The document outlines the architecture and technologies used in the professionals.az platform, emphasizing the role of Java technologies and various security measures against common web vulnerabilities. It discusses the advantages of using the Grails framework for rapid web application development, highlighting its dynamic capabilities and ease of use. The document also mentions the importance of performance optimization strategies, such as caching and server tuning.

1. Architecture of Professionals.az
Ziya Askerov
April 2013
www.professionals.az

2. CONTENT
 User Profile & (simple Company Profile)
 Messaging
 Jobs, Job Seekers, Job Posts
 Networking
 Advertisements
 Search Professionals
 News Feed

3. About
 Over 8000 registered users
 Based on Java Technologies
 Centos 5.5 OS with 1024 MB RAM (VPS)
 Only 1 Server
- Application Server
- MYSQL Database
- MailServer
- Subversion

4. Key Technologies
 JAVA
 JSP/SERVLET
 JBOSS , TOMCAT
 AJAX
 MYSQL
 JQUERY
 ORM
 SVN(SUBVERSION)

5. MVC ARCHITECTURE
Request Front Controller Servlet
VIEW MODEL

6. Listeners & Filters
Filter for XSS (Cross-Site Scripting) and SQL Injection attack
Session Listener
XSS
Request
UTF-8 SOURSE
If is new
CharacterSet filter

7. SESSION LISTENER

8. Object Relational Mapping
LESS NATIVE SQL

9. SECURITY
 SERVER SECURITY
 NETWORK SECURITY
 APPLICATION SERVER SECURITY
 APPLICATION SECURITY

10. Security Problems
 Cross-Site Scripting ATTACKS
 SOLUTION: Use filter
 Sql Injection ATTACKS
 SOLUTION: Use filter
 Cross-Site Request Forgery ATTACKS
 SOLUTION: Use token,session control
 Application Server ATTACKS
 Server ATTACKS

11. Server/Client side Validation
 Java Scrpit validation problems
 SOLUTION: Use server side validation
 Email, Url validation etc.
 SOLUTION: Use server side validation
 Double submissions
 SOLUTION: Use token
 Browsers compatibility
 SOLUTION: Use JavaScript framework (JQuery)

12. Exception Handling/Logging

13. Performance & Optimization
 Cashing
 Connection Pooling
 Application Server Tuning
 Java VM Tuning
 Image optimization
 Js, Css compression

14. SERVER.XML

15. DATASOURCE

16. WEB MANAGEMENT
SYSTEM

17. WEB MANAGEMENT
SYSTEM

18. PROJECT STRUCTURE

19. Migration to Groovy on Grails
 Build modern, sophisticated and robust
Groovy web applications in record time!
 Grails brings back the enjoyment of Java
web development.

20. Why GRAILS ?
 Rapid Have your next Web project done in weeks instead of months. Grails
delivers a new age of Java web application productivity.
 Dynamic Get instant feedback, see instant results. Grails is the premier
dynamic language web framework for the JVM.
 Robust Powered by Spring and designed for the JVM, Grails outperforms
the competition. Dynamic, agile web development without compromises.

21. Architecture of Grails

22. Why GRAILS ?
 Based on battle tested and proven Java frameworks (Spring, Hibernate,
SiteMesh, Quartz, etc)
 Based on Groovy language
 GORM(Grails Object Relational Mapping)
 Doesn’t stop you from using the power of underlying frameworks
 Easy to set-up and get started
 Minimal server restart required while development
 Convention over Configuration / No painful XML configuration & XML
Management
 Tag Lib Authoring mechanism
 Tons of available plugins

23. COMPANIES USING GRAILS
“Groovy is so much quicker and simpler to write code with, so
we can get applications up and running faster,” Mullen
confirms. “With Groovy and Grails we can create a new feature
in a week, when before it could easily take a month or more.”

24. Dinlədiyiniz üçün təşəkkür
edirəm !
Ziya ASKEROV
Ziya ASKEROV
ziyaaskerov@gmail.com
ziyaaskerov@gmail.com
Aprel 2013
Aprel 2013