Site Loader
Rock Street, San Francisco

Introduction

Since World Wide Web is supported across multiple platforms and uses standard communicating like Hyper Text Markup Language ( HTML ) , it has become widely popular. Inventions such as Java Enterprise Edition and SSL ( Secured Sockets Layer ) make it easier to utilize the World Wide Web as the footing for supervising systems of dynamic processes.This study contains development and analysis of a web based application called Patient Monitoring System. Development includes design and the execution stage of the system. The application will be implemented in Java linguistic communication utilizing Java Server Pages ( JSP ) and servlets utilizing Netbeans IDE. Then we plan to implement the same utilizing web services. Then, different types of security would be incorporated in both web application and the web services. Analysis includes testing of the application and the web services for response clip. Then, we will add security to the web service and the web service client. Subsequently, we analyze the difference in response times when accessing the application with and without security.

The study consists of the undermentioned chapters:

  • Chapter 1 includes the debut to Web Applications. It explains the Java Server Pages and Java servlets in inside informations. It besides includes structuring of HTTP Request and Response Headers. Finally, we will see MVC architecture for web applications.
  • Chapter 2 provides an overview of the Web Services, why web services are needed and its constituents. It explains the constructs of SOAP, WSDL and UDDI. It besides includes a tutorial on developing a web service and matching client in NetBeans IDE.
  • Chapter 3 explains the security menaces and demands in web applications. It gives an debut to different types of security mechanisms. At the terminal, it explains how to implement security in web applications.
  • Chapter 4 explains the design stage of the Patient Monitoring System. It includes category diagrams, sequence diagrams and database scheme.
  • Chapter 5 trades with the execution stage of the Patient Monitoring System. It includes the resources used and the assorted activities performed by different users in the system.
  • Chapter 6 includes the analysis stage of the Patient Monitoring System. It explains the demand and types of proving. Then, public presentation testing of both, web application based and net services based systems, has been carried out with and without security ; and the consequences have been compared.

Chapter 1 – Web Applications

Introduction

This Chapter includes the debut to Web Applications. It explains the Java Server Pages and Java servlets in inside informations. It besides includes structuring of HTTP Request and Response Headers. Finally, we will see MVC architecture for web applications.

Overview of Web Applications

A web application or webapp is an application accessed via any web browser over a web. It can besides be a computing machine application hosted in a browser controlled environment or coded in a browser supported linguistic communication. Web applications are popular because they have ability to be updated and maintained without being distributed or installed on client computing machines. They have the built-in support for cross platform compatibility. Examples of webapps are on-line retail gross revenues, webmail, wikis, fining etc. Web applications may or may non necessitate a GUI. They require scripting linguistic communications such as HTML, CSS, or JavaScript. Many applications use Java Programming Language because of its versatility. It can be every bit simple as a page demoing current day of the month and clip or every bit complex as a set of web pages leting look up and booking flights, hotels etc. We will be planing a Patient Monitoring System utilizing Java Servlets and Java Server Pages ( JSP ) , which are a portion of Java Enterprise Edition ( Java EE ) Platform, in add-on to Java Standard Edition ( Java SE ) categories and bundles. Netbeans IDE will be used for the execution of the application. To deploy the application, Java waiter package is required. We will be utilizing Glassfish Server v2.

Java Servlet

Servlets are Java objects that process dynamic petitions and generate responses. Dynamic content can be added to a Web Server by utilizing the Java Servlet API. The content is by and large HTML, but may include XML. Servlets are the Java opposite number to non-Java web content such as PHP, CGI and ASP.NET. State direction across many waiter minutess is done easy utilizing servlets. It can be done utilizing HTTP cookies, session variables or URL rewriting. A servlet is an object that accepts a petition and generates a response based on that petition.

Request

Request is the information that is sent from client to a waiter. It includes the undermentioned details-

  • Who made the petition
  • User informations
  • HTTP Headings

HTTP petition has 2 methods:

GET Request:

  • User information is appended to the URL in a question twine
  • Can merely direct limited sum of informations

POST Request:

  • User entered information is sent as informations ( non appended to URL )
  • Can direct any sum of informations

HTTP Request Headers include the followers: –

  • Accept: Indicates MIME types browser can manage.
  • Accept Encoding: Indicates encoding browser can manage
  • Mandate: Username and watchword for protected pages
  • Connection: Type of connexion
  • Cookie: Give cookies set by waiter for the client
  • Host: Indicates host
  • User-Agent: Identifies the browser doing the petition

Example of HTTP 1.1 Request:

GET /search? keywords= servlets HTTP/ 1.1

Accept: image/ gif, image/ jpg, */*

Accept-Encoding: gzip

Connection: Keep- Alive

Cookie: userID= id45678

Host: www.sun.com

User-Agent: Mozilla/ 5.5

Response

Response is the information that is sent from waiter to a client. It includes-

  • Text ( HTML or field ) or binary ( image ) informations
  • HTTP Headers, cookies etc.

HTTP Response Header includes the following-

  • Location: specifies a papers ‘s new location
  • Refresh: specifies a hold before the browser automatically reloads a page
  • Set-Cookie: The cooky set by the waiter for the browser
  • Cache Control
  • Contented Encoding: The manner content is encoded
  • Contented Length: figure of bytes in response
  • Contented Type: type of papers being returned
  • Last-Modified: the clip papers was last changed
  • Date: Date the information transportation starts
  • Waiter

Example of HTTP 1.1 Response

HTTP/1.1 200 OK

Date: Thu, 03 Dec 2009 18:45:35 GMT

Waiter: Apache

Location: hypertext transfer protocol: //www.askapache.com/robots.txt

Content-Encoding: gzip

Content-Length: 201

Connection: stopping point

Content-Type: text/html ; charset=iso-8859-1

Life Cycle of a Servlet

The servlet lifecycle consists of the undermentioned stairss:

  1. During start-up, the servlet category is loaded by the container.
  2. The init ( ) method is called by the container. This method is called before the servlet can serve any petitions. It initializes the servlet. Theinit ( ) method is called merely one time in the full life of the servlet.
  3. After low-level formatting, the servlet services client petitions. Each petition is serviced in a separate yarn. The container calls theservice ( ) method of the servlet for each petition. Theservice ( ) method determines the sort of petition and dispatches it to some appropriate method to manage the petition. The developer must supply an execution for such methods. If a petition for an unimplemented method is made, the method of the parent category is called, ensuing in an mistake being returned.
  4. Finally, thedestroy ( ) method, that takes the servlet out of service, is called by the container. Thedestroy ( ) method is called merely one time in the lifecycle of any servlet.

Java Servlet VS CGI

CGI or Common Gateway Interface is something similar to servlets but is written in C, C++ , Visual Basic and Perl. Below is the comparing between servlet and a CGI.

Java Server Pages ( JSP )

Java Server Pages ( JSP ) is a server Java engineering that allows package developers to make dynamic web pages, with HTML, XML, or other papers types, in response to a Web client petition. JSPs are compiled into servlets by a JSP compiler.

JSP is fundamentally a text-based papers capable of returning both inactive and dynamic content to a client browser. Inactive content may include HTML, XML or other Text. Dynamic content includes Java codification or belongingss of Java beans.

When a JSP page is called, it will be compiled ( by the JSP engine ) into a Java servlet. At this point the servlet is handled by the servlet engine, merely like any other servlet. The servlet engine so loads the servlet category ( utilizing a category stevedore ) and executes it to make dynamic HTML to be sent to the browser, as shown in Figure 1. The servlet creates any necessary object, and writes any object as a twine to an end product watercourse to the browser.

The following clip the page is requested, the JSP engine executes the already-loaded servlet unless the JSP page has changed, and in which instance it is automatically recompiled into a servlet and executed.

Web Applications Architecture

The JSP specification nowadayss two attacks for constructing web applications: JSP Model 1 and Model 2 architectures.

Model 1 Architecture

In Model 1 architecture, as shown in Figure 2, the JSP page is responsible for treating petitions and directing back answers to clients.

Model View Controller Architecture

Model View Controller ( MVC ) is an architectural form used in package technology. The form separates concern logic from input and presentation, allowing independent development. It allows proving and care of each ; input and presentation.

The Model 2 architecture, as shown in Figure 3, integrates the usage of both servlets and JSP pages. In this theoretical account, JSP pages are used for the presentation undertaking, and servlets for treating undertakings. The servlet acts as a accountant responsible for treating petitions and making any beans needed by the JSP page. The accountant besides decides which JSP page to send on the petition. The JSP page retrieves all the objects created by the servlet and infusions dynamic content.

This theoretical account fundamentally involves JSPs as positions that may show informations or inquire user for informations ; and so base on balls of them on to servlet for processing. Servlets are accountants that process the information that has been grabbed by the JSP.

Drumhead

In this chapter, we defined web applications and illustrated the usage of servlets and JSP in web applications. We studied the working of servlets and JSP. We besides saw the structuring of HTTP petition and response messages ; and MVC architecture for developing web apps. In the following chapter, we will larn about web services and its constituents.

Chapter 2 – Web Servicess

Introduction

This chapter provides an overview of the Web Services, why web services are needed and its constituents. It explains the constructs of SOAP, WSDL and UDDI. It besides includes a tutorial on developing a web service and matching client in NetBeans IDE.

Overview of Web Services

A web service defined by The World Wide Web Consortium ( W3C ) as:

“ A package system designed to back up interoperable machine-to-machine interaction over a web. It has an interface described in a machine-process able format ( specifically Web Services Description Language WSDL ) . Other systems interact with the web service in a mode prescribed by its description utilizing SOAP messages, typically conveyed utilizing HTTP with an XML serialisation in concurrence with other web-related criterions. ” [ 1 ]

Why usage Web Services?

  • Interoperable- connect across different platforms
  • Economical- no package installing required
  • Reclaimable components- There are things applications need really frequently. Web services can offer application-components like currency transition, weather studies.
  • Scalable- no bound on range and sum of applications

Components of Web Services

Web Servicess have three basic platform elements: SOAP, WSDL and UDDI.

Simple Object Access Protocol ( SOAP )

SOAP is an XML based protocol that allows applications to interchange information over HTTP. In other words, it is a protocol required to entree a web service. It is platform independent, linguistic communication independent, extensile and simple.

A SOAP message includes the undermentioned elements:

  • An Envelope component that defines the XML papers as a SOAP message
  • A Header component ( optional ) incorporating hallmark
  • A Body component that contains call and response information
  • A Fault component ( optional ) incorporating mistakes and position information

Web Service Description Language ( WSDL )

The WSDL is the linguistic communication to depict the web services and the manner to entree them. It is an XML based papers that shows how to pass on utilizing the web service. It includes the undermentioned elements:

  • The information types used by the web service
  • The messages used by the web service
  • The operations performed by the web service
  • The communicating protocols used by the web service

Universal Description, Discovery and Integration ( UDDI )

UDDI is a method that is used to specify a manner to print and happen information about web services on the World Wide Web. It is a directory that shops all the information about web services. It consists of three classs:

  • White Pages: Contains name, reference, and contact information of the publishing house of the web service.
  • Yellow Pages: Industrial classification ( likes gross revenues, production etc ) .
  • Green Pages: Contains proficient information sing the web service

Developing a Web Service in NetBeans IDE

It is reasonably easy to develop a web service in Java utilizing NetBeans.

  1. Make a new undertaking. Select Java Web, Web Application and name it ‘Add_Project ‘ .
  2. Right Click Add_Project node and make new Web Service. Name the web service as ‘Add_WebService ‘ . Name the bundle as ‘add ‘ . Press Finish.
  3. Expand the Web Services node and dual chink on Add_WebService. Then, click the design check.
  4. Click Add operation. Enter ‘add ‘ in operation name and put return type to java.lang.Integer. Add 2 parametric quantities a and b both of int type and imperativeness OK. Lets add one more operation called ‘subtract ‘ .
  5. This is what the design check should look like
  6. Click on Source check to see the beginning codification and do alterations in the return map.

Developing a Web Service Client in NetBeans IDE

Now let ‘s make a client for the above web service.

  1. Make a new Web Application and name it ‘Add_Client ‘ .
  2. Right click Add_Client node and make new Web Service Client.
  3. Choose undertaking and click browse. Choose the Add_WebService and click Finish.
  4. Expand the Web Service References node. You would see Add_Service service node.
  5. We will now make a servlet that uses this web service to add and deduct two Numberss.
  6. Right chink undertaking node and make a new servlet called ‘AddServlet ‘ .
  7. Right chink within the attempt method of the servlet, Insert codification and Web Service operation. Choose the attention deficit disorder and subtract methods.
  8. Rearrange the codification a spot

Drumhead

In this chapter, we studied what web services really are and the demand of web services. We discussed the constituents of web services. We besides learnt how to develop a web service and client in NetBeans. In the undermentioned chapter, we will see how to add security to net applications and web services.

Chapter 3 – Security

Introduction

This chapter explains the security menaces and demands in web applications. It gives an debut to different types of security mechanisms. At the terminal, it explains how to implement security in web applications.

Security Menaces

Since our applications are deployed on World Wide Web, they are vulnerable to several types of menaces. Following are the most common security menaces.

  • Identity Interception
  • Masquerading
  • Replay Attack
  • Data interception and use
  • Repudiation
  • Denial of Service

Message Digest

A message digest is a cryptanalytic hash map that takes an arbitrary block of informations and returns a fixed-size spot threading. Any alteration in the message, no affair how little may it be, creates a considerable sum of alteration in the return twine.

Private Key Cryptography

Message Digests help us in guaranting the unity of the messages, but they do non supply message confidentiality. Private Key Cryptography is used for confidentiality. Both the transmitter and the receiving system have the same shared cardinal known as the private key. The transmitter sends the message in encrypted signifier utilizing a private key and the receiving system decrypts the message utilizing the same key. Hence, it is called Symmetric Key Cryptography.

Public Key Cryptography

In Private Key Cryptography, both the users must hold a transcript of the private key before secure messaging can get down. This means that private key is besides required to be sent to other user. This is done utilizing Public Key Cryptography. In Public Key Cryptography, each user has its ain public/private cardinal brace. The public key is shared whereas the private key is kept confidential. Recipient ‘s public key is used to code the message whenever a message is sent. This encrypted message, called ciphertext, can be decrypted merely by the receiver ‘s private key. Hence, message confidentiality is maintained as merely the receiver has entree it its private key. It is besides knows as Asymmetric Key Cryptography as two different keys are being used in the procedure.

Digital Signing

Digital Signing is used for hallmark ( verifying an individuality ) and non-repudiation. It uses the public/private cardinal combination. Sender creates message digest from the informations. Then, transmitter encrypts the message digest utilizing his private key. The receiver so uses the transmitter ‘s public key to decode the message digest. If the message digest is successfully deciphered, so the informations must be from the transmitter.

Digital Certificates

Digital Certificates add extra hallmark to the messages being sent. They are cryptographically signed and are practically impossible for anyone else to hammer. A certification can be purchased from ( signed by ) a well-known CA ( Certificate Authority ) like Verisign for a fee or can be self-signed when hallmark is non truly a concern, that is merely data privateness and unity are of import.

SSL ( Secure Sockets Layer )

SSL is by far the most dominant type of security used in web applications. It is a cryptanalytic protocol that provides security for communications over webs. It is a conveyance bed security mechanism.

SSL provides the undermentioned security:

  • Confidentiality ( Privacy )
  • Data unity ( Tamper-proofing )
  • Server hallmark
  • Optional client hallmark

SSL uses private or public key ( asymmetric ) strategy to make a secret key ( symmetric ) . Secret Key is so used for encoding of informations.

Key Exchange

  1. SSL client connects to an SSL waiter
  2. Server sends its ain certification that contains its public key.
  3. Then, client creates a random key ( premaster key ) and uses the waiter ‘s public key to code it.
  4. Client so sends encrypted premaster key to the waiter
  5. Then, server decrypts it ( merely the waiter that has the fiting private key can decode it ) and uses decrypted premaster key to make secret session key
  6. Now both client and waiter usage secret session key for farther communicating

Security in GlassFish Application Server

Procuring an application in GlassFish is achieved by puting up users and security groups in a security kingdom in the application waiter. Then, applications are configured to trust on a specific security kingdom for hallmark and mandate.

Security Realms

Security Realms are aggregations of user and security groups. A user may belong to one or more security groups. The security group defines what actions a user in that security group is allowed to execute.

GlassFish has 3 predefined security kingdom:

  • Admin-realm is used to pull off user ‘s entree to the GlassFish web console and can non be used for other applications.
  • File kingdom shops user information in a file.
  • Certificate kingdom looks for a client-side certification to authenticate the user.

Adding users to the Security Realms

Adding users to the kingdom is reasonably easy process. Listed below is the process to add users to the file kingdom. Similar stairss may be carried out to add users to other kingdoms.

File Realm Basic Authentication

In old subdivision, we covered how to add user and how to delegate them functions. In this subdivision, we will procure a web application so that merely decently authenticated and authorized users can entree it. In order to implement hallmark, we need to do alterations in the deployment forms, web.xml and sun-web.xml. We will foremost discourse web.xml, which is shown following.

Implementing HTTPS ( SSL Security )

Since the above application does non utilize HTTPS ( SSL over HTTP ) , the user ‘s certificates are Base64 encoded, non encrypted. It would be reasonably easy for an aggressor to decrypt these certificates. Following, we will exemplify how to add SSL security to a web application.

To add HTTPS or SSL Security to a web application, its web.xml file needs to be modified.

A waiter must hold an SSL Certificate to utilize HTTPS protocol. Typically, SSL certifications are issued by certificate governments such as Verisign or Thawte for some fees. GlassFish comes preconfigured with a self-signed SSL certification. As this certification has non been signed by a certification authorization, the browser pops up the above warning window when we try to entree a secured page via HTTPS. We can merely snap Proceed anyhow to accept the certification.

When we accept the certification, we are prompted the username and watchword.

After hallmark, we are granted the needed page. Any information transferred is encrypted. If entered incorrect certificates, the undermentioned mistake is displayed:

Security for Web Services in NetBeans IDE

Netbeans IDE provides a set of security profiles for configuring Web Services. When a developer, selects a security profile, the elements are updated in the WSDL. The runtime performs all the security described in the WSDL.

Following are the security profiles available in NetBeans:

  • Username Authentication with Symmetric Keys
  • Common Certificates Security
  • Transport Security ( SSL )
  • Message Authentication over SSL
  • SAML Authorization over SSL
  • Backing Certificate
  • SAML Sender Vouches with Certificates
  • SAML Holder of Key
  • STS Issued Token
  • STS Issued Token with Service Certificate

We will be exemplifying Username Authentication with Symmetric Keys profile and Transport Security ( SSL ) .

Username Authentication with Symmetric Keys

This security profiles performs 2 basic maps:

Integrity and Confidentiality utilizing keys

  • Single shared symmetric key is used to code the message
  • This key is generated at runtime and encrypted utilizing service ‘s certification
  • The client so needs to stipulate the assumed name in the truststore by indentifying the waiter ‘s certification assumed name.

Authentication utilizing username and watchword.

Transport Security ( SSL )

This security is provided by the conveyance mechanisms used to convey informations between client and waiter. It relies on HTTPS ( SSL over HHTP ) . It can be used for hallmark, unity and confidentiality. The procedure is the same as described above in SSL.

SAML Holder of Key

In this type of security, the client sends a signed SAML averment ( issued by some SAML authorization ) along with the client ‘s public key and mandate information. The waiter does non swear the client but the SAML authorization. The client marks the petition with its private key and encrypts utilizing server certification. The waiter marks the response with its private key and encrypts with cardinal that it earlier received with SAML averment.

How to add security in NetBeans IDE

    1. Right click the web service node and choice edit web service properties. 2. In Web Service attributes, choose the quality control check and look into ‘Secure Service ‘ . From the bead down list, select the NetBeans security profile you want to utilize.

Drumhead

In this chapter, we studied why security is needed and what type of security menaces we need to cover with. We looked into different types of security mechanisms available. We illustrated the security features available in GlassFish Server and Netbeans ; and how to implement the same in web applications and web services. In the following chapter, we will be planing the Patient Monitoring System web application.

Design

Introduction

This chapter explains the design stage of the Patient Monitoring System utilizing Object Oriented Design. It includes category diagrams, sequence diagrams and database scheme.

Object Oriented Design

Object oriented design is the procedure of be aftering a system of interacting objects for the intent of work outing a package job. It is an attack to package design. An object represents an entity that contains encapsulated informations and processs. The ‘object interface ‘ is defined which tells how the object can be interacted with. An object orientated plan is described by the interaction of these objects. In concern position, Object Oriented Design refers to the objects that make up that concern. For illustration, in a certain company, a concern object can dwell of people, informations files and database tabular arraies, artefacts, equipment, vehicles, etc.

Object Oriented Design includes the followers:

Use Case Diagram

Use instance diagram describes the system from the user ‘s point of position. It describes the interaction between histrions and the system itself, represented as a sequence of simple stairss. Actors are things which exist outside the system ( black box ) , and that take portion in a sequence of activities with the system to accomplish certain end. Actors may be end users, other systems, or hardware devices. Each usage instance is a complete series of events, described from the point of position of an histrion

System Sequence Diagram

System Sequence Diagram ( SSD ) is a sequence diagram that shows, for a one specific usage instance, the events that histrions generate, and possible inter-system events. System sequence diagrams can be called ocular sum-ups of the usage instances. An SSD should stipulate and demo the followers:

  • External histrions
  • Messages ( methods ) invoked
  • Return values associated with old messages
  • Indication of any loops

Class Diagram

Class Diagram is a inactive construction diagram that describes the construction of a system by stipulating the system ‘s categories, their properties, and their relationships between the categories.

Database Model

A database theoretical account or database scheme is the construction of a database, described in a linguistic communication that is supported by the database direction system. It is a graphical word picture of the database construction

Design of Patient Monitoring System

RequirementsPatient Login:

  1. Patient logs in to Patient Login System utilizing PatientID and watchword.
  2. Patient Login System checks if the patient exists and so, validates the patient.
  3. If patient does non be, Patient Login System creates new patient.

Doctor Login:

  1. Doctor logs in to Doctor Login System utilizing DoctorID and watchword. Doctor Login System validates the physician.

Schedule Appointment:

  1. Patient should be able to look into physician ‘s agenda, which is available in the Appointments System,
  2. Patient should schedule an assignment.

Consultation:

  1. Doctor should be able to add audiences with patients.
  2. Then, audience charges should be added in finance system.
  3. Consultation should order appropriate trials and relevant trial charges should be added in finance system. Test studies should be generated for assorted trials conducted.

Patient History:

  1. Doctors should be able to acquire the personal inside informations of patient.
  2. Patient should be able to recover his/her trial studies.

Text in bold are possible campaigners for Classes and text in italics for methods.

Sequence Diagrams

Patient Login

  1. Patient logs in to Patient Login System utilizing PatientID and watchword.
  2. Patient Login System checks if the patient exists and so, validates the patient.
  3. If patient does non be, Patient Login System creates new patient.

Doctor Login:

  1. Doctor logs in to Doctor Login System utilizing DoctorID and watchword.
  2. Doctor Login System validates the physician.

Schedule Appointment:

  1. Patient should be able to look into physician ‘s agenda, which is available in the Appointments System,
  2. Patient should schedule an assignment.

Consultation:

  1. Doctor should be able to add audiences with patients.
  2. Then, audience charges should be added in finance system.
  3. Consultation should order appropriate trials and relevant trial charges should be added in finance system. Test studies should be generated for assorted trials conducted.

Patient History:

  1. Doctors should be able to acquire the personal inside informations of patient.
  2. Patient should be able to recover his/her trial studies.

Drumhead

This chapter included the design stage of PMS. We studied the usage instance diagrams, SSDs, database scheme and the category diagram. In the following chapter, we will depict the execution of PMS Webapp.

Execution

Introduction

This chapter deals with the execution of web application based and web service based Patient Monitoring System. It illustrates the resources used and assorted characteristics provided by the system.

Resources

The resources used for the development of the Patient Monitoring System are:

NetBeans IDE 6.7.1

NetBeans IDE is an unfastened beginning IDE ( integrated development environment ) written in Java. It provides support for developments of all types of Java Applications including Java SE, Java EE, and Java ME etc. NetBeans IDE package for Java EE contains tools for developing JSPs, servlets, web services and Enterprise Java Beans ( EJB ) . The latest stable release is the NetBeans IDE 6.7.1.

GlassFish Application Server v2.1

GlassFish is an unfastened beginning application waiter provided by Sun Microsystems for Java EE applications. It is used to deploy all the web application and web services developed in NetBeans IDE.

MySQL

MySQL is a relational database direction system ( RDBMS ) . It runs as a waiter that provides multiple entrees to multiple databases. The database implemented in this undertaking has been developed utilizing MySQL.

Loging into Patient Monitoring System

When we run the PMS, 3 types of login are available –

  • Patient Login
  • Doctor Login
  • Administrator Login

All the login types require a particular ID and watchword that are stored in the database.

Patient Login JSP

The above screenshot is the Patient Login JSP. The patient can log in utilizing ID and watchword or make a new history. At creative activity of history, patient is given a alone ID.

Similar JSPs have been created for physician and admin login.

Patient Activities

Whenever a patient logs in, the image of the patient is displayed that is stored in the database along with the activities that can be carried out by the patient. A patient can make the followers:

  • Schedule assignment with a physician
  • View current assignments
  • Delete an bing assignment
  • View anterior audiences along with trials conducted
  • Log out of the system

Patient Activities

Some of import characteristics have been included in Schedule Appointment activity. On snaping the Schedule Appointment Tab, a list of physicians appears to choose from ; and so, a calendar appears to choose the day of the month.

Doctor Activities

A physician can execute the undermentioned activities:

  • View current assignments
  • View patient histories
  • Add audience
  • Add trials to the bing audiences
  • Log out of the system

Doctor Activities

When sing the patient history, physician can seek utilizing Patient ‘s ID or name. Then, select the patient.

Searching for Patient

Administrator Activities

A physician can execute the undermentioned activities:

  • Add a physician to the wellness attention
  • Delete an bing physician
  • View all the physicians with their inside informations
  • Upload images of patients
  • Log out of the system

Admin Activities

Uploading the image opens a list of patients and so, a duologue box to choose the image to be uploaded.

Uploading Image

Loging out

Session tracking in the system has been done utilizing concealed signifier Fieldss. To log out, every user has to snap the log out nexus given on the top right of each user session.

Loging Out

Web Services execution

Described above, is the web application based Patient Monitoring System. To develop the web services, each map was made into a web service as described in the sample illustration shows earlier.

ViewDoc Web Service Swing Client

Problems faced in execution

  • In the ViewDoc web service defined above, it can be seen that the return type is a list of objects defined by physician category. The low-level formatting of this list asks for the figure of objects to be created. But, it is impossible to foretell the figure of objects before making an SQL connexion. Therefore, an approximative figure of objects had to be considered.
  • It was observed that method ResultSet.getFetchSize did non work and ever displayed 0 as the consequence. Hence, the whole resultset had to be looped to acquire the figure of records.
  • Besides, when uploading images in JSP pages, the complete way of the image file can non be forwarded from one JSP to another. Merely the name of the image is forwarded. Therefore, a common booklet had to be maintained and defined in the servlet.

Drumhead

This chapter gave a brief overview of the Patient Monitoring System. It included the cardinal characteristics of the system and activities performed by users. In the following chapter, public presentation testing would be carried out.

Performance Testing

Introduction

This chapter illustrates the public presentation facet of the undertaking. It includes the demand for proving, different types of proving and their accounts. It besides contains different types of tools that can be used for proving.

Need for Testing

Depending on concern and proficient facets, the demands have been divided into two parts:

  • In Business: Since chief intent of concern web services is to do money, these services need to be up and running 24X7. If these slow down even marginally, the users may leap on to rival ‘s web site.
  • Technically, proving allows you to reply the undermentioned inquiries about your web service-
  • Is web service prepared for the expected traffic?
  • Does the web server have the capacity to increase the figure of clients in months to come?
  • How many users or clients can the web service grip before a user starts acquiring mistakes?
  • What is the response clip of a user chink in normal and heavy conditions?
  • Does the application support multiple coincident users?
  • Is the bandwidth provided by the web waiter sufficient?

Types of Trials

Performance Trials

These trials can be used to prove all parts of the web service or the web application to happen the manner best to optimise them for increased web traffic. By and large, this is done by proving different executions of a individual web page to look into which codification is the fastest.

Load Trials

These trials are considered the ‘real universe ‘ trials. Trials are done by making the best estimation of the expected traffic. You can implement estimated tonss on the web services and happen out the threshold bound.

Ramp Trials

Ramp trials are trials in which burden ( or the figure of users ) increases with clip. These trials determine the maximal burden a waiter can bear while supplying optimum entree to net service.

Testing Tools

A big figure of tools are available in the market for proving intents.

WAPT Web Application Testing

WAPT is a burden and emphasis proving tool which provides an easy cost effectual manner of proving web applications and net sites. It can besides prove secured HTTPS/SSL content. This tool allows simulation of HTTP/HTTPS petitions generated by 100s of users. It can prove under normal every bit good as high tonss. It generates the undermentioned studies for each trial:

  • Graphic charts exemplifying click clip, hits per second, chinks per scond
  • Server and User Bandwidth
  • Client ‘s wellness
  • Consequences per URL and Results per User
  • Logs of all the chinks per user/URL
  • Reports are available in HTML and CSV formats

The URL for proving can be entered manually or by URL entering characteristic of the tool. The tool allows three types of trials:

  • Fixed Load- Run trial with changeless burden until each user has clicked a specific figure of times
  • Periodic- Run trial with changeless burden for specific clip period
  • Ramp- Run trial with increasing burden for a specific clip period.

The test version of this tool allows upper limit of 20 clients to be simulated at a clip. This tool was found to be really effectual in proving web application and hence, this tool was decided to prove our web application.

SoapUI

SoapUI is an unfastened beginning Web Service proving tool. Its working includes Web Service review, Simulation, Mocking, Functional testing and Load proving. It is chiefly made for developers who consume WSDL or REST Web Services. Plugins for SoapUI are available in IDEs like NetBeans and Eclipse. SoapUI includes following characteristics for proving WSDL web services:

  • WSDL can be imported straight from the reference
  • SSL certification spectator
  • Integrated SOAP proctor
  • Support for Web Authentication
  • WS-Security support for encoding and decoding
  • Logs like HTTP log, mistake log, SoapUI log
  • Customization of HTTP headings
  • Different burden instance schemes with multiple togss are available.

TCP Mon

TCP Mon is an unfastened beginning public-service corporation that is used to supervise the informations fluxing on a TCP connexion. It is placed between a waiter and a client. The client connects to tcpmon and tcpmon forwards the client petition to the waiter. TCP Mon receives the response and passes it on to the client. In the procedure, it keeps log of the petition and the response. Below are the petition and response messages of the sample web service created earlier in this undertaking.

Testing of Web Application based Patient Monitoring System

The web application based patient monitoring system was tested for response times with and without HTTP Authorization over SSL Security utilizing WAPT ( Web Application Testing ) tool. Ramp up trials were performed get downing with 3 coincident clients and traveling up to 18 clients with stairss of 3. The consequences observed were as follows:

Testing of web application

Average Response Times

  • For unbarred web application – 47ms
  • For web application with HTTP Auth over SSL – 97ms

From the graph, the undermentioned consequences are apparent –

  • As the figure of coincident clients additions, overhead additions and therefore the response clip additions for both unbarred and secured web applications
  • Response times for secured web application are well higher than those of unbarred version. This is due to the fact that encoding and decoding methods take considerable clip.

Testing of Web Services based Patient Monitoring System

The web services based patient monitoring system was tested for response times with and without different types of security profiles. The undermentioned security profiles were incorporated and tested:

  • Username Token with symmetric keys
  • HTTP Authentication over SSL
  • SAML Holder of Key

The trials were carried out utilizing SoapUI tool. The undermentioned consequences were observed:

Testing of web service

Average Response Times

  • Unsecured web service – 59ms
  • SAML Holder of Key – 69ms
  • HTTP Authorization over SSL – 71ms
  • Username item with symmetric keys – 124ms

From the graph, the undermentioned consequences are apparent –

  • As the figure of coincident togss additions, overhead additions and therefore the response clip additions for both unbarred and secured web services
  • Response times for secured web services are higher than those of unbarred version. This is due to the fact that encoding and decoding methods take considerable clip
  • When comparing different security profiles, it is found that Username Token takes more clip than HTTP Authorization over SSL and SAML Holder of Key.

Security Profiles Response times

Problems faced while proving

  • Since the tools were test versions, there was a bound on the figure of coincident clients. As a consequence, figure of tools had to be tested.
  • SoapUI was observed to short-circuit the proxy scenes set. Hence, the petition message had to be copied from the TCP Mon log and so used as a petition in SoapUI.

Drumhead

In this chapter, public presentation testing of web application and web service has been done. And the consequences of different security profiles have been compared and presented.

Decision

In this study, design, execution and public presentation analysis of web application based and net services based Patient Monitoring System have been discussed. The design of the system was carried out utilizing Object Oriented Analysis and Design ( OOAD ) attack.

The system database contains confidential information like images, phone Numberss, references and other inside informations. Therefore, to protect such information from interlopers, execution of security is necessary. In the web based attack of the Patient Monitoring System, HTTP Authentication over SSL ( Secured Sockets Layer ) has been incorporated. For web services based attack, different security profiles have been implemented. These profiles include Username Authentication with symmetric keys, Transport Layer ( SSL ) , and SAML Holder of Key.

For public presentation testing of web application, WAPT ( Web Application Testing ) was used. SoapUI tool was used for proving web services by implementing different sorts of security profiles. The consequences have been compared and presented in the analysis chapter. Consequences observed in both the web application and the web services were as expected. First, adding any sort of security increased the operating expense by a considerable border. Second, it was observed that the operating expense ( or the response clip ) increases linearly with addition in traffic ( figure of clients ) . It was found that web service implementing Username item with symmetric keys profile increased more steeply with addition in figure of togss than the web services with SAML and SSL security.

The consequences found in this undertaking would be vastly utile when planing web applications or web services. More specifically, the consequences would assist to find what sort of security should be implemented depending upon the scalability of the web services.

Mentions

  1. Chappel, David A. “ Java Web Services ” . OReilly Media
  2. Monson-Haefel, Richard. “ J2EE Web Services ” . Boston: Pearson Education.
  3. Netbeans Support [ www.netbeans.org ] .
  4. Java Passion [ www.javapassion.com ]
  5. Java Community Website [ www.java.net ] .
  6. Sun Developer Works [ hypertext transfer protocol: //java.sun.com/developer ]
  7. Heffelfinger, David R. “ Java EE Development Using GlassFish Application Server ” . Birmingham: PACKT Printing
  8. IBM Developer Works [ www.ibm.com/developerworks ] .
  9. Schildt, Herbert. “ Java – The Complete Reference ” . New Delhi: Tata McGraw Hill
  10. Microsoft Developer Network [ www.msdn.microsoft.com ]

Post Author: admin