Dissertations / Theses on the topic 'Java-based web applications'

The internet is a source of information and it connects the world through a single platform. Many businesses have taken advantage of this to share information, to communicate with customers, and to create new business opportunities. However, this does not come without drawbacks as there exists an elevated risk to become targeted in attacks. The thesis implemented a dynamic taint tracker, named WebTaint, to detect and prevent confidentiality and integrity vulnerabilities in Java-based web applications. We evaluated to what extent WebTaint can combat integrity vulnerabilities. The possible advantages and disadvantages of using the application is introduced as well as an explication whether the application was capable of being integrated into production services. The results show that WebTaint helps to combat SQL Injection and Cross-Site Scripting attacks. However, there are drawbacks in the form of additional time and memory overhead. The implemented solution is therefore not suitable for time or memory sensitive domains. WebTaint could be recommended for use in test environments where security experts utilize the taint tracker to find TaintExceptions through manual and automatic attacks.
Internet är en informationskälla och förbinder världen genom en enda plattform. Många företag har utnyttjat detta för att dela information, kommunicera med kunder och skapa nya affärsmöjligheter. Detta kommer emellertid inte utan nackdelar, eftersom det finns en förhöjd risk att bli måltavlor i attacker. I avhandlingen implementerades en dynamic taint tracker, namngett WebTaint, med uppgift att förhindra sekretess och integritetsproblem i Java-baserade webbapplikationer. Vi utvärderade i vilken utsträckning WebTaint kan bekämpa integritets sårbarheter. De möjliga fördelarna och nackdelarna med användning av applikationen introduceras såväl som en förklaring ifall applikationen är möjlig att integrera i produktionstjänster. Resultaten visar att WebTaint hjälper till att bekämpa SQL Injection och Cross-Site Scripting-attacker. Det finns dock nackdelar i form av extra åtgång av tid och minne. Den implementerade lösningen är därför inte lämplig för tids- eller minneskänsliga domäner. Ett användningsfall för WebTaint är i testmiljöer där säkerhetsexperter använder taint trackern för att hitta TaintExceptions genom manuella och automatiska attacker.

In the software engineering world, many modelling notations and languages have been developed to aid application development. The technologies, Java and Web services, play an increasingly important role in web applications. However, because of issues of complexity, it is difficult to build multi-threaded Java applications and Web Service applications, and even more difficult to model. Furthermore, it is difficult to reconcile the directly-coded application with the model-based application. Based on the formal modelling system, RDT, the new work here covers: (i) a translator, RDTtoJava, used to automatically convert an RDT model into an executable multi-threaded Java application; (ii) the framework for developing an RDT model into a Java synchronous distributed application that is supported by the JAX-RPC Web Services; and, (iii) the framework for developing an RDT model into a Java asynchronous distributed application that is supported by the JMS Web services. Experience was gained by building distributed computing models and client/server models and generation of the application based on such models. This work is helpful for the software developers and software researchers in formal software development.

Thesis (M.S.)--Kutztown University of Pennsylvania, 2000.
Source: Masters Abstracts International, Volume: 45-06, page: 3187. Typescript. Abstract precedes thesis as preliminary leaf. Includes bibliographical references (leaves 75-76).

Today we use an obsolete way of handling information regarding which student and/or teacher is attending which class/lab/seminar, attendance is written down on a piece of paper and collected so that an administrator can manually enter this information to some data processing system. This method is far from optimal and demands a lot of time and resources from administrators, teachers, and students. Correct gathering of attendance is important since it is required for specific parts of some courses. We propose to automate the collection of this attendance data, thus enabling students and teachers to simply swipe their NFC-enabled KTH access card in order to enter their name on an attendance list. This will be achieved by creating an application that adds a student to an attendance list by reading information using a NFC/RFID reader and mapping the card’s UID to a KTHID (a locally unique identifier used within the university) using a database. The resulting attendance list should be formatted in such a fashion that it can easily be uploaded to systems such as KTH Social and Daisy. Ideally these systems will be extended so that instructors/teachers can use this attendance list to automatically create the appropriate entries in these systems to record the student’s participation in the indicated activity – in the process avoiding a lot of manual labor and improving the accuracy of the process. An additional problem is that there is currently no unified system that connects the KTH access card database (BRAVIDA) to the KTH LDAP database (which stores information about KTH students, faculty, and staff). This means that each student’s access card UID must manually be added to a database together with the student’s KTHID. However, once this database entry has been made, we can then map from a card number to a KTHID (or the reverse). The purpose behind and expected result of this thesis is a functional prototype of an application that creates an attendance list by reading data from the student or teacher’s access cards using a NFC reader. This will hopefully stimulate further digitalization in KTH and also encourage more courses to utilize such access card based attendance lists. The result should be less manual effort by students, faculty, and staff, as well as more accurate and timely filing of attendance information for courses.
I dagsläget använder vi en föråldrad metod för att hantera information kring vilken student och/eller instruktör som närvarar vid vilken föreläsning/laboration/seminarie, närvaron skrivs ner på en bit papper som samlas ihop och skickas till en administratör som sedan manuellt får mata in den här informationen i de olika databehandlingssystemen. Denna metod är långtifrån optimal och kräver en massa tid och resurser från administratörer, lärare och elever. Att den insamlade informationen är korrekt är viktig eftersom den är ett krav vid vissa kurser. Vårt förslag är att insamlingen av närvaroinformation automatiseras, genom att studenter och lärare enkelt kan dra sina KTH access kort för att mata in sitt namn på en närvarolista. Detta kommer att genomföras genom utvecklandet av en applikation som lägger till en student i närvarolistan genom att läsa av kort genom en NFC/RFID läsare och mappning av kortens UID till ett KTH användarnamn (användarnamnet är unikt inom KTH) med hjälp av en databas. Närvarolistan som genereras som ett resultat av programmets körning skall vara formaterad på ett sådant sätt att den enkelt kan laddas upp till system som KTH Social och Daisy. Idealt skall applikationen vidareutvecklas så att instruktörer/lärare kan använda närvarolistan till att automatiskt lägga till rätt post i de systemen för att lagra information om studentens närvaro vid en viss aktivitet - med mål att undvika mycket manuell inmatning samt öka noggrannheten kring processen. Ett ytterligare problem är att det i nuläget inte finns något system som kopplar KTH:s databas för accesskort (BRAVIDA) till KTH LDAP databasen (som lagrar information om KTH studenter, fakultet och personal). Detta betyder att varje användares accesskorts UID måste läggas till i en databas manuellt tillsammans med studentens KTH användarnamn. Emellertid är det så att när posten väl är inlagd i databasen, så kan vi mappa mellan accesskorts UID till KTHID(eller motsatsen). Detta examensarbete har resulterat i en fungerande prototyp av en applikation som skapar närvarolistor genom att läsa av data från studenter och lärares accesskort med hjälp av en NFC läsare. Detta kommer förhoppningsvis att stimulera ökad digitalisering inom KTH och dessutom motivera fler kursansvariga att använda accesskortsbaserade listor. Resultatet bör förhoppningsvis bli mindre manuellt arbete för studenter, fakultet och övrig personal samt mera precis och snabbare insamling av närvaroinformation.

This project "Designing Secure, Java Based Online Registration Systems to Meet Peak Load Performance Targets" is a simulation of a Web-based exposition management system plus a performance testing procedure to examine this web application.

Η τεχνολογία Java, της οποίας η πρώτη επίσημη εμπορική εμφάνιση έγινε το 1995 από την Sun Microsystems, αποτελεί σήμερα μια ευρέως χρησιμοποιούμενη τεχνολογία που διαθέτει εξειδικευμένες πλατφόρμες για όλους τους τομείς ανάπτυξης εφαρμογών. Προσφέρει ένα ευέλικτο περιβάλλον ανάπτυξης στο οποίο ενσωματώνονται όλα τα πλεονεκτήματα της γλώσσας προγραμματισμού Java, ενώ παράλληλα παρέχει ένα δυναμικό μοντέλο ασφάλειας που συμπληρώνεται από την υποστήριξη των κορυφαίων πρωτοκόλλων διασύνδεσης. Ειδικότερα, η Java 2 Platform, Micro Edition (JavaMETM), είναι η πλατφόρμα που επεκτείνει τις δυνατότητες της τεχνολογίας Java στο χώρο των ενσωματωμένων συσκευών ευρείας κατανάλωσης, όπως τα κινητά τηλέφωνα και οι προσωπικοί ψηφιακοί βοηθοί (PDAs). Υποστηρίζοντας σημαντικά εργαλεία και τεχνολογίες, όπως το MIDP, η πλατφόρμα J2ME επιτρέπει την ανάπτυξη ευέλικτων και ασφαλών εφαρμογών, οι οποίες προσδίδουν στις συσκευές ευρείας κατανάλωσης έναν επικοινωνιακό και ψυχαγωγικό χαρακτήρα. Αντικείμενο της παρούσας διπλωματικής εργασίας αποτελεί η μελέτη των τεχνολογιών Java ME και ιδιαίτερα η μελέτη των χαρακτηριστικών της πλατφόρμας Web Services. Η εργασία αυτή συμπληρώνεται από την υλοποίηση μιας υπηρεσίας γνωριμιών με την χρήση ενός Location Based Server, η οποία απευθύνεται σε κινητά τηλέφωνα που υποστηρίζουν τη συγκεκριμένη τεχνολογία. Η υπηρεσία γνωριμιών πλαισιώνεται και από ένα πλήθος επιπλέον δυνατοτήτων εξεύρεσης των πλησιέστερων μουσείων, βενζινάδικων, σινεμά, εστιατορίων, καφετεριών και τέλος αστυνομικών τμημάτων. Η δομή της εργασίας έχει ως εξής: Στο πρώτο κεφάλαιο γίνεται μια σύντομη αναφορά στην τεχνολογία LBS. Στο δεύτερο κεφάλαιο αναλύονται τα χαρακτηριστικά της πλατφόρμας Web Services. Στο τρίτο κεφάλαιο περιγράφεται η αρχιτεκτονική του LBS, ενώ το τέταρτο κεφάλαιο αναφέρεται στην υλοποίηση του. Στο πέμπτο κεφάλαιο προσδιορίζεται ο τρόπος υλοποίησης της Java ME εφαρμογής που αναπτύχθηκε στα πλαίσια αυτής της εργασίας, ενώ στο έκτο και προτελευταίο κεφάλαιο παρουσιάζεται η βάση δεδομένων του LBS.
-

碩士
國立臺灣科技大學
營建工程系
94
This paper presents a new Internet-based finite-element analysis framework, named Web-FEM, which allows users to access finite-element analysis service at remote sites over the Internet by using an Internet-connected machine only. The implementation utilizes modern computer graphics, parallel processing, and information technology to provide features such as platform-independence, 3D graphical interface, system performance, multiple-user management, and fault tolerance in comparison with other Internet-based analytical systems. These features make its usage like using a traditional finite element package installed and run on a local machine, and its performance like using a high performance computing facility. The system architecture consists of three components. The only component on the client computer is a Java program, which handles the presenting of data and interacting with the user. One component on the server machine is a parallel C++ program, which handles core computation. Another component on the server machine is a Java program, which coordinates the previous two components over the Internet to integrate them to work as a single system. The object model design and the implementation of this three-tier system are presented in detail.

碩士
國立臺灣科技大學
機械工程系
88
In the age of electronic commerce, it is strong belief that most of enterprise needs a web-enabled information infrastructure to response to fast changing markets and business activities. This thesis presents an approach to design and implement the business logic of three-tier web-enabled system that uses the UML（Unified Modeling Language） notation and Java technology. Our Java-based web system is implemented using IBM WebSphere application server as the middle tier that interacts with the back-end IBM DB2 database server. An online shopping website for the BOM-based（Bill of Material）products, BuyCar site, is developed first as a case study. It will demonstrate the integration process of Java and web-enabled database technologies. The development of BuyBike site is used to show out the steps of changing the business logic for the second website with some similar product structure and business activities in regard to the first one, BuyCar demo site.

碩士
國立高雄第一科技大學
電腦與通訊工程所
97
A calendar can help us to arrange what we should do in now and future. If the calendar combines with the meeting management system, it can get more efficiency. Usually before holding a meeting, sometimes participants can not take part in, if there is a calendar which are shared by participants and we can check their schedule in advance.That can help us to avoid wasting time in asking. In order to reach the purpose, the calendar system must have share functionality and we can find out the free time to make appointment or hold a meeting together. Application in Java, we usually develop in JavaServer Pages(JSP) which mixes HTML and Java codes together. This method also mixes presentation layer and business layer and leads to pretty complicated for earlier developing members and later stage in maintaining ones. To get rid of the above limits,we separate the business layer from the presentation layer, then combine it to become a reusable frame. It was called MVC(Model-View-Controller) structure and suitable for group to cooperate and develop. In year of 2000’s, Craig McClanahan develop Sturts by using above frame. This thesis regards Apache Tomcat as a WEB server, JSP as script language and Struts as frame to develop a personal address book & calendar system. According to present electrical calendar, I integrate multi-person sharing、meeting management、address book、SMS and E-mail functions, to promote communication efficiency and save flow path of work. As the system is takes Sturts as frame, so next time during expansion or develop of other system we can reuse the completed model (business layer). So that it can shorten time in writing program and after the program has been modulized, the volume becomes smaller, it’s more easy for maintenance.

碩士
國立政治大學
資訊科學系
107
In today's information market, all kinds of application systems need to generate or process plenty of application data, such as patient medical records, corporate customer data, enterprise human resource data and so on. A large proportion of these data needs to be manually entered directly or indirectly by relevant users; as to the content and type, there is great variety in these data, mainly depending on the domain characteristics of individual application, as well as the actual system analysis and design. It is therefore very attractive to software developers if we could provide a tool allowing to quickly create a good editing system tailored for any given application system, by which users can easily and quickly enter required application data. This thesis comes up with a system capable of generating an editing system operated on web browsers for the domain objects of any given application system. In the specification of the editing system we use Java classes to represent all types of objects in the given application and embed Java annotations in each class to express how its instances are rendered on a web page. Succeeding processing of the specification will generate the intended editing system packaged as a web application. After installing and activating the web application in the Jetty web server, the user can start his editing of domain data by a browser and ends with the result saved as a file of JSOG format. Subsequent applications can deserialize its content into application objects. The main techniques and tools used in this thesis include: Jetty, Java Annotations, Java Reflection, Java Servlets, and Angular web framework. The editor generated by our system is a web application. On the server side, it uses embedded Jetty, a web server based on Java servlets; on the client side, it uses the Angular framework. The use of an embedded web server avoids the need of the residence of a remote web server when the editor is operated. The web pages of the editor are generated using servlets and Angular. They provide a reactive form and a tree component for the user to enter and view object contents. When the editing reaches a certain stage, the system allows to serialize the result in JSOG format and cache it in the browser's Session Storage. When the editing ends, the cached data can be written to any designated file in the local machine.

The topic of this master's thesis is development of identity management solution for small and medium business. The thesis is divided into four major parts. The first part contains theoretical background as description of RBAC model or model with relationships between practically used objects (user identity, role, position, permission, account...). Analysis of functioning and needs of targeted organizations was carried out in the second part. The third part describes the design of the developed application. The fourth part discusses actual implementation of the application. The main outcome of the thesis is implemented application that can be deployed at thesis defined organizations. The application includes all the functionality required in the first phase of the project.