Opening web applications for third-party development: a service-oriented solution

Web applications are nowadays prevalent software systems in our everyday’s life. A lot of these applications have been developed for end users only. Thus, they are not designed by considering future extensions that would be developed by third parties. One possible and interesting solution for opening these applications for such kind of extension development is to create and deploy Web services starting from these applications. In this paper, we present a method and a tool for semiautomatically creating Web service implementations from applications having Web interfaces. The proposed method generates operations that are published in Web services for each functionality provided by a Web application. In addition, it generates new operations starting from Web interfaces. Our approach goes further in the creation of services by generating executable orchestrations, as BPEL processes, starting from navigations in the Web interfaces of these applications and by providing BPMN choreography specifications starting from the collaborations between the generated Web services. We implemented and experimented our solution in the migration of three real-world Web applications toward Web service-oriented systems.     

一种高效的Web服务性能优化策略

Web服务是构建面向服务架构(SOA)的主流分布式计算技术.基于XML的数据传输格式在给Web服务带来众多优点的同时,严重影响了其性能,制约了Web服务的应用.众多研究表明,XML解析和数据绑定是Web服务的主要性能瓶颈.着眼于避免传统XML解析和运行时Java反射过程的开销,提出了一种新颖的Web服务性能优化策略.它为每个Web服务生成一个特定于该服务的SOAP消息处理器,通过在对SOAP消息的一遍扫描中高效地生成服务业务逻辑调用所需的参数对象.实验结果表明,该优化策略能够有效地提高Web服务的性能.     

A lightweight approach for migrating web frameworks

Web application development frameworks, like the Java Server Pages framework (JSP), provide web applications with essential functions such as maintaining state information across the application and access control. In the fast paced world of web applications, new frameworks are introduced and old ones are updated frequently. A framework is chosen during the initial phases of the project. Hence, changing it to match the new requirements and demands is a cumbersome task.We propose an approach (based on Water Transformations) to migrate web applications between various web development frameworks. This migration process preserves the structure of the code and the location of comments to facilitate future manual maintenance of the migrated code. Consequently, developers can move their applications to the framework that meets their current needs instead of being locked into their initial development framework. We give an example of using our approach to migrate a web application written using the Active Server Pages (ASP) framework to the Netscape Server Pages (NSP) framework.     

Increasing application accessibility through Java

Java has begun to open up new possibilities for accessing applications on the Web. With Java, developers can write applications as applets and insert them into Web pages. The user can then retrieve and execute them with local computing resources. We show how developers can use this feature to create a network computing platform that lets Web users share applications not specifically devised for network use, including those that are computationally intensive. With our approach, the network is not involved as long as the user executes operations on the graphical interface, which is executed locally on the client. Only when users require some computational response from the server do they need to access it. Access is straightforward; authorized users can access the application from any node connected with the Internet as long as they have a Java-enabled Web browser. We have used used one such network computing platform to port an existing tool and develop a new application     

基于解析树的Java Web灰盒模糊测试

由于Java Web应用业务场景复杂,且对输入数据的结构有效性要求较高,现有的测试方法和工具在测试Java Web时存在测试用例的有效率较低的问题.为了解决上述问题,本文提出了基于解析树的Java Web应用灰盒模糊测试方法.首先为Java Web应用程序的输入数据包进行语法建模创建解析树,区分分隔符和数据块,并为解析树中每一个叶子结点挂接一个种子池,隔离测试用例的单个数据块,通过数据包拼接生成符合Java Web应用业务格式的输入,从而提高测试用例的有效率;为了保留高质量的数据块,在测试期间根据测试程序的执行反馈信息,为每个数据块种子单独赋予权值;为了突破深度路径,会在相应种子池中基于条件概率学习提取数据块种子特征.本文实现了基于解析树的Java Web应用灰盒模糊测试系统PTreeFuzz,测试结果表明,该系统相较于现有工具取得了更好的测试准确率.     

A formal approach for run-time verification of web applications using scope-extended LTL

ContextIn the past decade, the World Wide Web has been subject to rapid changes. Web sites have evolved from static information pages to dynamic and service-oriented applications that are used for a broad range of activities on a daily basis. For this reason, thorough analysis and verification of Web Applications help assure the deployment of high quality applications.ObjectivesIn this paper, an approach is presented to the formal verification and validation of existing web applications. The approach consists of using execution traces of a web application to automatically generate a communicating automata model. The obtained model is used to model checking the application against predefined properties, to perform regression testing, and for documentation.MethodsTraces used in the proposed approach are collected by monitoring a web application while it is explored by a user or a program. An automata-based model is derived from the collected traces by mapping the pages of the application under test into states and the links and forms used to browse the application into transitions between the states. Properties, meanwhile, express correctness and quality requirements on web applications and might concern all states of the model; in many cases, these properties concern only a proper subset of the states, in which case the model is refined to designate the subset of the global states of interest. A related problem of property specification in Linear Temporal Logic (LTL) over only a subset of states of a system is solved by means of specialized operators that facilitate specifying properties over propositional scopes in a concise and intuitive way. Each scope constitutes a subset of states that satisfy a propositional logic formula.ResultsAn implementation of the verification approach that uses the model checker Spin is presented where an integrated toolset is developed and empirical results are shown. Also, Linear Temporal Logic is extended with propositional scopes.Conclusiona formal approach is developed to build a finite automata model tuned to features of web applications that have to be validated, while delegating the task of property verification to an existing model checker. Also, the problem of property specification in LTL over a subset of the states of a given system is addressed, and a generic and practical solution is proposed which does not require any changes in the system model by defining specialized operators in LTL using scopes.     

MVC编程模型在Web程序中的应用及Java实现

为了克服当前Web应用开发技术的种种弊端,文章将传统的面向对象的编程模型——MVC模型引入Web应用程序的开发中,并使用以Java为核心的技术对其进行具体实现。     

Applications of a Web query language

In this paper we report on our experience using WebSQL, a high level declarative query language for extracting information from the Web. WebSQL takes advantage of multiple index servers without requiring users to know about them, and integrates full-text with topology-based queries.The WebSQL query engine is a library of Java classes, and WebSQL queries can be embedded into Java programs much in the same way as SQL queries are embedded in C programs. This allows us to access the Web from Java at a much higher level of abstraction than bare HTTP requests.We illustrate the use of WebSQL for application development by describing two applications we are experimenting with: Web site maintenance and specialized index construction. We also sketch several other possible applications.Using the library, we have also implemented a client-server architecture that allows us to perform interactive intelligent searches on the Web from an applet running on a browser.     

结合AI规划和工作流的动态服务组合框架研究

动态服务组合是构建面向服务、松耦合、集成化的应用系统的主要途径.现行的动态服务组合方法中,工业界倾向于采用BPEL建模服务流程,而语义网研究团体则吸取AI规划的思想以实现Web服务组合,以上两种方法都不同程度地存在各自的不足.在对上述方法进行对比分析的基础上,提出了一种结合AI规划和工作流技术的动态服务组合方法.实践表明,这种方法能有效克服采用单个方法所造成的不足,并可实现从需求到部署的全过程.     

Agent negotiation based ontology refinement process and mechanisms for service applications

Nowadays organisations are willing to outsource their business processes as services and make them accessible via the Web. In doing so, they can dynamically combine individual services to their service applications. However, unless the data on the Web can be meaningfully shared and is interpretable, this objective cannot be realised. In this paper, a new agent-based approach for managing ontology evolution in a Web services environment is exploited. The proposed approach has several key characteristics such as flexibility and extensibility that differentiate this research from others. The refinement mechanisms which cope with an evolving ontology are carefully examined. The novelty of our work is that inter-processes between different ontologies are studied from the agent’s perspective. Based on this perspective, an agent negotiation model is applied to reach an agreement regarding ontology discrepancy in an application. The efficiency and effectiveness of reaching an agreement over an ontology dispute is leveraged by the private negotiation strategy applied in the argumentation approach. An extended negotiation strategy is discussed to enable sufficient information in decision making at each negotiation round. A case study is presented to demonstrate ontology refinement in a Web services environment.     

基于面向服务架构的遗留系统再设计方法

提出了一种遗留系统再设计的方法,应用改进的层次聚类算法构建遗留代码,能够方便地将代码取出以构建Web服务.该方法支持服务鉴别和服务包装,通过改造有用的遗留代码,经济有效地将遗留系统迁移到面向服务架构中.最后利用上述技术,成功地再现了一个分布式并行计算平台的再设计过程.     

模型驱动下的Web应用系统自动生成

为了提高Web应用系统开发效率,提出了模型驱动下的Web应用系统自动生成方法。这种生成方法是以Me—taEdit＋作为元建模工具,首先创建Web应用系统元模型、定制DSL,进而建立Web应用系统领域模型,然后通过MetaEdit＋提供的生成器定义语言MERL,软件开发人员可以很方便地设计出Web应用系统所需的JSP生成器、Servlet生成器、Jayabeans生成器和数据库生成器,从Web应用系统图形模型直接生成整个Web应用系统。最后通过一个WebShopping实例详细介绍了模型驱动下的Web应用系统生成方法及生成过程。经测试,所生成的Web应用系统可以在Windows操作系统中的Web应用服务器上正确运行。     

Enterprise computing: the Java factor

The ubiquitous availability of Web browsers on multiple platforms and user familiarity with browser technology provide numerous advantages: a uniform interface; support for multimedia and user interaction and collaboration; a simple communication protocol that has been implemented in all major hardware and software platforms; and support by almost all vendors who package Web engines within their products. Such factors have expedited the implementation of network centric computing as a productive infrastructure for corporate environments. The addition of Java, with its ability to build cross platform application logic into a browser, gives network centric computing the potential to better meet enterprise computing needs. Because it lets users interact with the application on the client rather than the server, Java enables better utilization of both the server and the client's computational capability. Java can also provide sessions state information (for client side session control and resource management) in an otherwise stateless Web world. Besides naturally decentralizing application execution, Java makes it possible to decentralize application deployment. In large enterprises, organization wide applications such as personnel timekeeping or document routing can benefit from Java implementations. One immediate impact is a noticeable reduction of the server load during peak hours. Finally, Java enabled browsers can provide greater functionality than HTML     

The implementation of a secure and pervasive multimodal Web system architecture

While most users currently access Web applications from Web browser interfaces, pervasive computing is emerging and offering new ways of accessing Internet applications from any device at any location, by utilizing various modes of interfaces to interact with their end users. The PC and its back-end servers remain important in a pervasive system, and the technology could involve new ways of interfacing with a PC and/or various types of gateways to back-end servers. In this research, cellular phone was used as the pervasive device for accessing an Internet application prototype, a multimodal Web system (MWS), through voice user interface technology.This paper describes how MWS was developed to provide a secure interactive voice channel using an Apache Web server, a voice server, and Java technology. Securing multimodal applications proves more challenging than securing traditional Internet applications. Various standards have been developed within a context of Java 2 Micro Edition (J2ME) platform to secure multimodal and wireless applications. In addition to covering these standards and their applicability to the MWS system implementation, this paper also shows that multimodal user-interface page can be generated by using XSLT stylesheet which transforms XML documents into various formats including XHTML, WML, and VoiceXML.     

Healing Web applications through automatic workarounds

We develop the notion of automatic workaround in the context of Web applications. A workaround is a sequence of operations, applied to a failing component, that is equivalent to the failing sequence in terms of its intended effect, but that does not result in a failure. We argue that workarounds exist in modular systems because components often offer redundant interfaces and implementations, which in turn admit several equivalent sequences of operations. In this paper, we focus on Web applications because these are good and relevant examples of component-based (or service-oriented) applications. Web applications also have attractive technical properties that make them particularly amenable to the deployment of automatic workarounds. We propose an architecture where a self-healing proxy applies automatic workarounds to a Web application server. We also propose a method to generate equivalent sequences and to represent and select them at run-time as automatic workarounds. We validate the proposed architecture in four case studies in which we deploy automatic workarounds to handle four known failures in to the popular Flickr and Google Maps Web applications. This work has been supported by the project PerSeoS funded by the Swiss National Fund.     

A method for identifying Web applications

Web applications are ubiquitous in today’s businesses. The security of these applications is of utmost importance since security breaches might negatively impact good reputation, and even result in bankruptcy. There are different methods of assessing security of Web applications, mainly based on some automated method of scanning. One type of scan method feeds random data to the application and monitors its behavior. The other type uses a database with predefined vulnerabilities that are checked one by one until either a vulnerability is found, or it can be claimed that the application does not have any known vulnerabilities. The important step in latter type of scan process is the identification of the application since in this case we are narrowing number of checks and, as a consequence, the scan process is faster. This paper describes a method for Web application identification based on a black box principle. Our method is based on the invariance of certain characteristics of Web applications. We experimentally tested and confirmed the usefulness of this approach.     

Java for high‐performance network‐based computing: a survey

There has been an increasing research interest in extending the use of Java towards high‐performance demanding applications such as scalable Web servers, distributed multimedia applications, and large‐scale scientific applications. However, extending Java to a multicomputer environment and improving the low performance of current Java implementations pose great challenges to both the systems developer and application designer. In this survey, we describe and classify 14 relevant proposals and environments that tackle Java's performance bottlenecks in order to make the language an effective option for high‐performance network‐based computing. We further survey significant performance issues while exposing the potential benefits and limitations of current solutions in such a way that a framework for future research efforts can be established. Most of the proposed solutions can be classified according to some combination of three basic parameters: the model adopted for inter‐process communication, language extensions, and the implementation strategy. In addition, where appropriate to each individual proposal, we examine other relevant issues, such as interoperability, portability, and garbage collection. Copyright © 2002 John Wiley & Sons, Ltd.     

支持EJB动态分布的组件迁移模型与算法

Web应用服务器是Web计算环境下的新型中间件,为基于组件的分布式Web应用提供了基础运行平台.组件静态分布限制了事务性Web应用在运行期间适应执行环境变化的能力.为了满足Web应用的动态分布需求,Web应用服务器需在底层为组件提供一种动态迁移的能力.如何维持组件迁移前后的一致性是组件迁移中最棘手的问题之一.为解决此问题,定义了组件迁移一致性约束CMC(component migration constrains),并给出了在J2EE(Java 2 platform enterpnse edition)应用服务器中支持EJB(enterprise Java Bean)动态分布的组件迁移模型和SLB Copy,SFB_Copy,EB_Copy 3个迁移算法.分析得出SLB_Copy,SFB_Copy和EB_Copy均满足CMC约束.迁移模型和算法已在自主研制的Web应用服务器WebFrame2.0中实现,并已应用到自适应负载平衡、失效恢复等多个方面.     

EWS-Based Management Application Interface and Integration Mechanisms for Web-Based Element Management

Web-based network element management provides an administrator with the ability to configure and monitor network devices over the Internet using a Web browser. The most direct way to accomplish this is to embed a Web server [Embedded Web Server (EWS)] into a network device, and use that server to provide a Web-based management user interface constructed with HTML, graphics, Java and other features common to Web browsers. In this paper we present EWS-based management application interface mechanisms for use between embedded management applications and embedded Web servers. We propose a guideline for choosing an efficient interface mechanism, which is based on the characteristics of management information and Web documents. A Web-based management user interface through embedded Web servers has many advantages such as ubiquity, platform independence and user-friendliness. In order to be truly useful, a Web-based management user interface must have a low development cost and a short development time. We provide effective integration mechanisms for each interface. We validate these mechanisms by implementing them in an Internet router.     

StarOSGi:一种OSGi分布式扩展中间件

随着应用范畴从单个结点扩展到普适计算、企业计算等分布式环境,OSGi技术需要提供对远程服务访问的支持。在保留其面向服务、动态性、轻量级等已有优点的前提下,如何为OSGi技术体系提供有效的分布式扩展,是研究者所面临的重要挑战。现有OSGi分布式扩展研究工作存在着对编程模型具有明显侵入性、不支持与非OSGi系统互操作等共性问题。以CORBA中间件技术为基础,以非侵入性、通用性和良好互操作性为目标,提出了基于CORBA的OSGi分布式扩展模型,进而基于CORBA动态调用和Java反射技术设计了一个支持OSGi分布式扩展的中间件StarOSGi。该中间件保持了OSGi原有面向服务的编程模型和轻量级特点,能够透明地将集中式的OSGi应用转变为分布式应用,并且支持OSGi应用与遗留CORBA应用的互操作,具有明显的性能优势。