on the server side. According to the SOLID design principles, you'd better rely on abstraction in your code, i.e. not call the service implementation, but the service abstract interface.
You can use the following method of your TSQLRest.Services
instance (note that this method is available on both client and server sides,
so is the right access point to all services):
function TServiceFactory.Get(out Obj): Boolean;
2012-03-07. Open Source › mORMot Framework
In order to have an operating service, you'll need to implement a Delphi
class which matches the expected interface
.
« previous entries - page 1 of 2