EmployeeWeb - Redesign of spirit-news and integration into the spirit@fhs ecosystem

8/3/2019 EmployeeWeb - Redesign of spirit-news and integration into the spirit@fhs ecosystem

1/41

Bachelor Thesis

EmployeeWeb - Redesign of spirit-news

and integration into the spirit@fhs ecosystem

Bachelor of Science- Computer Science -

Faculty of Computer ScienceSupervisor: Prof. Dr. Oliver Braun

Assessor: Prof. Dr. Dietmar Beyer

Author:Marcus Denison

Matr.-Nr. 280362Brckenauerstr. 21

97772 Wildflecken

Schmalkalden, 09-01-2011


2/41

Abstract

This thesis deals with the implementation of EmployeeWeb, a web application whichcan be integrated into the spirit@fhs ecosystem. The key task of EmployeeWeb is toact as the frontend for all employees in order to create/update news or events whichconcern the students at the faculty of computer science. Based on the ideas fromspirit-news, EmployeeWeb was designed from scratch to have a cleaner code base.EmployeeWeb received a more modular User management layer, a persistence layerbased on the Active Record Pattern and the option of being upgraded very easily.The prototype was developed using the Lift webframework, a secure and scalableframework using the Scala programming language.


3/41

Acknowledgements

Many among my fellow students, professors that have taught me my knowledge, theLift Community, my supervisor during my internship and at last but not least myparents have greatly deserved to be honorably mentioned.


4/41

Contents

1 Introduction 1

2 Goals 2

3 Background 33.1 Scala: Functional and Object-oriented programming . . . . . . . . . . 3

3.1.1 Functional Scala . . . . . . . . . . . . . . . . . . . . . . . . . 33.1.2 Object-oriented Scala . . . . . . . . . . . . . . . . . . . . . . . 4

3.2 Lift: A web framework implemented with Scala . . . . . . . . . . . . 53.2.1 A brief history . . . . . . . . . . . . . . . . . . . . . . . . . . 53.2.2 Design Goals . . . . . . . . . . . . . . . . . . . . . . . . . . . 53.2.3 Goodbye MVC, Hello V-VM-M . . . . . . . . . . . . . . . . . 63.2.4 Lifts answers to OWASP Top 10 . . . . . . . . . . . . . . . . 7

4 Analysis of the current implementation 94.1 User Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94.2 Persistence Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

4.3 Security vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . 134.3.1 Session Stealing . . . . . . . . . . . . . . . . . . . . . . . . . . 144.3.2 Cross Site Scripting . . . . . . . . . . . . . . . . . . . . . . . . 144.3.3 SQL Injection . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

4.4 Design failures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

5 A new implementation from scratch 195.1 Authentication Module . . . . . . . . . . . . . . . . . . . . . . . . . . 195.2 SpiritRecord based on the Active Record Pattern . . . . . . . . . . . 215.3 A cleaner design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235.4 DRY - Dont repeat yourself . . . . . . . . . . . . . . . . . . . . . . . 24

6 Integration into the spirit@fhs ecosystem 266.1 SPIRIT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266.2 StudWeb . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286.3 RESTful DB-Service . . . . . . . . . . . . . . . . . . . . . . . . . . . 286.4 Merging with PlanningWeb . . . . . . . . . . . . . . . . . . . . . . . 30

7 Conclusion and Future work 31

Bibliography 32

Statutory declaration 37

Marcus DenisonIV


5/41

1 Introduction

Innocent Code - A Security Wake-Up Call for Web Programmers is the title of abook by Sverre H. Huseby [Hus03]. It addresses the needs of developing secure webapplications. Sverre H. Huseby sets up 27 best practices, how one can evolve to abetter web programmer. Web application security does not start with a firewall norwith encryption, first of all it is more the developer which has to be sensitised inwriting more reliable and secure code. It is important that the developer under-stands the complete chain between data input on the client side and data processing

on the server side.

The Web Application Security Consortium released the Web Application SecurityStatistic Project in 20081, which revealed data about over 12,000 web applicationswith more than 97,000 detected vulnerabilities of different risks. Around 13 per-cent of the tested web applications were vulnerable to be compromised completelyautomatically. Half of the tested web applications contained high risk level vul-nerabilities. Cross Site Scripting was the most found security issue with overall 39percent, this problem problem is based in the code of the web applications. In ad-dition there were around 41.000 vulnerabilities found on administrative side.

The Lift web framework praises itself to be a secure web framework, which willbe illustrated in chapter 3. The objectives of this thesis is it to analyse spirit-news,a web application which was implemented with Lift and a novice developer, as well asre-implement this web application with a developer who had a deeper look into theLift libraries and integrate the new implementation into the spirit@fhs ecosystem.

1

http://projects.webappsec.org/w/page/13246989/Web-Application-Security-Statistics

Marcus Denison Page 1 of 37
http://projects.webappsec.org/w/page/13246989/Web-Application-Security-Statisticshttp://projects.webappsec.org/w/page/13246989/Web-Application-Security-Statisticshttp://projects.webappsec.org/w/page/13246989/Web-Application-Security-Statisticshttp://projects.webappsec.org/w/page/13246989/Web-Application-Security-Statistics


6/41

2 Goals

Primary goal is it to get a better understanding of the Lift libraries and the creationof a cleaner design which can be adopted for new features within the project. It isalso necessary to take a closer look at the security features which are integrated intothe web framework. The following Steps which will be taken throughout this thesis:

Analysing the implementation of spirit-news and which false decisions weremade, due to lack of experience.

Taking a short glance at the security, since it was not taken into considerationwhen spirit-news was implemented.

Taking spirit-news apart, create modules and use more of Lift internal librariesfor implementing features.

Evaluate the new design, whether it is efficient enough to be used any furtherin this project.

Integrating the new implementation into the spirit@fhs ecosystem and whichpossible failures for the design it might bring.

In each chapter one or more of these steps will be evaluated.

The output will be a sample web application as a prototype, which is not meant tobe fully functional but will be released as an open source project, so anyone couldwork on this to make it really work.



7/41

3 Background

"Modern Applications Demand Modern Tools" was stated on the greylockpartnersblog1 when theyve invested $3 million Dollars into the new founded company Type-Safe2 by Martin Odersky3.

Preparing for a new era, it is important to take a look at modern programminglanguages and their frameworks. A quick introduction into the Scala4 ProgrammingLanguage and an overview of the Lift5 web framework is going to be part of this

chapter. In this thesis Scala 2.8.1 and Lift 2.3 are outlined.

3.1 Scala: Functional and Object-oriented

programming

The name Scala stands for scalable language. The language is so called because itwas designed to grow with the demands of its users. [OSV10, P. 3] It combines theworld of the object-oriented [Mey00] with the functional programming paradigm[Bar11, P. 292 f.].

One of the key features is that Scala compiles down to Java Byte Code which meansit runs flawlessly on the Java Virtual Machine, so any Java library can be usedwithin Scala program code without a problem.

3.1.1 Functional Scala

Collections After version 2.7.7, Scala introduced a re-design of the collectionslibrary, which now is very powerful. Creating either a mutable or immutable col-lection, they inherit very useful methods from the Traversable trait, such as mapflatMap foldLeft foldRight foreach collect and many more6 which help the developerto write concise and readable program code.

Lazy Evaluation Using the keyword lazy as a modifier in front of a definitionfor a value, it is set for lazy evaluation. Therefore in the process of object instanti-ation, the value is not evaluated. Once the value is called it will be evaluated, theevaluation is only done once and the result is saved into that value. Only vals can

1http://greylockvc.com/2011/05/12/why-we-invested-in-typesafe-modern-

applications-demand-modern-tools/2http://typesafe.com/3http://people.epfl.ch/martin.odersky4http://www.scala-lang.org5

http://www.liftweb.net6http://www.scala-lang.org/api/2.8.1/scala/collection/Traversable.html

http://greylockvc.com/2011/05/12/why-we-invested-in-typesafe-modern-applications-demand-modern-tools/http://greylockvc.com/2011/05/12/why-we-invested-in-typesafe-modern-applications-demand-modern-tools/http://typesafe.com/http://people.epfl.ch/martin.oderskyhttp://www.scala-lang.org/http://www.liftweb.net/http://www.scala-lang.org/api/2.8.1/scala/collection/Traversable.htmlhttp://www.scala-lang.org/api/2.8.1/scala/collection/Traversable.htmlhttp://www.liftweb.net/http://www.scala-lang.org/http://people.epfl.ch/martin.oderskyhttp://typesafe.com/http://greylockvc.com/2011/05/12/why-we-invested-in-typesafe-modern-applications-demand-modern-tools/http://greylockvc.com/2011/05/12/why-we-invested-in-typesafe-modern-applications-demand-modern-tools/


8/41

3. Background Marcus Denison

be modified for lazy evaluation.

Functions Functions are first-class citizens in functional programming. It is possi-ble to pass functions as parameters to other functions, return functions from func-

tions or nest functions into functions. Functions that take functions as parametersare so called higher-order functions. [Sub09, P. 75 f.]

Currying Transforming a function that takes more than one parameter into afunction that takes multiple parameter lists, is called Currying, named after HaskellBrooks Curry7, whose first name is also the name of the pure functional program-ming language Haskell8.

3.1.2 Object-oriented Scala

Classes Classes are the blueprint for objects. Defining methods and fields, whichcan be used when the class is instantiated as an object. Scala holds several types ofother classes, such as case classes, abstract classes and sealed classes. The differenttypes of classes differ from their usage.

Objects Objects refer to the singleton design pattern [FFSB04, P. 177], instead ofdefining it as a class the keyword object is used for direct instantiation of an object.A special object is the companion object [Bra10, P. 57], it refers to a class with thesame name, thus they know each other and share their fields and methods.

Traits Reusing code is a very important topic in a programming language. Traitscan be used to define methods and fields, it is possible to mix in a various number oftraits into a class or an object. Also it is possible to only declare abstract methodsand fields, whence they need to be defined where the trait is mixed in.

Scratching on the surface of Scala was the purpose of this chapter. For a broadoverview of Scala it is recommended to read at least one or more books which dealwith the Scala programming language, referenced in this thesis.

7

http://www-history.mcs.st-and.ac.uk/history/Biographies/Curry.html8http://www.haskell.org

University of Applied Sciences Schmalkalden SS 2011 Page 4 of37
http://www-history.mcs.st-and.ac.uk/history/Biographies/Curry.htmlhttp://www.haskell.org/http://www.haskell.org/http://www-history.mcs.st-and.ac.uk/history/Biographies/Curry.html


9/41


3.2 Lift: A web framework implemented with Scala

Taking a quick glance at the Lift web framework and where it came from.

3.2.1 A brief history

On November 21st, 2006 David Pollak wrote a Web Framework Manifesto whichincluded several criteria for a good web framework. The list with 24 criteria was saidas feasibly with existing technologies, such as Rails9, Seaside10, Erlyweb11, Jifty12,Django13 and Aranea14. After searching for a reasonable programming language,he stumbled across Scala. In 2007 the Lift web framework was born. Lift 1.0 wasreleased on February 26, 2009. Until now David Pollak remains leader of this opensource project. In the meanwhile Lift is available in the version 2.3 and 2.4 is on itsway.

3.2.2 Design Goals

Three main design goals, which Lift has achieved and they are still being worked onto get better on each release there is made:

Security Lift takes a great approach at helping the developer, which isntfamiliar with the threats that come from the Internet. Lift provides protec-tion against common attacks such as cross-site request forgery15, cross-sitescripting16 and SQL injection17.

Conciseness Precisely because Lift was realized with Scala, it takes advantageof Scala being very expressive with very few lines of code and thus Scalahas functional programming rudiments and functional programming is moreelegant [Bar11, P. 302], it is to say that producing code with Scala is moreelegant than in an web framework which was realized with an imperativeprogramming language.

Performance According to Gomez18: The average on-line shopper expectsyour pages to load in two or less seconds. [com09, P. 2] Lift takes this partseriously and according to Timothy Perrett 300 requests per second with only1 GB RAM and a middle-of-the-road processor could be expected [Per10, P.

4]. Based on this, using lots more RAM and adjusting the JVM settings theperformance of Lift can be tremendously fast.

9http://rubyonrails.com10http://seaside.st11http://erlyweb.org12http://jifty.org13http://www.djangoproject.com14http://www.araneaframework.org15https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)16https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)17

https://www.owasp.org/index.php/SQL_Injection18The Web Performance Division of Compuware.

http://rubyonrails.com/http://seaside.st/http://erlyweb.org/http://jifty.org/http://www.djangoproject.com/http://www.araneaframework.org/https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)https://www.owasp.org/index.php/SQL_Injectionhttps://www.owasp.org/index.php/SQL_Injectionhttps://www.owasp.org/index.php/Cross-site_Scripting_(XSS)https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)http://www.araneaframework.org/http://www.djangoproject.com/http://jifty.org/http://erlyweb.org/http://seaside.st/http://rubyonrails.com/


10/41


3.2.3 Goodbye MVC, Hello V-VM-M

The Model View Controller Pattern [Fow03] is the most common approach for UserInterfaces by web frameworks. According to Timothy Perrett, in the design phase

of Lift there was a conscious choice not to use MVC, since MVC assumes that eachpage has a single driving call to action; in modern applications this is no longer thecase. The approach that was first implemented in Lift was called View first. In theBook Lift in Action [Per10] it is called V-VM-M19.

Figure 3.1: View-ViewModel-Model

An explanation what Figure 3.1, taken from Lift in Action [Per10, P. 4], means.

View There are two approaches which are valid for Lifts View templates.Validated XHTML templates are the first and the more important one, sec-ondly, embedded XML within Scala code which is generated into a valid View.Lift forces the developer to write correct XML markup. It is not possible toput any logic within a XHTML template.

ViewModel The middle piece of this pattern, also called snippet. A Scalaclass or object may represent a snippet, which are responsible for renderingvalid HTML output. Snippets are not controllers, as known from the MVC

pattern. Snippets should only be responsible for non-control flow actions.Views can call any amount of snippets. According to David Pollak, snippets arethe reason why developers have to work hard to introduce cross site scriptingvulnerability [Pol11, Ch. 3.4].

Model The third part is responsible for taking calls from and returning datato the ViewModel. Data from the persistence and return values from actionscan be a part of this.

19View-ViewModel-Model



11/41


3.2.4 Lifts answers to OWASP Top 10

In a discussion from the year 2009 within the Lift mailing-list, David Pollak men-tioned ten answers20 to the OWASP21 Top 10 of 200722. Table 3.1 lists these answers.

Table 3.1: Lift vs. OWASP Top 10

Web application vulnerability Lifts answerA1 - Cross Site Scripting (XSS) "Lift is resistant to XSS attacks. By default

pages are composed in XML rather than Strings.It takes the developer extra work to insert XSSstrings into output rather than having to makesure each String is properly escaped before beingcated to the output."

A2 - Injection Flaws "Lift is resistant to SQL Injection attacks be-cause mapper and JPA do not compose Stringsinto SQL statements, but rather bind well typedparameters into prepared statements. So, if yougo the normal path, you get SQL injection re-sistance. If you want to manually craft a Stringto send as a query, in mapper you have to signthe string with the time, date and a certificationthat youve reviewed the String for SQL Injec-tion problems."

A3 - Malicious File Execution "Lift never shells out. You cant cause a fileto be executed from a Lift app unless your appmanually uses Javas Runtime.execute() call."

A4 - Insecure Direct ObjectReference

"By default, Lift creates opaque GUIDs to referto components on the server side (whether thatsa function to execute when a form field is sub-mitted, what to do on an Ajax call, etc.) By de-fault, its easier to use this callback mechanism

than advertise a primary key or other sensitivepiece of information. Lift also has the Key-Obfuscator which will create a session-specificmapping of primary keys to opaque ids. Us-ing KeyObfuscator, you can send JSON objectsto the client with stable primary keys that areobfuscated and not usable outside the currentsession."

20http://groups.google.com/group/liftweb/browse_thread/thread/c140011a62ba3b7/

50fb371a72949474?hl=en&lnk=gst&q=security#50fb371a7294947421

The Open Web Application Security Project22https://www.owasp.org/index.php/Top_10_2007

http://groups.google.com/group/liftweb/browse_thread/thread/c140011a62ba3b7/50fb371a72949474?hl=en&lnk=gst&q=security#50fb371a72949474http://groups.google.com/group/liftweb/browse_thread/thread/c140011a62ba3b7/50fb371a72949474?hl=en&lnk=gst&q=security#50fb371a72949474https://www.owasp.org/index.php/Top_10_2007https://www.owasp.org/index.php/Top_10_2007http://groups.google.com/group/liftweb/browse_thread/thread/c140011a62ba3b7/50fb371a72949474?hl=en&lnk=gst&q=security#50fb371a72949474http://groups.google.com/group/liftweb/browse_thread/thread/c140011a62ba3b7/50fb371a72949474?hl=en&lnk=gst&q=security#50fb371a72949474


12/41


Table 3.1: (continued)

A5 - Cross Site RequestForgery (CSRF) "By default Lifts form fields contain GUIDsthat are cryptographically impossible to predict.Its not possible to do CSRF because one doesnot know the name of form fields (they are notstable)."

A6 - Information Leakage andImproper Error Handling

"Lift has different production vs. developmentmode error messages. Theres little informationthat leaks about underlying configurations, evenexceptions, in production mode."

A7 - Broken Authenticationand Session Management

"Lift uses the containers session management(usually JSESSIONID) for session management.Of course, anything thats not over SSL is vul-nerable to a cookie stealing attack."

A8 - Insecure CryptographicStorage

"Crypto key storage is a container-level issue."

A9 - Insecure Communications "See 7"

A10 - Failure to Restrict URLAccess

"Lifts sitemap is the best and most secure inte-gration of UI and page-level access. You canlook at the sitemap to determine the accesscontrol rules for a given page (its declarative)and its enforced long before your page gets ac-cessed."

This chapter was an introduction into the Lift web framework, for further under-standings please see Simply Lift [Pol11], Lift in Action [Per11], or Exploring Lift[DCBW11].



13/41

4 Analysis of the currentimplementation

EmployeeWeb is based on an older project called spirit-news1, thus it is necessary toanalyse spirit-news to separate the parts which can be adopted from the parts whichare not reusable. First it is discussed how the features are implemented, afterwardsdesign failures will be reviewed.

4.1 User Management

The User Management was based on the MegaProtoUser[DCBW11, Ch. 8.2.8],although it was necessary to take advantage of the FhS2 internal LDAP3 Service,which provides access for every employee. What was not taken into considerationat that point, was that there are two different LDAP Servers, named ldap1 4 andzefi5. In Listing 4.1 a part of the LDAPAuth trait6 is shown which is used to getaccess over an fhs-id7. At first the LDAP support was only integrated for one LDAPServer, after realizing the existence of more than one LDAP Server, a proper wayof handling user authentication should have been implemented, but instead Listing4.1 was the output. Explaining the three instances of trying to authenticate a userwith this implementation:

First an attribute is called from a configuration file, finding any additionalusers in that file. This was implemented because external employees do nothave an official fhs-id.

Secondly the user is matched against the official LDAP Server.

If both options fail from above, the user is matched against zefi. This wasimplemented because it was a more proper way instead of filling in users that

dont have an fhs-id into the extra configuration file.

1https://github.com/spirit-fhs/news2University of Applied Sciences Schmalkalden3Lightweight Directory Access Protocol4LDAP Server across all faculties5LDAP Server only for the Faculty of Computer Science6https://github.com/spirit-fhs/news/blob/master/src/main/scala/org/unsane/

spirit/news/model/LDAPAuth.scala7Username based on the membership at the FhS

https://github.com/spirit-fhs/newshttps://github.com/spirit-fhs/news/blob/master/src/main/scala/org/unsane/spirit/news/model/LDAPAuth.scalahttps://github.com/spirit-fhs/news/blob/master/src/main/scala/org/unsane/spirit/news/model/LDAPAuth.scalahttps://github.com/spirit-fhs/news/blob/master/src/main/scala/org/unsane/spirit/news/model/LDAPAuth.scalahttps://github.com/spirit-fhs/news/blob/master/src/main/scala/org/unsane/spirit/news/model/LDAPAuth.scalahttps://github.com/spirit-fhs/news


14/41

4. Analysis of the current implementation Marcus Denison

Listing 4.1: LDAPAuth

d ef t r yL o gi n ( u s e rN a me : S tr in g , p a ss W or d : S t ri n g ) :

B oo le an = {

/ / a ll o w a d di t io n a l u s er s i n s e tt i ng . p r o p e rt i es

v al a d d it i o na l U se r s =

l o a d P r o p s ( " u s e r s " ) . s p l i t ( ; ) . m a p { _ . t r i m }

i f ( a d d i ti o n al U s er s c o nt a in s u s er N am e ) {

v al u se rI nf o =

l o a d P r o p s ( u s e r N a m e ) . s p l i t ( ; ) . m a p { _ . t r i m }

i f ( u s er In fo . l e ng th > = 3 ) {

i f ( u s e rI n fo ( 2 ) = = m d 5 Su m St r i ng ( p a ss W or d ) ) {

S . s e t S e s s i o n A t t r i b u t e ( " f u l l n a me " , u s e r I nf o ( 0 ) )

S . s e t S e s s i o n A t t r i b u t e ( " e m a i l " , u s e r I n f o ( 1 ) )

true}}}

i f ( u s eL DA PA u th ) {

t r y L o g in L D A P ( u s e r Na m e , p a s s W or d )

}

e ls e {

S . s e t S e s s i o n A t t r i b ut e ( " f u l l n am e " , u s e r Na m e )

S . s e t S e s s i o n A t t r i b ut e ( " e m a il " , " t e s t u s e r @ n o n v a l i d " )

true

}}

d ef t r yL o g in L D AP (

userName: String ,

passWord: String ,

l da pS er ve r : S tr in g = " l da p1 "

) : B oo le an = {

v al ( l d ap UR L , d n ) =

i f ( l d ap S er ve r = = " l da p1 " ) {

( " l d a p s : / / l d a p 1 . f h - s c h m a l k a l d e n . d e : 6 3 6 "

, " ui d= " + u se rN am e + " ," +

( i f ( u s e r Na m e . e q u a l s ( " d e n i s o n " ) )

"ou=students ,dc=fh-sm,dc=de"

else

"ou=people ,dc=fh-sm,dc=de"))

} e ls e if ( l da pS er ve r = = " ze fi " ) {

( " l d a p s : / / z e f i . f h - s c h m a l k a l d e n . d e : 6 3 6 "

, " ui d =" + u se rN am e +

",ou= people ,ou=in ,dc=fh- schmalkalden ,dc=de" )

} els e { fa ls e }}


15/41


Reviewing a part of the User object8 in Listing 4.2, demonstrates how LDAP au-thentication is integrated into the User life cycle within the project. In detail:

The LDAPAuth trait is mixed in via with LDAPAuth

The values sitemap, loginXhtml and login are overridden in order to receiveproper output for the user which is viewing the login page.

Within the definition of login, the tryLogin method is called and if successfulthe user name is logged in and a valid session is opened for the users browser.

Listing 4.2: User Object

o b je c t U se r e x te n ds U se r w it h M e t aM e g aP r o to U s er [ U s e r ]

w it h L DA PA ut h w it h C on fi g {

...

o ve rr id e l az y v al s it em ap : L is t [ Me nu ] =L i st ( l o g in M e nu L o c , l o g o u t M en u L o c ) . f l a t t e n ( a = > a )

o ve rr id e d ef l og in Xh tm l = {

...

< tr > < t d s t y l e = " b o r d e r : 0 ; c o l s p a n : 2 " >

{ S . ?? ( " lo g . in " ) }

< tr > < t d s t y l e = " b o r d e r : 0 " >

{ S . ?? ( " FHS - I D " ) }

< / td > < t d s t y le = " b o r de r : 0 " >

 < / td > < / tr >


{ S . ?? ( " p as sw or d " ) }

< / td > < t d s t y le = " b o r de r : 0 " >

 < / td > < / tr >


 < / t d > < / t r >

...}

o ve rr id e de f l og in = {

i f ( S . po st _ ? ) {

...i f ( t r y L og i n ( S . p a r a m ( " u s e r n a m e " ) . o p e n _ ! ,

S . p a r a m ( " p a s s w o r d " ) . o p e n _ ! ) ) {

U s e r . l o g U s e r I d I n ( S . p a r a m ( " u s e r n a m e " ) . o p e n _ ! )

...

} e l s e { }

} ... }}

A comparison between Figure 4.1 and 4.2 views the differences without and withthe necessary modifications for employee authentication.

8

https://github.com/spirit-fhs/news/blob/master/src/main/scala/org/unsane/spirit/news/model/User.scala

https://github.com/spirit-fhs/news/blob/master/src/main/scala/org/unsane/spirit/news/model/User.scalahttps://github.com/spirit-fhs/news/blob/master/src/main/scala/org/unsane/spirit/news/model/User.scalahttps://github.com/spirit-fhs/news/blob/master/src/main/scala/org/unsane/spirit/news/model/User.scalahttps://github.com/spirit-fhs/news/blob/master/src/main/scala/org/unsane/spirit/news/model/User.scala


16/41


Figure 4.1: Before modification of the User object

Figure 4.2: After modification of the User object

4.2 Persistence Layer

The primary function of spirit-news is to provide information from employees for

students, information that may be filtered by term, creation date or by employee.Since spirit-news was adopted in a course on functional programming, it was the ideato use a NoSQL [SEB10] database for the back end, MongoDB9 was chosen becauseLift has a working Record [Per11, Ch. 11.1] implementation. Figure 4.3 displays theUML notation of the implemented Record for spirit-news. Listing 4.3 demonstratesthe usage of the Entry Record implemented in the CRUDEntry class10, fetching allnews that were created by the user that was authenticated by LDAP and displayingthem to the user. Figure 4.4 views the output in the users browser.

9http://www.mongodb.org/10

https://github.com/spirit-fhs/news/blob/master/src/main/scala/org/unsane/spirit/news/snippet/CRUDEntry.scala

http://www.mongodb.org/https://github.com/spirit-fhs/news/blob/master/src/main/scala/org/unsane/spirit/news/snippet/CRUDEntry.scalahttps://github.com/spirit-fhs/news/blob/master/src/main/scala/org/unsane/spirit/news/snippet/CRUDEntry.scalahttps://github.com/spirit-fhs/news/blob/master/src/main/scala/org/unsane/spirit/news/snippet/CRUDEntry.scalahttps://github.com/spirit-fhs/news/blob/master/src/main/scala/org/unsane/spirit/news/snippet/CRUDEntry.scalahttp://www.mongodb.org/

17/41


Figure 4.3: Entry Record

Listing 4.3: Record Usage

d ef v i e wU s e rE n t ri e s ( x h tm l : N o de S eq ) : N o de S eq = {E n t r y . f i n d A l l (

" n a m e " - > U s er . c u r r e n t Us e r I d . o p e n _ ! . t o S t r i n g ) . s o r t W i t h (

( e nt ry 1 , e nt ry 2 ) = > ( e n tr y1 > e nt ry 2 )

) . f l a tM a p ( v = >

< t d s t y l e = " b o r d e r : 0 " > {

v . w r i t e r . v a l u e . t o S t r i n g

} < / t d >

...

< t d s t y l e = " b o r d e r : 0 " > {

l in k ( " / e di t / d e le t e " , ( ) = > C u rr e n tE n t ry ( F u l l ( v )) ,

T e x t ( " D e l e t e " ) )

} < / t d >

)

}

Figure 4.4: Entries by a User

As mentioned in the previous chapter user management was not part of the re-quired persistence. User management was retrieved from the internal LDAP servers.

4.3 Security vulnerabilities

Spirit-news was implemented without any design in mind and without secure con-cepts for a web application, since Lift was stated as a secure web framework. Taking


18/41


three common vulnerabilities (Cross Site Scripting11, Session Stealing12 and Injec-tion13) and reviewing why they are or arent potential risks to spirit-news.

4.3.1 Session Stealing

Lift renders everything stateful by default, means that for every user a new sessionwill be created. For as long as this user browses the entire web application, thesession sticks to the users browser. Nevertheless, the server should assign the clienta new session when the client uses an authentication mechanism. Figure 4.5 displaysa delineation of the login process within spirit-news. A quick explanation on Figure4.5:

The client visits the starting page of the server.

The server responds with a session for that client. Taking into consideration, at this point a Man in the middle attack [Hus03]

could have listened to the communication and have been able to read cleartext since both steps were made with a non-SSL connection.

The client visits the login page, now via an SSL connection, and sends anauthentication request to the server, in order to get access to restricted pages.

The server responses, via an SSL connection, that the login was successful andthat the session for this client is now able to see the restricted areas.

The password cant be stolen at this point, since it is sent over an SSL connection.Although the created session at the beginning was sent over a non-SSL connectionand was read by a Man in the middle attack. Since the session is not getting renewedby the server when authenticating the user, the stolen session can be used from anybrowser. Which means an unauthorized person can now act as the user that justlogged in.

4.3.2 Cross Site Scripting

All pages are rendered to a user, thus it is ensured that no static HTML files werecompromised on the server side. However it is necessary to guarantee that data

inputted by a user will not be a threat to other users displaying that information.Despite the fact that only employees use the forms for the input of data, takinginto consideration that a user account may be compromised and someone may tryto input harmful data.In chapter 4.4.1 it was explained that a session might be stolen from a user. If thatwould be the case the following scenario might happen. Figure 4.6 is an exampleinput of a simple script that will bring a pop up message when the page is loaded,in that case this would be an XSS14 vulnerability. Listing 4.4 is part of the imple-

11https://www.owasp.org/index.php/Top_10_2010-A212https://www.owasp.org/index.php/Top_10_2010-A313

https://www.owasp.org/index.php/Top_10_2010-A114Cross Site Scripting

https://www.owasp.org/index.php/Top_10_2010-A2https://www.owasp.org/index.php/Top_10_2010-A3https://www.owasp.org/index.php/Top_10_2010-A1https://www.owasp.org/index.php/Top_10_2010-A1https://www.owasp.org/index.php/Top_10_2010-A3https://www.owasp.org/index.php/Top_10_2010-A2


19/41


Figure 4.5: User Session

Figure 4.6: XSS Input

mentation for the text area which the user uses for inputting data, which takes theinput and stores it into the database without checking for any malicious code.

Listing 4.4: Textarea coded ef v ie w ( xh tm l : N od eS eq ) : N od eS eq = {

b i nd ( " C R U D V ie w " , x ht m l ,

...

" t e x t a r e a " - > t e x t a re a ( C r u d E nt r y . n e w s . v a l u e . t o S t ri n g ,

C r u d E n t r y . n e w s . s e t ( _ ) ,

" ro ws " - > " 12 " , " c ol s " - > " 80 " ,

" s ty le " - > " w id th : 1 00 % " , " i d " - > "

e n t r y " ) ,

...)}



20/41


Listing 4.5 is the function which renders the inputted data from the database tothe browser. It doesnt check for malicious code either. The Textile-Parser15 justindicates that a markup language may be used for output. On the other hand, Figure4.7 views the data just as it was inputted. Lift escapes everything by default, so it

is hard for the developer to introduce XSS vulnerabilities, as stated by David Pollak[Pol11, Ch. 3.4].

Listing 4.5: Textarea output code

de f v ie w ( x ht ml : N od eS eq ) : N od eS eq = {

...

" n ew s " - >

T e x t i l e P a r s e r . t o H t m l ( e n t r y . n e w s . v a l u e . t o S t r i n g ) ) )

...}

Figure 4.7: XSS Output

4.3.3 SQL InjectionIn the previous chapters 4.4.1 and 4.4.2, two vulnerabilities were evaluated where anSSL connection from the beginning would have been sufficient enough to disallowthe Man in the middle attack. Whereas SQL Injection, can be done with either non-SSL or an SSL connection. This is where the developer needs to be aware of whatprogrammcode he is producing. As it is stated on the MongoDB website, the onlyrisk there could be using MongoDB is using server side JavaScript16, which is nota part of spirit-news. Also the Record implementation is binding typed parametersinto prepared statements, thus it makes it even more reliable to be secure.

4.4 Design failures

As mentioned in the beginning of chapter 4, the results of the analysis will be eval-uated here. User management has three points of authentication and depends ontwo LDAP servers17. The option for extra users in a configuration file is obsoleteand should have been removed when introducing zefi into the authentication mech-anism. If there is a new option introduced for user authentication at the FhS, itcan be a painful task to implement this into spirit-news since someone would have

15A HTML Markup language.16

http://www.mongodb.org/display/DOCS/Do+I+Have+to+Worry+About+SQL+Injection17See Chapter 4 for the three points of authentication and two LDAP servers.

http://www.mongodb.org/display/DOCS/Do+I+Have+to+Worry+About+SQL+Injectionhttp://www.mongodb.org/display/DOCS/Do+I+Have+to+Worry+About+SQL+Injection


21/41


to understand the whole code base to adopt a new mechanism.

Reviewing Figure 4.3 every field of an Entry was implemented as a StringField,that means the attributes semester, date, lifecycle and nr could not be obvious to

other developers. Creating new features using the Entry record for spirit-news couldcause tremendous problems for a developer, since type-safety18 is not given for thoseattributes at any point. The same occurs with the attribute nr which is used as asort of primary key, while the primary key should be handled by the database andnot by business logic within the program code. Reviewing Listing 4.6 and 4.7 whichare parts of the snippet that creates the view for inputting news, both methods arecontrolling the usage of the nr attribute. Recalling that this attribute is used as theprimary key for entries and should be handled by the persistence layer and not bythe snippets which are actually only used by rendering output to the users browser.Another part is that both methods make usage of the possibility to send the created

entry as an email or tweeting19

it on twitter20

.Listing 4.6: Update method

d ef u pd at e () {

v al o l dN r = C r ud E nt r y . n r . va l ue

v al n ew Nr =

i f ( t w e e tU p d at e )

i f ( E n t r yC o u nt e r . f i n dA l l . i s Em p ty ) " 1 "

e l se E n t r y C o un t e r . f i n d A l l . h e a d . c o u n t e r . t o S t r i n g

e ls e o ld N r

...

if ( n ew Nr ! = o ld Nr ) {

v al c ou nt =

i f ( E n t r y C o un t e r . f i n d A l l . i s E m p t y )

E n t r y C o u n t e r . c r e a t e R e c o r d

else

E n t r y C o u n t e r . f i n d A l l . h e a d

c o un t . c o u nt e r . s et ( ( n e wN r . t o In t + 1 ) . t oS t ri n g )

count.save

}

i f ( s e n dE m ai l )

M a i l H a n d l e r . s e n d ( T e x t i l e P a r s e r . t o H t m l (

CrudEntry. news.value ).toString ,

" [ U p da t e ] " + C r ud E nt r y . s u bj e ct . v a lu e ,

l o a dE m ai l s ( c h a n ge d S em e s te r s p li t ( " " ) ) )

if ( t we et & & t we et U pd at e )

18Giving assurance that objects are always compatible with each other.19

Posting on twitter.com is called tweeting.20http://www.twitter.com

http://www.twitter.com/http://www.twitter.com/


22/41


S pr ea de r ! T we et ( " [ U pd at e ] " +

C r u d E n t r y . s u b j e c t . v a l u e ,

c h a n g e d Se m e s t e r . s p l i t ( " " ) . m a p ( " # " + _ ) . m k S tr i ng ,

newNr)}

Listing 4.7: Create method

d ef c re at e () {

lazy val nr =

i f ( E n t r yC o u nt e r . f i n dA l l . i s Em p ty ) " 1 "

e l se E n t r y C o un t e r . f i n d A l l . h e a d . c o u n t e r . t o S t r i n g

...

v al c ou nt =

i f ( E n t r y C o un t e r . f i n d A l l . i s E m p t y )

E n t r y C o u n t e r . c r e a t e R e c o r d

else

E n t r y C o u n t e r . f i n d A l l . h e a d

c o un t . c o u nt e r . s et ( ( n r . t oI n t + 1 ) . t o St r in g )

count.save

i f ( s e n dE m ai l & & c h a ng e d Se m e st e r . n o n Em p ty ) {

M a i l H a n d l e r . s e n d ( T e x t i l e P a r s e r . t o H t m l (

CrudEntry.news.value.toString).toString ,

C r u d E n t r y . s u b j e c t . v a l u e ,

l o a d E m ai l s ( c h a n g e d Se m e s t e r . s p l i t ( " " ) ) ) }if ( t we et ) {

S p re a de r ! T w ee t ( C r u dE n tr y . s u b je c t . v al ue ,

c h a n g e d Se m e s t e r . s p l i t ( " " ) . m a p ( " # " + _ ) . m k S tr i n g ,

nr )

}

}

The security issue regarding session stealing, was known prior to Lift version 2.2and was fixed during the development of the 2.2 release21. But other than relying

on the framework in all terms, it was also a failure in the server side configuration.

Putting it all together, spirit-news was implemented without any knowledge onpersistence layers, security nor where to properly put business logic within the codebase. It is necessary to re-think the implementation of the user management, re-design the persistence UML and clearly put business logic where it belongs.

21

https://www.assembla.com/spaces/liftweb/tickets/727-create-new-http-session-on-login

https://www.assembla.com/spaces/liftweb/tickets/727-create-new-http-session-on-loginhttps://www.assembla.com/spaces/liftweb/tickets/727-create-new-http-session-on-loginhttps://www.assembla.com/spaces/liftweb/tickets/727-create-new-http-session-on-loginhttps://www.assembla.com/spaces/liftweb/tickets/727-create-new-http-session-on-login


23/41

5 A new implementation fromscratch

"Leave the campground cleaner than you found it." This boy scout rule was appliedto the programming profession in a book on clean coding [Mar09]. Due to this fact,it is necessary to re-factor the messy campground that was evaluated in chapter 4.

5.1 Authentication ModuleInstead of creating a new user management within EmployeeWeb, an authenticationmodule based on the ideas of a Lift module1 was implemented. The module wasdesigned to work for any Lift project which needs to have authentication at the FhSvia employee or students fhs-id. Also a clean API for other developers was a goal.Based on the failures evaluated in chapter 4 and the ideas mentioned here, the FhS-LDAP-Module2 was created. The module is authenticating users only against zefi,which holds all FhS members and external employees of the Faculty of ComputerScience. Taking a look at Figure 5.1 and 5.2 both LDAP servers are still used, sincespecific attributes are only found on ldap1 and others only on zefi. However the APIwas created to be clear to the developer using it and having a set of methods andan object with all attributes needed from an FhS member, which was implementedsuccessfully. Listing 5.1 is a part of the EmployeeWeb bootstrap which demonstratesthe easy usage of the module. After initialisation the API is ready for usage.

Listing 5.1: FhS LDAP Module Init

p a c k ag e b o o t s tr a p . l i f t w e b

...

i m p or t d e . c o d e c a r v i ng . f h s l da p . f h s l d a p

...

c la ss B oo t .. . {

d ef b oo t {

...

/ / S ta rt in g t he F hS L DA P M od ul e

fhsldap.init

. .. } }

1

https://www.assembla.com/spaces/liftweb/wiki/Modules2https://github.com/mdenison/FhS-LDAP-Module

https://www.assembla.com/spaces/liftweb/wiki/Moduleshttps://github.com/mdenison/FhS-LDAP-Modulehttps://github.com/mdenison/FhS-LDAP-Modulehttps://www.assembla.com/spaces/liftweb/wiki/Modules


24/41

5. A new implementation from scratch Marcus Denison

Figure 5.1: FhS-LDAP-Module API

Figure 5.2: FhS-LDAP Module API LDAP Attributes


25/41


5.2 SpiritRecord based on the Active Record

Pattern

With the exception of the type occupancy, the persistence layer of spirit-news isreusable in some ways. Comparing Figure 4.3 with the re-factored Figure 5.3 onlysmall adjustments were done. The Entry can be reused, but it was unclear at thestarting point of EmployeeWeb which database will be used as a back end, so onlythe database schema is really reusable. One of the requirements was to adopt apersistence layer, which can be used for any database as a back end. Reviewing theActive Record Pattern [Fow03, P. 160] and the Data Mapper, [Fow03, P. 165] bothdefined by Martin Fowler, it was clear to use the Active Record Pattern, since theLift web framework has a bare bone Record3 which can be easily adopted into newimplementations.

Figure 5.3: Re-factored Entry Record

Figure 5.4 explains the path of creating an instance of a type which has inheritedfrom the SpiritRecord. Listing 5.2 shows an example which defines methods for aSpiritRecord, pattern matching [OSV10] against which database as back end shallbe used and for what kind of SpiritRecord the methods are needed. Reviewing theSpiritMetaRecord trait in Figure 5.4, it is clear that the MethodFactory is given theparameter this, thus the MethodFactory returns the appropriate object of methodsfor the type which was created, in the example case for an SpiritEntry.

Listing 5.2: Method factory

o b je c t M e th o d Fa c t or y {

d ef a p pl y [ T < : S p ir i t Re c o rd [ T ] ] ( i n : T ) : S p i ri t M et h o ds [ T

] = ( db , in ) match {

c as e ( t hi s . re st , i n: S pi r it En tr y ) = >

n e w p e r s i s te n c e . r e s t . S p i r i t E n t r y M e t h o d s [ T ]

c as e ( t hi s . h2 db , i n: S pi r it En tr y ) = >

n e w p e r s i s te n c e . h 2 . S p i r i t E n t r y M e t h o d s [ T ]

3Found in the package net.liftweb.record .


26/41


...

}

lazy val db =

P r o p s . g e t ( " s p i r i t . a d m i n . r e c o r d . b a c k e n t r y " ) . o p e n O r ( ( " ") )

l az y v al h 2d b = " h 2d b" / / U sa ge f or H2 D at ab as e

l az y v al r es t = " r es t" / / U sa ge f or R ES Tf ul D B S er vi ce

}

Every SpiritRecord, which is created needs to implement the methods defined inthe SpiritMethods trait4 in order to work flawlessly, therefore the verbosity mayincrease to an tremendously unreadable code chaos. That is the reason why theMethodFactory was implemented. Once a SpiritRecord is implemented and a deci-

sion for a different database may come up, that specific SpiritRecord does not haveto be changed, merely the classes which are instanced by the MethodFactory haveto be adjusted. This chapter described the implementation of SpiritRecord, which

Figure 5.4: SpiritRecord UML

allows the code to be cleaner than it was within spirit-news. The next chapter isgoing to explain, how the SpiritRecord helps having a cleaner design.

4See Figure 5.4.



27/41


5.3 A cleaner design

"A programmer without code-sense can look at a messy module and recognize themess but will have no idea what to do about it. A programmer with code-sense will

look at a messy module and see options and variations. The code-sense will helpthat programmer choose the best variation and guide him or her to plot a sequenceof behavior preserving transformations to get from here to there." [Mar09, P. 7]

The definition of a clean code base can vary from developer to developer, this chap-ter is to view an example of how a cleaner design was achieved by re-factoring.In chapter 4.5, it was already mentioned that there were horrible design failures.Such as Listing 4.6 and 4.7. Listing 5.3 is the re-factored snippet for creating,updating news and also responsible for rendering the forms for the users browser.Business logic was removed from all snippets in order to achieve a cleaner design.

It was a great impact using the Active Record Pattern, since business logic can bea part of a Record [Fow03, P. 161]. Having already bare bone methods from theLift-record which may be executed before or after any action that is going to takeplace when interacting with the implemented back end is also a feature which isvery helpful, which can be seen in Listing 5.4.

Listing 5.3: Refactored snippet for writing news

def r en der = {

d ef p ro ce ss ( ): J sC md = {

o p e n E n t r y . s e m e s t e r . s e t F r o m D i r t y L i s t (s e m e s t e r L i s t . t o L i s t )

o p e n E n t r y . s a v e ( o p e n E n t r y . n e w E n t r y . v a l u e )

S . r e d i r e c t T o ( " / n e w s / n e w s " )

}

" n a me = t w i t t er B o ol " # >

o pe nE nt r y . t wi tt e rB oo l . t oF or m . ma p { x = > x } &

" name = em ai lB oo l " # >

o pe nE nt r y . e ma il Bo ol . t o Fo rm . m ap { x = > x } &" n a me = d i s p l ay N a me " # >

o pe nE nt r y . d is pl a yN am e . t oF or m . ma p { x = > x } &

" name =subject " # >

o pe nE nt r y . su bj ec t . t oF or m . ma p { x = > x } &

" name = news " # >

o pe nE nt r y . ne ws . t o Fo rm . m ap { x = > x } &

" name =expires " # >

( o p en En tr y . e xp ir es . t o Fo rm . m ap { x = > x } + +

S H t ml . h i d de n ( p r o c e s s ) ) &

" type =preview " # >c r e a t e P r e v ie w B u t t o n &


28/41


" name =tooltip " # >

createTextileTooltip

}

Listing 5.4: Validating that the subject is never empty

o b je c t s u bj e ct e x te n ds S t r in g Fi e l d ( th is , 1 00 )

w it h L i f ec y c le C a ll b a ck s {

o v er r id e d ef b e fo r eS a ve ( ) {

i f ( t h is . v a l ue . i s E m pt y ) {

t hi s . s et ( n e ws . v a l ue . / : ( ( " " , 2 0) ) {

( o u tp ut , i np u t ) = >

if ( o ut pu t ._ 2 = = 0)

output

else

( o ut pu t . _1 + i np ut , o ut pu t . _2 - 1 )

}. _ 1 + " ... " )

}

}

}

5.4 DRY - Dont repeat yourself

DRY is a programming principle [HT99] which defines reducing code by reusingthe same code over and over. If business logic needs to change, then this changewill affect every program piece which uses the defined code and doesnt have to beapplied to all pieces of business logic.

The idea was to create a piece of code, which allows the developer to reuse it forany SpiritRecord in order to create a link for deletion in the back end with a con-firmation dialog. Listing 5.5 can be mixed in any snippet where a link for deletinga SpiritRecord is necessary. If a user wishes to delete an Entry, the browser will beblocked by a dialog, asking for confirmation or truncation.

Listing 5.5: Block UI traitt r ai t b l oc k UI e x te n ds G l o ba l R eq u e st s {

o b j e ct r e l o a d A f te r D e l e t e

e x t e nd s R e q u e st V a r [ S t r i n g ] ( " / i n d e x " )

d ef d el et eL in k [ T < : S p ir it R ec or d [ T ]] ( in : T ) : E le m = {

S H tm l . a ( () = > { C u r re n t Sp i r it R e co r d ( F u ll ( i n ) ) ;

S . r u n T e m p l a t e ( L i s t ( " _ d e l e t e _ t e m p l a t e " ) ) .

m ap ( n s = > M o d al D ia l o g ( ns ) ) o p en O r

A l er t ( " C o ul d n t f in d _ d e l et e _ t e m pl a te " ) } ,

T e x t ( " L o e s c h e n " ))

29/41


}

d ef c on f ir md e le t e ( in : N od eS eq ) = {

( " na me = ye s" # > (( b : N od eS eq ) = > a ja xB ut to n (b , () = > {

C u r r e n t S p i r i t R e c o r d . o p e n _ ! . d e l e t e _ !U n bl o ck & R e d ir e ct T o ( r e l o ad A f te r D el e t e ) } ) ) &

" n am e = no " # > ( ( b: N od eS eq ) = >

 { b } )

) ( i n )

}

}

This is an example of the DRY principle, since it can be used by any SpiritRecordwithout modification and if another style of dialog is needed it is only to be changed

within the blockUI trait and nowhere else.


30/41

6 Integration into the spirit@fhsecosystem

During the implementation of spirit-news, the idea came up to create a bigger projectwhich would provide the possibility to create applications around an eco-system, inorder to be used by students and employees. Project SPIRIT was created and itstands for Service Point Information READ IT1.This chapter describes what other projects are important for EmployeeWeb and how

they interact with each other. EmployeeWeb is still actively developed, the workdescribed in this chapter is a so called Work in Progress.

6.1 SPIRIT

Figure 6.1 is a basic structure of most projects worked on at the present momentand how they communicate.

Data - Is a RESTful DB-Service which provides the persistence for the com-plete ecosystem.

StudWeb - The front end for Students, where it is possible to read news, submitcomments and define their schedule for the current semester.

Mobile - Mobile applications which can be used to interact with the completeecosystem, based on Android, Windows Mobile and the iPhone platform.

Migrate - Defining an interface between the old schedule and the sub-projectdata is the goal of the Migrate project.

LibSpirit - Providing access to the RESTful DB-Service through a C Library,which can be used in class to create small pieces of software by students inorder to achieve a greater learning effect.

EmployeeWeb & PlanningWeb - Both projects shall interact as the front endfor employees, EmployeeWeb is part of this thesis and PlanningWeb providessupport for time scheduling.

For a more complete and comprehensible list of projects and a more detailed expla-nation, please see the spirit@fhs projects website2.

1The project name came up on a Wednesday afternoon when Oliver Braun and the Author were

brainstorming.2http://pads.fh-schmalkalden.de/spirit.html

http://pads.fh-schmalkalden.de/spirit.htmlhttp://pads.fh-schmalkalden.de/spirit.html


31/41

6. Integration into the spirit@fhs ecosystem Marcus Denison

Figure 6.1: The spirit@fhs ecosystem



32/41


6.2 StudWeb

After introducing the spirit@fhs ecosystem, the communication between two projectswhich are more important to EmployeeWeb are to be reviewed, one of them is

StudWeb.All communication between StudWeb and EmployeeWeb is happening through theDB-Service. Basically an agreement had to be found which defines the data, whicheverneeds to be transferred between the two projects. The second agreement was fora markup-language, the textile markup language3 was chosen, since the Lift webframework has superior support with a textile plug in.

6.3 RESTful DB-Service

The second project which is most important for EmployeeWeb is the RESTful DB-

Service. With a defined specification it is possible to interact with this service via aREST interface. The REST interface returns everything via the JSON format4, thusit was the decision to use the support of the powerful lift-json5 library. In order tostrengthen the decision for lift-json, an example integration for fetching news fromthe REST service will be evaluated. Explaining listing 6.1:

Defining that the request shall return the data in the JSON format.

The request is defined to only fetch the data for the logged in user.

The request and the option for JSON are concatenated.

The returned JSON value is extracted into the case class which is defined atthe bottom of listing 6.1.

The newsList is transformed into a List[SpiritEntry].

If any changes occur within the REST service, only the case class and the mappingwould having the need of adjustment. The actual SpiritEntry Record does not haveto be touched.

Listing 6.1: Fetching data from the RESTful DB-Service

d ef f in dA ll ( ) : L is t [ T] = {v al a sJ so n =

M ap ( " A c c ep t " - > " a p p l ic a t io n / j s on " ) . t o Ma p

val req =

n ew R eq ue st ( r e st UR L + " n ew s ? ow ne r = " +

U s e r . c u r r e n t U s e r I d . o p e n _ ! )

3http://textile.thresholdstate.com/4JavaScript Object Notation.5

Even if the library is a part of the Lift web framework, it may be used by any Scala projectwithout having dependencies on Lift.

http://textile.thresholdstate.com/http://textile.thresholdstate.com/

33/41


v al r aw Js on =

h ( re q < : < a sJ so n a s_ s tr )

v al n ew sL is t = f or {

i < - ( p ar se ( r a wJ so n ) \ " n ew s " ) . c hi ld re n} y i el d i . e x t ra c t [ n ew s ]

n ew sL is t ma p { nl = >

v al n ew S E = S p ir i t En t ry . c r ea t e Re c o rd

n e w S E . i d . s e t ( n l . n e w s _ i d )

n e w S E . s u b j e c t . s e t ( n l . t i t l e )

n e w S E . n e w s . s e t ( n l . c o n t e n t )

n e w S E . d i s p l a y N a m e . s e t ( n l . o w n e r . d i s p l a y e d N a m e )

n e w S E . c r d a t e . s e t ( n l . c r e a t i o n D a t e )

n e w S E . s e m e s t e r . s e t ( n l . d e g r e e C l a s s . m a p ( _ . t i t l e ) )n e w S E . a s I n s t a n c e O f [ T ]

}

}

c as e c l as s n ew s ( n e ws _ i d : I nt , t i tl e : S tr in g ,

c o nt e nt : S tr in g , o wn e r : o wn er ,

creationDate : String ,

d e g r e e Cl a s s : L i st [ d e g r e e Cl a s s ] )

Listing 6.2 is a rudimentary implementation of the save(inst: T) method of the

SpiritEntry. Which uses the :-* method, defined in the SpiritEntry, to get a validJSON string from a created SpiritRecord in order to send it to the RESTful DB-Service.

Listing 6.2: Saving data to the RESTful DB-Service

de f s av e (i ns t : T ): B oo le an = {

v al i n = i ns t . a s I ns t a nc e O f [ S p i ri t E nt r y ]

v al a sJ so n =

M ap ( " A c c ep t " - > " a p p l ic a ti o n / j s on " ," C o n te n t - T y p e " - > " a p p l i c a t i o n / j s o n " ) . t o M a p

v al r eq = n ew R eq ue st ( r e st UR L + " n ew s " ) <


34/41


6.4 Merging with PlanningWeb

PlanningWeb and EmployeeWeb were planned to be the front end for employeesas mentioned before in this chapter. Both are developed with Scala and the Lift

web framework, therefore integrating both into one single project should not be abig problem. Table 6.1 compares both, to achieve an overview what parts of bothprojects might be a blocker in order to disallow a merge. Theoretically, based on

Table 6.1: EmployeeWeb vs. PlanningWeb

EmployeeWeb PlanningWebPersistence SpiritRecord MongoRecord

User management FhS-LDAP-Module FhS-LDAP-Module

Lift Version 2.3 2.3

the comparison, the only difference is the persistence layer. It would be necessaryto evaluate the behaviour of the Lift web framework when defining more than onepersistence layer within the bootstrap.

Chapter 6 described the easiness of integration into the spirit@fhs ecosystem, thanksto the thoughtful integration of the Active Record Pattern which was evaluatedin chapter 5. Merging PlanningWeb with EmployeeWeb into one project was notachieved. In chapter 7 next steps and future work on the integration are going tobe specified.



35/41

7 Conclusion and Future work

Stated in chapter 2, the main goal was to achieve a better understanding of the Liftweb framework. The main goal was achieved by implementing a User module, theSpiritRecord and achieving the knowledge in order to create a cleaner code base.The new design was completely developed for this project and up to this point it isefficient enough to be developed further in the future. A complete integration intothe spirit@fhs ecosystem was not achieved, due to lack of time.

At last, reflecting a list of what future work might and should be done with Em-ployeeWeb.

Integration into the spirit@fhs - It is still necessary to implement a working bridgebetween EmployeeWeb and the RESTful DB-Service. The essentials were developedduring this thesis, building on top of these would be an optimal option for a workingsolution.

Merging into PlanningWeb - Creating one project out of EmployeeWeb and Plan-ningWeb should be done, otherwise the users of EmployeeWeb and PlanningWeb are

distracted always having to log into two different systems. It would be welcomedfor user experience to have both projects in one front end.

Upgrading to Lift 2.4 - Lift 2.4 is on its way and holds many bug fixes and en-hancements, one of them is ticket NR. 10611. This would make the integration ofPlanningWeb into EmployeeWeb a lot easier.

Design & Usability - User experience is an important role in web applications, Em-ployeeWeb is in need of a design which fits the FhS and a better usability when auser uses the application.

1

https://www.assembla.com/spaces/liftweb/tickets/1061-allow-snippet-resolution-for-subpackages

https://www.assembla.com/spaces/liftweb/tickets/1061-allow-snippet-resolution-for-subpackageshttps://www.assembla.com/spaces/liftweb/tickets/1061-allow-snippet-resolution-for-subpackageshttps://www.assembla.com/spaces/liftweb/tickets/1061-allow-snippet-resolution-for-subpackageshttps://www.assembla.com/spaces/liftweb/tickets/1061-allow-snippet-resolution-for-subpackages


36/41

Bibliography

[Bar11] Barski, Conrad: Land of Lisp. no starch press, 2011

[Bra10] Braun, Oliver: Scala Objektfunktionale Programmierung. CarlHanser Verlag, 2010

[com09] compurware, Gomez The Web Performance D.: Why Web Per- formance Matters. Whitepaper, 2009. Available online at www.gomez.com/pdfs/wp_why_web_performance_matters.pdf, visited onJune 4th 2011.

[DCBW11] Derek Chen-Becker, Marius D. ; Weir, Tyler: Exploring Lift: Lift2.0 Edition. http://exploring.liftweb.net, 2011. Available online athttp://exploring.liftweb.net, visited on June 4th 2011

[FFSB04] Freeman, Eric ; Freeman, Elisabeth ; Sierra, Kathy ; Bates, Bert:Head First Design Patterns. OReilly, 2004

[Fow03] Fowler, Martin: Patterns of Enterprise Application Architecture. Ad-dison Wesley, 2003

[HT99] Hunt, Andrew ; Thomas, David: The Pragmatic Programmer. Addi-son Wesley, 1999

[Hus03] Huseby, Sverre H.: Innocent Code: A Security Wake-Up Call for WebProgrammers. John Wiley and Sons, 2003

[Mar09] Martin, Robert C.: Clean Code: A Handbook of Agile Softare Crafts-manship. Prentice Hall, 2009

[Mey00] Meyer, Bertrand: Object-Oriented Software Construction. Prentice

Hall, 2000[OSV10] Odersky, Martin ; Spoon, Lex ; Venners, Bill: Programming in

Scala 2nd Edition. artima, 2010

[Per10] Perrett, Timothy: Introducing Lift from Lift in Action. Greenpa-per, 2010. Available online at http://www.manning.com/perrett/;visited on June 3rd 2011.

[Per11] Perrett, Timothy: Lift in Action: The simply functional web frame-work for Scala. 2011. Available online at http://www.manning.com/perrett/, visited on June 3rd 2011.

http://www.gomez.com/pdfs/wp_why_web_performance_matters.pdfhttp://www.gomez.com/pdfs/wp_why_web_performance_matters.pdfhttp://exploring.liftweb.net/http://exploring.liftweb.net/http://www.manning.com/perrett/http://www.manning.com/perrett/http://www.manning.com/perrett/http://www.manning.com/perrett/http://www.manning.com/perrett/http://www.manning.com/perrett/http://www.manning.com/perrett/http://www.manning.com/perrett/http://exploring.liftweb.net/http://www.gomez.com/pdfs/wp_why_web_performance_matters.pdfhttp://www.gomez.com/pdfs/wp_why_web_performance_matters.pdf


37/41

Bibliography Marcus Denison

[Pol11] Pollak, David: Simply Lift. Website, 2011. Available online athttp://simply.lift.net; visited on June 3rd 2011.

[SEB10] Stefan Edlich, Jens H. Achim Friedland F. Achim Friedland ;

Brauer, Benjamin: NoSQL: Einstieg in die Welt nichtrelationalerWeb 2.0 Datenbanken. Hanser, 2010

[Sub09] Subramaniam, Venkat: Programming Scala: Tackle Multicore Com-plexity on the Java Virtual Machine. Pragmatic Programmers, 2009

http://simply.lift.net/http://simply.lift.net/


38/41

List of Figures

3.1 View-ViewModel-Model . . . . . . . . . . . . . . . . . . . . . . . . . 6

4.1 Before modification of the User object . . . . . . . . . . . . . . . . . 124.2 After modification of the User object . . . . . . . . . . . . . . . . . . 124.3 Entry Record . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134.4 Entries by a User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134.5 User Session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154.6 XSS Input . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154.7 XSS Output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

5.1 FhS-LDAP-Module API . . . . . . . . . . . . . . . . . . . . . . . . . 205.2 FhS-LDAP Module API LDAP Attributes . . . . . . . . . . . . . . . 205.3 Re-factored Entry Record . . . . . . . . . . . . . . . . . . . . . . . . 215.4 SpiritRecord UML . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

6.1 The spirit@fhs ecosystem . . . . . . . . . . . . . . . . . . . . . . . . . 27



39/41

List of Tables

3.1 Lift vs. OWASP Top 10 . . . . . . . . . . . . . . . . . . . . . . . . . 7

6.1 EmployeeWeb vs. PlanningWeb . . . . . . . . . . . . . . . . . . . . . 30



40/41

Listings

4.1 LDAPAuth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104.2 User Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114.3 Record Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124.4 Textarea code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154.5 Textarea output code . . . . . . . . . . . . . . . . . . . . . . . . . . . 164.6 Update method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

4.7 Create method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185.1 FhS LDAP Module Init . . . . . . . . . . . . . . . . . . . . . . . . . 195.2 Method factory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215.3 Refactored snippet for writing news . . . . . . . . . . . . . . . . . . . 235.4 Validating that the subject is never empty . . . . . . . . . . . . . . . 245.5 Block UI trait . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

6.1 Fetching data from the RESTful DB-Service . . . . . . . . . . . . . . 286.2 Saving data to the RESTful DB-Service . . . . . . . . . . . . . . . . 29



41/41

Statutory declaration

I declare that I have authored this thesis independently, that I have not used otherthan the declared sources / resources, and that I have explicitly marked all materialwhich has been quoted either literally or by content from the used sources.

Schmalkalden, 09-01-2011 Marcus Denison

EmployeeWeb - Redesign of spirit-news and integration into the spirit@fhs ecosystem

Documents

Transcript of EmployeeWeb - Redesign of spirit-news and integration into the spirit@fhs ecosystem