Thursday, February 19, 2015

Avoiding exception wrapping and exposing Exception.Data via log4net.

In .NET exception handling is often a layered approach involving several classes and methods catching a specific exception and then throwing a new exception with some additional details and the original exception wrapped as the inner exception. The additional details are often useful, but after passing through several layers of try-catch-throw-new-exception the root exception can become obscured somewhere down the stack trace and inner exceptions.

A common methods exception might be something like:

public string Foo(string someInput)
    catch(Exception ex)
         throw new FooIsBrokenException("Foo is bad for: " + someInput, ex);
        // Common cleanup code to release any resources etc...

If the exception is going to be exposed outside the current project then the wrapping exception will likely be useful. However, if it is only going to be for internal use as a way of adding additional context to the base exception you can save some effort by using Exception.Data.

public string Foo(string someInput)
    catch(Exception ex)
        // Consider what to do if the key is already present.
        ex.Data.Add("someInput", someInput);
        // Common cleanup code to release any resources etc...


Now you've got the details in the Data dictionary they need to be exposed. I'm working on an older project that started in 2007 and uses log4net. There is a suggestion on Logging Exception.Data using Log4Net to use a custom PatternLayoutConverter on each layout appender to convert the data dictionary.

I've gone with a slightly different approach by registering an IObjectRenderer with log4net you can append the additional Exception.Data values. The advantage here is that it will work with all the appenders to render exceptions.

public class ExceptionObjectLogger : IObjectRenderer
    public void RenderObject(RendererMap rendererMap, object obj, TextWriter writer)
        var ex = obj as Exception;

        if (ex == null)
            // Shouldn't happen if only configured for the System.Exception type.
            rendererMap.DefaultRenderer.RenderObject(rendererMap, obj, writer);
            while (ex != null)
                rendererMap.DefaultRenderer.RenderObject(rendererMap, obj, writer);
                RenderExceptionData(rendererMap, ex, writer);
                ex = ex.InnerException;

    private void RenderExceptionData(RendererMap rendererMap, Exception ex, TextWriter writer)
        foreach (DictionaryEntry entry in ex.Data)
            if (entry.Key is string)
                IObjectRenderer keyRenderer = rendererMap.Get(entry.Key.GetType());
                keyRenderer.RenderObject(rendererMap, entry.Key, writer);

            writer.Write(": ");

            if (entry.Value is string)
                IObjectRenderer valueRenderer = rendererMap.Get(entry.Value.GetType());
                valueRenderer.RenderObject(rendererMap, entry.Value, writer);

Logging configuration additions. Note that it only applies to classes inheriting from Exception.


See also:

Tuesday, February 17, 2015

Troubleshooting Salesforces Trialheads execution of Developer Edition org code

I thought I'd knock out a quick Trialhead challenge to see what was involved.

When checking the challenge Manipulating Records with DML I was surprised that my apex class failed with the message:

Challenge not yet complete... here's what's wrong:
Executing the 'insertNewAccount' method failed. Either the method does not exist, is not static, or does not insert the proper account.

I was reasonably confident my Apex class was correct.

I'm not going to post my class here, as that seems to go against the concept of Trialhead if you could just Google for an answer. Rather, I found something interesting when trying to figure out what was wrong.

Trialhead is using executeAnonymous via the tooling API to examine the apex class in my developer edition org.

It appears to take a black box approach to confirming that the Apex class is behaving as expected. If the method can be invoked and satisfy the given assertions it passes the challenge.

If you just open up the log in the developer console you can see the assertions being made, and in my case that the test was failing due to a STORAGE_LIMIT_EXCEEDED DmlException. So I can delete some records, free up some space and get the challenge to pass.

Better yet, if you open the RAW Log you can extract the anonymous Apex that is being used to test the code. Note that the default developer console log viewer won't show the executed code or logging levels like the FuseIT SFDC Explorer does.

Execute Anonymous: Account a = AccountHandler.insertNewAccount('My Test Account'); System.assertNotEquals(a,null); if(a != null) {delete a;}

Once you know this, you can more accurately figure out why your Apex class might be failing. For example, imagine you had implemented a check in your Org to ensure the Account Name is unique. If there was already an Account with the Name 'My Test Account' (maybe from a previous run that partially failed) that this would show up in the debug log. The debug log could provide some good clues for failures. The FuseIT SFDC Explorer will show the debug log directly with the anonymous apex.

In theory there is nothing stopping you implementing the minimal code to pass the assertions being made by the anonymous Apex. For example, with the above anonymous Apex, as long as insertNewAccount returns a non-null Account that can be deleted here the test will pass. Currently no check is made that the returned account has the correct name or was indeed inserted as part of the test. Have I gained anything here? Probably not, the goal with Trialhead is to learn about an aspect of Salesforce rather than game the system to earn a badge on your profile. Chances are that if you can figure out a way to work around the assertions you are also more than capable of completing the actual challenge.

I should note that a challenge may make multiple anonymous apex calls. Salesforce may also change the assertions made for each challenge at any time.

Historically interesting footnote

The following was true when I was originally going to post this last week. After contacting Salesforce about the issue they have subsequently resolved it. At the time the anonymous apex appeared as:

Execute Anonymous: Account a = AccountHandler.insertNewAccount('My Test Account'); System.assertNotEquals(a,null); System.assertEquals('test','success');

An interesting line of apex code here is the System.assertEquals('test','success'); assertion. This is similar to the technique mentioned in Adding Eval() support to Apex where an resulting exception is used to return the result from anonymous apex. If I just start my Apex class with that assertion then in theory the test would pass...

If fact, it does! Replacing the method body with just that assertion and returning null causes the challenge to pass. My guess would be Trailhead code is looking for the "System.AssertException: Assertion Failed: Expected: test, Actual: success" in the response.

UPDATE: As mentioned above, Salesforce have subsequently removed this assertion. I learned through Salesforce that the final assertion was intended to rollback any side effects of the challenge check. This makes sense. It seems like it would be an ideal scenario for my idea to Run anonymous apex as if it were a test case.

Thursday, November 27, 2014

Adding Eval() support to Apex

In the Codefriar blog post EVAL() in Apex Kevin presents a technique to to allow programmatic evaluation of an Apex string and the extraction or the result via an Exceptions message. Here I present an alternative approach using anonymous Apex and the debug log in place of the intentional exception.

Reasons you may or may not want to eval() Apex


  • Where a rollback may be required the separate context via the callout doesn't require the invoking Apex to rollback. You can still progress and make further callouts and subsequent DML operations.
  • JSON can be used in the response message to return structured data.
  • An odd way of increasing limits. E.g. Each anonymous apex context gets a new set of limits.


  • The potential for security issues depending on how the anonymous Apex is composed.
  • The requirement for users to have sufficient permissions to call executeAnonymous. Typically this means having “Author Apex” or running with the restricted access as per Executing Anonymous Apex through the API and the “Author Apex” Permission.
  • The need to parse the DEBUG log message out of the response to get the result. Other code may also write DEBUG ERROR messages, which will interfere with parsing the response. This could be addressed by improving the parsing of the Apex log. I.e. Extract all the USER_DEBUG entries to a list and then read the last one. Another alternative is to use delimiters in the debug message to make it easier to parse out.
  • Each eval() call is a callout back to the Salesforce web services. This creates limits on the number of evals that can be made. (Don't forget to add the Remote Site Setting to allow the callout)

API Background

Both the Tooling API and the older Apex API provide an executeAnonymous web method. The main difference is that the older Apex API will return the resulting Apex debug log in a SOAP header. With the tooling API the Apex debug log is generated but needs to be queried separately from the ApexLog. The older Apex API becomes more attractive here as one API call can execute the dynamic Apex code and return the log that can contains the output of the call.

By setting the DebuggingHeader correctly the size of the Apex debug log can be kept to a minimum. For example, getting on the ERROR level Apex_code messages makes extracting the required USER_DEBUG output easier and reduces the amount of superfluous data returned.

It should be noted that using executeAnonymous won't execute in the same context the way a Javascript eval() does. Any inputs need to be explicitly included in the Apex string to execute. Also, any return values need to be returned via the log and then parsed out to bring them into the context of the calling Apex.

Note that the current native Salesforce version of WSDL2Apex won't read the responses DebuggingInfo soap header. Instead these need to be read via an HttpRequest and parsing the resulting XML response.

Sample Raw SOAP Request/Response

This is sent to the Apex API at


<soapenv:Envelope xmlns:soapenv="" xmlns:apex="">
         <apex:String>Integer i = 314159; System.debug(LoggingLevel.Error, i);</apex:String>


<soapenv:Envelope xmlns:soapenv="" xmlns="" xmlns:xsi="">
         <debugLog>31.0 APEX_CODE,ERROR
Execute Anonymous: Integer i = 314159; System.debug(LoggingLevel.Error, i);
13:24:24.027 (27564504)|EXECUTION_STARTED
13:24:24.027 (27573409)|CODE_UNIT_STARTED|[EXTERNAL]|execute_anonymous_apex
13:24:24.028 (28065096)|USER_DEBUG|[1]|ERROR|314159
13:24:24.028 (28098385)|CODE_UNIT_FINISHED|execute_anonymous_apex
13:24:24.029 (29024086)|EXECUTION_FINISHED</debugLog>
            <compileProblem xsi:nil="true"/>
            <exceptionMessage xsi:nil="true"/>
            <exceptionStackTrace xsi:nil="true"/>

You can see the required output in the response next to |USER_DEBUG|[1]|ERROR|.

Given this the basic process becomes:

  • Build up the anonymous Apex string including any required inputs. Use a System.debug(LoggingLevel.Error, 'output here'); to send back the output data.
  • Call the Apex API executeAnonymous web method and capture the DebuggingInfo soap header in the response
  • Parse the USER_DEBUG Error message out of the Apex Log.
  • Convert the resulting string to the target data type if required.


Here are several examples showing parsing various data types from the Apex log.

 string output = soapSforceCom200608Apex.evalString('string first = \'foo\'; string second = \'bar\'; string result = first + second; System.debug(LoggingLevel.Error, result);');
 System.assertEquals('foobar', output);
 integer output = soapSforceCom200608Apex.evalInteger('integer first = 1; integer second = 5; integer result = first + second; System.debug(LoggingLevel.Error, result);');
 System.assertEquals(6, output);
 boolean output = soapSforceCom200608Apex.evalBoolean('boolean first = true; boolean second = false; boolean result = first || second; System.debug(LoggingLevel.Error, result);');
 System.assertEquals(true, output);

 string outputJson = soapSforceCom200608Apex.evalString('List<object> result = new List<object>(); result.add(\'foo\'); result.add(12345); System.debug(LoggingLevel.Error, JSON.serialize(result));');
 List<Object> result = 
 System.assertEquals(2, result.size());
 System.assertEquals('foo', result[0]);
 System.assertEquals(12345, result[1]);

Modified Apex API wrapper class

This wrapper around the Apex API SOAP web service uses HTTP Requests so that the DebuggingHeader can be extracted from the response. I've added several methods to execute the eval requests and parse out the expected response type.

Friday, November 7, 2014

Deep linking to the Salesforce Developer console

One of the nice things about Salesforce initially was, given a record ID, the ability to easily build a URL to view or edit that record. E.g. you could easily view an Apex Class with:

Or edit the same class by appending a /e. E.g.

This is still possible, but more and more of the built in Apex editor functionality is moving into the Developer Console. Previously there was no way to deep link directly to a record in the developer console. Instead you needed to open the record using the provided menus.

With the Winter 15 release I noticed there were deep links to the Lightning Component Bundles under Setup > Build > Develop > Lightning Components

This opens the developer console with the URL:

This seems to work equally well with an Apex Class ID and a hand crafted URL. E.g.

Of course, this link structure isn't officially supported. Salesforce may change it at any point in the future (as confirmed in the Dreamforce 2014 Meet the Developers session). Still, there would be times where a link directly into the Apex class or trigger in the developer console would be convenient.

IdeaExchange: Provide a deep link API to the Developer Console

Tuesday, November 4, 2014

Salesforce integration failures due to disabled SSL 3.0 (POODLE)

In response to the published security vulnerability on SSL 3.0 encryption (POODLE) Salesforce has put out the Knowledge Article Salesforce disabling SSL 3.0 encryption.

One important section with regards to web services that are called by Salesforce: (my emphasis)

Additionally, Salesforce recommends customers disable SSL 3.0 encryption in their own IT environment as soon as possible, unless they use call-out integrations. If a customer uses call-out integrations, and they have not already disabled SSL 3.0 in their own environment, then Salesforce recommends that they wait until after Salesforce has disabled SSL 3.0 for outbound requests.

The current timeline for outbound requests dropping support for SSL 3.0 is the 3rd of December 2014 for sandboxes and the 10th of December 2014 for production orgs.

If you work with a web service that disables SSL 3.0 before then you can start seeing exceptions like:

Message:  IO Exception: Remote host closed connection during handshake

I've also seen it reported manifesting in Batch Apex as:

Received fatal alert: handshake_failure

This can occur even if the web service supports TLS1.0 or higher.

Quotes attributed to support:

"We will use TLS with callouts but if it fails. We drop down to SSL and hard code to send it via SSLv3 for 24 hours or an app restart. Which ever comes first. This should address any changes that occur with the way other companies integrate with Salesforce until we completely disable SSL 3.0 on December 10th." Source
"I am from Salesforce Developer Support Team. I have taken ownership of your case regarding POODLE vulnerability. At present some outbound calls are initiated using SSLv3 ClientHello, so if this is disabled on your server, there'll be a handshake failure. Until then, it is advised that you support this for incoming calls (received from Salesforce). At present R&D and our Tech Ops organization are aggressively working on a strategy around this. Once this is finalized, there will be a tech comm broadcast as expected."
"The R&D team shall be releasing this on 11/4/2014. After that you may turn off SSLv3 without running into the handshake failures"

This presents a bit of an immediate problem. Salesforce is trying to fallback to SSL 3.0 on services that only support versions of TLS. At this stage, if you don't have control of the web service or the ability to get it to accept SSL 3.0 again until mid December the only option might be to wrap it in a proxy service that does support SSL 3.0 encryption.

Another fun part of the change is that Inbound SSL 3.0 support will start phasing out from the 7th of November. Between then and the 10th of December there will be cases where Salesforce servers won't be able to call Salesforce hosted web services. At least some of the time anyway when they aren't successfully using TLS.

Update 6/11/2014: Indications are that Salesforce have been silently updating servers to prevent the fallback to SSLv3 if the target server doesn't support it. It's hard to confirm what is going on as there isn't an official known issue that can be linked to.

Update 7/11/2014: Salesforce support responded to some of the outstanding issues:

All I see you guys have various questions and I think I can answer quite a few of them, I manage part of the technical support security team at salesforce. Email me at (you can look at my linkedin profile if you question who i am).

Questions that have been raised around Salesforce’s support of SSL 3.0 and TLS 1.0. While we are in the process of disabling SSL 3.0, Salesforce currently supports TLS 1.0 and TLS 1.2 for inbound requests and TLS 1.0 for outbound call-outs.
Our Technology Team has been actively working to address an issue that causes outbound call-outs to use SSL 3.0 more frequently than they should, given we have TLS 1.0 enabled. We understand that this may have caused issues for customers who have already disabled SSL 3.0 in their call-out endpoints. We released a fix to Sandboxes last Friday, October 31, and plan to release the fix to production instances during off-peak hours on Wednesday, November 5, 2014.
Many customers and partners who have tested this fix in their Sandboxes have reported successful connections using TLS 1.0. A few customers continued to experience TLS 1.0 issues on their Sandboxes, and our Technology team is working with them to find a solution.

There was an issue specifically to Na14 that was generating more outbound messages that were using SSLv3 but that has since been fixed. That is probably why a few of you guys saw an issue with.

See Also:

Monday, November 3, 2014

Dreamforce 2014 Presentation - Improved Apex support for SOAP based web services

At Dreamforce this year I gave a breakout presentation on the WSDL2Apex component of the FuseIT SFDC Explorer. The core idea is to increase support for calling SOAP based web services by generating the required Apex classes from the WSDL.

Breakout Session Blurb

Join us as we review the capabilities of the existing WSDL-to-Apex code generation feature, and explain how we built a tool to provide expanded features using the Tooling API. The resulting tool has greater support for more WSDL features, generates test cases and the associated mocks to maximize code coverage, and optionally includes HttpRequest versions of the callouts.

Using the Tooling API to Generate Apex SOAP Web Service Clients

Offsite Session Video on Vidyard.

The demo's went well. I was caught out a bit with the resolution. I went in expecting 1280x720 and it got bumped up to 1920x1080. Hopefully the core parts scaled well enough to be seen. Note to self, have a magnifier tool handy for future demo's.

It was difficult to see the audience in the breakout room with 3 spot lights pointed at the stage - the cellphone camera isn't really showing how blinding it was. I could hear people were out there, but couldn't really see them. Some of the breakout rooms had this set up and some didn't, I'm not sure why.

These were minor things really, and I'm glad I was given the opportunity to present at Dreamforce. I got some great questions and feedback from the session. We are getting more followup queries at work now a couple of weeks after Dreamforce. With so much going on during the conference it seems to take awhile for people to filter back to work and follow up on sessions. Also, with so much going on, it was tempting to skip the sessions that were being recorded and attend other activities, such as labs and meeting with other attendees.

Saturday, October 25, 2014

Dreamforce 2014 Round-up / Summary

This was my first time attending Dreamforce and subsequently presenting there as well. I focused primarily on the development side of things, so spent most of my time around Moscone West.

I've collected some of my session notes and general conference thoughts here. Content here will evolve over time as I collate all my notes etc...


Introducing VF Fiddle

Presenter: @EvilN8. Session Video

As you may know, I'm an active member of the Salesforce StackExchange site. I find the format useful for asking and answering Salesforce specific questions. One of the time consuming things about the site is trying to replicate an askers environment and then communicating the solution back in the answer.

VF Fiddle is similar in concept to JSFiddle and allows for quick deployment of Visualforce markup, the Apex controller, CSS and Javascript to a Dev Org.

External Objects - Magical External Objects: Seamless Integration is Here

Presenters: Agustina Garcia Peralta and Andrew Fawcett. Session Video

a.k.a Salesforce1 Platform Connect a.k.a. Lightning Connect

External Objects allow you to view and search data from an external system as though is was a native custom object without actually loading all the data into Salesforce.

Configured under Build > Develop > External Objects and ExternalDataSource.

The main advantage of not storing the data in a custom object is that it does not count against the Org storage limits and you don't need to try and keep the data in sync. At this stage data can't be updated in the data source.

Odata Odata limits apply on single round trip size - 4 MB. Total size of continuation links is 8MB.

There is also a pilot Apex Connector API with classes extending DataSource.Connection and DataSource.Provider

Can you query the data in Apex and SOQL? Yes
Used as field relationship? Yes, with some limits - Can't be used in a Master-Detail relationship.
Are updates from Salesforce synced back? Read Only at this stage.

Where a standard custom object has the __c suffix, external objects have the __x suffix.

Limited to 100 External objects per org.

Access External Data with Salesforce1 Platform Connect

Apex Tips And Tricks

Presenter: Gonzalo Abruna. Session Video

SOQL queries often take up most of the CPU time.

The Developer Console Execution Overviews Timeline is a great way to check a transaction to see where the performance issues are. Open the Apex log and use Debug > Switch Perspective > All or Analysis.

Message Queuing - Building a Messaging Framework on the Salesforce1 Platform

Presenter: @anup

An alternative to using Outbound messages using a custom queue implementation. Independent batches that monitor a message queue and invoke the applicable service handle to send the message out and process the response.


Build Your Own Platform on

Presenters: Mac Anderson, Avrom Roy-Faderman, Aaron Slettehaugh. Session Video

This session will provide an overview of Platform on the Platform, including demonstrations by sfdc partners of features built with the first of our three major features: Custom Metadata. Custom Metadata are similar to List Custom Settings except that the records can be packaged, installed, deployed and managed as metadata. We will show how for the first time, sfdc customers and partners will be able to create their own metadata records and your own platform.

__mdt suffix

Proxly - Speed Up Your Development and Go Localhost

Use local resources for JavaScript and CSS references to speed up development.

Flex Queue - Apex Flex Queue: Batch Apex Liberated

Presenter: @CarolEnLaNube. Session Video

Current Situation:

  • @Future No Job ID - returns void - can't monitor - must be static - primitive data types
  • Batch Jobs - returns ID that can be monitored, recursive calls, only 5 active jobs, can't be ordered.
  • Schedule Jobs

Flex Queue - combines best parts of @Future and Batch

Batch Jobs : With FlexQue.

More that 5 Apex Jobs in the Apex Jobs Table
5 Apex Jobs Processing + 95 Apex Jobs in Holding

Can you reorder Jobs from code or give them a priority? Appears not.
Can't abort holding jobs using the UI, need to use System abort.

Queueable interface and QueueableContext in execute. Provides a middle ground between Batch jobs and @future
Supports more than just primitive arguments that @future methods do.
Less overhead than a Batch job as there is no start method to go through the aync queue.
System.enqueueJob() - returns Job ID. So you can monitor progress.
Can be chained together, which future jobs can't be.
Can have 50 Queueable jobs.

Interactive Apex Debugging

Presenter: Josh Kaplan. Session Video.

Due sometime in 2015 as an Eclipse plugin. Sounds like it will be a paid SKU for a sandbox org.

Meet the Developers

Presenters: Steven Tamm, Gregory Fee, Phil Calvin, Doug Chasman

A great session where you can ask questions of the Salesforce developers.


Sessions I want to catch up on (among others)

  • Catch Bugs Early with Apex Diagnostic Code
    Ridding your Apex code of pesty bugs improves the quality of your Salesforce implementation and increases the predictability of your application's success. Catching those bugs early saves time and money and having the proper skills to do so when you start development saves even more. Join us as we cover contract programming, assertions, and enhanced logging and notification.
  • A Deep Dive into Debugging Applications on the Salesforce1 Platform
  • Building Machine Learning Systems with Apex
  • Faster SOQL? Yes, Please Slides

FinancialForce DevTalks DF14 - Apex Unit Testing with ApexMocks Framework

I was surprised to hear about the meetup scheduled during Dreamforce. It was a really interesting session on a mocking framework called ApexMocks.

Presenting - Using the Tooling API to Generate Apex SOAP Web Service Clients

I gave a breakout presentation on the WSDL2Apex component of the FuseIT SFDC Explorer that increases support for calling SOAP based web services. See Dreamforce 2014 Presentation - Improved Apex support for SOAP based web services, which includes the session video and slides.

Miscellaneous Notes

Salesforce StackExchange

I had a number of shirts to give out, which was easily accomplished on the first day. It's a great way to get talking to people.

Breakfast, Lunch on site

The on site breakfast on the Monday was a selection of fruit and granola (muesli with more sugar or other sweeteners) bars. Lunch was no longer available in Moscone West or the Yerba Buena Gardens around 12:30 pm on the Monday. Subsequent days I had better luck with the Moscone West expo area around 11:30am. It tended to be prepackaged, so you could grab something and eat it later easily enough.


There was a choice between Bruno Mars and Cake. The food options were really good inside were Cake were playing.

Taking notes

I'd recently picked up a Surface 2 and already had the type keyboard acccessory to use with it. Combined in Onenote it worked well as an all day not taking device. I was also able to use it to complete some of the labs using Salesforce from the built in IE browser. There were a few qwirks with using the developer console.


Salesforce gave out a coupon code for first time users of Uber with the $30 credit for the first trip. I set this up with Uber on my phone before leaving New Zealand using my local credit card and cell phone number. On arriving in San Francisco I picked up an AT&T SIM card to avoid excessive international roaming charges. When I tried to book my first Uber ride they sent a confirmations SMS text message to my NZ cell phone number, which I wasn't able to receive due to switching SIM cards. I could have swapped the SIM cards to get the message, but found it too much of a hassle to try and accomplish in the street. My phone needs a pin or similar to pop the SIM card out. So, moral of the story, wait to register for Uber until you get your local SIM if you are going to switch.


I was fortunate enough to have booked accommodation early through the Dreamforce website so I was walking distance to the conference.

One surprise here was the payment going through my personal credit card that I presented at check-in for incidentals rather than the company credit card that was used on the Dreamforce website to request the accommodation.

Tourist Travels

Being my first trip to San Francisco I wanted to get out and do some touristy things. I'd recommend:

  • Hire a bike and ride over the Golden Gate Bride to Sausalito or further on to the Red Woods. I made a day of it and cycled back as well. If I'd known it was there I would have visited the Bay Model Visitor Center.
  • The Alcatraz audio tour.
  • Coit Tower - some good view over the city and harbour.