COMP28112 Exercise 2: Wedding Planner Duration: 3 sessions



Similar documents
StreamServe Job Gateway

e-filing Secure Web Service User Manual

1 Introduction: Network Applications

Getting started with OWASP WebGoat 4.0 and SOAPUI.

Startup guide for Zimonitor

Tableau Server Trusted Authentication

User Guide for Patients

GravityLab Multimedia Inc. Windows Media Authentication Administration Guide

HTTP - METHODS. Same as GET, but transfers the status line and header section only.

Configuring Single Sign-on for WebVPN

Server-side Development using Python and SQL

Order Notifications - reporting a payment status

OAuth 2.0 Developers Guide. Ping Identity, Inc th Street, Suite 100, Denver, CO

Using Foundstone CookieDigger to Analyze Web Session Management

STABLE & SECURE BANK lab writeup. Page 1 of 21

Lecture 11 Web Application Security (part 1)

IP Phone Services Configuration

Computer Networking LAB 2 HTTP

AAI for Mobile Apps How mobile Apps can use SAML Authentication and Attributes. Lukas Hämmerle

Specify the location of an HTML control stored in the application repository. See Using the XPath search method, page 2.

Marcum LLP MFT Guide

Last update: February 23, 2004

Description of Microsoft Internet Information Services (IIS) 5.0 and

THE CHALLENGE OF ADMINISTERING WEBSITES OR APPLICATIONS THAT REQUIRE 24/7 ACCESSIBILITY

T320 E-business technologies: foundations and practice

Sample Usage of TAXII

HireDesk API V1.0 Developer s Guide

Job Reference Guide. SLAMD Distributed Load Generation Engine. Version 1.8.2

SSC - Web applications and development Introduction and Java Servlet (II)

How To Use Query Console

What is Web Security? Motivation

Saferpay Implementation Guide

Hosted VoIP Phone System. Admin Portal User Guide for. Call Center Administration

1. Change Log Introduction Flow summary Flow Overview Premium SMS flow Pin Flow Redirect Flow...

Pre-configured AS2 Host Quick-Start Guide

agileworkflow Manual 1. agileworkflow 2. The repository 1 of 29 Contents Definition

Tableau Server Trusted Authentication

BASELINE SECURITY TEST PLAN FOR EDUCATIONAL WEB AND MOBILE APPLICATIONS

IP Phone Service Administration and Subscription

GS1 Trade Sync Connectivity guide

SIP Messages. 180 Ringing The UA receiving the INVITE is trying to alert the user. This response MAY be used to initiate local ringback.

When choosing where to install and run the log analyzer, be aware that it requires access to the following log files:

A Java proxy for MS SQL Server Reporting Services

HP Project and Portfolio Management Center

How to Configure Active Directory based User Authentication

Pierce County IT Department GIS Division Xuejin Ruan Dan King

Web Application Report

Grandstream Networks, Inc.

Configuration Guide - OneDesk to SalesForce Connector

Web. Services. Web Technologies. Today. Web. Technologies. Internet WWW. Protocols TCP/IP HTTP. Apache. Next Time. Lecture # Apache.

Cloud Elements! Marketing Hub Provisioning and Usage Guide!

Manage Workflows. Workflows and Workflow Actions

Using BroadWorks Remote Office on Yealink IP Phone with BroadSoft UC One. September Document Version: V1.0

Service for checking whether an is operative or not. Validate ids in your databases.

Jobs Guide Identity Manager February 10, 2012

UP L18 Enhanced MDM and Updated Protection Hands-On Lab

Phone Manager Application Support JANUARY 2015 DOCUMENT RELEASE 4.2 APPLICATION SUPPORT

CS640: Introduction to Computer Networks. Applications FTP: The File Transfer Protocol

Sentinel EMS v7.1 Web Services Guide

BlueJ Teamwork Tutorial

How To Upgrade To Symantec Mail Security Appliance 7.5.5

1 Recommended Readings. 2 Resources Required. 3 Compiling and Running on Linux

Advanced Tornado TWENTYONE Advanced Tornado Accessing MySQL from Python LAB

WORKING WITH LOAD BALANCING AND QUEUEING FOR ADOBE INDESIGN CS5 SERVER

Secure Authentication and Session. State Management for Web Services

SQL Injection for newbie

7 Why Use Perl for CGI?

Architecture of Enterprise Applications III Single Sign-On

DaimlerChrysler EBMX HTTP/s Quick Start Guide

Create New MyWorkKeys Account Quick-Start Guide for the ACT National Career Readiness Certificate (ACT NCRC )

HOST EUROPE CLOUD STORAGE REST API DEVELOPER REFERENCE

SQL Injection Attack Lab Using Collabtive

Grandstream Networks, Inc. GXP2130/2140/2160 Auto-configuration Plug and Play

Virtual Contact Center

Table of Contents INTRODUCTION... 2 HOME PAGE Announcements... 7 Personalize & Change Password... 8 Reminders... 9 SERVICE CATALOG...

Business Intelligence Platform RESTful Web Service Developer Guide

Step-By-Step build Advanced InfoPath Form and SharePoint Designer Workflow

Fax User Guide 07/31/2014 USER GUIDE

UFTP AUTHENTICATION SERVICE

Scheduling Software User s Guide

Configuring CQ Security

HTTP. Internet Engineering. Fall Bahador Bakhshi CE & IT Department, Amirkabir University of Technology

How To Use The Rss Feeder On Firstclass (First Class) And First Class (Firstclass) For Free

Mitigation of Random Query String DoS via Gossip

DATA COMMUNICATOIN NETWORKING

The full setup includes the server itself, the server control panel, Firebird Database Server, and three sample applications with source code.

OPENID AUTHENTICATION SECURITY

Table of Contents. Open-Xchange Authentication & Session Handling. 1.Introduction...3

Load testing with. WAPT Cloud. Quick Start Guide

CSCI110 Exercise 4: Database - MySQL

The Laboratory Exchange Network configuration setting is located in OpenEMR's Administration->Globals menu option on the Connectors tab.

Replacements TECHNICAL REFERENCE. DTCCSOLUTIONS Dec Copyright 2009 Depository Trust Clearing Corporation. All Rights Reserved.

Melbourne School of Psychological Sciences. Experiment Management System. Research Experience Program Researcher Support Manual

Coveo Platform 7.0. Microsoft Active Directory Connector Guide

Copyright 2013 Consona Corporation. All rights reserved

Infor Cloud Printing Service Administration Guide

Office365Mon Developer API

Table of Contents 1. Contents...1

Configuring Web services

Transcription:

COMP28112 Exercise 2: Wedding Planner Duration: 3 sessions 1 Introduction You need to arrange, for the earliest time possible, a wedding. You are required to make two reservations a hotel to host and a band to play at the reception. The aim of this exercise is for you to experience the inherent difficulties in building distributed applications that need to cope with concurrency, message delays and failures. Enjoy! The hotel and the band both advertise slots 1 to 200 where slot 1 represents the earliest slot available while slot 200 represents the latest one. As you need the band to play at the reception, the reservation for the hotel and the band must match that is, if you reserve slot i for the hotel then you must also reserve slot i for the band. Note that the hotel and band restrict a user to hold at most two reservations at any one time. For these lab sessions, you will write a client, using HTTP and XML, that competes with other clients (your fellow classmates) to reserve the hotel and the band. The hotel and the band both provide a reservation service on the Web. They receive XML messages over HTTP and allow you to send in requests to reserve a slot, cancel a reservation, query to find available slots and query to find slots reserved by you. After your client has submitted a request your client needs, at some later time, to fetch the outcome of your request. You will need to contend with the service being unavailable to receive your messages, with the fact that both the hotel and the band may not process your messages in the order in which they are received and delays before messages are processed. When your client tries to retrieve the results from a request, the message may not be available so your client will need to try again later. The services have been configured to randomly make themselves unavailable to incoming requests and to introduce arbitrary delays in processing requests. However, once the server acknowledges the receipt of your message you may assume your message will not be lost. Finally, your client should not overwhelm the server with requests and should never send more than one request per second. 2 Session 1 2.1 Reserve a slot Write a simple client using the language of your choice (C, C++, C#, Java, Perl, Python, Ruby,...) to send a reservation request to the band (or the hotel). 1

To send a reservation request to the band you need to perform a http put operation with an XML message to the URL http://jewel.cs.man.ac.uk:3020/queue/enqueue If you wish to send your requests to the hotel then send your put request to http://jewel.cs.man.ac.uk:3010/queue/enqueue The put message must have the following headers: Content-Type => application/xml and Accept => application/xml. The XML message (body of the http put) must be of the form shown in Listing 1. You must ensure that the triple (request id, username, password) forms a unique identifier that is, each message can be uniquely identified by request id, username and password. You need a strategy to ensure all your requests are unique. Listing 1: Reservation request <r e s e r v e > <r e q u e s t i d >id </r e q u e s t i d > <s l o t i d >s l o t i d </ s l o t i d > </r e s e r v e > There are two possible responses from the server message received or the server is unavailable to receive your message. When the message is successfully received you will receive a 200 response code (for a list of defined http response codes see http://www.w3.org/protocols/rfc2616/rfc2616-sec10.html). The body of the response will contain an URI that you will use later to fetch the outcome from your request see Listing 2). If the service is unavailable to process your put request then you will receive, in the response header, a 503 response code. Listing 2: Message received <msg uri>http : / / j e w e l. cs. man. ac. uk :3010/ queue /msg/987</ msg uri> Use a web browser and point to http://jewel.cs.man.ac.uk:3010/queue/list and you should see your message and its current state pending or processed. Your next task is to find out if your reservation request was successful. All you need to do is simply send a http get to the message s URI with your username password (you just used) appended to the end of the string e.g. from 2, the URI is: http://jewel.cs.man.ac.uk:3010/queue/msg/987?username=name&password=pwd You can also use this URI in any web browser to view your message. The possible responses when you retrieve your message are: successfully retrieved your message http response code 200; 2

failed as your request has not been processed http response code 404; failed as the service is unavailable http response code 503; failed as you supplied an invalid username/password http response code 401. If you are successful in retrieving your message then the body of the response will tell you the outcome of your request and possible outcomes are: the slot you requested has been reserved for you see Listing 3 and note how we reuse the http response code to communicate the result of your request; the reservation failed as it is not free see Listing 4; the reservation failed as you already hold the maximum permitted number of reservations see Listing 5; the reservation failed as you supplied an invalid username password see Listing 6; the reservation failed as the slot you requested does not exist see Listing 7; the request is invalid see Listing 8 Open the URL http://jewel.cs.man.ac.uk:3010/booking using your web browser to see your reservations. Listing 3: Successful Reservation <code >200</code> <body><r e s e r v e >Reserved s l o t 1</ r e s e r v e > Listing 4: Slot is not free <code >409</code> <body>s l o t 1 i s not f r e e. Listing 5: Maximum permitted number of reservations <code >409</code> <body> Reservation f a i l e d, you already hold the maximum permitted number o f r e s e r v a t i o n s 2 3

Listing 6: Invalid username password <code >401</code> <body>reservation f a i l e d due to an i n v a l i d username password Listing 7: Slot does not exist <code >403</code> <body>s l o t 450 does not e x i s t Listing 8: Invalid request <code >510</code> <body>i n v a l i d Request 2.2 Cancel a reservation Extend your client to request the cancellation of a reservation. This time, the body of the message should take the form shown in Listing 9 Listing 9: HTTP body for cancellation a reservation <cancel > <r e q u e s t i d >r e q u e s t i d </r e q u e s t i d > <s l o t i d >s l o t i d </ s l o t i d > </cancel > You will receive exactly the same set of responses as before. However, the result of processing your request is a little different to before. The possible responses are: The reservation has been cancelled code 200; The cancellation failed as the slot was not reserved by you code: 409; The cancellation failed as the username password was invalid code: 401. 2.3 Finding free slots Extend your client to find free slots. This time, the XML document you need to send is of the form shown in Listing 10 while the response will look like the XML shown in Listing 11. You can also point your web browser to http://jewel.cs.man.ac.uk:3020/booking/available to see the list of free slots. 4

Listing 10: Query availability <a v a i l a b i l i t y > <r e q u e s t i d >r e q u e s t i d </r e q u e s t i d > </ a v a i l a b i l i t y > <code >200</code> <body> <a v a i l a b i l i t y > <s l o t i d >4</ s l o t i d > <s l o t i d >12</ s l o t i d >... <s l o t i d >15</ s l o t i d > </ a v a i l a b i l i t y > Listing 11: Query Availability 2.4 Slots reserved by you You can also send a request to find all the slots that are reserved by you. The XML is of the form shown in Listing 12. Listing 12: Query Reservations <bookings > <r e q u e s t i d >r e q u e s t i d </r e q u e s t i d > </bookings > The response is of the form shown in Listing 13. <code >200</code> <body> <bookings > <s l o t i d >1</ s l o t i d > <s l o t i d >5</ s l o t i d > </bookings > Listing 13: Bookings 5

2.5 Skeleton Java Client If you decide to write your client in Java then you can write it by extending the skeleton Java code located in $COMP28112/ex2/java-client/. The file README.txt provides information regarding configuration. Documentation to the Java skeleton is also provided via doc/index.html in that directory. The code provides two sample clients: ClientReserve: client prepares a reservation request, sends the request using http put and then displays the result of the request; ClientGetMsg: client uses http get to retrieve and display a message that is identified by its URI. You will need to write the missing code in XMLRequest.java and develop your client. You should start on Session 2 as soon as you have submitted Session 1. 3 Sessions 2 & 3 Reserving identical slots (as early as possible) for the hotel and the band Now the fun and games start. You now need to design and implement a strategy to reserve the same numbered slot for both the hotel and the band that is, if you reserve slot 10 for the band then you also need to reserve slot 10 for the hotel. Remember, you are permitted to have at most two reservations for the hotel and two reservations for the band. This strategy should try to reserve the earliest available matching slots. Note, we will sometimes block slots from reservations and then release them during the labs. N.B. It is quite easy, by having a number of clients fire requests at the server as quickly as they can, for this to turn into a denial of service attack! It is strongly recommended that client code which loops round interrogating the server should include a deliberate delay (of say one second) to reduce the danger of this. Code which ignores this advice will be penalised in the assessment. 6

4 Assessment Session 1 tasks Working client that checks for free slots 1 Working client that reserves a slot 1 Working client that cancels a slot 1 Working client that retrieves bookings 1 A simple strategy to generate unique identifiers for requests 1 Sessions 2 & 3 task Successfully reserve an early common slot for hotel and band 10 To get full marks for Sessions 2 & 3 you need: (i) to have a strategy for booking matching slots that relies on availability, does not give up when a booking request fails, and will cancel unmatched bookings (4 marks). (ii) Furthermore, your strategy should find the earliest matching slot, not any matching slot; you need to make sure that you cancel bookings after obtaining better ones, but will always maintain at least one booking; also, your code should not give up if no matching slots are available (4 marks). (iii) Finally, there must be a delay of at least 1 second when the code retries a request and you should have a strategy to ask for availability again if you can t improve a matching slot booking: remember, the availability data for the band and the hotel is out-of-date as soon as it is received! (1+1 mark). In the above, to get full marks you should always assume that slot availability changes frequently and messages may be delayed or lost! Remember that you are not allowed to give to anybody your username and password (even more you should not put it online). If you ignore this or the 1-second-delay rule may lead to a deduction of marks. You need to submit your solution to session 1. To do this, copy all your code into a single file called part1 in your ex2 directory. To submit your code after sessions 2 and 3, please copy all your code from sessions 2 and 3 into the file ex22/part2. Note: markers wil insist that the creation times of the two files are later than the last modification times on any of the components! Of course, you always need to submit your exercise before the respective deadlines! 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information