用Struts和Hibernate构筑Web应用开发策略

当今越来越多的Web应用是基于MVC设计模式的.此种设计模式提高了应用系统的可维护性、可扩展性和组件的可复用性.Apache开源组织提供的Struts框架充分体现了MVC架构.Hibernate实际上是一个用对象编程思维来操纵数据库的解决方案.提出了一种基于Struts和Hibernate架构的Web应用开发策略.MVC架构中,模型、视图和控制器3个部分中的模型部分（数据持久层）用Hibernate实现,视图和控制器的实现依托于Struts框架.这种策略真正实现了层间的松散耦合.     

The DynaRIA tool for the comprehension of Ajax web applications by dynamic analysis

Thanks to the fast and growing diffusion of Rich Internet Applications (RIAs), the user experience in the Web 2.0 is becoming more and more appealing and user friendly. RIAs are indeed a new generation of Web applications that exploit a combination of technologies and new development patterns for providing a more interactive, responsive and dynamic user experience. Unfortunately, some characteristics of RIAs, such as the heterogeneity of the implementation technologies, as well as the possibility of dynamically generating the code of the application, cause a general worsening of their analyzability and understandability. Consequently, specific analysis techniques and tools are needed for supporting their comprehension effectively. This paper presents an approach for the comprehension of RIAs implemented in Ajax that is based on a tool for dynamic analysis called DynaRIA. The tool provides an integrated environment for tracing application executions and analyzing them from several perspectives. Moreover, the tool is able to abstract several views on the structure and run-time behavior of the application that can be used in various comprehension activities. To show the actual support provided by DynaRIA in different comprehension contexts, four case studies involving two real Ajax applications will be illustrated in the paper. The experimental results showed the usefulness and effectiveness of the tool in comprehension, debugging, testing and quality assessment scenarios.     

基于Ajax的PHP框架构建

Ajax框架是多种现有技术的综合,它有效减少了B/S模式下无效的网络流量,大大改善了浏览器端的用户体验,已经成为动态Web页面技术的重要工作模式。通过两个基于PHP的Ajax框架搭建实例,表现了Sajax,XOAD这两种主流的Ajax框架的基本构建过程,并比较了其性能特征。实例表明Ajax框架的多个构建过程均是可行和简洁的。     

利用框架技术构建Web应用

目前开发基于Java的Web应用正逐渐转向开源框架支持的轻量级开发架构,基于框架的Web应用具有高可靠性、可复用性,可扩展性和可维护性等优点.当前主流的开源框架有Struts、Spring和Hibernate,其中Struts是一个优秀的MVC框架,Spring是以AOP为基础并实现了IoC机制的轻量级框架,Hibernate是实现了对象/关系映射的持久化框架,它们三者的整合是目前一个比较流行的开发架构.分别介绍这3个框架,然后介绍整合了它们的一个开发架构,并通过一个实际的例子说明了在应用中将它们整合的方法.     

Building test cases and oracles to automate the testing of web database applications

Many organizations rely on web applications that use back-end databases to store important data. Testing such applications requires significant effort. Manual testing alone is often impractical, so testers also rely on automated testing techniques. However, current automated testing techniques may produce false positives (or false negatives) even in a perfectly working system because the outcome of a test case depends on the state of the database which changes over time as data is inserted and deleted. The Automatic Database Tester (AutoDBT) generates functional test cases that account for database updates. AutoDBT takes as input a model of the application and a set of testing criteria. The model consists of a state transition diagram that shows how users navigate pages, a data specification that captures how data flows, and an update specification that shows how the database is updated. AutoDBT generates guard queries to determine whether the database is in a state conducive to performing and evaluating tests. AutoDBT also generates partial oracles to help validate whether a back-end database is updated correctly during testing. This paper describes the design of AutoDBT, a prototype implementation, several experiments with the prototype, and four case studies.     

Static consistency checking of web applications with WebDSL

Modern web application development frameworks provide web application developers with high-level abstractions to improve their productivity. However, their support for static verification of applications is limited. Inconsistencies in an application are often not detected statically, but appear as errors at run-time. The reports about these errors are often obscure and hard to trace back to the source of the inconsistency. A major part of this inadequate consistency checking can be traced back to the lack of linguistic integration of these frameworks. Parts of an application are defined with separate domain-specific languages, which are not checked for consistency with the rest of the application. Examples include regular expressions, query languages and XML-based languages for definition of user interfaces. We give an overview and analysis of typical problems arising in development with frameworks for web application development, with Ruby on Rails, Lift and Seam as representatives.To remedy these problems, in this paper, we argue that domain-specific languages should be designed from the ground up with static verification and cross-aspect consistency checking in mind, providing linguistic integration of domain-specific sub-languages. We show how this approach is applied in the design of WebDSL, a domain-specific language for web applications, by examining how its compiler detects inconsistencies not caught by web frameworks, providing accurate and clear error messages. Furthermore, we show how this consistency analysis can be expressed with a declarative rule-based approach using the Stratego transformation language.     

Top-k queries over web applications

The core logic of web applications that suggest some particular service, such as online shopping, e-commerce etc., is typically captured by Business Processes (BPs). Among all the (maybe infinitely many) possible execution flows of a BP, analysts are often interested in identifying flows that are “most important”, according to some weight metric. The goal of the present paper is to provide efficient algorithms for top-k query evaluation over the possible executions of Business Processes, under some given weight function. Unique difficulties in top-k analysis in this settings stem from (1) the fact that the number of possible execution flows of a given BP is typically very large, or even infinite in presence of recursion and (2) that the weights (e.g., likelihood, monetary cost, etc.) induced by actions performed during the execution (e.g., product purchase) may be inter-dependent (due to probabilistic dependencies, combined discount deals etc.). We exemplify these difficulties, and overcome them to provide efficient algorithms for query evaluation where possible. We also describe in details an application prototype that we have developed for recommending optimal navigation in an online shopping web site that is based on our model and algorithms.     

Ajax和Web服务在空间信息发布中的应用研究

采用传统的WebGIS系统发布空间信息,存在着客户端通用性差、对平台的依赖性强等问题,需要引入新技术进行改进.基于ASP.NET AJAX和Web Service技术,结合SOA架构,提出了一种在线发布空间信息的系统框架,并探讨了该架构下服务器端、客户端的具体设计.最后通过此系统框架,实现了综合风险空间信息的在线发布以及相关功能.系统运行证明,该方法能够显著降低服务器端与客户端的通信开销,并克服空间信息的异构性.     

使用Ajax＋Web Service构建Web应用

本文提出了一种使用Ajax＋Web Service开发Web应用的模式,并探讨了该模式将吸引越来越多开发者关注的原因。本文观点对于Web应用开发人员具有参考价值。     

Planning-based security testing of web applications with attack grammars

Web applications are deployed on machines around the globe and offer almost universal accessibility. These applications assure functional interconnectivity between different components on a 24/7 basis. One of the most important requirements is data confidentiality and secure authentication. However, implementation flaws and unfulfilled requirements often result in security leaks that malicious users eventually exploited. In this context, the application of different testing methods is of utmost importance in order to detect software defects during development and to prevent unauthorized access in advance. In this paper, we contribute to test automation for web applications. In particular, we focus on using planning for testing where we introduce underlying models covering attacks and their use in testing of web applications. The planning model offers a high degree of extendibility and configurability and as well overcomes limits of traditional graphical representations. New testing possibilities emerge that eventually lead to better vulnerability detection, therefore ensuring more secure web services and applications.

     

Scalability issues with using FSMWeb to test web applications

Web applications are fast becoming more widespread, larger, more interactive, and more essential to the international use of computers. It is well understood that web applications must be highly dependable, and as a field we are just now beginning to understand how to model and test Web applications. One straightforward technique is to model Web applications as finite state machines. However, large numbers of input fields, input choices and the ability to enter values in any order combine to create a state space explosion problem. This paper evaluates a solution that uses constraints on the inputs to reduce the number of transitions, thus compressing the FSM. The paper presents an analysis of the potential savings of the compression technique and reports actual savings from two case studies.     

Understanding Ajax applications by connecting client and server-side execution traces

Ajax-enabled Web applications are a new breed of highly interactive, highly dynamic Web applications. Although Ajax allows developers to create rich Web applications, Ajax applications can be difficult to comprehend and thus to maintain. For this reason, we have created FireDetective, a tool that uses dynamic analysis at both the client (browser) and server-side to facilitate the understanding of Ajax applications. We evaluate FireDetective using (1) a pretest-posttest user study and (2) a field user study. Preliminary evidence shows that the FireDetective tool is an effective aid for Web developers striving to understand Ajax applications.     

语义Web应用研究综述

介绍了语义Web的关键技术XML、RDF(S)和本体,并指出了语义Web技术的众多应用领域:知识管理、语义搜索、P2P、电子商务、电子政务、语义网格、Web挖掘、语义Web服务,智能信息Agent和语义门户等.从这些领域当前面临的困难和挑战出发,分析和论述了语义Web技术在这些应用领域的作用、应用前景和部分研究成果.     

面向Web应用的语义标注方法

提出了一种语义标注的方法来支持用户在网上的浏览活动.采用了基于参考本体转换技术的语义转换,它能够从语义上同类型的标注资源中提取特征.随着获取标注资源的模式建立用户意向模型,利用概率的方法识别用户意向.然后利用启发式函数量化具体用户意向和资源之间的相似度,从而达到用户在浏览语义异构网络信息空间时获取相关信息的目的.     

Perturbation-based user-input-validation testing of web applications

User-input-validation (UIV) is the first barricade that protects web applications from application-level attacks. Most UIV test tools cannot detect semantics-related vulnerabilities in validators, such as filling a five-digit number to a field that accepts a year. To address this issue, we propose a new approach to generate test inputs for UIV based on the analysis of client-side information. In particular, we use input-field information to generate valid inputs, and then perturb valid inputs to generate invalid test inputs. We conducted an empirical study to evaluate our approach. The empirical result shows that, in comparison to existing vulnerability scanners, our approach is more effective than existing vulnerability scanners in finding semantics-related vulnerabilities of UIV for web applications.     

Characterizing navigation maps for web applications with the NMM approach

This paper presents the Navigation Maps Modeling approach (NMM), which provides platform independent models for characterizing navigation maps of web applications. The NMM approach is conceived to obtain a trade off between high and low-level design notations. As high-level design notations, NMM models permit architectural details that may hinder the overall understanding of the web application to be left out. As low-level design notations, NMM models can easily be transformed into detailed architectural designs, which are very valuable at coding and maintenance stages.     

Web应用自动化测试的研究

针对目前Web应用"捕捉/回放"式测试脚本复用率不高的问题,根据Web应用的特性给出了一种基于数据驱动的Web测试框架,并设计了基于XML语言的自动化测试脚本.该测试脚本描述了Web应用行为的多请求/响应的迁移模型,并清晰地定义了外部测试数据避免了数据"硬编码"的缺陷,可对Web应用不同方面(例如功能、性能)上进行测试.开发了一个测试执行的原型工具,它以测试脚本为输入并自动化执行测试用例并生成测试结果.     

Model-driven development of composite context-aware web applications

Context-awareness constitutes an essential aspect of services, especially when interaction with end-users is involved. In this paper a solution for the context-aware development of web applications consisting of web services is presented. The methodology proposes a model based approach and advocates in favour of a complete separation of the web application functionality from the context adaptation at all development phases (analysis, design, implementation). In essence, context adaptation takes place on top of and is transparent to the web application business functionality. Starting from UML diagrams of independent web services and respective UML context models, our approach can produce a functional composite context-aware application. At execution level this independence is maintained through an adaptation framework based on message interception.     

Enlargement of vulnerable web applications for testing

There are two main kinds of vulnerable web applications, usual applications developed with a specific aim and applications which are vulnerable by design. On one hand, the usual applications are those that are used everywhere and on a daily basis, and where vulnerabilities are detected, and often mended, such as online banking systems, newspaper sites, or any other Web site. On the other hand, vulnerable by design web applications are developed for proper evaluation of web vulnerability scanners and for training in detecting web vulnerabilities. The main drawback of vulnerable by design web applications is that they used to include just a short set of well-known types of vulnerabilities, usually from famous classifications like the OWASP Top Ten. They do not include most of the types of web vulnerabilities. In this paper, an analysis and assessment of vulnerable web applications is conducted in order to select the applications that include the larger set of types of vulnerabilities. Then those applications are enlarged with more types of web vulnerabilities that vulnerable web applications do not include. Lastly, the new vulnerable web applications have been analyzed to check whether web vulnerability scanners are able to detect the new added vulnerabilities, those vulnerabilities that vulnerable by design web applications do not include. The results show that the tools are not very successful in detecting those vulnerabilities, less than well-known vulnerabilities.