18 research outputs found

    Usage of JSF framework and EJB technology in the creation of corporate applications

    Get PDF
    In the following article we describe the architecture of an online store project, which is an application utilising Java Enterprise Edition. Our project is based on a customer expectations model. The choice of technology has been due to its easy expandability by additional modules as well as its functionality which does not require reorganising the existing code

    Web Based Candidate Assessment System

    Get PDF
    Devplex Technologies Limited is a privately owned company based in Galway Ireland. They have been operating for over two years and currently undertake contract projects for the travel and financial industries. The projects are varied and a wide range of skills are necessary. Devplex Technologies are currently undergoing expansion and intend to hire a number of new employees with varying levels of experience. Devplex Technologies also employ a high number of contractors, with varying skills and contract periods range from one month to twenty four months. The current technical leaders are all very busy with project work. The human resource manager actively advertises positions on both the internet and local newspapers which results in a large number of responses. It is difficult to sort through all the applicants as a high level of technical knowledge is required to vet them. When the human resource (HR) manager selects a number of potential candidates from the vetted curriculum vitas, phone interviews are conducted. The HR manger pools questions which have been submitted from employees who have experience in the relevant technologies. The HR manager has to decide if the candidate\u27s answers are satisfactory for the questions. The most successful candidates are then requested to attend a formal interview. Once a candidate presents for interview they are requested to take a short 10 minute written exam where they are asked to answer five questions relevant to the position they are applying for. Regardless of the outcome of the exam the candidate then proceeds to a formal interview where two or more employees from Devplex Technology interview the candidate and take note of their findings. Once the candidate has left the interview, the HR manager and interviewers meet to discuss the exam and interview and decide if the candidate should be brought for a second interview. If the candidate\u27s second interview is successful the candidate is hired. Devplex Technology interviews a high number of unsuccessful candidates resulting in wasted time and effort. Sometimes employees who are not technically strong enough can be erroneously hired. Devplex Technology wishes to reduce this workload and hire more suitable people by implementing an enterprise based candidate assessment system. The system should allow the remote assessment of potential candidates. It should also allow the HR manager to easily retrieve questions and answers on a selected topic. The system should test the candidates only on subjects which apply to the role they are hired for, the questions should progressively get harder as the candidate gets more questions correct, this will allow for a truly strong candidate achieve the highest score. The overall aim of the system is to reduce workload and help find the best possible candidate for Devplex Technologies

    Intranet of the future: functional study, comparison of products and practical implementation

    Get PDF
    Future intranet: functional study, comparison of products and practical implementation 1. Introduction The project has fulfilled three goals: 1) To perform a study of the functionalities which have to be covered in a modern intranet (web 2.0, unified communication, collaboration, etc) 2) To perform a comparison of tools of the market which can be used to implement intranets (commercial and open source products) 3) To test three of these tools (Oracle WebCenter, Liferay Portal and Microsoft SharePoint) and develop a prototype with Oracle WebCenter. In addition, it includes a research about the evolution of the Intranets among the time, as well as a work to discover the current state of this kind of platforms over the entire world. In this introductory research it is also convenient to include other topics which are not strictly technical involving the use of this Intranet. To be more concrete, there is an analysis of the importance of the human role and management of the Intranet, the process of deploying a new Intranet in an organization and methods to evaluate the performance of this new system.   2. Functional study The approach taken to fulfil this goal is to develop a theoretical model describing the relationship between the Intranet and its users, and a complete set of functionalities which could be covered in the Intranet of the future. These functionalities are categorized in groups. The project describes these groups and the functionalities included on them. 3. Comparison of products The project will describe and compare several technologies which can be used to develop an Intranet that we have previously modelled. The purpose here is to discover the strong points and weaknesses of each technology if it was used to develop the Intranet we desire. After having done such a review, the project focuses on three technologies and performs an extensive evaluation of them. Finally, an extensive comparison between these three technologies is done, highlighting where they offer better solutions and performance compared to the other possibilities. 4. Practical implementation The project focuses on three technologies: Oracle WebCenter, Liferay Portal and Microsoft SharePoint. Then, a prototype which covers a set of functionalities of the modelled Intranet has been built with Oracle WebCenter

    Intranet of the future: functional study, comparison of products and practical implementation

    Get PDF
    Future intranet: functional study, comparison of products and practical implementation 1. Introduction The project has fulfilled three goals: 1) To perform a study of the functionalities which have to be covered in a modern intranet (web 2.0, unified communication, collaboration, etc) 2) To perform a comparison of tools of the market which can be used to implement intranets (commercial and open source products) 3) To test three of these tools (Oracle WebCenter, Liferay Portal and Microsoft SharePoint) and develop a prototype with Oracle WebCenter. In addition, it includes a research about the evolution of the Intranets among the time, as well as a work to discover the current state of this kind of platforms over the entire world. In this introductory research it is also convenient to include other topics which are not strictly technical involving the use of this Intranet. To be more concrete, there is an analysis of the importance of the human role and management of the Intranet, the process of deploying a new Intranet in an organization and methods to evaluate the performance of this new system.   2. Functional study The approach taken to fulfil this goal is to develop a theoretical model describing the relationship between the Intranet and its users, and a complete set of functionalities which could be covered in the Intranet of the future. These functionalities are categorized in groups. The project describes these groups and the functionalities included on them. 3. Comparison of products The project will describe and compare several technologies which can be used to develop an Intranet that we have previously modelled. The purpose here is to discover the strong points and weaknesses of each technology if it was used to develop the Intranet we desire. After having done such a review, the project focuses on three technologies and performs an extensive evaluation of them. Finally, an extensive comparison between these three technologies is done, highlighting where they offer better solutions and performance compared to the other possibilities. 4. Practical implementation The project focuses on three technologies: Oracle WebCenter, Liferay Portal and Microsoft SharePoint. Then, a prototype which covers a set of functionalities of the modelled Intranet has been built with Oracle WebCenter

    A communication module for capturing events in order to monitor a service-based automated production line

    Get PDF
    The efficiency, reliability and on time maintenance of a manufacturing process largely relies on a highly efficient and rapidly responsive monitoring system. The increasing demand of uninterrupted continuation of a production process emphasizes the need of anefficient real time monitoring mechanism of the process. The rapid advancements of modern technology especially in the communication field have largely affected every field of daily life as well as the industrial sector. The rise of wireless communication technology has made it possible to develop wireless sensors for industrial monitoring applications and revolutionize the monitoring techniques to a greater extent. The work researches a web based monitoring approach for real time monitoring of service-oriented production assembly with 3D visualization. The implementation deals with the design and implementation of a communication framework for receiving, processing and publishing events information of a service oriented assembly line. The processed information is then linked and simulated with a 3D replica of the actual process over the web in real time. The work demonstrates the usefulness of versatile features of 3D visualization in industrial monitoring applications. The online accessibility of the monitoring application enables all concerned individuals to access and monitor the manufacturing process in real time from any remote location. The developed web application can also be simulated for a given set of historical data. Currently, the research work focuses on capturing and simulating only two types of shop floor messages (Pallet activity notification message and Robot activity equipment change state message), but can be enhanced to include more features of the robotic assembly line in future

    GUISET: A CONCEPTUAL DESIGN OF A GRID-ENABLED PORTAL FOR E-COMMERCE ON-DEMAND SERVICES

    Get PDF
    Conventional grid-enabled portal designs have been largely influenced by the usual functional requirements such as security requirements, grid resource requirements and job management requirements. However, the pay-as-you-use service provisioning model of utility computing platforms mean that additional requirements must be considered in order to realize effective grid-enabled portals design for such platforms. This work investigates those relevant additional requirements that must be considered for the design of grid-enabled portals for utility computing contexts. Based on a thorough review of literature, we identified a number of those relevant additional requirements, and developed a grid-enabled portal prototype for the Grid-based Utility Infrastructure for SMME-enabling Technology (GUISET) initiative – a utility computing platform. The GUISET portal was designed to cater for both the traditional grid requirements and some of the relevant additional requirements for utility computing contexts. The result of the evaluation of the GUISET portal prototype using a set of benchmark requirements (standards) revealed that it fulfilled the minimum requirements to be suitable for the utility context

    Knowledge analytics

    Get PDF
    Dissertação de mestrado em Engenharia InformáticaThis document consists in a thesis report for a master work on the area of Knowledge Analytics. This thesis is the main component of the second year of the masters degree in Informatics Engineering at University of Minho and it was developed in collaboration with Maisis - Information Systems, from Aveiro, Portugal. The main goal of this thesis was to study the knowledge management plataform Oobian, property of Maisis and to develop and integrate software modules to extract, analyse, compute and disseminate information present in a knowledge database.Este documento consiste num relatório de tese na área de Análise de Conhecimento. A tese é o componente principal do segundo ano do Mestrado em Engenharia Informática da Universidade do Minho. O trabalho de tese foi desenvolvido em colaboração com a Maisis - Information Systems, sediada em Aveiro, Portugal. O principal objetivo deste trabalho de tese foi fazer um estudo sobre a plataforma de gestão de conhecimento Oobian, propriedade da Maisis, desenvolver e integrar módulos de software de modo a permitir a extração, análise, processamento e disseminação de informação presente na base de conhecimento

    Refactoring of Security Antipatterns in Distributed Java Components

    Get PDF
    The importance of JAVA as a programming and execution environment has grown steadily over the past decade. Furthermore, the IT industry has adapted JAVA as a major building block for the creation of new middleware as well as a technology facilitating the migration of existing applications towards web-driven environments. Parallel in time, the role of security in distributed environments has gained attention, as a large amount of middleware applications has replaced enterprise-level mainframe systems. The protection of confidentiality, integrity and availability are therefore critical for the market success of a product. The vulnerability level of every product is determined by the weakest embedded component, and selling vulnerable products can cause enormous economic damage to software vendors. An important goal of this work is to create the awareness that the usage of a programming language, which is designed as being secure, is not sufficient to create secure and trustworthy distributed applications. Moreover, the incorporation of the threat model of the programming language improves the risk analysis by allowing a better definition of the attack surface of the application. The evolution of a programming language leads towards common patterns for solutions for recurring quality aspects. Suboptimal solutions, also known as ´antipatterns´, are typical causes for quality weaknesses such as security vulnerabilities. Moreover, the exposure to a specific environment is an important parameter for threat analysis, as code considered secure in a specific scenario can cause unexpected risks when switching the environment. Antipatterns are a well-established means on the abstractional level of system modeling to inform about the effects of incomplete solutions, which are also important in the later stages of the software development process. Especially on the implementation level, we see a deficit of helpful examples, that would give programmers a better and holistic understanding. In our basic assumption, we link the missing experience of programmers regarding the security properties of patterns within their code to the creation of software vulnerabilities. Traditional software development models focus on security properties only on the meta layer. To transfer these efficiently to the practical level, we provide a three-stage approach: First, we focus on typical security problems within JAVA applications, and develop a standardized catalogue of ´antipatterns´ with examples from standard software products. Detecting and avoiding these antipatterns positively influences software quality. We therefore focus, as second element of our methodology, on possible enhancements to common models for the software development process. These help to control and identify the occurrence of antipatterns during development activities, i. e. during the coding phase and during the phase of component assembly, integrating one´s own and third party code. Within the third part, and emphasizing the practical focus of this research, we implement prototypical tools for support of the software development phase. The practical findings of this research helped to enhance the security of the standard JAVA platforms and JEE frameworks. We verified the relevance of our methods and tools by applying these to standard software products leading to a measurable reduction of vulnerabilities and an information exchange with middleware vendors (Sun Microsystems, JBoss) targeting runtime security. Our goal is to enable software architects and software developers developing end-user applications to apply our findings with embedded standard components on their environments. From a high-level perspective, software architects profit from this work through the projection of the quality-of-service goals to protection details. This supports their task of deriving security requirements when selecting standard components. In order to give implementation-near practitioners a helpful starting point to benefit from our research we provide tools and case-studies to achieve security improvements within their own code base.Die Bedeutung der Programmiersprache JAVA als Baustein für Softwareentwicklungs- und Produktionsinfrastrukturen ist im letzten Jahrzehnt stetig gestiegen. JAVA hat sich als bedeutender Baustein für die Programmierung von Middleware-Lösungen etabliert. Ebenfalls evident ist die Verwendung von JAVA-Technologien zur Migration von existierenden Arbeitsplatz-Anwendungen hin zu webbasierten Einsatzszenarien. Parallel zu dieser Entwicklung hat sich die Rolle der IT-Sicherheit nicht zuletzt aufgrund der Verdrängung von mainframe-basierten Systemen hin zu verteilten Umgebungen verstärkt. Der Schutz von Vertraulichkeit, Integrität und Verfügbarkeit ist seit einigen Jahren ein kritisches Alleinstellungsmerkmal für den Markterfolg von Produkten. Verwundbarkeiten in Produkten wirken mittlerweile indirekt über kundenseitigen Vertrauensverlust negativ auf den wirtschaftlichen Erfolg der Softwarehersteller, zumal der Sicherheitsgrad eines Systems durch die verwundbarste Komponente bestimmt wird. Ein zentrales Ziel dieser Arbeit ist die Erkenntnis zu vermitteln, dass die alleinige Nutzung einer als ´sicher´ eingestuften Programmiersprache nicht als alleinige Grundlage zur Erstellung von sicheren und vertrauenswürdigen Anwendungen ausreicht. Vielmehr führt die Einbeziehung des Bedrohungsmodells der Programmiersprache zu einer verbesserten Risikobetrachtung, da die Angriffsfläche einer Anwendung detaillierter beschreibbar wird. Die Entwicklung und fortschreitende Akzeptanz einer Programmiersprache führt zu einer Verbreitung von allgemein anerkannten Lösungsmustern zur Erfüllung wiederkehrender Qualitätsanforderungen. Im Bereich der Dienstqualitäten fördern ´Gegenmuster´, d.h. nichtoptimale Lösungen, die Entstehung von Strukturschwächen, welche in der Domäne der IT-Sicherheit ´Verwundbarkeiten´ genannt werden. Des Weiteren ist die Einsatzumgebung einer Anwendung eine wichtige Kenngröße, um eine Bedrohungsanalyse durchzuführen, denn je nach Beschaffenheit der Bedrohungen im Zielszenario kann eine bestimmte Benutzeraktion eine Bedrohung darstellen, aber auch einen erwarteten Anwendungsfall charakterisieren. Während auf der Modellierungsebene ein breites Angebot von Beispielen zur Umsetzung von Sicherheitsmustern besteht, fehlt es den Programmierern auf der Implementierungsebene häufig an ganzheitlichem Verständnis. Dieses kann durch Beispiele, welche die Auswirkungen der Verwendung von ´Gegenmustern´ illustrieren, vermittelt werden. Unsere Kernannahme besteht darin, dass fehlende Erfahrung der Programmierer bzgl. der Sicherheitsrelevanz bei der Wahl von Implementierungsmustern zur Entstehung von Verwundbarkeiten führt. Bei der Vermittlung herkömmlicher Software-Entwicklungsmodelle wird die Integration von praktischen Ansätzen zur Umsetzung von Sicherheitsanforderungen zumeist nur in Meta-Modellen adressiert. Zur Erweiterung des Wirkungsgrades auf die praktische Ebene wird ein dreistufiger Ansatz präsentiert. Im ersten Teil stellen wir typische Sicherheitsprobleme von JAVA-Anwendungen in den Mittelpunkt der Betrachtung, und entwickeln einen standardisierten Katalog dieser ´Gegenmuster´. Die Relevanz der einzelnen Muster wird durch die Untersuchung des Auftretens dieser in Standardprodukten verifiziert. Der zweite Untersuchungsbereich widmet sich der Integration von Vorgehensweisen zur Identifikation und Vermeidung der ´Sicherheits-Gegenmuster´ innerhalb des Software-Entwicklungsprozesses. Hierfür werden zum einen Ansätze für die Analyse und Verbesserung von Implementierungsergebnissen zur Verfügung gestellt. Zum anderen wird, induziert durch die verbreitete Nutzung von Fremdkomponenten, die arbeitsintensive Auslieferungsphase mit einem Ansatz zur Erstellung ganzheitlicher Sicherheitsrichtlinien versorgt. Da bei dieser Arbeit die praktische Verwendbarkeit der Ergebnisse eine zentrale Anforderung darstellt, wird diese durch prototypische Werkzeuge und nachvollziehbare Beispiele in einer dritten Perspektive unterstützt. Die Relevanz der Anwendung der entwickelten Methoden und Werkzeuge auf Standardprodukte zeigt sich durch die im Laufe der Forschungsarbeit entdeckten Sicherheitsdefizite. Die Rückmeldung bei führenden Middleware-Herstellern (Sun Microsystems, JBoss) hat durch gegenseitigen Erfahrungsaustausch im Laufe dieser Forschungsarbeit zu einer messbaren Verringerung der Verwundbarkeit ihrer Middleware-Produkte geführt. Neben den erreichten positiven Auswirkungen bei den Herstellern der Basiskomponenten sollen Erfahrungen auch an die Architekten und Entwickler von Endprodukten, welche Standardkomponenten direkt oder indirekt nutzen, weitergereicht werden. Um auch dem praktisch interessierten Leser einen möglichst einfachen Einstieg zu bieten, stehen die Werkzeuge mit Hilfe von Fallstudien in einem praktischen Gesamtzusammenhang. Die für das Tiefenverständnis notwendigen Theoriebestandteile bieten dem Software-Architekten die Möglichkeit sicherheitsrelevante Auswirkungen einer Komponentenauswahl frühzeitig zu erkennen und bei der Systemgestaltung zu nutzen

    Cloud computing with an emphasis on PaaS and Google app engine

    Get PDF
    Thesis on cloud with an emphasis on PaaS and Google App Engin
    corecore