GC'12 Workshop: The 4th IEEE International Workshop on Management of Emerging Networks and Services Secure Web Framework For Mobile Devices Muneer Malik and Dharma P. Agrawal ([email protected], [email protected]) Center of Distributed and Mobile Computing, School of Computing Sciences and Informatics University of Cincinnati, Cincinnati OH 45221-0008, Abstract—A secure mobile web framework is proposed based HTML 5 based framework, which allows developers to write on MVC Struts 2 to support embedded browsers in mobile impressive apps that work on IOS (iPhone OS), Android, devices. The framework integrates JAAS with Tomcat Blackberry, Kindle Fire and many other devices. Fluid providing Authentication and Authorization. Encryption Animations, smooth scrolling and adaptive layouts are key Utility to support multiple providers, implementing a scheme attributes for HTML 5 based framework, rivaling native for short-lived session objects, support for the menu items technology. Financial Times (FT), a London paper is a HTML using xml configuration depending on the role and device 5 web app rather than a native app and “it helps publishers to category, view layer integration with Tiles 2 and rendering gain readers and sell more subscription without paying a views for both desktop and mobile without duplicating the platform fee” [3]. Struts 2 control action logic. Finally, an Electronic Medical Record – web application is designed and implemented for Although jQM is designed for writing mobile web apps, it Dialysis Center to further demonstrate the feasibility of the can also be used to build native apps that can be purchased and unified secure mobile web framework. downloaded from Apple app store or Android Market. PhoneGap and Rhodes lets you use an HTML 5 based apps and I. PROGRAMMING PARADIGMS IN MOBILE DEVICES wrap it in their framework and then run it natively. This approach allows access to device native features such as As smart phones have evolved and consumer’s expectations accelerometer, camera, compass, and media. WebGL (Web have risen, there has been an exponential growth in mobile Graphics Library) is yet another new technology that brings applications, including both business and gaming. We also see hardware 3D graphics to the browser without installing any this happening in various disciplines, notably in Health Care additional plug-ins. This technology is again extending existing and Financial Industries. Not all applications have to be run Javascript library that is getting a lot of momentum in native – that is, application running on a specific mobile supporting mobile devices. As of now, Java applets and Flash operating system and using its hardware resources. On the run times are not supported on mobile devices that leave contrary, the smart phones and tablets now have complete WebGL – a solid contender. support of full-fledged browser with access to Document Object Model, Cascading Style Sheet and JavaScript. The B. Unified Web Framework For Mobile Devices Table I below provides a quick comparison between web and As HTML 5 matures, and additional native look and feel native apps (applications). interactions are supported, there is an increasing need for a unified mobile web framework that caters to both desktop and TABLE I. WEB mobile users. From the section I-A, we noted how jQM, AND NATIVE APPS Sencha Touch – all being client side technologies that would Details need integration with server side components to provide a Comparison Web Native mobile web solution. In this paper, we provide an end-to-end framework – a secure mobile web framework that supports Easy and known Complex Environment – dependent Development technologies on device Operating System users for both desktop and mobile without duplicating the server side logic. The rest of the paper is organized as follows. Integration with device libraries Deployment Rapid Section II considers secure mobile framework in Struts 2. and application stores Section III provides implementation of Java Authorization and Internet Access Always Not Always/ Can work offline Authentication (JAAS) using Tomcat Application Server and Code Write Once Needs to be installed on the device broken into several subsections. Section IV proposes the design Existing web of an Encryption routine supporting multiple providers. Section Graphics Native Graphic Libraries technologies V describes the session object’s life cycle and provides Multiuser Yes Single User implementation for short-lived session objects. Section VI The line between the native and web application proposes Tiles 2 integration. Section VII establishes the User development does not have to be crystal clear and there could Profile session object, which is used in subsequent sections. be a third model which is gradually evolving in creating a Section VIII uses Tiles 2 as its basis for rendering menu items. hybrid application. The Facebook app is an example of a Section IX provides a scheme to support desktop and mobile hybrid app; it is downloaded from the app store and has all the browsers. Section X discusses an EMR application. Section XI features of a native app. follows with a conclusion. A. Web Technologies - Look and Feel II. SECURE MOBILE FRAMEWORK USING STRUTS 2 HTML 5 – a new standard is proposed by W3C, which will Struts 2 – a second-generation web framework based on the support newer mobile technologies such as geo-location, Model View Controller (MVC) has become a “mainstream location based services [1], offline storage and sophisticated technology to build flexible, efficient, easy to deploy cross graphics. The jQuery Mobile (jQM) [2] framework is a HTML platform distributed applications”4]. Struts 2 provides many 5 based user interface system inherited from base version of new architectural features that make the framework cleaner, jQuery and jQuery UI (user interface) which allows designing flexible and easy to use, including interceptors allowing sophisticated rich web application that will work on popular common code to be defined in a clean re-usable components smartphones and tablets. Sencha Touch is one another popular 1 978-1-4673-4941-3/12/$31.00 ©2012 IEEE 781 that can be kept separate from the action logic; annotation Method Description based configuration to reduce XML configuration; a powerful Abort Abort the authentication process expression language, Object-Graph Navigation Language (OGNL) that is supported throughout the framework for easy A. JAAS Integration with Tomcat Application Server access to data residing in Value Stack, and mini framework for The realms are based on the users and the roles associated UI tags that supports modifiable and reusable UI components with them. Different realms provide support to read user’s role for faster development [5]. and password information from either a relational database, XML file or a simple text file. “JAASRealm is an There is no doubt about Struts 2 being a rich web implementation of the Tomcat 6 Realm interface that framework. But, it does not quite provide enough components authenticates users through the JAAS framework which is to start development on business logic. A developer still needs now provided as part of the standard Java Development Kit. It to worry about basic common components, i.e., Authentication is implementation of the Tomcat 6 Realm interface that and Authorization, Database access, and integration with View authenticates users through the JAAS framework which is Layer Framework. We noticed there is a need to extend the now provided as part of the standard Java Development Kit. It Struts 2 framework with a commonly used component that can is based on the JSR 196 [7] that enhances container-managed help developers to speed up their application development security and promote pluggable authentication mechanism cycle. This paper introduces basic components and moreover with implementation being container-independent” [8]. an Electronic Medical Record (EMR) web application as a proof of concept, supporting both desktop and mobile users without duplicating any action control logic. III. AUTHENTICATION AND AUTHORIZATION JAAS is designed to provide a security framework for authenticating users and assigning user privileges. JAAS treats Subjects synonymous with users and Principals become associated with a Subject upon successful authentication [6]. JAAS allows pluggable authentication modules enabling developers to have their own implementation for authenticating a user with any back-end system. The second prominent feature of JAAS is having more than one authentication modules. JAAS could be configured in such a way that the user's Figure 2. Tomcat - Authenticator Valve [9] authentication would depend on making two disparate calls to back-end systems and only after successfully authenticating by <Realm appName="EMR" both the back-ends, the user would be fully authenticated as className="net.polymorphic.emr.common.Tomcat.jaas.CustomJAASRe depicted in Figure 1. alm" digest="SHA" digestEncoding="UTF-8" roleClassNames="net.polymorphic.emr.common.Tomcat.jaas.groups.MD MobileGroupPrincipal,net.polymorphic.emr.common.Tomcat.jaas.groups .DNGroupPrincipal,net.polymorphic.emr.common.Tomcat.jaas.groups.M DGroupPrincipal,net.polymorphic.emr.common.Tomcat.jaas.groups.RN GroupPrincipal,net.polymorphic.emr.common.Tomcat.jaas.groups.CNA GroupPrincipal,net.polymorphic.emr.common.Tomcat.jaas.groups.LVNG roupPrincipal,net.polymorphic.emr.common.Tomcat.jaas.groups.SECGro upPrincipal,net.polymorphic.emr.common.Tomcat.jaas.groups.PCTGrou pPrincipal,net.polymorphic.emr.common.Tomcat.jaas.groups.RDGroupPr
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages6 Page
-
File Size-