Joel Hainley

In part 1 of this article I argued that exceptions sent “over the wire” to flex/silverlight clients from a webservice weren’t necessarily the right way to put things together. I argued that that exposing your clients to raw exceptions happening in your server was not elegant in the same way that throwing raw exceptions to a user in a windows desktop app was not elegant. In talking about the last article with some people I realized that I needed to make a point. There are times when an exception is appropriate, and I’m not advocating avoiding exceptions altogether. My point was that I felt people were relying on exceptions too heavily when a more appropriate method might be possible.

Let’s take a look at input validation to see what we mean about relying too heavily on exceptions. Validation is a bear, you want to try and have your validation rules in one spot only. This way you can avoid the chore of duplicating validation logic on the client and the server. This seems to be one of the main reasons people are looking at bubbling exceptions over the wire because if they can simply put the validation logic in the server side, then they can throw an exception back to the client and deal with it there. It solves the the problem of duplication of validation logic and allows developers to deal with validation errors in the same way that they do within desktop application environments.

The question now becomes can we avoid exceptions and still provide for a rich validation environment? I believe that we can and I’m going to spend the rest of this article describing an approach. It may not be the best approach, it may not be the only approach, but it was worked well for me on the last few projects and enough people I’ve talked to about the approach seem to feel that it’s powerful enough to consider for their future efforts along these lines.

In order to provide a framework upon which to hang our theory let’s consider a simplified method of a web service named “CreateAccount” that takes as it’s only parameter an Account object.

When we want to create a new account we will fill out the information about the account as described and then pass it to the CreateAccount method of the webservice. However, instead of just having a void for the return value and throw exceptions if there are errors you simply use a response object such that the method signature would look something like the following :

CreateAccountResponse  CreateAccount( Account acct)

This is certainly not a new concept. Response objects litter many namespaces, but in this particular situation they allow us to avoid having a lot of exceptions flying out of our webservice and doing all sorts of ridiculous plumbing hacks to get it all to operate nicely.  Now let’s take a quick look at the CreateAccountResponse class and see what it looks like, then we can talk about how a response object allows us to avoid duplicate validation and exceptions. Below is the UML for the CreateAcountResponse object

We see that this class mmics the Account class pretty closely with the addition of a couple of routines that would be needed to actually communicate results. The Success flag would indicate whether the account creation was successful and the error message would only be filled out if there was a particular error that you wanted to communicate to the user such as “You do not have the rights to create accounts” or something along those lines. The other fields would be filled out if there were problems with the validation of the individual fields of the account object. This would allow us to have all of the validation/error messages specified on the server side in a single location and still be able to get the information out to your users. Such that if you require the state field to be only 2 characters long and someone puts in 4 you could set the success flag to false and then add error text to the State field of the response object that could then be displayed to the end user.

WIth this approach if there was an exception generated in the webservice, we could trap it server side and provide the appropriate message to the CreateAccountResponse object and not have to require the client to exception handling just to know what is happening.

Now one of the complaints  that I have heard about this approach is “but now you have to create all of these response objects”. Well yeah, but one way or another you’re going to have to write some code to deal with errors and wouldn’t it be nice if you could deal with the errors and the error messages in a single place? Also you could simply create a generic results object that would suffice for most of the calls that you want to make. Then again consider that in some of the more mature environments such as .NET WebServices  you can easily create webservices that provide this sort of functionality and the WSDL’s and whatnot are all created for you.So it’s not nearly as much work to do this as it could be.

What about the overhead of all of these custom classes? Is it really any more overhead than the throwing of exceptions? Exception throwing, and handling are expensive operations. I find it a little be cleaner to my thinking because now you have a clear and concise definition of what you need to program against when you are dealing with your WebService’s API.

I’m not saying this is necessarily the best approach for all occassions, and I’m not really down on exceptions in general, or even for web services. However I think that there are many times when the extra effort you have to go through just to get robust exception handling done will lead you into a lot of needless efforts. Especially if you are just trying to provide validation/failure information back to the client applications.Keep in mind that what I’ve presented here isn’t a blueprint, it’s more like a pattern of how you might consider structuring your webservices in certain situations.

Your mileage may vary.

I’ve been doing a lot of work with webservices talking to Flex clients recently. When I first started doing this work I spent some time trying to figure out how to get exceptions thrown to be picked up by the client and dealt with there. I read through the literature on doing such things, and even spent some time evaluating some third party libraries for making all of this happen.

Recently I was at a .NET users group meeting and heard some people talking about throwing exceptions to Silverlight clients in much the same way that I had been looking at doing for my Flex clients. The problems that they encountered and the solutions that they came up with were essentially the same. “IIS does dumb stuff with the response codes when there’s an exception in a webservice”. (There’s a pretty simple work around for this one ) “You can trap the exception and then make the exception object a property of the service response object”, “There’s a third party product X, that wil…blah blah blah”. It was nice to see that noone had come up with an elegant solution to this “problem” of throwing exceptions over the wire.

I started to wonder if it really was a “problem”. I took a step back and did some critical thinking about such an approach. I had a lot of questions about what I, and the rest of the people out there are trying to accomplish by throwing exceptions “over the wire”.

• What benefits do you get from handling server exceptions in the UI?
• Is it really correct to handle exceptions in the UI for problems that occurred in the web service?
• What are the valid uses for exceptions?
• What is the definition of an exception?
• What are people trying to do with these exceptions?/ What problems are they trying to solve by the use of exceptions?

In an effort to clear up my thinking on such things I’m going to go through some of the above questions below.

What is the definition of an exception?

The tongue in cheek response to this question is “it’s when something exceptional happens”. The longer explanation is that when your code encounters something that that is outside the scope of what it was intended to handle. I think there’s a clue in there that addresses the problem I’m trying to deal with, but we’ll have to get back to it after we talk about a few more of the questions.

What are the valid uses for exceptions?

Answering this question is difficult without having a problem domain to work with. The answer can vary depending upon the environment that your code is expected to run in, how reliable various parts of the environment are, how critical certain operations within your application are, etc..etc.. What I would like to say about this is that like we said above your exceptions should handle exceptional situations.

I also think that there is often too little thought put into the implementation of exceptions within an application. There’s a pretty good argument floating around that your exception model should be diagrammed and managed in the same way that your business objects are. I might talk about this at a later date, but for now give it some thought.

Is it really correct to handle exceptions in the UI for problems that occurred in the web service?

In a windows application that is self contained, handling exceptions in the form code  seems to be something that a lot of people are comfortable with (  judging by the codebases I’ve had to maintain ). In fact most books that I run across that show beginning development have the exception handling directly in the form itself. This is arguably correct, if not desirable, for quick and dirty applications, because you’re really just trying to get something done. Besides you don’t want to throw the actual exception out to the user to look at so you catch the exception and give the user a nice “Something really bad happened, try again” message and exit the application.

Now in a situation where you have a client application talking to a server application. You have a different scenario. The server is providing services to the client, if something bad happens in the server it should handle the problem in some way, (i.e. capturing the exception ) and then notify the client that there has been an error.

In the same way that you would never want to throw raw exceptions from your self contained application out to your users. You really don’t want to throw raw exceptions to the clients that use your server API. If there was a problem with your server code handle it gracefully in your server code and provide your clients with a decent error message.

There should be a separation between your server code and your client code, when you start to throw exceptions from your server out to your clients  you begin to tie them together in ways that are not extensible. Consider if you start using a new library in your server code that throws a different type of exception that you felt should be bubbled out to your client. This means that all of your clients will need to be updated to handle the new exception instead of handling a “call failed” response sort of message. Encapsulation is a metaphor for good design at all magnification levels of developement not just at the object/class level.

There is more I could say here but I’m going to move on for now. I might come back and talk some more about this in another posting.

What are people trying to do with these exceptions?/ What problems are they trying to solve by the use of exceptions?

From what I’ve observed most people are trying to ease their burden on the server side by throwing exceptions out to the clients when there are problems. The most common example of this is input validation, or even a little deeper would be business object validation (i.e. Does this user have the right to add another user to this account ) Call me crazy but I don’t see how you can call a user entering incorrect values to be an exceptional situation. At least with my users it never is. If there is a wrong value that can be typed, they are going to type it. I don’t start throwing exceptions and stepping out of the program flow to deal with these errors because they are not exceptional circumstances.  I have a really hard time believing that validation of input is a good place to start throwing exceptions. Yes, the system should reject bad input, or illegal operations but do you really need to start throwing exceptions over the wire to deal with this? Is it necessary to tightly couple your UI code base to your server codebase just to get the proejct done and avoid duplication of validation efforts?

I really don’t think so.

In the next part of this article I am going to provide some diagrams, patterns and maybe even a little sample code to show how you might avoid “exceptions over the wire”

I was building out some .NET based web services for a Flex project I’ve been working on and bumped up against something that gave me a bit of trouble. When you create a .NET Web Service there is a namespace attribute associated with the service. Here’s an example (in c#) :

namespace HelloWebService
{
[WebService(Namespace = "http://www.examplenamespace.com/")]
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
[ToolboxItem(false)]

public class Service1 : System.Web.Services.WebService
{

// implementation …

}

This value is required by .NET for a web service, or at the very least .NET gets VERY upset if this value is not set.

You will then need to let Flex know about this namespace in order to access the results. To do this you simply add the following lines to Flex:

private namespace lh = “http://www.examplenamespace.com/”;
use namespace lh;

Not much to it, but it can be a bit of a pain when you’re not aware of this. Flex doesn’t complain, it just gives you empty values when you try to access the values.