用Struts和Hibernate构筑Web应用开发策略

当今越来越多的Web应用是基于MVC设计模式的.此种设计模式提高了应用系统的可维护性、可扩展性和组件的可复用性.Apache开源组织提供的Struts框架充分体现了MVC架构.Hibernate实际上是一个用对象编程思维来操纵数据库的解决方案.提出了一种基于Struts和Hibernate架构的Web应用开发策略.MVC架构中,模型、视图和控制器3个部分中的模型部分（数据持久层）用Hibernate实现,视图和控制器的实现依托于Struts框架.这种策略真正实现了层间的松散耦合.     

The DynaRIA tool for the comprehension of Ajax web applications by dynamic analysis

Thanks to the fast and growing diffusion of Rich Internet Applications (RIAs), the user experience in the Web 2.0 is becoming more and more appealing and user friendly. RIAs are indeed a new generation of Web applications that exploit a combination of technologies and new development patterns for providing a more interactive, responsive and dynamic user experience. Unfortunately, some characteristics of RIAs, such as the heterogeneity of the implementation technologies, as well as the possibility of dynamically generating the code of the application, cause a general worsening of their analyzability and understandability. Consequently, specific analysis techniques and tools are needed for supporting their comprehension effectively. This paper presents an approach for the comprehension of RIAs implemented in Ajax that is based on a tool for dynamic analysis called DynaRIA. The tool provides an integrated environment for tracing application executions and analyzing them from several perspectives. Moreover, the tool is able to abstract several views on the structure and run-time behavior of the application that can be used in various comprehension activities. To show the actual support provided by DynaRIA in different comprehension contexts, four case studies involving two real Ajax applications will be illustrated in the paper. The experimental results showed the usefulness and effectiveness of the tool in comprehension, debugging, testing and quality assessment scenarios.     

基于Ajax的PHP框架构建

Ajax框架是多种现有技术的综合,它有效减少了B/S模式下无效的网络流量,大大改善了浏览器端的用户体验,已经成为动态Web页面技术的重要工作模式。通过两个基于PHP的Ajax框架搭建实例,表现了Sajax,XOAD这两种主流的Ajax框架的基本构建过程,并比较了其性能特征。实例表明Ajax框架的多个构建过程均是可行和简洁的。     

基于Ajax的PHP框架构建

Ajax框架是多种现有技术的综合,它有效减少了B/S模式下无效的网络流量,大大改善了浏览器端的用户体验,已经成为动态Web页面技术的重要工作模式。通过两个基于PHP的Ajax框架搭建实例,表现了Sajax,XOAD这两种主流的Ajax框架的基本构建过程,并比较了其性能特征。实例表明Ajax框架的多个构建过程均是可行和简洁的。     

利用框架技术构建Web应用

目前开发基于Java的Web应用正逐渐转向开源框架支持的轻量级开发架构,基于框架的Web应用具有高可靠性、可复用性,可扩展性和可维护性等优点.当前主流的开源框架有Struts、Spring和Hibernate,其中Struts是一个优秀的MVC框架,Spring是以AOP为基础并实现了IoC机制的轻量级框架,Hibernate是实现了对象/关系映射的持久化框架,它们三者的整合是目前一个比较流行的开发架构.分别介绍这3个框架,然后介绍整合了它们的一个开发架构,并通过一个实际的例子说明了在应用中将它们整合的方法.     

Testing web applications

Traditional testing techniques are not adequate for web-based applications, since they miss their additional features such as their multi-tier nature, hyperlink-based structure, and event-driven feature. Limited work has been done on testing web applications. In this paper, we propose new techniques for white box testing of web applications developed in the .NET environment with emphasis on their event-driven feature. We extend recent work on modeling of web applications by enhancing previous dependence graphs and proposing an event-based dependence graph model. We apply data flow testing techniques to these dependence graphs and propose an event flow testing technique. Also, we present a few coverage testing approaches for web applications. Further, we propose mutation testing operators for evaluating the adequacy of web application tests.     

Building test cases and oracles to automate the testing of web database applications

Many organizations rely on web applications that use back-end databases to store important data. Testing such applications requires significant effort. Manual testing alone is often impractical, so testers also rely on automated testing techniques. However, current automated testing techniques may produce false positives (or false negatives) even in a perfectly working system because the outcome of a test case depends on the state of the database which changes over time as data is inserted and deleted. The Automatic Database Tester (AutoDBT) generates functional test cases that account for database updates. AutoDBT takes as input a model of the application and a set of testing criteria. The model consists of a state transition diagram that shows how users navigate pages, a data specification that captures how data flows, and an update specification that shows how the database is updated. AutoDBT generates guard queries to determine whether the database is in a state conducive to performing and evaluating tests. AutoDBT also generates partial oracles to help validate whether a back-end database is updated correctly during testing. This paper describes the design of AutoDBT, a prototype implementation, several experiments with the prototype, and four case studies.     

Static consistency checking of web applications with WebDSL

Modern web application development frameworks provide web application developers with high-level abstractions to improve their productivity. However, their support for static verification of applications is limited. Inconsistencies in an application are often not detected statically, but appear as errors at run-time. The reports about these errors are often obscure and hard to trace back to the source of the inconsistency. A major part of this inadequate consistency checking can be traced back to the lack of linguistic integration of these frameworks. Parts of an application are defined with separate domain-specific languages, which are not checked for consistency with the rest of the application. Examples include regular expressions, query languages and XML-based languages for definition of user interfaces. We give an overview and analysis of typical problems arising in development with frameworks for web application development, with Ruby on Rails, Lift and Seam as representatives.To remedy these problems, in this paper, we argue that domain-specific languages should be designed from the ground up with static verification and cross-aspect consistency checking in mind, providing linguistic integration of domain-specific sub-languages. We show how this approach is applied in the design of WebDSL, a domain-specific language for web applications, by examining how its compiler detects inconsistencies not caught by web frameworks, providing accurate and clear error messages. Furthermore, we show how this consistency analysis can be expressed with a declarative rule-based approach using the Stratego transformation language.     

Lightweight migration for web applications with framework separation

Web applications (apps) are programs created by web technologies such as HTML, CSS, and JavaScript. Web apps can be executed on any platform that supports a web browser. Such portability allows an interesting user experience called app migration, which can save an app's execution state to a file called snapshot, transmit it to another device, and continue the execution using the snapshot. However, existing approaches save all the states of the current app, regardless of its relevance to an app's state, making the snapshot size and snapshot creation time infeasibly large. For example, web apps are often programmed using web frameworks such as jQuery, which are libraries written in JavaScript to support app developments. We found that most objects created by frameworks during their initialization are not relevant to an app's state. Hence, one idea to reduce the snapshot size is not saving those framework objects in the snapshot but creating them after migration via re‐initialization. Unfortunately, this is not always straightforward since the framework objects are intermingled with the app objects in the heap, possibly pointing to each other. To resolve this, we separated app objects that are attached to framework objects by monitoring app's execution and saved them to the snapshot. This paper proposes such a framework separated migration technique, with optimization to reduce the overhead, especially related to monitoring app's execution. With our approach, we could reduce the snapshot size by 89.1% on average and shorten the migration time by 47.6%, increasing the feasibility of app migration.     

Ajax和Web服务在空间信息发布中的应用研究

采用传统的WebGIS系统发布空间信息,存在着客户端通用性差、对平台的依赖性强等问题,需要引入新技术进行改进.基于ASP.NET AJAX和Web Service技术,结合SOA架构,提出了一种在线发布空间信息的系统框架,并探讨了该架构下服务器端、客户端的具体设计.最后通过此系统框架,实现了综合风险空间信息的在线发布以及相关功能.系统运行证明,该方法能够显著降低服务器端与客户端的通信开销,并克服空间信息的异构性.     

使用Ajax＋Web Service构建Web应用

本文提出了一种使用Ajax＋Web Service开发Web应用的模式,并探讨了该模式将吸引越来越多开发者关注的原因。本文观点对于Web应用开发人员具有参考价值。     

Top-k queries over web applications

The core logic of web applications that suggest some particular service, such as online shopping, e-commerce etc., is typically captured by Business Processes (BPs). Among all the (maybe infinitely many) possible execution flows of a BP, analysts are often interested in identifying flows that are “most important”, according to some weight metric. The goal of the present paper is to provide efficient algorithms for top-k query evaluation over the possible executions of Business Processes, under some given weight function. Unique difficulties in top-k analysis in this settings stem from (1) the fact that the number of possible execution flows of a given BP is typically very large, or even infinite in presence of recursion and (2) that the weights (e.g., likelihood, monetary cost, etc.) induced by actions performed during the execution (e.g., product purchase) may be inter-dependent (due to probabilistic dependencies, combined discount deals etc.). We exemplify these difficulties, and overcome them to provide efficient algorithms for query evaluation where possible. We also describe in details an application prototype that we have developed for recommending optimal navigation in an online shopping web site that is based on our model and algorithms.     

Planning-based security testing of web applications with attack grammars

Web applications are deployed on machines around the globe and offer almost universal accessibility. These applications assure functional interconnectivity between different components on a 24/7 basis. One of the most important requirements is data confidentiality and secure authentication. However, implementation flaws and unfulfilled requirements often result in security leaks that malicious users eventually exploited. In this context, the application of different testing methods is of utmost importance in order to detect software defects during development and to prevent unauthorized access in advance. In this paper, we contribute to test automation for web applications. In particular, we focus on using planning for testing where we introduce underlying models covering attacks and their use in testing of web applications. The planning model offers a high degree of extendibility and configurability and as well overcomes limits of traditional graphical representations. New testing possibilities emerge that eventually lead to better vulnerability detection, therefore ensuring more secure web services and applications.

     

Scalability issues with using FSMWeb to test web applications

Web applications are fast becoming more widespread, larger, more interactive, and more essential to the international use of computers. It is well understood that web applications must be highly dependable, and as a field we are just now beginning to understand how to model and test Web applications. One straightforward technique is to model Web applications as finite state machines. However, large numbers of input fields, input choices and the ability to enter values in any order combine to create a state space explosion problem. This paper evaluates a solution that uses constraints on the inputs to reduce the number of transitions, thus compressing the FSM. The paper presents an analysis of the potential savings of the compression technique and reports actual savings from two case studies.     

Understanding Ajax applications by connecting client and server-side execution traces

Ajax-enabled Web applications are a new breed of highly interactive, highly dynamic Web applications. Although Ajax allows developers to create rich Web applications, Ajax applications can be difficult to comprehend and thus to maintain. For this reason, we have created FireDetective, a tool that uses dynamic analysis at both the client (browser) and server-side to facilitate the understanding of Ajax applications. We evaluate FireDetective using (1) a pretest-posttest user study and (2) a field user study. Preliminary evidence shows that the FireDetective tool is an effective aid for Web developers striving to understand Ajax applications.     

Are web applications more defect-prone than desktop applications?

A lot of effort in the literature has been devoted to define and validate fault taxonomies and models related to different domains, e.g. Service-oriented and Web systems, and properties, e.g. software quality and security. Nevertheless, few attempts were carried out to understand the specific nature of Web bugs and their distribution among the layers of a typical application’s architecture—presentation layer, business logic and data logic. In this paper, we present an experimental investigation aimed at studying the distribution of bugs among different layers of Web and Desktop applications. The experiment follows a well-defined procedure executed by six bachelor students. Overall, the analysis considers 1,472 bugs belonging to 20 different applications. The experimental study provides strong evidence that the presentation layer in Web applications is more defect-prone than the analogous layer in Desktop applications. An additional factor influencing the distribution of defects is represented by the application domain.     

面向Web应用的语义标注方法

提出了一种语义标注的方法来支持用户在网上的浏览活动.采用了基于参考本体转换技术的语义转换,它能够从语义上同类型的标注资源中提取特征.随着获取标注资源的模式建立用户意向模型,利用概率的方法识别用户意向.然后利用启发式函数量化具体用户意向和资源之间的相似度,从而达到用户在浏览语义异构网络信息空间时获取相关信息的目的.     

Perturbation-based user-input-validation testing of web applications

User-input-validation (UIV) is the first barricade that protects web applications from application-level attacks. Most UIV test tools cannot detect semantics-related vulnerabilities in validators, such as filling a five-digit number to a field that accepts a year. To address this issue, we propose a new approach to generate test inputs for UIV based on the analysis of client-side information. In particular, we use input-field information to generate valid inputs, and then perturb valid inputs to generate invalid test inputs. We conducted an empirical study to evaluate our approach. The empirical result shows that, in comparison to existing vulnerability scanners, our approach is more effective than existing vulnerability scanners in finding semantics-related vulnerabilities of UIV for web applications.     

语义Web应用研究综述

介绍了语义Web的关键技术XML、RDF(S)和本体,并指出了语义Web技术的众多应用领域:知识管理、语义搜索、P2P、电子商务、电子政务、语义网格、Web挖掘、语义Web服务,智能信息Agent和语义门户等.从这些领域当前面临的困难和挑战出发,分析和论述了语义Web技术在这些应用领域的作用、应用前景和部分研究成果.     

Characterizing navigation maps for web applications with the NMM approach

This paper presents the Navigation Maps Modeling approach (NMM), which provides platform independent models for characterizing navigation maps of web applications. The NMM approach is conceived to obtain a trade off between high and low-level design notations. As high-level design notations, NMM models permit architectural details that may hinder the overall understanding of the web application to be left out. As low-level design notations, NMM models can easily be transformed into detailed architectural designs, which are very valuable at coding and maintenance stages.