Tag: Winter 19

Visualforce Winter 19 Highlights

This is quick highlights of winter 19 visualforce improvements.

1.New Visualforce Access Metrics Fields

Use the new ProfileId and LogDate access metrics fields to prioritize which Visualforce pages to migrate to Lightning Experience. To decide which Visualforce pages to migrate to Lightning Experience, it’s helpful to know which pages are used most often and by whom. These new Visualforce Access Metrics fields show you that information. The ProfileId field shows the Salesforce profile ID of the user who viewed the Visualforce page. The LogDate field shows the
date that the user accessed the page. This field provides more insight into page usage than the MetricsDate field, which represents the date the metrics are collected. To query metrics on the Visualforce pages in your org, use the VisualforceAccessMetrics object and include the ProfileId and
LogDate fields.

2. Securely Retrieve and Display Third-Party Images 

Protect your users from unauthorized requests by using the IMAGEPROXYURL function to securely fetch images outside your org’s server. Loading a third-party image can initiate a malicious authentication request meant to steal Salesforce usernames and passwords. This Visualforce function loads external images over HTTPS and prevents images from requesting user credentials. To securely retrieve an external image, include the IMAGEPROXYURL function on the src attribute of a tag or the value attribute of an object.

3.URL Redirect Parameters Are No Longer Case-Sensitive

The protected URL parameters used in Visualforce pages—retURL, startURL, cancelURL, and saveURL—are no longer case-sensitive. If you change the parameter value from retURL to returl, the system now recognizes it as a protected parameter. Protected URL parameters allow redirects from Visualforce pages to salesforce.com or *.force.com domains and prevent malicious
redirects to third-party domains.

4.Improve Security by Isolating Untrusted Third-Party Content with iframes

You can now isolate HTML static resources on a separate domain using iframes. Using a separate domain to embed information from untrusted sources protects your Visualforce content.To reference a static HTML file on a separate domain, use $IFrameResource.<resource_name> as a merge field, where resource_name is the name you specified when you uploaded the static resource

 

Apex Winter 19 Highlights

In this post, I am going to quick recall on the winter 19 Salesforce lightning component changes and improvements.

1.Mark Apex Methods as Cacheable

Prior to Winter ’19, to cache data returned from an Apex method, you had to call setStorable() in JavaScript code on every action that called the Apex method. Now you can mark the Apex method as storable (cacheable) and get rid of any setStorable() calls in JavaScript code.

Mark an Apex method as storable (cacheable) instead of using setStorable() on every JavaScript action that calls the Apex method to centralize your caching notation for a method in the Apex class. Marking a method as storable improves your component’s performance by quickly showing cached data from client-side storage without waiting for a server trip. If the cached data is stale, the framework retrieves the latest data from the server. Caching is especially beneficial for users on high-latency, slow, or unreliable connections, such as 3G networks. To cache data returned from an Apex method for any component with an API version of 44.0 or later, annotate the Apex method with
@AuraEnabled(cacheable=true). For example:

2. Fire Platform Events from Batch Apex Classes (Beta)

Batch Apex classes can now opt in to fire platform events when encountering an error or exception. Event records provide more granular tracking of errors than the Apex Jobs UI because they include the record IDs being processed, exception type, exception message, and stack trace. You can also incorporate custom handling and retry logic for failures. Clients listening on an event can tell how often it failed, which records were in scope at the time of failure, and other exception details. Events are also fired for Salesforce Platform internal errors and other “uncatchable” Apex exceptions like LimitExceptions that are caused by reaching governor limits.

3. Use Inherited Sharing to Secure Your Apex Code

You can now specify the inherited sharing keyword on an Apex class, which allows the class to run in the sharing mode of the class that called it. Using inherited sharing enables you to pass security review and ensure that your privileged Apex code is not used in unexpected or insecure ways. An Apex class with inherited sharing runs as with sharing when used as a Visualforce page controller, Apex REST service, or an entry point to an Apex transaction. This example declares an Apex class with inherited sharing and a Visualforce invocation of that Apex code. Because of the inherited sharing declaration, only contacts for which the running user has sharing access are displayed.

If the declaration is omitted, even contacts that the user has no rights to view are displayed due to the insecure default behavior of omitting the declaration.

 

4. Get Domain URL from Apex

Use the new System.Url.getOrgDomainUrl() method to interact with Salesforce REST and SOAP APIs in Apex code. Use getOrgDomainUrl() in orgs with or without My Domain to retrieve canonical URLs. For example, https://yourDomain.my.salesforce.com, or, for orgs without My Domain enabled https://yourInstance.salesforce.com .

5. Get Session Id in Asynchronous Context  

UserInfo.getSessionId() method to retrieve session IDs, even when your code runs asynchronously.  Previously, orgs with My Domain enabled could access some API features from Apex code only after setting up remote site settings or named credentials. Some objects, such as DatedExchangeRate, are accessible only through the API. You can use getSessionId() both synchronously and asynchronously.  In asynchronous Apex (Batch, Future, Queueable, or Scheduled Apex), this method returns the session ID only when the code is run by an active, valid user. When the code is run by an internal user, such as the automated process user or a proxy user, the method returns null.

6.Share Extensible Functionality with the Callable Interface

The System.Callable interface enables you to use a common interface to build loosely coupled integrations between Apex classes or triggers, even for code in separate packages. Agreeing upon a common interface enables developers from different companies or different departments to build upon one another’s solutions. Implement this interface to enable the broader community, which might have different solutions than the ones you had in mind, to extend your code’s functionality.

 

7.Instantiate Custom Metadata Types in Apex

Now you can able to Instantiate Custom Metadata Types in Apex direly. You can now edit custom metadata records in memory within Apex. Previously, custom metadata records queried with SOQL in Apex were immutable. Audit fields (CreatedDate, CreatedBy, LastModifiedDate, LastModifiedBy, SystemModStamp) and calculated fields remain uneditable. DML operations aren’t allowed on custom metadata in Apex or the Partner or Enterprise APIs. DML operations can be done with the Apex Metadata API.

In this example, the first method is instantiating a custom metadata record, but no records are inserted into memory. The second the method retrieves a record, changes it, and returns it to the caller, but the change is not updated in the database.

 

8.Prediction Field type

isAiPredictionField() from Schema.DescribeFieldResult Returns a Boolean indicating whether the field is enabled to display Einstein prediction data.d

9.Scale Your Event-Based Apps with High-Volume Platform Events (Pilot)

Use high-volume platform events to publish and process millions of events efficiently. This pilot was offered in the last release, and salesforce made enhancements for this release. Choose the platform event type that suits your business needs. For applications that receive several million events per day, use high-volume platform events through the pilot program. For applications that receive up to a million events per day, use standard-volume platform events.Y ou can define a high-volume platform event from the user interface or through Metadata API. From the UI, in Setup, enter Platform Events in the Quick Find box, then select Platform Events. When completing the standard fields, select High Volume for Event Type.In Metadata API, the event definition is represented in the CustomObject type with eventType set to HighVolume.Publish and subscribe to high-volume platform events in the same way that you publish and subscribe to standard-volume platform events. You can use declarative tools, such as Process Builder and flow, or write code with Apex and CometD API apps.
High-volume platform events are published asynchronously so that the system can process high loads of events efficiently. The publishing call places the publish request in a queue. The event message might not be published immediately after the call returns, but it is published when system resources are available. High-volume events are stored for up to three days, and stored events can be replayed.

 

 

Fire Platform Events from Batch Apex Classes

Introduction 

With winter 19 release you can able to fire the platform events from the batch apex.Batch Apex classes can opt in to fire platform events when encountering an error or exception. Clients listening on an event can obtain actionable information, such as how often the event failed and which records were in scope at the time of failure. Events are also fired for Salesforce Platform internal errors and other uncatchable Apex exceptions such as LimitExceptions, which are caused by reaching governor limits. An event record provides more granular error tracking than the Apex Jobs UI. It includes the record IDs being processed, exception type, exception message, and stack trace. You can also incorporate custom handling and retry logic for failures. You can invoke custom Apex logic from any trigger on this type of event, so Apex developers can build functionality like custom logging or automated retry handling. To fire a platform event, a batch Apex class declaration must implement the Database.RaisesPlatformEvents interface.

Step 1:  Create a Platform event

Here is the simple platform event object created for this example 

Step 2: Subscribe to platform event

I just created a simple trigger to subscribe for the platform events. During this beta release, Process Builder and flows do not support subscribing to these events.

Step 3: Raise Platform events

now you can raise the platform event from the batch apex.here is the simple batch apex that will raise the platform evens. After raising platform events all the subscribed channel will be receiving the events.

Go and execute batch apex

After raising the platform events, the subscribed trigger will create a case as shown below

 

Event Error Handling

The BatchApexErrorEvent object represents a platform event associated with a batch Apex class. This example creates a trigger to determine which accounts failed in the batch transaction. Custom field Dirty__c indicates that the account was one of a failing batch and ExceptionType__c indicates the exception that was encountered. JobScope and ExceptionType are fields in the BatchApexErrorEvent object.

 

Apex Inherited Sharing

Introduction

Salesforce apex with sharing or without sharing keywords on a class to specify whether sharing rules must be enforced. Use the inherited sharing keyword on an Apex class to run the class in the sharing mode of the class that called it. Apex without a sharing declaration is insecure by default. Designing Apex classes that can run in either with sharing or without sharing mode at runtime is an advanced technique. Such a technique can be difficult to distinguish from one where a specific sharing declaration is accidentally omitted. An explicit inherited sharing declaration makes the intent clear, avoiding ambiguity arising from an omitted declaration or false positives from security analysis tooling.

Using inherited sharing enables you to pass AppExchange Security Review and ensure that your privileged Apex code is not used in unexpected or insecure ways. An Apex class with inherited sharing runs as with sharing when used as a Lightning component controller, a Visualforce controller, an Apex REST service, or any other entry point to an Apex transaction.

There is a distinct difference between an Apex class that is marked with inherited sharing and one with an omitted sharing declaration. If the class is used as the entry point to an Apex transaction, an omitted sharing declaration runs as without sharing. However, inherited sharing ensures that the default is to run as with sharing. A class declared as inherited sharing runs as without sharing only when explicitly called from an already established without sharing context.

This example declares an Apex class with inherited sharing and a Visualforce invocation of that Apex code. Because of the inherited sharing declaration, only contacts for which the running user has sharing access are displayed. If the declaration is omitted, even contacts that the user has no rights to view are displayed due to the insecure default behavior of omitting the declaration.

 

 

Apex Cacheable methods

Introduction  

With salesforce winter 19 release, Salesforce introduces another way to improve the performance of the lightning component cache by mark an Apex method as storable (cacheable) instead of using setStorable() on every JavaScript action. With the apex storable methods, you can centralize your caching notation for a method in the Apex class instead of doing at client side javascript. Marking a method as storable improves your component’s performance by quickly showing cached data from client-side storage without waiting for a server trip. If the cached data is stale, the framework retrieves the latest data from the server.

How to Use?

To cache data returned from an Apex method for any component with an API version of 44.0 or later, annotate the Apex method with
@AuraEnabled(cacheable=true). For example, the following method is made as cacheable

Here is the complete apex class.

Lightning Component 

JavaScript controller

Now if the javascript code we no need to use setStorable() action instead we are using cachable apex methods.

Can I use javascript storable along with Cachable methods?

Yes ..You can able to use both setStorable and apex cacheable methods together. But recommended will update an existing component to API version 44.0, remove setStorable() calls in JavaScript code along with Apex Cachable methods.

Can I use the Cacheable methods in visualforce?

You can able to use the cacheable methods in visualforce controller also. Here is the simple page that calls the apex controller with cachable actions.