GC'12 Workshop: The 4th IEEE International Workshop on Management of Emerging Networks and Services

Secure For Mobile Devices

Muneer Malik and Dharma P. Agrawal ([email protected], [email protected]) Center of Distributed and Mobile Computing, School of Computing Sciences and Informatics University of Cincinnati, Cincinnati OH 45221-0008,

Abstract—A secure mobile web framework is proposed based HTML 5 based framework, which allows developers to write on MVC Struts 2 to support embedded browsers in mobile impressive apps that work on IOS (iPhone OS), Android, devices. The framework integrates JAAS with Tomcat Blackberry, Kindle Fire and many other devices. providing Authentication and Authorization. Encryption Animations, smooth scrolling and adaptive layouts are key Utility to support multiple providers, implementing a scheme attributes for HTML 5 based framework, rivaling native for short-lived session objects, support for the menu items technology. Financial Times (FT), a London paper is a HTML using configuration depending on the role and device 5 web app rather than a native app and “it helps publishers to category, view layer integration with Tiles 2 and rendering gain readers and sell more subscription without paying a views for both desktop and mobile without duplicating the platform fee” [3]. Struts 2 control action logic. Finally, an Electronic Medical Record – is designed and implemented for Although jQM is designed for writing mobile web apps, it Dialysis Center to further demonstrate the feasibility of the can also be used to build native apps that can be purchased and unified secure mobile web framework. downloaded from Apple app store or Android Market. PhoneGap and Rhodes lets you use an HTML 5 based apps and I. PROGRAMMING PARADIGMS IN MOBILE DEVICES wrap it in their framework and then run it natively. This approach allows access to device native features such as As smart phones have evolved and consumer’s expectations accelerometer, camera, compass, and media. WebGL (Web have risen, there has been an exponential growth in mobile Graphics Library) is yet another new technology that brings applications, including both business and gaming. We also see hardware 3D graphics to the browser without installing any this happening in various disciplines, notably in Health Care additional plug-ins. This technology is again extending existing and Financial Industries. Not all applications have to be run Javascript library that is getting a lot of momentum in native – that is, application running on a specific mobile supporting mobile devices. As of now, Java applets and Flash operating system and using its hardware resources. On the run times are not supported on mobile devices that leave contrary, the smart phones and tablets now have complete WebGL – a solid contender. support of full-fledged browser with access to , Cascading Style Sheet and JavaScript. The B. Unified Web Framework For Mobile Devices Table I below provides a quick comparison between web and As HTML 5 matures, and additional native look and feel native apps (applications). interactions are supported, there is an increasing need for a unified mobile web framework that caters to both desktop and TABLE I. WEB mobile users. From the section I-A, we noted how jQM, AND NATIVE APPS Sencha Touch – all being client side technologies that would Details need integration with server side components to provide a Comparison Web Native mobile web solution. In this paper, we provide an end-to-end framework – a secure mobile web framework that supports Easy and known Complex Environment – dependent Development technologies on device Operating System users for both desktop and mobile without duplicating the server side logic. The rest of the paper is organized as follows. Integration with device libraries Deployment Rapid Section II considers secure mobile framework in Struts 2. and application stores Section III provides implementation of Java Authorization and Internet Access Always Not Always/ Can work offline Authentication (JAAS) using Tomcat and Code Write Once Needs to be installed on the device broken into several subsections. Section IV proposes the design Existing web of an Encryption routine supporting multiple providers. Section Graphics Native Graphic Libraries technologies V describes the session object’s life cycle and provides Multiuser Yes Single User implementation for short-lived session objects. Section VI The line between the native and web application proposes Tiles 2 integration. Section VII establishes the User development does not have to be crystal clear and there could Profile session object, which is used in subsequent sections. be a third model which is gradually evolving in creating a Section VIII uses Tiles 2 as its basis for rendering menu items. hybrid application. The Facebook app is an example of a Section IX provides a scheme to support desktop and mobile hybrid app; it is downloaded from the app store and has all the browsers. Section X discusses an EMR application. Section XI features of a native app. follows with a conclusion.

A. Web Technologies - Look and Feel II. SECURE MOBILE FRAMEWORK USING STRUTS 2 HTML 5 – a new standard is proposed by W3C, which will Struts 2 – a second-generation web framework based on the support newer mobile technologies such as geo-location, Model View Controller (MVC) has become a “mainstream location based services [1], offline storage and sophisticated technology to build flexible, efficient, easy to deploy cross graphics. The jQuery Mobile (jQM) [2] framework is a HTML platform distributed applications”4]. Struts 2 provides many 5 based user interface system inherited from base version of new architectural features that make the framework cleaner, jQuery and jQuery UI (user interface) which allows designing flexible and easy to use, including interceptors allowing sophisticated rich web application that will work on popular common code to be defined in a clean re-usable components smartphones and tablets. Sencha Touch is one another popular

1 978-1-4673-4941-3/12/$31.00 ©2012 IEEE 781 that can be kept separate from the action logic; annotation Method Description based configuration to reduce XML configuration; a powerful Abort Abort the authentication process expression language, Object-Graph Navigation Language (OGNL) that is supported throughout the framework for easy A. JAAS Integration with Tomcat Application Server access to data residing in Value Stack, and mini framework for The realms are based on the users and the roles associated UI tags that supports modifiable and reusable UI components with them. Different realms provide support to read user’s role for faster development [5]. and password information from either a relational database, XML file or a simple text file. “JAASRealm is an There is no doubt about Struts 2 being a rich web implementation of the Tomcat 6 Realm interface that framework. But, it does not quite provide enough components authenticates users through the JAAS framework which is to start development on business logic. A developer still needs now provided as part of the standard Java Development Kit. It to worry about basic common components, i.e., Authentication is implementation of the Tomcat 6 Realm interface that and Authorization, Database access, and integration with View authenticates users through the JAAS framework which is Layer Framework. We noticed there is a need to extend the now provided as part of the standard Java Development Kit. It Struts 2 framework with a commonly used component that can is based on the JSR 196 [7] that enhances container-managed help developers to speed up their application development security and promote pluggable authentication mechanism cycle. This paper introduces basic components and moreover with implementation being container-independent” [8]. an Electronic Medical Record (EMR) web application as a proof of concept, supporting both desktop and mobile users without duplicating any action control logic.

III. AUTHENTICATION AND AUTHORIZATION JAAS is designed to provide a security framework for authenticating users and assigning user privileges. JAAS treats Subjects synonymous with users and Principals become associated with a Subject upon successful authentication [6]. JAAS allows pluggable authentication modules enabling developers to have their own implementation for authenticating a user with any back-end system. The second prominent feature of JAAS is having more than one authentication modules. JAAS could be configured in such a way that the user's Figure 2. Tomcat - Authenticator Valve [9] authentication would depend on making two disparate calls to back-end systems and only after successfully authenticating by

Figure 3. Tomcat - Authenticator Valve 9] Figure 1. Pluggable Authentication Modules Tomcat supports name and password callbacks which are Table II provides the description of each of the methods used in passed via the Authenticator to the Login Module. Figure 2 the Login Module. On successful authentication, a Principal shows the of a typical request which gets intercepted by object is created with valid groups assigned. the Authenticator valve. The Authenticator is responsible for checking valid subject by calling the getPrincipal method. We TABLE II. LOGI add a custom implementation so as to pass an additional N MODULE INTERFACE METHODS parameter, i.e., user-agent attribute to the Login Module as an additional callback. Each browser has a specific value which is Method Description used to differentiate a user-agent. If the user is entitled to both Initialize the Login Module with the subject (user) and callback the desktop and mobile groups, then only one specific category handler (Name and Password call backs) – the call back handler is Initialize responsible for passing the username and password at initialization group is added depending on the context of user-agent. so can be used in the login method to be passed to the back-end for authentication We first show how the groups are configured in Tomcat Authenticate a subject (User) with the back-end, developer provides and Java classes are extended to support the user-agent its own implementation. Method return value: callback. Second, we discuss a scheme where we use the user- Login true = commit method is called agent value to be compared against an XML file; which holds false = abort method is called specific browser information with device category information. Commit the authentication process and assign groups using the Commit principal object. The subject (user) is assigned the groups Thirdly, in Login Module’s commit method, we only add Logout Logs out a subject (User) specific groups with respect to a desktop or a mobile unit at run

2 782 time and create a valid Principal object. Lastly, we show the creates 3 callbacks- namely NameCallback for username, authentication via the web.xml configuration. NameCallback for user-agent, and PasswordCallback for B. Tomcat JAAS Configuration – Groups password. These callback objects are then passed to the custom JAAS handler and the handler method is invoked to get the In Figure 3, the roleClassNames property holds the values for the individual group names used in the web application and respective values in the Login Module. are extended from existing GroupPrincipal Java class. The public void handle(Callback callbacks[]) throws IOException, className property holds the custom implementation of JAAS UnsupportedCallbackException for passing user-agent value to the Login Module. The digest if (callbacks[i] instanceof NameCallback) { and digestCoding attribute allows password to be encrypted if(((NameCallback) when it reaches the Login Module. callbacks[i]).getPrompt().equalsIgnoreCase(CommonConstants.JAAS_USER EMR{net.polymorphic.emr.jaas.TomcatLoginModule REQUIRED AGENT)) { debug=true;}; ((NameCallback) callbacks[i]).setName(userAgent); }else { Figure 4. JAAS Login Module Config – emr.login ((NameCallback) callbacks[i]).setName(username); The “appName” attribute value in Figure 3 must match } with that in Figure 4, which is a text file configuration, Figure 8. Custom JAAS Handler referenced at the startup by JVM arguments as follows:

Djava.security.auth.login.config=/home/muneer/workspace/emr/ROOT/WebC ontent/WEB-INF/classes/emr.login Figure 5. JVM Args to load the JAAS Config Chrome/1 Firefox The JVM argument at startup in Figure 5 reads the content mozilla of the file in Figure 4 and loads the Login Module. The Login Module implementation follows the JAAS interface methods life cycle as discussed in Table II. Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_1 like Mac OS X; en_us) AppleWebKit/525.18.1 (KHTML, like ) C. Custom Form Authenticator Mozilla/5.0 (iPad; U; CPU OS 4_3_2 like Mac OS X; en-us) We provide a custom implementation by extending an AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8H7 Authenticator valve [10] in Figure 2 which passes the userID /6533.18.5 and password to the JAAS realm for authentication. We pass Mozilla/5.0 (iPhone; U; CPU iPhone OS 2_0 like Mac OS X; en- third user-agent parameter in the extended form authenticator us) AppleWebKit/525.18.1 (KHTML, like Gecko) by simply getting it from the HTTP Request object as shown in Figure 6. String username = request.getParameter(Constants.FORM_USERNAME); Figure 9. Sample UserAgent XML String password = request.getParameter(Constants.FORM_PASSWORD); String userAgent = request.getHeader("user-agent"); E. UserAgent XML principal = realm.authenticate(username, password,userAgent); Figure 9 shows a sample userAgent XML file which Figure 6. User-Agent in Extended Form Authentication separates the device category into two units namely desktop and mobile. Within the useragent node, we show the agent public class CustomJAASRealm extends JAASRealm{ nodes with exact values present in the HTTP Request header public Principal authenticate(String username, String credentials, for the device. Developer can add/remove the agents to be String userAgent) { return authenticate(username, supported for the mobile view. By default, the implementation new CustomJAASCallbackHandler(this, username, has a fallback mechanism to the desktop view when the entry is credentials,userAgent)); not matched for the mobile unit. a fallback mechanism to the } desktop view when the entry is not matched for the mobile } unit. Figure 7. Custom JAAS Realm F. Login Module D. Custom JAAS Realm For UserAgent Callback The login method in Table II is responsible for instantiating To support the modified authenticate method signature, we the callback objects to retrieve the values for username, modify the existing JAAS realm’s classes to pass the user- password, and user-agent. Once the values are retrieved, it can agent parameter value to the Login Module. The custom JAAS be further validated for length and special characters. Database realm is configured with the classname attribute value in Figure service call is made for authenticating the user. If successful; 3. The custom JAAS realm in Figure 7 receives the user-agent the program control is transferred to the commit method which value and passes to the custom JAAS callback handler. The is responsible for creating the principal object with groups handler method is called from Login Module to get the user- instantiated at run time specific to device category and are agent value. Figure 8 shows the code snippet of user-agent added to the Principal object. In Figure 10, we show a code value saved in the callback. It is important to note that user- snippet of group name being added to Principal object. agent is a text value similar to username; therefore while (it.hasNext()) { NameCallback can be applied to user-agent, which is already Group group = (Group) it.next(); supported by Tomcat. Class clas = null; clas = Class.forName(group.getGroupClass()); Figure 8 shows two cases for NameCallback when setting Class[] types = new Class[] {String.class}; values for the username and user-agent. The Login Module Constructor cons = clas.getConstructor(types); Object[] args = new Object[] {group.getGroupRole()};

3 783 GroupPrincipal cs = (GroupPrincipal)cons.newInstance(args); IV. ENCRYPTION subject.getPrincipals().add(cs); } The Java Software Development Kit (SDK) has been Figure 10. Groups added using Java Reflection enriched with several cipher libraries and algorithms, which We query the user-associated groups from the provide adequate support for the web applications. This also database and then compare the device category for each group includes creating a key-store file, accessing existing keystore, value with the device category found in Figure 9. We show a and keys within the keystore. We propose an encryption user-associated group schema in Figure 11. scheme as a singleton object that provides a simple interface to developers with easy maintenance via the properties file and a modular class interaction that can support an alternate implementation for loading the key-store. Further more, the implementation makes use of an annotation where a developer can tag the object property with encrypt or decrypt annotation so that the respective action for the cipher is executed. We propose an Abstract Factory pattern [11] that allows implementation to be selected at run time. Using the Sun JDK as a provider is one implementation versus using the hardware encryption board is another [12 ]. This feature is very useful when developers are using encryption routines in the development environment and do not have access to individual physical encryption board. In that case, an alternate implementation can be used for the development environment and a hardware implementation for testing and production environment.

TABLE IV. ENC Figure 11. User Associated Group Schema RYPTION CLASSES Class Description G. Authorization via Web.xml Name Tomcat provides authentication by simple configuration via the AbstractE An abstract class which provides the base methods and ncrypter implementation for performing encryption. web.xml. Table III shows the result set for a user-associated Encrypter Interface methods for providing services for encrypt and decrypt groups. Each eligible group class is instantiated at run time Encypter Factory class to provide the encryption implementation object at using Java reflection. The instantiated object and role are added Factory run time. It could be using the JDK and loading keys from the to the Principal object. The roles are further mapped to keystore or providing implementation for the hardware base individual URLs in web.xml to provide authentication. encryption to be stored and computed. Encypter To keep information of a provider, for example in JDK it would Provider be SUNJCE which provides the service. In IBM JDK, it is the TABLE III. TB_R IBMJCE. The providers are merely the vendors who provide EF_GROUP services for the encryption and are identified in the code. Encryptio Bean that holds the provider Index (if multiple providers are Id Role description Class device nResult used), Cipher object, keyName and providerName JCEProvi Class that inherits from Encrypter provider and provides the Registered net.polymorphic.emr.common.Tomcat.jaas.gro 1 RN desktop der specific provider implementation Nurse ups.RNGroupPrincipal SunJCE Class that inherits from AbstractEncrypter (abstract) class and net.polymorphic.emr.common.Tomcat.jaas.gro 2 MD Physician Desktop provides implementation by over-riding the abstract method. ups.MDGroupPrincipal Encrypt Annotation to specify for a property to be encrypted

Decrypt Annotation to specify for a property to be decrypted encrypter=net.polymorphic.emr.common.Encryption.SunJCE workflow jce.keystore.type=JCEKS /patient/workflow/* jce.keystore.name=keystore.jceks POST jce.keystore.pass=random GET jce.provider=SunJCE jce.keyAlias=mykey jce.keyPass=randomkey MD Figure 13. Configuration File RN SEC byte[] encBytes = new sun.misc.BASE64Decoder().decodeBuffer(decryptedString); Secured EncryptionResult encryptionResult = CONFIDENTIAL getProvider(shared_key,TRANSFORMATION); encryptionResult.cipher.init(Cipher.DECRYPT_MODE, encryptionResult.keyAlias, new IvParameterSpec(initializer),secureRandom); byte[] decrypted = Figure 12. Web.xml with URLs mapping encryptionResult.cipher.doFinal(encBytes); We show a sample web.xml configuration (Figure 12) Figure 14. Decrypt Implementation where the roles MD, RN and SEC are mapped to patient- workflow URL. Tomcat uses the web.xml to validate a URL if( field.isAnnotationPresent(Encrypt.class)){ whenever the user tries to access the web-resource. If a match annotatedFields.add(field); is found, the access is granted. We now show an Encryption }else if (field.isAnnotationPresent(Decrypt.class)){ module which goes hand in hand with Authorization. annotatedFields.add(field);

4 784 }else { for Encrypt or Decrypt

} name="contextClass">net.polymorphic.emr.centermedication.context.editVie wCenterMedicationContext Figure 15. Searching for Encrypt and Descrpt Annotations enter editViewCenterMedication java.util.Iterator it = annotatedFields.iterator(); while (it.hasNext()) { Field field = (Field)it.next(); editCenterMedication.tiles field.setAccessible(true); center.details.error.tiles Object value = field.get(objectInstance); value = encrypter.encryptString(value.toString()); Figure 18. Struts Config With New Params field.set(objectInstance, value); Strut 2 does an excellent job to make session objects } available in action logic by using sessionAware interface. This Figure 16. Encrypting Object Properties is achieved by simply implementing the sessionAware

interface for an action and the framework injects the session- public abstract String encryptAnnotation(Class clazz,String opMode,Object scope map into the setter of the action’s implementation. The objectInstance) throws Exception; framework uses the ServletConfig interceptor 5]; part of the Figure 17. Interface Method default stack of interceptors ran by the framework before the Figure 13 show the configuration file that is read by the action logic. This can be further improved by exposing a Encrypter Factory class when the object is first accessed. The specific session object to the Struts action logic by creating a configuration file provides parameters that are needed to custom interceptor , i.e., a customAware interface and then instantiate an Encrypter object at run time. The differences injecting the specific object into an action. This design merely between various providers implementation are key-store helps to keep the action logic cleaner from the business logic initialization and retrieving keys from the key-store. However, but does not eliminate in reducing the memory footprint of the encryption interface methods remain the same among session objects. This is because the interface only helps to push various implementations. The common interface methods are the session object to the action but does not provide a way to Encrypt and Decrypt methods declared in Abstract Encrypter remove it. class. Their implementation provides getting the configured public interface IContextAware { Provider object in context and returning the reference to the public void setContext(BaseContext baseContext); EncryptionResult object. A scheme is implemented for } multiple providers configured to return a Provider instance in a round robin fashion. Then, the EncryptionResult object Figure 19. IContextAware executes the cipher init and final methods. This way, the load of encrypting and decrypting is equally shared among the public void setContext(BaseContext baseContext) { providers. We show a code snippet for a Decrypt // TODO Auto-generated method stub ctx = (editViewCenterMedicationContext) baseContext; implementation in Figure 14. } Finally we show the implementation of encrypting and Figure 20. Implementing SetContext in Action decrypting using annotations. The class can be annotated using We propose a design and implementation for what we call the @Encrypt or @Decrypt annotation to avoid invoking short-lived session objects that are needed by developers for a cipher methods for each property within an object. Figures 15 short period of time and are safely removed by the framework. and 16 show the code snippet for searching the @Encrypt or We propose a life cycle for a short-lived session object by @Decrypt annotation in the Java Class in context. The code specifying when they are created, action to be exposed in and scans the list of fields to get the property value to be encrypted when to remove it. This implementation is achieved by or decrypted and then setting it back to the object with the new configuring additional parameters in the Struts Config XML value. The interface method is shown in Figure 17. The first file, adding a custom interceptor and a context object to be method argument is the Java class, allowing class scanning for available in session. annotations. The second argument is the cipher mode used for encrypting or decrypting the value. The third argument is A. Struts Config XML – Custom Parameters: passing the object instance for setting the property value once We introduce three new parameters as part of the action the cipher has been executed. Next we look at the life cycle of configuration in Struts Config XML. The first is the mode session objects and provide a design to free up session objects, attribute with having values enter, interim and exit. The mode- which are needed for a short time. attribute controls the life cycle of a session object. The value ‘enter’ instantiates the object and make it available to the V. SESSION LIFE CYCLE action, ‘interim’ provides the existing object available in The servlet framework provides the HTTP Session session to the action and ‘exit’ attribute removes the object interface to act like a value store where values can be stored from the session after the action logic is completed. The second with a key value pairs. Each request is associated with a parameter is the context class attribute where a developer can session and the value store is persisted till the session is active provide the object that needs to be saved into the session. We for that user. This helps developers to store data in session and only put a single restriction to extend the context class from the later retrieve it when needed. It is the developer’s responsibility base context. The base context is an abstract class and when to manage session specific data by putting and removing data extended, allows parent class reference to be used as a child in session. It is normally difficult to clean up session objects in class object - a feature of polymorphism. The third parameter is large application unless a developer is fully aware with the the contextKey, which is used to store the context object using touch points for session objects in an application flow. the unique key for retrieval. We now show a sample Struts Config XML for the attributes mentioned in Figure 18.

5 785 B. Context Interceptor: We implement a Context and set to the tiles context object. The tiles context is accessed Interceptor, which reads the parameters from the Struts Config in the JSP to render the menu and submenu items respect to the XML, and take action accordingly depending on the mode. device category and groups. Once the Action logic has been The context interceptor needs to be added in the action executed, flow control looks at the action configuration in the configuration as shown in Figure 19. Struts Config XML file and the respective Tiles template is rendered depending on the action result’s value. TilesResult C. Context Aware Interface: We add IContextAware shown in Figure 20, is responsible for rendering specific tiles. interface that needs to be implemented by the action allowing We modify the Tiles Result class to provide implementation for the context object to be set by the Context Interceptor. The rendering a mobile tile template. developer provides implementation for the setContext method by setting the concrete context object from the base context as IX. ELECTTRONIC MEDICAL RECORD (EMR) shown in Figure 20. We propose an EMR – a web application used in a dialysis D. Context Interceptor Implementation: We have partial center setting used by nurses, physicians and technicians. The code for getting the action custom parameters and flows EMR provides modules for capturing Patient’s demographics, differentiation depend on the mode value. Physician and Standing Orders, Center and Home medications and capturing the workflow for pre and post dialysis. The EMR VI. TILES 2 serves as a proof of concept for the modules discussed in this Tiles 2 integration is a straightforward implementation to paper. Substantial work has been done on EMR for desktop be added in our framework. The main objective is to provide browser as shown in Figure 22. support for Tiles 2, which is not currently supported in Struts 2. Tiles 2 framework has been completely re-vamped from Tiles 1 which affects how to integrate with web framework. Additional information can be found at the Apache Tiles [13]. Tiles framework is based on the templates. A classic template of a typical webpage has a header, menu, body, and footer. The template can be customized and extended as needed. When the user requests a new page, the change is normally in the body. Next, we see how Tiles framework helps Figure 22. Desktop - EMR Login to render menu items depending on role and device category of a user. X. CONCLUSION

VII. USER PROFILE We proposed a secure mobile web framework by using a second generation Struts 2 web framework as a base and Since the Login Module is outside the servlet context, when provide enhancements in the areas of Authorization and the user first accesses the Struts action, it only knows the Authentication, Encryption Support, Tiles 2 integration, Menu subject (user) has a valid Principal. There is a need to have a Support, Session Life Cycle and customization in providing profile object, which can provide user information, device support for mobile devices using existing business services. category, groups, and menu items assigned to the mobile Our implementation is observed to save testing time and category. We instantiate a User Profile object by implementing development effort during the software life cycle, resulting in the Authentication Interceptor which is added as part of the faster products turnaround time to market. We provide an EMR default stack and executed before every action. to demonstrate the need for having a unified framework; We load the Wireless Universal Resource File (WURFL) [14] including the desktop and mobile version. an open source framework repository that enables applications to map user-agent attribute value to the capability of the mobile REFERENCES device. The API provides extensive device information [1] Stephen J. Vaughan-Nichols, "Will HTML 5 Restandardize Web?," IEEE programmatically. View Layer For Multiple Devices JOURNALS & MAGAZINES, vol. 43, no. 4, pp. 13-15, 2010. [2] jQuery Mobile. [Online]. http://jquerymobile.com [3] Financial Times Hits 1M Users On HTML5 Site That Dodges Apple’s Tax. [Online]. http://techcrunch.com/2011/11/18/financial-times-mobile/ [4] Li Yang, Jian Zhang, Xinyu Geng, Haode Liao, and Yu Sun, "Research and Application of Mobile Agent and Struts 2 Integration Framework Based on MVC," in Computational and Information Sciences (ICCIS), 2010 International Conference on, 2010, pp. 779-782. [5] Chad Michael Davis, Scott Stanlick Donald Brown, Struts 2 in Action: Manning, 2008. [6] C. Lai, L. Gong, L. Koved, A. Nadalin, and R. Schemers, "User Authentication and Authorization in Java Platform," in Computer Security Applications Conference, 1999. (ACSAC '99) Proceedings. 15th Annual , 1999, pp. 285 - 290. [7] Java Community Process - Community Development of Java Technology Specification. [Online]. http://www.jcp.org/en/jsr/detail?id=196 Figure 21. Tiles Result [8] Apache Tomcat 6. [Online]. http://tomcat.apache.org/tomcat-6.0-doc/realm- howto.html#JAASRealm [9] Understanding Tomcat Security. [Online]. VIII. MENU VIEW PREPARER http://us.apachecon.com/eu2007/materials/UnderstandingTomcatSecurity.pdf [10] The Valve Component. [Online]. http://tomcat.apache.org/tomcat-6.0- Tiles 2 framework provides an extension hook to have a doc/config/valve.#Form_Authenticator_Valve customized logic just before rendering the tiles template. This [11] Oracle - Sun Developer Network. [Online]. http://java.sun.com/blueprints/corej2eepatterns/Patterns/DataAccessObject.html is accomplished by implementing a ViewPreparer interface and [12] Sun Crypto Accelerator 6000 PCI Express Adapter. [Online]. overriding the execute method. In the execute method, we first http://www.oracle.com/us/products/servers-storage/networking/036080.pdf check the menu objects present in the tiles context, if not [13] Apache Tiles. [Online]. http://tiles.apache.org/ [14] WURFL. [Online]. http://wurfl.sourceforge.net/ present, we get the menu objects from the User Profile object

6 786