chemistry-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc-André Laverdière <marc-andre.laverdiere-papin...@polymtl.ca>
Subject Re: Getting started in analyzing Chemistry
Date Thu, 24 Jul 2014 20:01:34 GMT
Hi Florian,

Thanks for the info. I added the required jars in the analysis scope but
still nothing. I'll dig more to figure out what is going on - could be a
bug somewhere in my code :)

The SPI approach is really cool from a software engineering point of
view, but its a total pain for static analysis, essentially because a)
one gets stuck having to analyze all the implementations, even if only
one ever gets executed and b) if the instantiation is done by
reflection, the call graph may not even have an edge. Enough boring
stuff for now :)

I am trying to keep my analysis purely static. I am able to handle
simpler cases right now.

I'll try a bit more to make it work statically (I have a few cards in my
sleeves). Failing that, I'll go for what you have suggested.

Regards,

Marc-André Laverdière-Papineau
Doctorant - PhD Candidate

On 07/24/2014 11:20 AM, Florian Müller wrote:
> Hi Marc-André,
> 
> CMIS defines three bindings and one of those is the Web Services binding. The
> binding implementations are hidden from the client and server APIs. Ideally,
> neither a client nor a server developer needs to know anything about the
> binding. That's why you don't find any JAX-WS traces in the InMemory repository
> code. The JAX-WS code is a layer below the repository code.
> 
> Have a look at the modules chemistry-opencmis-client-bindings (for the client
> code), chemistry-opencmis-server-bindings (for the server code), and
> chemistry-opencmis-commons-impl (for common binding code). Here you find the
> JAX-WS implementations.
> 
> If you are interested in the SOAP traffic, install the InMemory repository and
> the CMIS Workbench, run the TCK from the CMIS Workbench, and record the HTTP
> traffic. The TCK calls almost all CMIS operations and should provide a good
> sample for your analysis.
> 
> 
> - Florian
> 
>>
>> Hello,
>>
>> I guess I used the wrong word when I said 'the API'. I am seeing that
>> you guys took  design best practices very seriously, with
>> interface/implementation separation for many implementations.
>>
>> Right now, I'm only able to handle Jax-WS web service calls. And I'm not
>> detecting uses of the Jax-WS APIs in the in-memory test case. So either
>> I got a bug, or this test target doesn't use the ws implementation of
>> the API.
>>
>> Anybody knows about the latter hypothesis?
>>
>> Regards,
>>
>> Marc-André Laverdière-Papineau
>> Doctorant - PhD Candidate
>>
>> On 07/23/2014 10:35 AM, Huebel, Jens wrote:
>>> HI Marc-André,
>>>
>>> You can use the in memory server. Just unzip the downloaded achieve and
>>> copy the file chemistry-opencmis-server-inmemory-0.11.0.war to the web app
>>> dir of Tomcat (I would recommend to rename it to inmemory.war)
>>>
>>> You can use then a URL like http://localhost:8080/inmemory/browser in the
>>> workbench or whatever client you use. With a few exceptions the whole CMIS
>>> 1.1 API is covered. But there are some restrictions.
>>>
>>> Jens
>>>
>>>
>>> On 23/07/14 03:28, "Marc-André Laverdière"
>>> <marc-andre.laverdiere-papineau@polymtl.ca> wrote:
>>>
>>>> Thanks for the pointers.
>>>>
>>>> Two questions: what about the in-memory server? Is this something that
>>>> implements the whole API?
>>>>
>>>> Also, I would need some entry points - preferably servlets. I am seeing
>>>> some small code on the samples folder (and they use main), but that's
>>>> about it.
>>>>
>>>> Do you know of any other sample app?
>>>>
>>>> Regards,
>>>>
>>>> Marc-André Laverdière-Papineau
>>>> Doctorant - PhD Candidate
>>>>
>>>> On 07/22/2014 04:58 PM, Mark Streit wrote:
>>>>> We use Chemistry's OpenCMIS JARs for a project that interacts with
>>>>> Alfresco
>>>>> Enterprise server and on the CLIENT side we use the following 5
>>>>> artifacts
>>>>> and their dependencies:
>>>>>
>>>>>
>>>>> /org/apache/chemistry/opencmis/chemistry-opencmis-client-api/0.10.0/chemi
>>>>> stry-opencmis-client-api-0.10.0.jar
>>>>>
>>>>> /org/apache/chemistry/opencmis/chemistry-opencmis-commons-api/0.10.0/chem
>>>>> istry-opencmis-commons-api-0.10.0.jar
>>>>>
>>>>> /org/apache/chemistry/opencmis/chemistry-opencmis-client-bindings/0.10.0/
>>>>> chemistry-opencmis-client-bindings-0.10.0.jar
>>>>>
>>>>> /org/apache/chemistry/opencmis/chemistry-opencmis-commons-impl/0.10.0/che
>>>>> mistry-opencmis-commons-impl-0.10.0.jar
>>>>>
>>>>> /org/apache/chemistry/opencmis/chemistry-opencmis-client-impl/0.10.0/chem
>>>>> istry-opencmis-client-impl-0.10.0.jar
>>>>>
>>>>>
>>>>>
>>>>> http://chemistry.apache.org/java/0.10.0/maven/dependency-convergence.html
>>>>>
>>>>> There are better experts than me out there, but hope this helps some.
>>>>>
>>>>> Mark
>>>>>
>>>>> On Tue, Jul 22, 2014 at 3:33 PM, Marc-André Laverdière <
>>>>> marc-andre.laverdiere-papineau@polymtl.ca> wrote:
>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> I'm a PhD student working on vulnerability analysis for JEE
>>>>>> applications. I have selected Chemistry for analysis because it is
a
>>>>>> large-scale project with mature code and web services.
>>>>>>
>>>>>> Since the project is so big, I end up being unsure of what parts
to
>>>>>> include and which ones to leave out.
>>>>>>
>>>>>> I would like - for starters - to look at a full round-trip between
a
>>>>>> client and a server. Which would be the minimal set of artifacts
to
>>>>>> include?
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>> --
>>>>>> Marc-André Laverdière-Papineau
>>>>>> Doctorant - PhD Candidate
>>>>>>
>>>>>
>>>
>>>
>>
> 

Mime
View raw message