JWIG Yet Another Framework for Maintainable and Secure Web Applications

Size: px
Start display at page:

Download "JWIG Yet Another Framework for Maintainable and Secure Web Applications"

Transcription

1 JWIG Yet Another Framework for Maintainable and Secure Web Applications Anders Møller Mathias Schwarz Aarhus University

2 Brief history - Precursers 1999: <bigwig> Powerful template system Form field validation, concurrency, simple database : JWIG Java-based General XML 2003-: Xact XML transformations Type system Flow based template analysis 2008-: JWIG2! 2

3 Software Engineering Principles High cohesion and low coupling Code that belongs together should be together Secure by design e.g. resistance against XSS Convention over configuration (sensible defaults) 3

4 Many frameworks JSF 4

5 Struts and JSF 5

6 Yet Another Framework? Problems in current frameworks Not secure by design Lots of complicated configuration Low coherence (unclear flow between pages) Server push is too cumbersome to use No uniform support for XHTML web applications and XML based web services 6

7 Server vs Client-oriented? Recent trends: Move as much as possible to client side Rich UI in JavaScript Drawbacks of using client side Conflicts with the use of ORM systems Security considerations 7

8 JWIG Overview 8

9 Generating XML Output We want a solution: Unifies template and DOM-like approaches Permists static validation analysis Avoids XSS problems The solution: XACT An existing, powerful XML transformation framework 9

10 Hello World in JWIG import dk.brics.xact.xml; public class Main extends WebApp { public XML hello(string what) { return [[ <html> <head><title>example</title></head> <body> <p>hello <{ what ></p> </body> </html> ]]; 10

11 Web methods The base unit in JWIG is the web method (Different from Struts, JSF, Servlets) All public methods of a WebApp that: Return XML, URL, String or Carry annotation Web methods are matched by priority (Set annotation) Methods are invoked by reflection on request. There is no configuration. 11

12 Web method parameters The simplest way to take parameters? Formal parameters! Web methods may take parameters Of type Strings Of types that declare a tostring()/valueof() Session (Persistable) Collections/arrays of the above 12

13 MicroChat 13

14 MicroChat (1/2) public class MicroChat extends WebApp { List<String> messages = new ArrayList<String>(); public XML chat() { return [[ <html> <head><title>microchat</title></head> <body> <{ new XMLProducer(messages) { XML run() { if (!messages.isempty()) return [[ <ul> <{ [[<li><[msg]></li>]].plugwrap("msg", messages) > </ul> ]]; else return [[ ]]; > 14

15 MicroChat (2/2) <form method="post" action=[send]> <p> <input type="text" name="msg"/> <input type="submit" value="send"/> </p> </form> </body> </html> ]].plug("send", new SubmitHandler() { void run(string msg) { messages.add(msg); update(messages); ); 15

16 Observations about MicroChat Concise code Guaranteed well-formed and valid XHTML XSS impossible (secure by design) Clear flow between generating and handling form (high cohesion) Easy server push 16

17 Session State Session data is typically stored in a per-user string-to-object map Low cohesion between data and code using it Hard to clean up Potential conflicts in naming The solution is to divide session data into small typed units 17

18 Session Example URL hello(string what) { return makeurl("sayhi", new HelloSession(what)); class HelloSession extends Session { String name; public HelloSession(String s) { name = s; public XML sayhi(hellosession s) { return [[ <html> <head><title>example</title></head> <body><p>hello <{ s.name ></p></body> </html> ]]; 18

19 Filters in JWIG Filters are just web methods, that Have higher priority than other methods Call next() import dk.brics.xact.xml; public class Main extends WebApp { public XML hello(string what) { return [[ <html><head><title>example</title></head> <body> <p>hello <{ what ></p> hello ) public void log(string what) { System.out.println( Greeted + what); next(); next() invokes web methods of lower priority and returns the response 19

20 Aggressive cache Caching The cache filter caches any GET response WebApp.addResponseInvalidator(Object) makes a response dependant on some object WebApp.update(Object) clears all dependant responses from the cache 20

21 Status codes and Authorization Status codes (excluding 200 OK) are signaled using exceptions AuthorizationRequiredException Use for HTTP Basic Authentication AccessDeniedException NotFoundException All others 21

22 HTTP Basic Authentication Thus HTTP Basic Authentication is simple We can create a filter that thows an exception of no user is set import dk.brics.xact.xml; public class Main extends WebApp { public XML hello(string what) { return [[ <html><head><title>example</title></head> <body> <p>hello <{ what ></p> </body></html> + ** ) public void auth() { User u = getuser(); The User object can be used for checking username and password if (u == null) throw new AuthorizationRequiredException( Hello Service ); next(); 22

23 Deployment JWIG follows the same structure as Struts/ JSF: A fixed web.xml file in WEB-INF Classes in WEB-INF/classes JWIG implementation libraries in WEB-INF/lib There is a zip-file for you on the web page 23

24 Status and Future Work Case study: 30,000 lines course administration system (CourseAdmin) Done as PREP project: Static analysis of JWIG programs Matching parameter names, types, web app graph Future/current work: User input validation Tag mechanism for UI abstractions Automated (concolic) testing of applications Maybe your next PREP project? 24

25 Conclusion Simple framework from sound design principles High cohesion, low coupling Secure by design Convention over configuration Unified XML processing (via XACT) XMLProducer for server push Event handlers for user input 25

26 Questions? 26

27 QuickPoll (1/5) package quickpoll; import dk.brics.jwig.*; import public class QuickPoll extends WebApp { XML wrapper = [[ <html> <head><title>quickpoll</title></head> <body> <h1>quickpoll</h1> <[BODY]> </body> </html> ]]; class State { String question; int yes; int no; State state = new State(); 27

28 QuickPoll public XML index() { return wrapper.plug("body", [[ <ul> <li><a href={makeurl("init")>initialize</a> (access control)</li> <li><a href={makeurl("vote")>vote</a></li> <li><a href={makeurl("results")>view results</a></li> </ul> public void authenticate() { User u = getuser(); if (u!= null && u.getusername().equals("jdoe") && u.getpassword().equals("42")) next(); else throw new AuthorizationRequiredException("QuickPoll"); 28

29 QuickPoll (3/5) public XML init() { return wrapper.plug("body", [[ <form method="post" action=[init]> What is your question?<br/> <input name="question" type="text" size="40"/>?<br/> <input type="submit" value="register my question"/> </form> ]]).plug("init", new SubmitHandler() { XML run(string question) { synchronized (state) { state.question = question; state.yes = state.no = 0; update(state); return wrapper.plug("body", [[ Your question has been registered. Let the vote begin! ]]); ); 29

30 QuickPoll (4/5) public XML vote() { if (state.question == null) throw new AccessDeniedException("QuickPoll not yet initialized"); addresponseinvalidator(state); return wrapper.plug("body", [[ <{state.question>?<p/> <form method="post" action=[vote]> <input name="vote" type="radio" value="yes"/> yes<br/> <input name="vote" type="radio" value="no"/> no<p/> <input type="submit" value="vote"/> </form> ]]).plug("vote", new SubmitHandler() { XML run(string vote) { synchronized (state) { if ("yes".equals(vote)) state.yes++; else if ("no".equals(vote)) state.no++; update(state); return wrapper.plug("body", [[ Thank you for your vote! ]]); ); 30

31 QuickPoll (5/5) public XML results() { return wrapper.plug("body", new XMLProducer(state) { XML run() { synchronized (state) { int total = state.yes + state.no; if (total == 0) return [[No votes yet...]]; else return [[ <{state.question>?<p/> <table border="0"> <tr><td>yes:</td><td><{drawbar(300*state.yes/total)></td><td><{state.yes></td></tr> <tr><td>no:</td><td><{drawbar(300*state.no/total)></td><td><{state.no></td></tr> </table> ]]; ); private XML drawbar(int length) { return [[<table><tr><td bgcolor="black" height="20" width={length></td></tr></table>]]; 31

JWIG: Yet Another Framework for Maintainable and Secure Web Applications

JWIG: Yet Another Framework for Maintainable and Secure Web Applications JWIG: Yet Another Framework for Maintainable and Secure Web Applications Anders Møller and Mathias Schwarz Department of Computer Science, Aarhus University, Denmark amoeller@cs.au.dk, schwarz@cs.au.dk

More information

Sample HP OO Web Application

Sample HP OO Web Application HP OO 10 OnBoarding Kit Community Assitstance Team Sample HP OO Web Application HP OO 10.x Central s rich API enables easy integration of the different parts of HP OO Central into custom web applications.

More information

Application Security

Application Security 2009 Marty Hall Declarative Web Application Security Originals of Slides and Source Code for Examples: http://courses.coreservlets.com/course-materials/msajsp.html Customized Java EE Training: http://courses.coreservlets.com/

More information

Novell Identity Manager

Novell Identity Manager AUTHORIZED DOCUMENTATION Manual Task Service Driver Implementation Guide Novell Identity Manager 4.0.1 April 15, 2011 www.novell.com Legal Notices Novell, Inc. makes no representations or warranties with

More information

Hello World RESTful web service tutorial

Hello World RESTful web service tutorial Hello World RESTful web service tutorial Balázs Simon (sbalazs@iit.bme.hu), BME IIT, 2015 1 Introduction This document describes how to create a Hello World RESTful web service in Eclipse using JAX-RS

More information

Web Applications. Originals of Slides and Source Code for Examples: http://courses.coreservlets.com/course-materials/msajsp.html

Web Applications. Originals of Slides and Source Code for Examples: http://courses.coreservlets.com/course-materials/msajsp.html 2009 Marty Hall Using and Deploying Web Applications Originals of Slides and Source Code for Examples: http://courses.coreservlets.com/course-materials/msajsp.html Customized Java EE Training: http://courses.coreservlets.com/

More information

Servlet 3.0. Alexis Moussine-Pouchkine. mercredi 13 avril 2011

Servlet 3.0. Alexis Moussine-Pouchkine. mercredi 13 avril 2011 Servlet 3.0 Alexis Moussine-Pouchkine 1 Overview Java Servlet 3.0 API JSR 315 20 members Good mix of representation from major Java EE vendors, web container developers and web framework authors 2 Overview

More information

Controlling Web Application Behavior

Controlling Web Application Behavior 2006 Marty Hall Controlling Web Application Behavior The Deployment Descriptor: web.xml JSP, Servlet, Struts, JSF, AJAX, & Java 5 Training: http://courses.coreservlets.com J2EE Books from Sun Press: http://www.coreservlets.com

More information

Java Servlet 3.0. Rajiv Mordani Spec Lead

Java Servlet 3.0. Rajiv Mordani Spec Lead Java Servlet 3.0 Rajiv Mordani Spec Lead 1 Overview JCP Java Servlet 3.0 API JSR 315 20 members > Good mix of representation from major Java EE vendors, web container developers and web framework authors

More information

Complete Java Web Development INT2201; 4 Days; Instructor-led

Complete Java Web Development INT2201; 4 Days; Instructor-led Complete Java Web Development INT2201; 4 Days; Instructor-led Course Description Complete Java Web Development is a crash course in developing cutting edge Web applications using the latest Java EE 6 technologies

More information

In this chapter, we lay the foundation for all our further discussions. We start

In this chapter, we lay the foundation for all our further discussions. We start 01 Struts.qxd 7/30/02 10:23 PM Page 1 CHAPTER 1 Introducing the Jakarta Struts Project and Its Supporting Components In this chapter, we lay the foundation for all our further discussions. We start by

More information

Complete Java Web Development

Complete Java Web Development Complete Java Web Development JAVA-WD Rev 11.14 4 days Description Complete Java Web Development is a crash course in developing cutting edge Web applications using the latest Java EE 6 technologies from

More information

Announcements. Comments on project proposals will go out by email in next couple of days...

Announcements. Comments on project proposals will go out by email in next couple of days... Announcements Comments on project proposals will go out by email in next couple of days... 3-Tier Using TP Monitor client application TP monitor interface (API, presentation, authentication) transaction

More information

<Insert Picture Here> פורום BI 21.5.2013 מה בתוכנית? בוריס דהב Embedded BI Column Level,ROW LEVEL SECURITY,VPD Application Role,security טובית לייבה הפסקה OBIEE באקסליבריס נפתלי ליברמן - לימור פלדל Actionable

More information

c. Write a JavaScript statement to print out as an alert box the value of the third Radio button (whether or not selected) in the second form.

c. Write a JavaScript statement to print out as an alert box the value of the third Radio button (whether or not selected) in the second form. Practice Problems: These problems are intended to clarify some of the basic concepts related to access to some of the form controls. In the process you should enter the problems in the computer and run

More information

BAPI. Business Application Programming Interface. Compiled by Y R Nagesh 1

BAPI. Business Application Programming Interface. Compiled by Y R Nagesh 1 BAPI Business Application Programming Interface Compiled by Y R Nagesh 1 What is BAPI A Business Application Programming Interface is a precisely defined interface providing access process and data in

More information

An Overview of Servlet & JSP Technology

An Overview of Servlet & JSP Technology 2007 Marty Hall An Overview of Servlet & JSP Technology 2 Customized J2EE Training: http://courses.coreservlets.com/ Servlets, JSP, Struts, JSF, EJB3, Ajax, Java 5, Java 6, etc. Ruby/Rails coming soon.

More information

2. Follow the installation directions and install the server on ccc

2. Follow the installation directions and install the server on ccc Installing a Web Server 1. Install a sample web server, which supports Servlets/JSPs. A light weight web server is Apache Tomcat server. You can get the server from http://tomcat.apache.org/ 2. Follow

More information

Intell-a-Keeper Reporting System Technical Programming Guide. Tracking your Bookings without going Nuts! http://www.acorn-is.

Intell-a-Keeper Reporting System Technical Programming Guide. Tracking your Bookings without going Nuts! http://www.acorn-is. Intell-a-Keeper Reporting System Technical Programming Guide Tracking your Bookings without going Nuts! http://www.acorn-is.com 877-ACORN-99 Step 1: Contact Marian Talbert at Acorn Internet Services at

More information

Forms, CGI Objectives. HTML forms. Form example. Form example...

Forms, CGI Objectives. HTML forms. Form example. Form example... The basics of HTML forms How form content is submitted GET, POST Elements that you can have in forms Responding to forms Common Gateway Interface (CGI) Later: Servlets Generation of dynamic Web content

More information

Chapter 22 How to send email and access other web sites

Chapter 22 How to send email and access other web sites Chapter 22 How to send email and access other web sites Murach's PHP and MySQL, C22 2010, Mike Murach & Associates, Inc. Slide 1 Objectives Applied 1. Install and use the PEAR Mail package to send email

More information

Internet Technologies

Internet Technologies QAFQAZ UNIVERSITY Computer Engineering Department Internet Technologies HTML Forms Dr. Abzetdin ADAMOV Chair of Computer Engineering Department aadamov@qu.edu.az http://ce.qu.edu.az/~aadamov What are forms?

More information

Usability. Usability

Usability. Usability Objectives Review Usability Web Application Characteristics Review Servlets Deployment Sessions, Cookies Usability Trunk Test Harder than you probably thought Your answers didn t always agree Important

More information

Recommended readings. Lecture 11 - Securing Web. Applications. Security. Declarative Security

Recommended readings. Lecture 11 - Securing Web. Applications. Security. Declarative Security Recommended readings Lecture 11 Securing Web http://www.theserverside.com/tt/articles/content/tomcats ecurity/tomcatsecurity.pdf http://localhost:8080/tomcat-docs/security-managerhowto.html http://courses.coreservlets.com/course-

More information

Volume 1: Core Technologies Marty Hall Larry Brown. An Overview of Servlet & JSP Technology

Volume 1: Core Technologies Marty Hall Larry Brown. An Overview of Servlet & JSP Technology Core Servlets and JavaServer Pages / 2e Volume 1: Core Technologies Marty Hall Larry Brown An Overview of Servlet & JSP Technology 1 Agenda Understanding the role of servlets Building Web pages dynamically

More information

NGASI AppServer Manager SaaS/ASP Hosting Automation for Cloud Computing Administrator and User Guide

NGASI AppServer Manager SaaS/ASP Hosting Automation for Cloud Computing Administrator and User Guide NGASI AppServer Manager SaaS/ASP Hosting Automation for Cloud Computing Administrator and User Guide NGASI SaaS Hosting Automation is a JAVA SaaS Enablement infrastructure that enables web hosting services

More information

Contents. 2 Alfresco API Version 1.0

Contents. 2 Alfresco API Version 1.0 The Alfresco API Contents The Alfresco API... 3 How does an application do work on behalf of a user?... 4 Registering your application... 4 Authorization... 4 Refreshing an access token...7 Alfresco CMIS

More information

Creating Custom Web Pages for cagrid Services

Creating Custom Web Pages for cagrid Services Creating Custom Web Pages for cagrid Services Creating Custom Web Pages for cagrid Services Contents Overview Changing the Default Behavior Subclassing the AXIS Servlet Installing and Configuring the Custom

More information

Advanced Web Technology 10) XSS, CSRF and SQL Injection 2

Advanced Web Technology 10) XSS, CSRF and SQL Injection 2 Berner Fachhochschule, Technik und Informatik Advanced Web Technology 10) XSS, CSRF and SQL Injection Dr. E. Benoist Fall Semester 2010/2011 Table of Contents Cross Site Request Forgery - CSRF Presentation

More information

Liferay Enterprise ecommerce. Adding ecommerce functionality to Liferay Reading Time: 10 minutes

Liferay Enterprise ecommerce. Adding ecommerce functionality to Liferay Reading Time: 10 minutes Liferay Enterprise ecommerce Adding ecommerce functionality to Liferay Reading Time: 10 minutes Broadleaf + Liferay ecommerce + Portal Options Integration Details REST APIs Integrated IFrame Separate Conclusion

More information

Defeating XSS and XSRF with JSF Frameworks

Defeating XSS and XSRF with JSF Frameworks Defeating XSS and XSRF with JSF Frameworks About Me Steve Wolf Vice President, Application Security AsTech Consulting, Inc. steve.wolf@astechconsulting.com www.astechconsulting.com OWASP Chapter Lead Sacramento,

More information

Multimedia im Netz Online Multimedia Winter semester 2015/16. Tutorial 03 Major Subject

Multimedia im Netz Online Multimedia Winter semester 2015/16. Tutorial 03 Major Subject Multimedia im Netz Online Multimedia Winter semester 2015/16 Tutorial 03 Major Subject Ludwig- Maximilians- Universität München Online Multimedia WS 2015/16 - Tutorial 03-1 Today s Agenda Quick test Server

More information

BizFlow 9.0 BizCoves BluePrint

BizFlow 9.0 BizCoves BluePrint BizFlow 9.0 BizCoves BluePrint HandySoft Global Corporation 1952 Gallows Road Suite 100 Vienna, VA USA 703.442.5600 www.handysoft.com 1999-2004 HANDYSOFT GLOBAL CORPORATION. ALL RIGHTS RESERVED. THIS DOCUMENTATION

More information

Mobile development with Apache OFBiz. Ean Schuessler, co-founder @ Brainfood

Mobile development with Apache OFBiz. Ean Schuessler, co-founder @ Brainfood Mobile development with Apache OFBiz Ean Schuessler, co-founder @ Brainfood Mobile development For the purposes of this talk mobile development means mobile web development The languages and APIs for native

More information

White Paper March 1, 2005. Integrating AR System with Single Sign-On (SSO) authentication systems

White Paper March 1, 2005. Integrating AR System with Single Sign-On (SSO) authentication systems White Paper March 1, 2005 Integrating AR System with Single Sign-On (SSO) authentication systems Copyright 2005 BMC Software, Inc. All rights reserved. BMC, the BMC logo, all other BMC product or service

More information

Web Applications and Struts 2

Web Applications and Struts 2 Web Applications and Struts 2 Problem area Problem area Separation of application logic and markup Easier to change and maintain Easier to re use Less error prone Access to functionality to solve routine

More information

Understanding Cross Site Scripting

Understanding Cross Site Scripting Understanding Cross Site Scripting Hardik Shah Understanding cross site scripting attacks Introduction: there are many techniques which a intruder can use to compromise the webapplications. one such techniques

More information

Real SQL Programming 1

Real SQL Programming 1 Real 1 We have seen only how SQL is used at the generic query interface an environment where we sit at a terminal and ask queries of a database. Reality is almost always different: conventional programs

More information

www.virtualians.pk CS506 Web Design and Development Solved Online Quiz No. 01 www.virtualians.pk

www.virtualians.pk CS506 Web Design and Development Solved Online Quiz No. 01 www.virtualians.pk CS506 Web Design and Development Solved Online Quiz No. 01 Which of the following is a general purpose container? JFrame Dialog JPanel JApplet Which of the following package needs to be import while handling

More information

Simplify Your Web App Development Using the Spring MVC Framework

Simplify Your Web App Development Using the Spring MVC Framework 1 of 10 24/8/2008 23:07 http://www.devx.com Printed from http://www.devx.com/java/article/22134/1954 Simplify Your Web App Development Using the Spring MVC Framework Struts is in fairly widespread use

More information

WIRIS quizzes web services Getting started with PHP and Java

WIRIS quizzes web services Getting started with PHP and Java WIRIS quizzes web services Getting started with PHP and Java Document Release: 1.3 2011 march, Maths for More www.wiris.com Summary This document provides client examples for PHP and Java. Contents WIRIS

More information

Workshop for WebLogic introduces new tools in support of Java EE 5.0 standards. The support for Java EE5 includes the following technologies:

Workshop for WebLogic introduces new tools in support of Java EE 5.0 standards. The support for Java EE5 includes the following technologies: Oracle Workshop for WebLogic 10g R3 Hands on Labs Workshop for WebLogic extends Eclipse and Web Tools Platform for development of Web Services, Java, JavaEE, Object Relational Mapping, Spring, Beehive,

More information

Configuring iplanet 6.0 Web Server For SSL and non-ssl Redirect

Configuring iplanet 6.0 Web Server For SSL and non-ssl Redirect Introduction Configuring iplanet 6.0 Web Server For SSL and non-ssl Redirect This document describes the process for configuring an iplanet web server for the following situation: Require that clients

More information

JAX-WS Developer's Guide

JAX-WS Developer's Guide JAX-WS Developer's Guide JOnAS Team ( ) - March 2009 - Copyright OW2 Consortium 2009 This work is licensed under the Creative Commons Attribution-ShareAlike License. To view a copy of this license,visit

More information

Connecting Custom Services to the YAWL Engine. Beta 7 Release

Connecting Custom Services to the YAWL Engine. Beta 7 Release Connecting Custom Services to the YAWL Engine Beta 7 Release Document Control Date Author Version Change 25 Feb 2005 Marlon Dumas, 0.1 Initial Draft Tore Fjellheim, Lachlan Aldred 3 March 2006 Lachlan

More information

Web Applications. For live Java training, please see training courses at

Web Applications. For live Java training, please see training courses at 2009 Marty Hall Using and Deploying Web Applications Originals of Slides and Source Code for Examples: http://courses.coreservlets.com/course-materials/msajsp.html Customized Java EE Training: http://courses.coreservlets.com/

More information

Overview. In the beginning. Issues with Client Side Scripting What is JavaScript? Syntax and the Document Object Model Moving forward with JavaScript

Overview. In the beginning. Issues with Client Side Scripting What is JavaScript? Syntax and the Document Object Model Moving forward with JavaScript Overview In the beginning Static vs. Dynamic Content Issues with Client Side Scripting What is JavaScript? Syntax and the Document Object Model Moving forward with JavaScript AJAX Libraries and Frameworks

More information

Secure Application Development with the Zend Framework

Secure Application Development with the Zend Framework Secure Application Development with the Zend Framework By Stefan Esser Who? Stefan Esser from Cologne / Germany in IT security since 1998 PHP core developer since 2001 Month of PHP Bugs/Security and Suhosin

More information

MASTERTAG DEVELOPER GUIDE

MASTERTAG DEVELOPER GUIDE MASTERTAG DEVELOPER GUIDE TABLE OF CONTENTS 1 Introduction... 4 1.1 What is the zanox MasterTag?... 4 1.2 What is the zanox page type?... 4 2 Create a MasterTag application in the zanox Application Store...

More information

How to use SSO with SharePoint 2010 (FBA) using subdomains. Moataz Esmat EXT.1386

How to use SSO with SharePoint 2010 (FBA) using subdomains. Moataz Esmat EXT.1386 How to use SSO with SharePoint 2010 (FBA) using subdomains Moataz Esmat EXT.1386 I. Browse the web applications using subdomains: After creating the FBA web applications you need to simulate browsing the

More information

TCP/IP Networking, Part 2: Web-Based Control

TCP/IP Networking, Part 2: Web-Based Control TCP/IP Networking, Part 2: Web-Based Control Microchip TCP/IP Stack HTTP2 Module 2007 Microchip Technology Incorporated. All Rights Reserved. Building Embedded Web Applications Slide 1 Welcome to the next

More information

Nome database: reddito

Nome database: reddito Nome database: reddito CAMPO TIPO codice int PRIMARY KEY cognome varchar(20) reddito float Elenco programmi - menu.html menu' gestione database - menuhref.html esempio di menu' con HREF - conn_db.jsp connessione

More information

Fortigate SSL VPN 4 With PINsafe Installation Notes

Fortigate SSL VPN 4 With PINsafe Installation Notes Fortigate SSL VPN 4 With PINsafe Installation Notes Table of Contents Fortigate SSL VPN 4 With PINsafe Installation Notes... 1 1. Introduction... 2 2. Overview... 2 2.1. Prerequisites... 2 2.2. Baseline...

More information

Pentesting Web Frameworks (preview of next year's SEC642 update)

Pentesting Web Frameworks (preview of next year's SEC642 update) Pentesting Web Frameworks (preview of next year's SEC642 update) Justin Searle Managing Partner UtiliSec Certified Instructor SANS Institute justin@utilisec.com // @meeas What Are Web Frameworks Frameworks

More information

Web Programming II JSP (Java Server Pages) ASP request processing. The Problem. The Problem. Enterprise Application Development using J2EE

Web Programming II JSP (Java Server Pages) ASP request processing. The Problem. The Problem. Enterprise Application Development using J2EE Enterprise Application Development using J2EE Shmulik London Lecture #6 Web Programming II JSP (Java Server Pages) How we approached it in the old days (ASP) Multiplication Table Multiplication

More information

Exam Name: WebSpherePortal V5.1 Application Development Exam Type IBM Exam Code: 000-399 Total Questions: 102

Exam Name: WebSpherePortal V5.1 Application Development Exam Type IBM Exam Code: 000-399 Total Questions: 102 Question: 1 A Company.com developer is using Rational Application Developer Portal Tools to troubleshoot a portlet application on a remote server. Which log file directory would be the BEST place to begin

More information

JAHIA CMS AND PORTAL SERVER

JAHIA CMS AND PORTAL SERVER Computer Practie JAHIA CMS AND PORTAL SERVER Web Application Developer Guide DRAFT VERSION Serge Huber Jahia Ltd 1.0 english Jahia Ltd 45, rue de la Gare 1260 Nyon Switzerland i Disclaimers, Terms and

More information

Further web design: HTML forms

Further web design: HTML forms Further web design: HTML forms Practical workbook Aims and Learning Objectives The aim of this document is to introduce HTML forms. By the end of this course you will be able to: use existing forms on

More information

Outline. CS 112 Introduction to Programming. Recap: HTML/CSS/Javascript. Admin. Outline

Outline. CS 112 Introduction to Programming. Recap: HTML/CSS/Javascript. Admin. Outline Outline CS 112 Introduction to Programming Web Programming: Backend (server side) Programming with Servlet, JSP q Admin and recap q Server-side web programming overview q Servlet programming q Java servlet

More information

The Google Web Toolkit (GWT): Declarative Layout with UiBinder Basics

The Google Web Toolkit (GWT): Declarative Layout with UiBinder Basics 2013 Marty Hall & Yaakov Chaikin The Google Web Toolkit (GWT): Declarative Layout with UiBinder Basics (GWT 2.5 Version) Originals of Slides and Source Code for Examples: http://courses.coreservlets.com/course-materials/gwt.html

More information

HTML Tables. IT 3203 Introduction to Web Development

HTML Tables. IT 3203 Introduction to Web Development IT 3203 Introduction to Web Development Tables and Forms September 3 HTML Tables Tables are your friend: Data in rows and columns Positioning of information (But you should use style sheets for this) Slicing

More information

Web Hosting Prep Lab Homework #2 This week: Setup free web hosting for your project Pick domain name and check whether it is available Lots of free

Web Hosting Prep Lab Homework #2 This week: Setup free web hosting for your project Pick domain name and check whether it is available Lots of free Web Hosting Prep, Lab Homework #2 Project Requirements Gathering, Design Prototyping Web Application Frameworks JavaScript Introduction / Overview Lab Homework #3 CS 183 10/13/2013 Web Hosting Prep Lab

More information

Configuring IBM WebSphere Application Server 7.0 for Web Authentication with SAS 9.3 Web Applications

Configuring IBM WebSphere Application Server 7.0 for Web Authentication with SAS 9.3 Web Applications Configuration Guide Configuring IBM WebSphere Application Server 7.0 for Web Authentication with SAS 9.3 Web Applications Configuring the System for Web Authentication This document explains how to configure

More information

Design and Analysis of Web Application Frameworks

Design and Analysis of Web Application Frameworks Aarhus University PhD Dissertation Design and Analysis of Web Application Frameworks Mathias Schwarz Supervisor: Anders Møller Submitted: January 29, 2013 Abstract Numerous web application frameworks

More information

SSO Plugin. Integration for Jasper Server. J System Solutions. http://www.javasystemsolutions.com Version 3.6

SSO Plugin. Integration for Jasper Server. J System Solutions. http://www.javasystemsolutions.com Version 3.6 SSO Plugin Integration for Jasper Server J System Solutions Version 3.6 JSS SSO Plugin Integration with Jasper Server Introduction... 3 Jasper Server user administration... 4 Configuring SSO Plugin...

More information

Web Development 1 A4 Project Description Web Architecture

Web Development 1 A4 Project Description Web Architecture Web Development 1 Introduction to A4, Architecture, Core Technologies A4 Project Description 2 Web Architecture 3 Web Service Web Service Web Service Browser Javascript Database Javascript Other Stuff:

More information

Ch-03 Web Applications

Ch-03 Web Applications Ch-03 Web Applications 1. What is ServletContext? a. ServletContext is an interface that defines a set of methods that helps us to communicate with the servlet container. There is one context per "web

More information

STREAMEZZO RICH MEDIA SERVER

STREAMEZZO RICH MEDIA SERVER STREAMEZZO RICH MEDIA SERVER Clustering This document is the property of Streamezzo. It cannot be distributed without the authorization of Streamezzo. Table of contents 1. INTRODUCTION... 3 1.1 Rich Media

More information

www.cotiinformatica.com.br

www.cotiinformatica.com.br de WebService... Estrutura do projeto... LIBS: asm-3.1.jar commons-codec-1.6.jar commons-logging-1.1.1.jar fluent-hc-4.2.5.jar gson-2.2.4.jar httpclient-4.2.5.jar httpclient-cache-4.2.5.jar httpcore-4.2.4.jar

More information

JSP Java Server Pages

JSP Java Server Pages JSP - Java Server Pages JSP Java Server Pages JSP - Java Server Pages Characteristics: A way to create dynamic web pages, Server side processing, Based on Java Technology, Large library base Platform independence

More information

Web. Services. Web Technologies. Today. Web. Technologies. Internet WWW. Protocols TCP/IP HTTP. Apache. Next Time. Lecture #3 2008 3 Apache.

Web. Services. Web Technologies. Today. Web. Technologies. Internet WWW. Protocols TCP/IP HTTP. Apache. Next Time. Lecture #3 2008 3 Apache. JSP, and JSP, and JSP, and 1 2 Lecture #3 2008 3 JSP, and JSP, and Markup & presentation (HTML, XHTML, CSS etc) Data storage & access (JDBC, XML etc) Network & application protocols (, etc) Programming

More information

Hello World Portlet Rendered with JSP for WebSphere Portal Version 4.1

Hello World Portlet Rendered with JSP for WebSphere Portal Version 4.1 1 of 11 16.10.2002 11:41 Hello World Portlet Rendered with JSP for WebSphere Portal Version 4.1 Table of Contents Creating the directory structure Creating the Java code Compiling the code Creating the

More information

Web Service Development Using CXF. - Praveen Kumar Jayaram

Web Service Development Using CXF. - Praveen Kumar Jayaram Web Service Development Using CXF - Praveen Kumar Jayaram Introduction to WS Web Service define a standard way of integrating systems using XML, SOAP, WSDL and UDDI open standards over an internet protocol

More information

Manage Workflows. Workflows and Workflow Actions

Manage Workflows. Workflows and Workflow Actions On the Workflows tab of the Cisco Finesse administration console, you can create and manage workflows and workflow actions. Workflows and Workflow Actions, page 1 Add Browser Pop Workflow Action, page

More information

SSC - Web applications and development Introduction and Java Servlet (II)

SSC - Web applications and development Introduction and Java Servlet (II) SSC - Web applications and development Introduction and Java Servlet (II) Shan He School for Computational Science University of Birmingham Module 06-19321: SSC Outline Outline of Topics Servlet Configuration

More information

Dynamic Web Pages With The Embedded Web Server. The Digi-Geek s AJAX Workbook

Dynamic Web Pages With The Embedded Web Server. The Digi-Geek s AJAX Workbook Dynamic Web Pages With The Embedded Web Server The Digi-Geek s AJAX Workbook (NET+OS, XML, & JavaScript) Version 1.0 5/4/2011 Page 1 Table of Contents Chapter 1 - How to Use this Guide... 5 Prerequisites

More information

Building and Using Web Services With JDeveloper 11g

Building and Using Web Services With JDeveloper 11g Building and Using Web Services With JDeveloper 11g Purpose In this tutorial, you create a series of simple web service scenarios in JDeveloper. This is intended as a light introduction to some of the

More information

Building Web Services with Apache Axis2

Building Web Services with Apache Axis2 2009 Marty Hall Building Web Services with Apache Axis2 Part I: Java-First (Bottom-Up) Services Customized Java EE Training: http://courses.coreservlets.com/ Servlets, JSP, Struts, JSF/MyFaces/Facelets,

More information

It is highly recommended that you are familiar with HTML and JavaScript before attempting this tutorial.

It is highly recommended that you are familiar with HTML and JavaScript before attempting this tutorial. About the Tutorial AJAX is a web development technique for creating interactive web applications. If you know JavaScript, HTML, CSS, and XML, then you need to spend just one hour to start with AJAX. Audience

More information

Fortigate SSL VPN 3.x With PINsafe Installation Notes

Fortigate SSL VPN 3.x With PINsafe Installation Notes Fortigate SSL VPN 3.x With PINsafe Installation Notes Table of Contents Fortigate SSL VPN 3.x With PINsafe Installation Notes... 1 1. Introduction... 2 2. Overview... 2 2.1. Prerequisites... 2 2.2. Baseline...

More information

Implementing Specialized Data Capture Applications with InVision Development Tools (Part 2)

Implementing Specialized Data Capture Applications with InVision Development Tools (Part 2) Implementing Specialized Data Capture Applications with InVision Development Tools (Part 2) [This is the second of a series of white papers on implementing applications with special requirements for data

More information

This course provides students with the knowledge and skills to develop ASP.NET MVC 4 web applications.

This course provides students with the knowledge and skills to develop ASP.NET MVC 4 web applications. 20486B: Developing ASP.NET MVC 4 Web Applications Course Overview This course provides students with the knowledge and skills to develop ASP.NET MVC 4 web applications. Course Introduction Course Introduction

More information

Model-View-Controller. and. Struts 2

Model-View-Controller. and. Struts 2 Model-View-Controller and Struts 2 Problem area Mixing application logic and markup is bad practise Harder to change and maintain Error prone Harder to re-use public void doget( HttpServletRequest request,

More information

JavaScript and Dreamweaver Examples

JavaScript and Dreamweaver Examples JavaScript and Dreamweaver Examples CSC 103 October 15, 2007 Overview The World is Flat discussion JavaScript Examples Using Dreamweaver HTML in Dreamweaver JavaScript Homework 3 (due Friday) 1 JavaScript

More information

A detailed walk through a CAS authentication

A detailed walk through a CAS authentication Welcome! First of all, what is CAS? Web single sign on Uses federated authentication, where all authentication is done by the CAS server, instead of individual application servers The implementation is

More information

Dynamic Web-Enabled Data Collection

Dynamic Web-Enabled Data Collection Dynamic Web-Enabled Data Collection S. David Riba, Introduction Web-based Data Collection Forms Error Trapping Server Side Validation Client Side Validation Dynamic generation of web pages with Scripting

More information

2.8. Session management

2.8. Session management 2.8. Session management Juan M. Gimeno, Josep M. Ribó January, 2008 Session management. Contents Motivation Hidden fields URL rewriting Cookies Session management with the Servlet/JSP API Examples Scopes

More information

RESTful web applications with Apache Sling

RESTful web applications with Apache Sling RESTful web applications with Apache Sling Bertrand Delacrétaz Senior Developer, R&D, Day Software, now part of Adobe Apache Software Foundation Member and Director http://grep.codeconsult.ch - twitter:

More information

e ag u g an L g ter lvin v E ram Neal G g ro va P Ja

e ag u g an L g ter lvin v E ram Neal G g ro va P Ja Evolving the Java Programming Language Neal Gafter Overview The Challenge of Evolving a Language Design Principles Design Goals JDK7 and JDK8 Challenge: Evolving a Language What is it like trying to extend

More information

Web services can convert your existing applications into web applications.

Web services can convert your existing applications into web applications. i About the Tutorial Web services are open standard (XML, SOAP, HTTP, etc.) based web applications that interact with other web applications for the purpose of exchanging data Web services can convert

More information

Fax via HTTP (POST) Traitel Telecommunications Pty Ltd 2012 Telephone: (61) (2) 9032 2700. Page 1

Fax via HTTP (POST) Traitel Telecommunications Pty Ltd 2012 Telephone: (61) (2) 9032 2700. Page 1 Fax via HTTP (POST) Page 1 Index: Introduction:...3 Usage:...3 Page 2 Introduction: TraiTel Telecommunications offers several delivery methods for its faxing service. This document will describe the HTTP/POST

More information

Yandex.Widgets Quick start

Yandex.Widgets Quick start 17.09.2013 .. Version 2 Document build date: 17.09.2013. This volume is a part of Yandex technical documentation. Yandex helpdesk site: http://help.yandex.ru 2008 2013 Yandex LLC. All rights reserved.

More information

Developing ASP.NET MVC 4 Web Applications MOC 20486

Developing ASP.NET MVC 4 Web Applications MOC 20486 Developing ASP.NET MVC 4 Web Applications MOC 20486 Course Outline Module 1: Exploring ASP.NET MVC 4 The goal of this module is to outline to the students the components of the Microsoft Web Technologies

More information

LICENSE4J AUTO LICENSE GENERATION AND ACTIVATION SERVER USER GUIDE

LICENSE4J AUTO LICENSE GENERATION AND ACTIVATION SERVER USER GUIDE LICENSE4J AUTO LICENSE GENERATION AND ACTIVATION SERVER USER GUIDE VERSION 1.6.0 LICENSE4J www.license4j.com Table of Contents Getting Started... 2 Server Roles... 4 Installation... 9 Server WAR Deployment...

More information

JMETER - MONITOR TEST PLAN

JMETER - MONITOR TEST PLAN http://www.tutorialspoint.com JMETER - MONITOR TEST PLAN Copyright tutorialspoint.com In this chapter, we will discuss how to create a Test Plan using JMeter to monitor webservers. The uses of monitor

More information

Seam Framework. Second Edition. Experience the Evolution of Java ЕЕ. Michael Juntao Yuan Jacob Orshalick Thomas Heute

Seam Framework. Second Edition. Experience the Evolution of Java ЕЕ. Michael Juntao Yuan Jacob Orshalick Thomas Heute Seam Framework Experience the Evolution of Java ЕЕ Second Edition Michael Juntao Yuan Jacob Orshalick Thomas Heute PRENTICE HALL Upper Saddle River, NJ Boston Indianapolis San Francisco New York Toronto

More information

PHP Form Handling. Prof. Jim Whitehead CMPS 183 Spring 2006 May 3, 2006

PHP Form Handling. Prof. Jim Whitehead CMPS 183 Spring 2006 May 3, 2006 PHP Form Handling Prof. Jim Whitehead CMPS 183 Spring 2006 May 3, 2006 Importance A web application receives input from the user via form input Handling form input is the cornerstone of a successful web

More information

HTML Forms and CONTROLS

HTML Forms and CONTROLS HTML Forms and CONTROLS Web forms also called Fill-out Forms, let a user return information to a web server for some action. The processing of incoming data is handled by a script or program written in

More information