Web Applications. Software Engineering 2017 Alessio Gambi - Saarland University

Similar documents
Patterns of Software Architecture

Developing Applications with Java EE 6 on WebLogic Server 12c

MASTERS COURSE IN FULL STACK WEB APPLICATION DEVELOPMENT W W W. W E B S T A C K A C A D E M Y. C O M

STARCOUNTER. Technical Overview

Chapter 10 Web-based Information Systems

DATABASE SYSTEMS. Database programming in a web environment. Database System Course, 2016

Distributed Applications

Standard 1 The student will author web pages using the HyperText Markup Language (HTML)

Architectural Styles II

CNIT 129S: Securing Web Applications. Ch 3: Web Application Technologies

PHP WITH ANGULAR CURRICULUM. What you will Be Able to Achieve During This Course

UI Course HTML: (Html, CSS, JavaScript, JQuery, Bootstrap, AngularJS) Introduction. The World Wide Web (WWW) and history of HTML

DATABASE SYSTEMS. Database programming in a web environment. Database System Course,

DevShala Technologies A-51, Sector 64 Noida, Uttar Pradesh PIN Contact us

WEB SECURITY WORKSHOP TEXSAW Presented by Solomon Boyd and Jiayang Wang

Modern and Responsive Mobile-enabled Web Applications

Full Stack Web Developer

All India Council For Research & Training

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved.

1Z Oracle. Java Enterprise Edition 5 Enterprise Architect Certified Master

DATABASE SYSTEMS. Introduction to web programming. Database Systems Course, 2016

04 Webservices. Web APIs REST Coulouris. Roy Fielding, Aphrodite, chp.9. Chp 5/6

CLIENT SERVER ARCHITECTURE:

CORE PHP CURRICULUM. Introductory Session Web Architecture Overview of PHP Platform Origins of PHP in the open source community

CNIT 129S: Securing Web Applications. Ch 10: Attacking Back-End Components

ReST 2000 Roy Fielding W3C

PHP & My SQL Duration-4-6 Months

Fundamentals of Web Development. Web Development. Fundamentals of. Global edition. Global edition. Randy Connolly Ricardo Hoar

Brocade Virtual Traffic Manager and Parallels Remote Application Server

Web basics: HTTP cookies

welcome to BOILERCAMP HOW TO WEB DEV

SUN Sun Certified Enterprise Architect for J2EE 5. Download Full Version :

Tooling for Ajax-Based Development. Craig R. McClanahan Senior Staff Engineer Sun Microsystems, Inc.

How is state managed in HTTP sessions. Web basics: HTTP cookies. Hidden fields (2) The principle. Disadvantage of this approach

Review. Fundamentals of Website Development. Web Extensions Server side & Where is your JOB? The Department of Computer Science 11/30/2015

Pro ASP.NET MVC 2 Framework

To Kill a Monolith: Slaying the Demons of a Monolith with Node.js Microservices on CloudFoundry. Tony Erwin,

SOFTWARE DEVELOPMENT SERVICES WEB APPLICATION PORTAL (WAP) TRAINING. Intuit 2007

Developing ASP.NET MVC Web Applications (486)

Full Stack boot camp

Solutions Business Manager Web Application Security Assessment

Helpline No WhatsApp No.:

Oracle - Developing Applications for the Java EE 7 Platform Ed 1 (Training On Demand)

Index. Note: Boldface numbers indicate code and illustrations; an italic t indicates a table.

Web Software Model CS 4640 Programming Languages for Web Applications

ANGULAR 2.X,4.X + TYPESRCIPT by Sindhu

AIM. 10 September

PHP / MYSQL DURATION: 2 MONTHS

Web basics: HTTP cookies

Hi! NET Developer Group Braunschweig!

A Closer Look at XPages in IBM Lotus Domino Designer 8.5 Ray Chan Advisory I/T Specialist Lotus, IBM Software Group

Advanced Joomla! Dan Rahmel. Apress*

Roadmap. Mike Chtchelkonogov Founder & Chief Technology Officer Acumatica

Executive Summary. Performance Report for: The web should be fast. How does this affect me?

The course also includes an overview of some of the most popular frameworks that you will most likely encounter in your real work environments.

Design Patterns for Large- Scale Data Management. Robert Hodges OSCON 2013

Course Curriculum Accord info Matrix Pvt.Ltd Page 1 of 7

Full Stack Web Developer

Development of Web Applications

An Introduction to JavaScript & Bootstrap Basic concept used in responsive website development Form Validation Creating templates

CS WEB TECHNOLOGY

Improve and Expand JavaServer Faces Technology with JBoss Seam

Index LICENSED PRODUCT NOT FOR RESALE

WWW Architecture I. Software Architecture VO/KU ( / ) Roman Kern. KTI, TU Graz

An Overview of. Eric Bollens ebollens AT ucla.edu Mobile Web Framework Architect UCLA Office of Information Technology

Managing State. Chapter 13

<Insert Picture Here>

Excerpts of Web Application Security focusing on Data Validation. adapted for F.I.S.T. 2004, Frankfurt

Varargs Training & Software Development Centre Private Limited, Module: HTML5, CSS3 & JavaScript

MySQL Cluster Web Scalability, % Availability. Andrew

<Insert Picture Here> MySQL Cluster What are we working on

Notes. Submit homework on Blackboard The first homework deadline is the end of Sunday, Feb 11 th. Final slides have 'Spring 2018' in chapter title

Web application Architecture

Building a Scalable Architecture for Web Apps - Part I (Lessons Directi)

Overview

Software Paradigms (Lesson 10) Selected Topics in Software Architecture

Information Security CS 526 Topic 8

Computer Networks. Wenzhong Li. Nanjing University

Lecture Overview. IN5290 Ethical Hacking. Lecture 4: Web hacking 1, Client side bypass, Tampering data, Brute-forcing

Interactive XML Visualization - using XSLT 2.0 on the Browser. Phil Fearon - Saxonica

More on Testing and Large Scale Web Apps

RESTful Services. Distributed Enabling Platform

Sharedien. Everything you need to know. Simply find it. sharedien.com. sharedien.com

Java EE 6: Develop Web Applications with JSF

Java SE7 Fundamentals

Website Designing Training

JavaScript CS 4640 Programming Languages for Web Applications

Planning and Designing Your Site p. 109 Design Concepts p. 116 Summary p. 118 Defining Your Site p. 119 The Files Panel p. 119 Accessing Your Remote

SCALABLE WEB PROGRAMMING. CS193S - Jan Jannink - 2/02/10

Vision of J2EE. Why J2EE? Need for. J2EE Suite. J2EE Based Distributed Application Architecture Overview. Umair Javed 1

Setting Up a Development Server What Is a WAMP, MAMP, or LAMP? Installing a WAMP on Windows Testing the InstallationAlternative WAMPs Installing a

Real World Web Scalability. Ask Bjørn Hansen Develooper LLC

JavaScript CS 4640 Programming Languages for Web Applications

1 Dulcian, Inc., 2001 All rights reserved. Oracle9i Data Warehouse Review. Agenda

Oracle Developer Day

foreword to the first edition preface xxi acknowledgments xxiii about this book xxv about the cover illustration

Web System and Technologies (Objective + Subjective)

Database Applications

Web development using PHP & MySQL with HTML5, CSS, JavaScript

XML: Extensible Markup Language

Transcription:

Web Applications Software Engineering 2017 Alessio Gambi - Saarland University Based on the work of Cesare Pautasso, Christoph Dorn, Andrea Arcuri, and others

ReCap

Software Architecture A software system s architecture is the set of principal design decisions made about the system. N. Taylor et al. Abstraction Communication Visualization and Representation Quality Attributes

What designers want Every system a software architecture has

Design Architectural Styles Architectural Patterns Building Blocks - Software Components - Component API/Interfaces - Software Connectors

Send a HTTP request, and get back a HTML page which will be visualized in the Send HTTP request, and get HTTP response containing the HTML page Browser visualizes it

Client/Server Many clients, active, close to users One server, passive, close to data Single point of failure, scalability Security, scalability

HTTP The Hypertext Transfer Protocol

HTTP The Hypertext Transfer Protocol Connector or Component?

HTTP The Hypertext Transfer Protocol Connector or Component? Synch or Asynch?

HTTP The Hypertext Transfer Protocol Connector or Component? Synch or Asynch? Stateful or stateless?

HTTP Request Action: verb, express the intent Headers: meta-data Body: optional, can be anything, a stream of bytes, form data, session information, etc.

HTTP Actions Have precise semantic, and a web application might not implement all of them GET retrieve a resource POST send data and/or create a resource PUT replace an existing resource DELETE delete a resource HEAD retrieve HEADers but not body OPTIONS check the methods available on the resource Web applications must to implement the semantic right

HTTP Response Headers and status Status codes, organized in families: 1xx: information 2xx: success 3xx: redirection 4xx: user error 5xx: server error Delivers a resource: a page HTML, a CSS file for the style, images, JS libraries, etc.

HTTP Body Transfer the main part of the data, but not the only way to send data query params, custom headers Required in POST and PUT requests Required in responses to GET requests HEAD must not provide one

HTML The Hypertext Markup Language

Resources One request per resources, multiple requests in parallel All requests must complete before a page is fully displayed

Static vs Dynamic Pages Static: Files are served as they are (index.html) content does not change

Static vs Dynamic Pages Static: Files are served as they are (index.html) content does not change Dynamic: The HTML (or part of it) is generated upon request based on data

State-Logic-Display cluster elements that change at the same rate

Server-Side HTML Rendering The HTML page is created on the server and sent back to the client Overhead in processing each request if the page is created from scratch Same content for different displays Desktop vs Tablet vs Mobile

Presenter-View extract the content from the model to be presented from the rendering into screens/web pages

Server-Side HTML Rendering Based on HTML templates that mix together HTML tags, data, and code http://www.embeddedjs.com/getting_started.html

Server-Side HTML Rendering Based on HTML templates that mix together HTML tags, data, and code Different technologies: PHP scripts index.php JavaServer Faces (JSF) index.xhtml Embedded Ruby (ERB) index.html.erb

Server-Side HTML Rendering Based on HTML templates that mix together HTML tags, data, and code Different technologies: PHP scripts index.php JavaServer Faces (JSF) index.xhtml Embedded Ruby (ERB) index.html.erb Templates do not necessarily target the entire page and they might not be stored in files

Components

Content Management Systems (CMS)

Design

3-Tier Architecture Presentation Web Browser Business logic Data source Front End App Server Back End

Layered (Style) Communications 1 layer up/down Information hiding, no circular deps Possibly bad performance Good evolvability

What run where? thin-client fat-client

3-Tier Architecture Presentation Web Browser Business logic Data source Front End App Server Back End

Data Layer Back End Persistence Storage

A Mapping Problem Domain model Data storage

Domain Model Represent concepts in the domain and their relations, not as rows in a database Network of interconnected concepts Abstract Data Type data and the behavior

Storage model How to store data? Key-Value Model list of keys and values (hashtable style) Relational Model traditional SQL model Document-oriented Model schema-less documents Graph-oriented Model data is stored as an interconnected graph

Key-Value Implement a map Values have no schema

Relational Set-theory Collection of tables with rows and columns

Document-oriented Data stored in document but not relations Extends Key-Value

Graph-oriented Data stored as network graph Relations first-class citizens

Polyglot Persistence Multiple ways to store data Financial Data Relational Reporting Product Catalog Document KeyValue User Sessions Recomme ndation Graph Shopping Cart

3-Tier Architecture Presentation Web Browser Business logic Data source Front End App Server Back End

Application Layer App Server Data access, navigation, and persistence Data processing (Business logic)

Plugin Explicit extension points Static/Dynamic composition Low security (3rd party code) Extensibility and customizability

A Different Problem (?) Programming Language Storage Architecture

Data Access API REST API REST API Object-based storage (e.g. S3) Relational Database (e.g. MySQL) Add an abstraction layer that the represent the database in the application Service API Documentbased Database Tool-specific API Relational Database Wrap the communication with the data store and expose it as domain model

Data Source Patterns Row Data Gateway One instance per row returned by a query Table Data Gateway One instance per table Active Record Encapsulates DB access and adds business logic to data Data Mapper loads DB into Domain Model, and vice-versa

Row and Table Gateways Based on table structure Conversion of object type to database format Typically stateless Push back and forth data

Active Record Row Data Gateway + Business Logic Product productid productname static get(int id) insert update delete Data Store calculaterecognitions() Methods for: - Create instances from SLQ results - Insert new instances in the data store - Update data store based on instances data - Find relevant instances

Data Mapper Product productid productname calculaterecognitions() ProductMapper get(int id) insert update delete Data Store Decouple objects structure from database structure There may be more than one mapper per domain object

Navigate (Relational) Data Traverse object graph Join over foreign keys

Lazy Loading

Lazy Loading Interrupt the load at some point and resume it later only if needed

Lazy Loading Patterns Lazy Initialization Checks if field is null at every access Value Holder Wraps lazy-loaded objects Virtual Proxy Mocks field access and loads values on the demand Ghost Real object but partially loaded, missing data loaded on first access

3-Tier Architecture Presentation Web Browser Business logic Data source Front End App Server Back End

Front End Front End Generate the HTML based on request and data from the backend Can handle client side interactions both inside the server and the client s browser Security, input validation, responsiveness, etc.

Web Frameworks

Plugin Explicit extension points Static/Dynamic composition Low security (3rd party code) Extensibility and customizability

Client Side

JavaScript a programming language executed in the browser nothing to do with java JS files/libraries referenced by the web page like any other resource Can be inlined Dynamically manipulates the page Document Object Model (DOM) to alter page s content, structure, and behavior

AJAX Asynchronous JavaScript and XML

JS not so (well designed) easy

JS Frameworks

Case Study

Main Scenarios A user requests an article during normal operation and gets the rendered article HTML page. An editor saves an edited article during normal operation and the article is saved.

UI Page Submit Logic Static Resources ArticleView Skinning Localization ArticleEdit Parser Writes Reads Backend

Qualities Basic implementation - Limited scalability - Single point of failure - Limited Security

Performance Tactics Control Resource Demand - Increase the resource efficiency (caching) - Reduce overhead (pre-generate HTML from PHP) Manage Resources - Schedule resources (load balancer) https://www.digitalocean.com/community/tutorials/5-common-server-setups-for-your-web-application

Load Balancing deploy many replicated instances of the server on multiple machines

Caching + Load Balancing FrontEnd (Apache)

Caching + Load Balancing Squid (Caching) Apache

Caching + Load Balancing Squid (Caching) Apache

Caching + Load Balancing LoadBalancer (Squid) Squid LoadBalancer Apache

Caching + Load Balancing LoadBalancer (Squid) Squid LoadBalancer Apache Squid Apache LoadBalancer Squid LoadBalancer Apache Squid Apache

UI Page Submit Logic Static Resources ArticleView Skinning Localization ArticleEdit Parser Writes Reads Backend

UI Page Cache Cache Submit Logic Loader ArticleView Skinning Localization Static Resources Cache Cache ArticleEdit Parser Writes Reads Backend

Performance Tactics Control Resource Demand - Prioritize events (deferred article updates) Manage Resources - Introduce concurrency (distributed database) - Schedule resources (load balancer) - Multiple copies of data and computations https://www.digitalocean.com/community/tutorials/5-common-server-setups-for-your-web-application

Master/Slave split a large job into smaller independent partitions which can be processed in parallel

Distribution + Replication Database More reads than writes Near-live updates (no strict consistency requirements)

Distribution + Replication Load Balancer Writes Reads DB Master DB Slave More reads than writes Near-live updates (no strict consistency requirements)

Distribution + Replication Data Sharding Clear data separation (Article Name: A-B, C-D, etc..)

Distribution + Replication Load Balancer Writes Reads DB Master DB Slave

Distribution + Replication Load Balancer (Master) Partition Logic (Sharding, Relication Writes Reads DB Master (Shard) DB Slave

Visualization

UI Page Cache Cache Submit Logic Loader ArticleView Skinning Localization Static Resources Cache Cache ArticleEdit Parser Writes Reads Backend

UI Page Cached Submit Logic Loader Static Resources HTML File Cache ArticleView Skinning Localization Cached ArticleEdit Parser Cache Job Queue Job Runner Writes Parser Reads Writes Backend Precompile/Recompile Regenerate/Invalidate

Security/Availability Tactics Prevent Attacks Challenge Tokens (CSRF) Validation (User) and Sanitization (SQL Injection, XSS) Resist Attacks Maintain multiple copies of computations Maintain multiple copies of data Recover from Attacks DB Versioning (Recovery from data loss)

UI Page Cache Cache Submit Logic Loader ArticleView Skinning Localization Static Resources Cache Cache ArticleEdit Parser Writes Reads Backend

UI Page Cache Cache Submit Logic Loader ArticleView Skinning Localization Sanitizer Pipeline Static Resources Cache Cache ArticleEdit Parser Reads Writes User Access Backend

UI Page Submit Logic Loader Cache ArticleView Cache Skinning Localization Sanitizer Static Resources Cache Cache ArticleEdit Parser Writes Reads Backend

Additional Qualities

Extensibility UI Page Submit Logic Loader Cache ArticleView Cache Skinning Localization Sanitizer Static Resources Cache Cache ArticleEdit Parser Writes Reads Backend

Extensibility UI Page Cache Cache Submit Logic Loader ArticleView Skinning Localization Sanitizer Static Resources Cache Notify Cache Notify ArticleEdit Notify Parser Writes Notify Reads Notify Backend Hook Engine Register Callback External Module

Configurability/Customizability UI Page Cache Cache Submit Logic Loader ArticleView Skinning Localization Sanitizer Static Resources Cache Cache ArticleEdit Parser Writes Reads

Configurability/Customizability UI Page Cache Cache Submit Logic Global Variables and Configurations Sanitizer Loader Static Resources ArticleView Cache Skinning Localization Cache ArticleEdit Parser Writes Reads

Process View

Read Article A user requests an article during normal operation and gets the rendered article HTML page.

Read Article Article Exists GET Article N Y Get Article from DB HTML Cache Y Missing Page N Parse Content LoadBalancer Select DB Render Content Y Parser Cache

Write/Edit Article An editor saves an edited article during normal operation and the article is saved.

Write/Edit Article Error Page Y Write Conflict Submit Logic Update Job User Authorized Y Create Edit Form Article Edit Render Content LoadBalancer Select DB

Summary Work incrementally Use different architectural views Start the design from the domain model and go up in the layers Use frameworks whenever possible Each design decision has a rationale (hoisting)

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback