Struts2JSF: Framework Migration in J2EE Using Framework Specific Modeling Languages

Java 2 Enterprise Edition is a portable, robust, scalable and secure platform for enterprise software development based on Java technologies, and embraces open standards through the Java Community Process (JCP). J2EE development is not very productive because of the complexity of the platform and the lack of good tool support. Object-Oriented Frame- works are a reliable design and code reuse approach. Many frameworks have emerged since J2EE’s release to ease development. Struts has become the de-facto standard, while JavaServer Faces (JSF) is a new framework, which has been included in the J2EE spec- ification and hence standardized. Both Struts and JSF frameworks are based on Model- View-Controller design pattern. JSF takes a similar approach to Struts for the controller component, but adds to it by providing user interface components with server-side state for the view component. This work deals with the problem of migrating an application based on the Struts frame- work to the new JSF framework. The software migration task is divided into view and con- troller migration. Controller migration is semi-automated using Antkiewicz’s Framework- Specific Modeling Languages (FSML) approach. Guidelines are provided for view migra- tion, which boils down to the problem of componentization. JSF and Struts frameworks can also be used together where JSF supports the view component while Struts supports the controller component. Merits and demerits of this approach are also discussed

Analysis and Development of Instrument Software Paradigms: Conception and Implementation of a New Instrument Control and Data Acquisition System, Proven by Material Scientific Applications

During the last 50 years, the quality of analysis methods in many scientific disciplines has been enhanced by electronic applications, automation and data processing. While the features, performance and usability of these processes have been continually enhanced, it is conspicuous that the majority of institutes operate own proprietary software. This situation arises for both historical and financial reasons, plus a wish to retain autonomy fuelled by the requirement for a system that remains compatible with both new and legacy hardware. This thesis reviews the commonly used scientific software systems and their stakeholders and tries to identify generic problems. The demands on instrument systems are summarized by a requirement specification. Based on these requirements, a basic concept is developed that reflects the current state-of-the art in software design and which may provide a blueprint for instrument system architectures. The results are used to create a proof-of-concept implementation. Core to this approach is an application server that comes with a container, which makes use of the Inversion-of-Control pattern to loosely couple and execute components. These do not need to implement fixed interfaces and are thus decoupled from a specific use-case. Components can, for example, be proxies that control and acquire data from legacy hardware, perform calculations, provide a human-machine interface or act as storage. They are dynamically wired to experiments using XML-based Assembly files. Both Assemblies and Components can be published using a central store on a collaboration platform and shared by the community. This increases reusability and allows the use of existing Assemblies with new hardware by simply replacing the hardware proxy modules. Example components have been provided for the access to legacy and new instrument hardware, the storage of results in the NeXus format, data reduction, simulation with McStas, the execution of customizable scans and the visualization of data

Servicio para la gestión de actividades asistenciales complementarias

Currently, at the Internal Medicine Department at Hospital Universitario Virgen Macarena (HUVM), one person needs to spend between two to three days per month scheduling and managing the doctor’s shifts. For this reason, the aim of this project is to design and implement a system that automates this tasks, reducing the amount of time needed to complete them. Even though the system has been designed to meet the requirements of the Internal Medicine Department at HUVM, these are very general needs that can be extended to either other hospitals or organizations. The solution is composed of three different systems: A simple web application, to provide an interface to the users; a REST service, to provide access to the actual data of the application; and a service responsible for scheduling the shifts, according to the given requirements. These three separate systems cooperate as follows: the web application consumes the REST API to provide the user interface; and the REST service uses the scheduling service to assign the doctor’s shifts. The solution designed does not intend to be a new technology, but rather a combination of different already existent ones. Specifically, this project uses the Spring framework to implement both the Web application and the REST service, and the Google ORTools to solve the scheduling problem.Actualmente, en el Departamento de Medicina Interna del Hospital Universitario Virgen Macarena (HUVM), una persona debe dedicar entre dos y tres días al mes a la planificación de los turnos de los médicos (guardias y continuidades asistenciales). El objetivo de este proyecto es diseñar e implementar un sistema que permita automatizar estas tareas, reduciendo el tiempo necesario para completarlas. Por otra parte, aunque el sistema vaya a ser diseñado para cumplir con los requisitos concretos del Departamento de Medicina Interna del HUVM, estos son suficientemente genéricos como para que el sistema pueda ser útil a otros hospitales u organizaciones. En concreto, el sistema a diseñar se va a dividir en tres partes: Una aplicación web sencilla, que va a proporcionar una interfaz a los usuarios; un servicio REST, que va a ofrecer acceso a la información del sistema; y un servicio responsable de la planificación de los turnos acorde a los requisitos. Estos tres sistemas se comunican de la siguiente forma: La aplicación web utiliza la interfaz REST, y el servicio REST utiliza el servicio de planificación. La solución que ha sido diseñada no pretende ser una nueva tecnología, sino una combinación de varias ya existentes. En concreto, en este proyecto se va a hacer uso del entorno Spring para el desarrollo de la aplicación web y del servicio REST, y de la herramienta Google ORTools para resolver el problema de planificación.Universidad de Sevilla. Grado en Ingeniería de las Tecnologías de Telecomunicació

Full Stack Application Generation for Insurance Sales based on Product Models

The insurance market is segregated in various lines-of-business such as Life, Health, Property & Casualty, among others. This segregation allows product engineers to focus on the rules and details of a speci c insurance area. However, having di erent conceptual models leads to an additional complexity when a generic presentation layer application has to be continuously adapted to work with these distinct models. With the objective to streamline these continuous adaptations in an existent presentation layer, this work investigates and proposes the usage of code generators to allow a complete application generation, able to communicate with the given insurance product model. Therefore, this work compares and combines di erent code generation tools to accomplish the desired application generation. During this project, it is chosen an existing framework to create several software layers and respective components such as necessary classes to represent the Domain Model ; database mappings; Service layer; REST Application Program Interface (API); and a rich javascript-based presentation layer. As a conclusion, this project demonstrates that the proposed tool can generate the application already adapted and able to communicate with the provided conceptual model. Proving that this autonomous process is faster than the current manual development processes to adapt a presentation layer to an Insurance product model.O mercado segurador encontra-se dividido em várias linhas-de-negócio (e.g. Vida, Saúde, Propriedade) que têm naturalmente, diferentes modelos conceptuais para a representação dos seus produtos. Esta panóplia de modelos leva a uma dificuldade acrescida quando o software de camada de apresentação tem que ser constantemente adaptado aos novos modelos bem como ás alterações efetuadas aos modelos existentes. Com o intuito de suprimir esta constante adaptação a novos modelos, este trabalho visa a exploração e implementação de geradores de código de forma a permitir gerar toda uma aplicação que servirá de camada de apresentação ao utilizador para um dado modelo. Assim, este trabalho expõe e compara várias ferramentas de geração de código actualmente disponíveis, de forma a que seja escolhida a mais eficaz para responder aos objectivos estabelecidos. É então selecionada a ferramenta mais promissora e capaz de gerar vários componentes de software, gerando o seu modelo de domínio, mapeamento com as respectivas tabelas de base de dados, uma camada de lógica de negócio, serviços REST bem como uma camada de apresentação. Como conclusão, este trabalho apresenta uma solução que é capaz de se basear num modelo proveniente do sistema de modelação de produto e assim gerar completamente a aplicação de camada de apresentação desejada para esse mesmo modelo. Permitindo assim, um processo mais rápido e eficaz quando comparado com os processos manuais de desenvolvimento e de adaptação de código-fonte existentes

Security analyses for detecting deserialisation vulnerabilities : a thesis presented in partial fulfilment of the requirements for the degree of Doctor of Philosophy in Computer Science at Massey University, Palmerston North, New Zealand

An important task in software security is to identify potential vulnerabilities. Attackers exploit security vulnerabilities in systems to obtain confidential information, to breach system integrity, and to make systems unavailable to legitimate users. In recent years, particularly 2012, there has been a rise in reported Java vulnerabilities. One type of vulnerability involves (de)serialisation, a commonly used feature to store objects or data structures to an external format and restore them. In 2015, a deserialisation vulnerability was reported involving Apache Commons Collections, a popular Java library, which affected numerous Java applications. Another major deserialisation-related vulnerability that affected 55\% of Android devices was reported in 2015. Both of these vulnerabilities allowed arbitrary code execution on vulnerable systems by malicious users, a serious risk, and this came as a call for the Java community to issue patches to fix serialisation related vulnerabilities in both the Java Development Kit and libraries. Despite attention to coding guidelines and defensive strategies, deserialisation remains a risky feature and a potential weakness in object-oriented applications. In fact, deserialisation related vulnerabilities (both denial-of-service and remote code execution) continue to be reported for Java applications. Further, deserialisation is a case of parsing where external data is parsed from their external representation to a program's internal data structures and hence, potentially similar vulnerabilities can be present in parsers for file formats and serialisation languages. The problem is, given a software package, to detect either injection or denial-of-service vulnerabilities and propose strategies to prevent attacks that exploit them. The research reported in this thesis casts detecting deserialisation related vulnerabilities as a program analysis task. The goal is to automatically discover this class of vulnerabilities using program analysis techniques, and to experimentally evaluate the efficiency and effectiveness of the proposed methods on real-world software. We use multiple techniques to detect reachability to sensitive methods and taint analysis to detect if untrusted user-input can result in security violations. Challenges in using program analysis for detecting deserialisation vulnerabilities include addressing soundness issues in analysing dynamic features in Java (e.g., native code). Another hurdle is that available techniques mostly target the analysis of applications rather than library code. In this thesis, we develop techniques to address soundness issues related to analysing Java code that uses serialisation, and we adapt dynamic techniques such as fuzzing to address precision issues in the results of our analysis. We also use the results from our analysis to study libraries in other languages, and check if they are vulnerable to deserialisation-type attacks. We then provide a discussion on mitigation measures for engineers to protect their software against such vulnerabilities. In our experiments, we show that we can find unreported vulnerabilities in Java code; and how these vulnerabilities are also present in widely-used serialisers for popular languages such as JavaScript, PHP and Rust. In our study, we discovered previously unknown denial-of-service security bugs in applications/libraries that parse external data formats such as YAML, PDF and SVG

Generating mock skeletons for lightweight Web service testing : a thesis presented in partial fulfilment of the requirements for the degree of Doctor of Philosophy in Computer Science at Massey University, Manawatū New Zealand

Modern application development allows applications to be composed using lightweight HTTP services. Testing such an application requires the availability of services that the application makes requests to. However, continued access to dependent services during testing may be restrained, making adequate testing a significant and non-trivial engineering challenge. The concept of Service Virtualisation is gaining popularity for testing such applications in isolation. It is a practise to simulate the behaviour of dependent services by synthesising responses using semantic models inferred from recorded traffic. Replacing services with their respective mocks is, therefore, useful to address their absence and move on application testing. In reality, however, it is unlikely that fully automated service virtualisation solutions can produce highly accurate proxies. Therefore, we recommend using service virtualisation to infer some attributes of HTTP service responses. We further acknowledge that engineers often want to fine-tune this. This requires algorithms to produce readily interpretable and customisable results. We assume that if service virtualisation is based on simple logical rules, engineers would have the potential to understand and customise rules. In this regard, Symbolic Machine Learning approaches can be investigated because of the high provenance of their results. Accordingly, this thesis examines the appropriateness of symbolic machine learning algorithms to automatically synthesise HTTP services' mock skeletons from network traffic recordings. We consider four commonly used symbolic techniques: the C4.5 decision tree algorithm, the RIPPER and PART rule learners, and the OCEL description logic learning algorithm. The experiments are performed employing network traffic datasets extracted from a few different successful, large-scale HTTP services. The experimental design further focuses on the generation of reproducible results. The chosen algorithms demonstrate the suitability of training highly accurate and human-readable semantic models for predicting the key aspects of HTTP service responses, such as the status and response headers. Having human-readable logics would make interpretation of the response properties simpler. These mock skeletons can then be easily customised to create mocks that can generate service responses suitable for testing

European Language Grid

This open access book provides an in-depth description of the EU project European Language Grid (ELG). Its motivation lies in the fact that Europe is a multilingual society with 24 official European Union Member State languages and dozens of additional languages including regional and minority languages. The only meaningful way to enable multilingualism and to benefit from this rich linguistic heritage is through Language Technologies (LT) including Natural Language Processing (NLP), Natural Language Understanding (NLU), Speech Technologies and language-centric Artificial Intelligence (AI) applications. The European Language Grid provides a single umbrella platform for the European LT community, including research and industry, effectively functioning as a virtual home, marketplace, showroom, and deployment centre for all services, tools, resources, products and organisations active in the field. Today the ELG cloud platform already offers access to more than 13,000 language processing tools and language resources. It enables all stakeholders to deposit, upload and deploy their technologies and datasets. The platform also supports the long-term objective of establishing digital language equality in Europe by 2030 – to create a situation in which all European languages enjoy equal technological support. This is the very first book dedicated to Language Technology and NLP platforms. Cloud technology has only recently matured enough to make the development of a platform like ELG feasible on a larger scale. The book comprehensively describes the results of the ELG project. Following an introduction, the content is divided into four main parts: (I) ELG Cloud Platform; (II) ELG Inventory of Technologies and Resources; (III) ELG Community and Initiative; and (IV) ELG Open Calls and Pilot Projects

European Language Grid

This open access book provides an in-depth description of the EU project European Language Grid (ELG). Its motivation lies in the fact that Europe is a multilingual society with 24 official European Union Member State languages and dozens of additional languages including regional and minority languages. The only meaningful way to enable multilingualism and to benefit from this rich linguistic heritage is through Language Technologies (LT) including Natural Language Processing (NLP), Natural Language Understanding (NLU), Speech Technologies and language-centric Artificial Intelligence (AI) applications. The European Language Grid provides a single umbrella platform for the European LT community, including research and industry, effectively functioning as a virtual home, marketplace, showroom, and deployment centre for all services, tools, resources, products and organisations active in the field. Today the ELG cloud platform already offers access to more than 13,000 language processing tools and language resources. It enables all stakeholders to deposit, upload and deploy their technologies and datasets. The platform also supports the long-term objective of establishing digital language equality in Europe by 2030 – to create a situation in which all European languages enjoy equal technological support. This is the very first book dedicated to Language Technology and NLP platforms. Cloud technology has only recently matured enough to make the development of a platform like ELG feasible on a larger scale. The book comprehensively describes the results of the ELG project. Following an introduction, the content is divided into four main parts: (I) ELG Cloud Platform; (II) ELG Inventory of Technologies and Resources; (III) ELG Community and Initiative; and (IV) ELG Open Calls and Pilot Projects

A web application user interface specification language based on statecharts

The Internet today has a phenomenal reach---right into the homes of a vast audience worldwide. Some organisations (and individuals) see this medium as a good opportunity for extending the reach of their computer systems. One popular approach used for such endeavours is to run an application on a server, using web technology for displaying its user interface (UI) remotely. Developing such a web-based UI can be quite tedious---it is a concurrent, distributed program which has to run in a hostile environment. Furthermore, the platform on which it is implemented (the web) was not originally intended for such usage. A web framework is a collection of software components which provides its users with support for developing and executing web-based UIs. In part, web frameworks can be seen as being analogous to interpreters: given a specification of a UI using a specification technique dictated by the framework, server components of the framework can present the UI using web technology. Topics related to web frameworks are scarce in the academic literature, but abound in industry and open discussion forums. Similarly, the designers of web frameworks seldom found their work on existing theory in the literature. This study is an attempt to bridge this gap. It is focused on two aspects of web frameworks: the specification technique a framework mandates, and how such a specification can subsequently be used to present a UI via web technology. As part of this study, a survey was conducted of 80 open source web frameworks. Based on the survey, a partial overview of the domain of web frameworks is given, covering what is seen as being typically required of a web framework and covering specification techniques that are used by existing frameworks. Two taxonomies are proposed of the strategies web frameworks use for specifying two aspects of web UIs. Using the web as platform implies adherence to certain (intended) architectural constraints. Web framework designers often strain against these constraints. However, another point of view is to recognise that the success of the web platform is made possible precisely because of its intended architecture. (And the success of the web is surely the principal motivation for using it for remote UIs in the first place.) With the bias of this viewpoint, a specification technique is proposed for web-based UIs. This technique is based on the well-known formalism of statecharts, with semantics explicitly defined in terms of the intended architectural components and constraints of the web. The design of a web framework for presenting a UI so specified is also proposed (based on the theoretical background given, as well as two prototype implementations which have been developed).Dissertation (MSc)--University of Pretoria, 2007.Computer Scienceunrestricte

Essential Speech and Language Technology for Dutch: Results by the STEVIN-programme

Computational Linguistics; Germanic Languages; Artificial Intelligence (incl. Robotics); Computing Methodologie