Browse > Article
http://dx.doi.org/10.6109/jicce.2019.17.2.149

Automatic Extraction of Dependencies between Web Components and Database Resources in Java Web Applications  

Oh, Jaewon (School of Computer Science and Information Engineering, The Catholic University of Korea)
Ahn, Woo Hyun (School of Software, Kwangwoon University)
Kim, Taegong (Department of Computer Engineering, Inje University)
Publication Information
Journal of information and communication convergence engineering / v.17, no.2, 2019 , pp. 149-160 More about this Journal
Abstract
Web applications typically interact with databases. Therefore, it is very crucial to understand which web components access which database resources when maintaining web apps. Existing research identifies interactions between Java web components, such as JavaServer Pages and servlets but does not extract dependencies between the web components and database resources, such as tables and attributes. This paper proposes a dynamic analysis of Java web apps, which extracts such dependencies from a Java web app and represents them as a graph. The key responsibility of our analysis method is to identify when web components access database resources. To fulfill this responsibility, our method dynamically observes the database-related objects provided in the Java standard library using the proxy pattern, which can be applied to control access to a desired object. This study also experiments with open source web apps to verify the feasibility of the proposed method.
Keywords
Database resource; Dependency relation; Page generation graph; Web component; Web engineering;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 J. Oh, S. Lee, A. Kim, and W. H. Ahn, "An automatic extraction scheme of dependency relations between web components and web resources in Java web applications," Journal of the Korea Institute of Information and Communication Engineering, vol. 22, no. 3, pp. 458-470, 2018.   DOI
2 H. M. Kienle and H. A. Muller, "A WSAD-based fact extractor for J2EE web projects," in Proceeding of the 9th IEEE International Workshop on Web Site Evolution, Paris, pp. 57-64, 2007. DOI: 10.1109/WSE.2007.4380245.
3 I. Zahoor, O. Maqbool, and R. Naseem, "Web application fact extractor (WAFE)," in Proceeding of the 2013 8th International Conference on Digital Information Management, Islamabad, pp. 379-384, 2013. DOI: 10.1109/ICDIM.2013.6694039.
4 H. M. Kienle and D. Distante, "Evolution of web systems," in Evolving Software Systems, 1st ed., Heidelberg: Springer-Verlag Berlin Heidelberg, pp. 201-228, 2014.
5 A. E. Hassan and R. C. Holt, "Architecture recovery of web applications," in Proceeding of the 24th International Conference on Software Engineering, Orlando, pp. 349-359, 2002. DOI: 10.1145/581339.581383.
6 Z. Mushtaq, G. Rasool, and B. Shehzad, "Multilingual source code analysis: A systematic literature review," IEEE Access, vol. 5, pp. 11307-11336, 2017. DOI: 10.1109/ACCESS.2017.2710421.   DOI
7 A. Zaidman, N. Matthijssen, M. A. Storey, and A. Van Deursen, "Understanding AJAX applications by connecting client and server-side execution traces," Empirical Software Engineering, vol. 18, no. 2, pp. 181-218, 2013. DOI: 10.1007/s10664-012-9200-5.   DOI
8 A. Shatnawi, H. Mili, G. El-Boussaidi, A. Boubaker, Y.G. Gueheneuc, N. Moha, J. Privat, and M. Abdellatif, "Analyzing program dependencies in Java EE applications," in Proceeding of the 2017 IEEE/ACM 14th International Conference on Mining Software Repositories, Buenos Aires, pp. 64-74, 2017. DOI: 10.1109/MSR.2017.6.
9 J. Oh, W. H. Ahn, and T. Kim, "Automatic extraction of component collaboration in Java web applications by using servlet filters and wrappers," KIPS Transactions on Software and Data Engineering, vol. 6, no. 7, pp. 329-336, 2017.   DOI
10 G. Hecht, H. Mili, G. El-Boussaidi, A. Boubaker, M. Abdellatif, Y.G. Gueheneuc, A. Shatnawi, J. Privat, and N. Moha, "Codifying hidden dependencies in legacy J2EE applications," in Proceeding of the 2018 25th Asia-Pacific Software Engineering Conference, Nara, pp. 305-314, 2018. DOI: 10.1109/APSEC.2018.00045.
11 M. Han and C. Hofmeister, "Modeling request routing in web applications," in Proceeding of the 8th IEEE International Symposium on Web Site Evolution, Philadelphia, pp. 103-110, 2006. DOI: 10.1109/WSE.2006.14.
12 T. Forster, T. Keuler, J. Knodel, and M. C. Becker, "Recovering component dependencies hidden by frameworks-experiences from analyzing OSGi and Qt," in Proceeding of the 17th European Conference on Software Maintenance and Reengineering, Genova, pp. 295-304, 2013. DOI: 10.1109/CSMR.2013.38.
13 W. G. Halfond, "Identifying inter-component control flow in web applications," in Proceeding of the 15th International Conference on Web Engineering, Rotterdam, pp. 52-70, 2015. DOI: 10.1007/978-3-319-19890-3_5.
14 L. Meurice, C. Nagy, and A. Cleve. "Static analysis of dynamic database usage in Java systems." in Proceeding of International Conference on Advanced Information Systems Engineering, Ljubljana, pp. 491-506, 2016. DOI: 10.1007/978-3-319-39696-5_30.
15 J. Buckley, N. Ali, M. English, J. Rosik, and S. Herold, "Real-time reflexion modelling in architecture reconciliation: A multi case study," Information and Software Technology, vol. 61, pp. 107-123, 2015. DOI: 10.1016/j.infsof.2015.01.011.   DOI
16 C. Gould, Z. Su, and P. Devanbu, "Static checking of dynamically generated queries in database applications," in Proceeding of the 26th International Conference on Software Engineering, Edinburgh, pp. 645-654, 2004. DOI: 10.1109/ICSE.2004.1317486.
17 J. Oh, W. H. Ahn, and T. Kim, "MVC architecture driven restructuring to achieve client-side web page composition," in Proceeding of the 2016 7th IEEE International Conference on Software Engineering and Service Science, Beijing, pp. 45-53, 2016. DOI: 10.1109/ICSESS.2016.7883013.
18 Loup Meurice, "Analyzing, understanding and supporting the evolution of dynamic and heterogeneous data-intensive software systems," Ph.D. dissertation, University of Namur, Namur, 2017, [online] Available: https://loupmeurice.github.io/PhD.pdf.
19 A. S. Christensen, A. Moller, and M. I. Schwartzbach, "Precise analysis of string expressions," in Proceeding of the 10th International Conference on Static Analysis, San Diego: CA, pp. 1-18, 2003.
20 K. Wei, M. Muthuprasanna, and S. Kothari, "Preventing SQL injection attacks in stored procedures," in Proceeding of the 17th Australian Software Engineering Conference, Sydney, pp. 191-198, 2006. DOI: 10.1109/ASWEC.2006.40.
21 X. Fu, X. Lu, B. Peltsverger, S. Chen, K. Qian, and L. Tao, "A static analysis framework for detecting SQL injection vulnerabilities," in Proceeding of the 31st IEEE International Computer Software and Applications Conference, Beijing, pp. 87-96, 2007. DOI: 10.1109/COMPSAC.2007.43.
22 M. N. Ngo, and H. B. K. Tan, "Applying static analysis for automated extraction of database interactions in web applications," Information and Software Technology, vol. 50, no. 3, pp. 160-175, 2008. DOI: 10.1016/j.infsof.2006.11.005.   DOI
23 C. Nagy and C. Anthony, "SQLInspect: a static analyzer to inspect database usage in Java applications," in Proceeding of the 40th International Conference on Software Engineering: Companion Proceedings, Gothenburg, pp. 93-96, 2018.
24 Gudu Software, GSP: General SQL Parser [Internet], Available: http://www.sqlparser.com.
25 M. Linares-Vasquez, B. Li, C. Vendome, and D. Poshyvanyk, "Documenting database usages and schema constraints in database-centric applications," in Proceedings of the 25th International Symposium on Software Testing and Analysis, Saarbrucken, pp. 270-281, 2016. DOI: 10.1145/2931037.2931072.   DOI
26 Oracle, The essentials of filters [Internet], Available: http://www.oracle.com/technetwork/java/filters-137243.html.
27 E. Gamma, R. Helm, R. Johnson, J. Vlissides, Design Patterns: Elements of Reusable Object-Oriented Software, 1st ed., Massachusetts, Addison-Wesley, 1994.
28 R. W. Sebesta, Concepts of Programming Languages, 11th ed., Boston, Pearson, 2015.
29 A. Silberschatz, H. F. Korth, and S. Sudarshan, Database System Concepts, 3rd ed., New York, NY: McGraw-Hill, 1997.
30 J. Oh, W. H. Ahn, and T. Kim, "Web app restructuring based on shadow DOMs to improve maintainability," in Proceeding of the 2017 8th IEEE International Conference on Software Engineering and Service Science, Beijing, pp. 118-122, 2017. DOI: 10.1109/ICSESS.2017.8342877.
31 Y. Qu, X. Guan, Q. Zheng, T. Liu, J. Zhou, and J. Li, "Calling network: A new method for modeling software runtime behaviors," ACM SIGSOFT Software Engineering Notes, vol. 40, no. 1, pp.1-8, 2015. DOI: 10.1145/2693208.2693223.
32 J. Oh, W. H. Ahn, and T. Kim, "MVC architecture-aware restructuring of web apps," Journal of the Korea Institute of Information and Communication Engineering, vol. 21, no. 11, pp. 2153-2166, 2017.   DOI
33 D. Shen, Q. Luo, D. Poshyvanyk, and M. Grechanik, "Automating performance bottleneck detection using search-based application profiling," in Proceeding of the 2015 International Symposium on Software Testing and Analysis, Maryland, pp. 270-281, 2015. DOI: 10.1145/2771783.2771816.
34 A. Mesbah and A. Van Deursen, "Migrating multi-page web applications to single-page AJAX interfaces," in Proceeding of the 11th European Conference on Software Maintenance and Reengineering, Amsterdam, pp. 181-190, 2007. DOI: 10.1109/CSMR.2007.33.