Embed Size (px)
Citation preview
BUILDING A FILE SYSTEM EXPLORER WITH SASHXB
Except where reference is made to the work of others, the work described in this project
report is my own or was done in collaboration with my advisory committee.
__________________
Ye Wu
Certificate of Approval:
___________________________ ___________________________ Kai H. Chang W. Homer Carlisle, Chair Professor Associate Professor Computer Science and Software Computer Science and Software Engineering Engineering
___________________________ ____________________________ Drew Hamilton Stephen L. McFarland Associate Professor Acting Dean Computer Science and Software Graduate School Engineering
BUILDING A FILE SYSTEM EXPLORER WITH SASHXB
Ye Wu
A Project Report
Submitted to
the Graduate Faculty of
Auburn University
in Partial Fulfillment of the
Requirements for the
Degree of
Master of Software Engineering
Auburn, Alabama
May 14, 2004
iii
BUILDING A FILE SYSTEM EXPLORER WITH SASHXB
Ye Wu
Permission is granted to Auburn University to make copies of this project report at its
discretion, upon the request of individuals or institutions and at their expense. The author
reserves all publication rights.
Signature of Author
Date
Copy sent to:
Name Date
iv
VITA
Ye Wu, daughter of Zhaoliang Wu and Yuxian Bai, was born March 11, 1969, in
Beijing, People’s Republic of China. She graduated from No.27 Beijing High School in
1986. She attended China Textile University in Shanghai, PRC, in September, 1986.
She completed a Bachelor of Engineering degree in Dyeing and Finishing in July of 1990.
She had worked for 9 years as a textile engineer in China, and then entered into her
Master program at Auburn University, in September, 1999. After getting her Master
degree in integrated textile and apparel science in May, 2002, she entered the master
program in computer science and software engineering at Auburn University. She
married Yonggang Chen, son of Jigeng Chen and Xiai Ren, on July 3, 1996.
v
PROJECT REPORT ABSTRACT
BUILDING A FILE SYSTEM EXPLORER WITH SASHXB
Ye Wu
Master of Software Engineering, May 14, 2004 (B.E., China Textile University, 1990)
34 Typed Pages
Directed by W. Homer Carlisle
This project used an open-source application environment, SashXB, to build a file
system explorer application. The application can be used to make operations to local file
system, such as adding or deleting files, and connect a remote FTP server.
SashXB is a good programming environment which provides extensions to
JavaScript functionality. It hides low-level implementation details, and exposes native
operating system functionalities to JavaScript. It allows people with HTML and
JavaScript skills to create full featured, powerful applications without having to learn
another programming language.
My application is executed on RedHat Linux and was written with JavaScript and
SashXB extensions. I used a graphical tool Glade to create a user interface for my
vi
application. Two XML files are needed to store configuration information and security
settings.
In this report, I describe the process of building my application and how to use
graphical tools provided by SashXB to install and run applications, and manage SashXB
components. I also discuss the security setting for my application.
vii
ACKNOWLEDGMENTS
The author would like to thank her advisors, Dr. W. Homer Carlisle, for always
providing the patient guidance and atmosphere of respect that made this work possible.
The author also wishes to express her gratitude to Dr. Kai H. Chang and Dr. Drew
Hamilton for their valuable advice. Thanks are also due to her husband, Yonggang, for
his unwavering love and encouragement.
viii
TABLE OF CONTENTS
REPORT ABSTRACT -----------------------------------------------------------------------------v
LIST OF FIGURES ---------------------------------------------------------------------------------x
1. INTRODUCTION ------------------------------------------------------------------------------1
2. SASHXB ARCHITECTURE AND COMPONENTS -------------------------------------4
2.1. SashXB architecute ------------------------------------------------------------------------4
2.2. SashXB runtime ----------------------------------------------------------------------------5
2.3. Locations ------------------------------------------------------------------------------------5
2.4. Extensions ----------------------------------------------------------------------------------6
2.5. Weblications --------------------------------------------------------------------------------8
3. WRITING A WEBLICATION: A FILE SYSTEM EXPLORER ------------------------9
3.1. Creating a Glade GUI --------------------------------------------------------------------11
3.2. Writing Sash code ------------------------------------------------------------------------14
3.3. Creating a WDF file ---------------------------------------------------------------------17
4. INSTALLATION AND MANAGEMENT ------------------------------------------------20
4.1. Installation of SashXB -------------------------------------------------------------------20
4.2. Installation of the weblicaiton “explorer” ---------------------------------------------21
4.3. Task manager -----------------------------------------------------------------------------22
4.4. Sash-runtime ------------------------------------------------------------------------------26
ix
5. SECURITY OF SASHXB -------------------------------------------------------------------27
5.1. Security of Sash extensions -------------------------------------------------------------27
5.2. Security of weblications -----------------------------------------------------------------27
6. CONCLUSION --------------------------------------------------------------------------------32
7. REFERENCES --------------------------------------------------------------------------------33
8. APPENDIX: THE SECURITY FILE “SECURITY.DAT” FOR WEBLICATION
“EXPLORER” --------------------------------------------------------------------------------------35
x
LIST OF FIGURES
Figure 3.1 Screenshot of the explorer main window and the editor window --------------10
Figure 3.2 Screenshot of the explorer main window and the FTP window ----------------11
Figure 3.3 Screenshot of the main window, palette and property window of Glade ------12
Figure 3.4 Screenshot of the wdf-editor which is used to create a XML file --------------17
Figure 3.5 Screenshot of the security window after clicking “Edit Security” button -----18
Figure 4.1 Screenshot of the security page when the weblication “explorer” is installing --
-------------------------------------------------------------------------------------------22
Figure 4.2 The task manager icon shown on the Gnome panel ------------------------------23
Figure 4.3 The window of task manager with “Installed” tab is clicked -------------------23
Figure 4.4 Security window after “Security” tab on the task manager window is clicked -
-------------------------------------------------------------------------------------------24
Figure 4.5 Screenshot of task manager when extension tab is clicked ----------------------25
1
1. INTRODUCTION
SashXB is an open-source application environment. The Sash concept was invented
by Sean Martin (IBM senior engineer), and implemented on the Windows system [1].
SashXB is a Linux rewrite of the Windows-based Sash language.
The applications created with SashXB are usually written with HTML and JavaScript.
SashXB exposes native operating system functionalities to JavaScript, such as adding or
deleting files or directories, or establish in connection to a remote server. It hides low-
level implementation details but still provides flexibility so that they can be used in any
appropriate situations. The purpose of SashXB is to let programmers with JavaScript and
HTML skills write full featured, powerful web applications and experienced developers
to create applications rapidly. SashXB developers do not need to have a great deal of
experience and acknowledge of advanced programming language, C, C++ or Java.
There is a hierarchy of programming languages, in terms of difficulty. At the top are
C and C++, which are difficult. The next is Java, which is a little easier. The next might
be VB. At the bottom are HTML and JavaScript, which are very easy to learn and widely
used. SashXB allows a JavaScript and HTML programmer to create more powerful and
useful web applications. But SashXB is not suitable for all software projects. It is perfect
for small to medium-sized network client applications [2].
2
SashXB components include location, extension and weblication. Location is the
place where a SashXB program can run, such as a shell, a Gnome panel, an embedded
Mozilla window. Extension is a library of SashXB functions. A SashXB program is
called a weblication, and consists of a configuration file, a user interface and JavaScript
code. SashXB also provides three programs to manage weblications. The program “sash-
install” is used to install and uninstall a weblication. “sash-task-manager” is a graphical
program to manage weblications and extensions. “sash-runtime” is a command-line
program to run installed weblications.
In my project, I used JavaScript to build a file system explorer weblication. It can be
used to manage local file system, such as copy, and delete files or directories, and
connect to a remote FTP server. JavaScript itself doesn’t provide the functionality to
make operations on the file system. And it also can’t make internet connections. But Sash
extensions make these tools easier. It quickly provided a convenient application. I created
a user interface with a graphic tool, Glade, on RedHat Linux 7.1, then wrote Sash code to
construct call back functions. Sash code is JavaScript code with Sash extensions and
objects.
This report is composed of six chapters. The second chapter will introduce
architecture and components of SashXB. The third chapter will describe how I created a
user interface and made the JavaScript source code and configuration file. I will also
overview what my weblicaiton can do. In chapter four, I explain how to install, run and
manage my weblication and all necessary extensions by using sash-install, sash-runtime
and task manager. Chapter five will discuss the security settings SashXB provides, and
the specific settings I selected for my weblication. It also uses an example to explain how
3
SashXB checks the security settings when a weblication is running. The last chapter is
the conclusion to describe that SashXB is perfect for small to medium sized network
applications.
4
2. SASHXB ARCHITECTURE AND COMPONENTS
2.1. SashXB architecture
SashXB is consists of a runtime, locations, and extensions. All of them are XPCOM
components [3]. XPCOM (Cross Platform Component Object Model) is a framework for
writing cross-platform, modular software. For a XPCOM component, interfaces are
defined in an IDL file [4]. An application can interact with a XPCOM component strictly
through the interfaces provided by that component. XPCOM components can be written
in C, C++, and JavaScript, and they can be used from C, C++, and JavaScript with
extensions for Perl and Python.
SashXB uses JavaScript to construct applications. It heavily relies on XPConnect
which is an additional layer built on top of XPCOM and allows JavaScript code to load
and manipulate a compiled C++ component [5]. XPCOM objects can be mapped into
JavaScript namespace so that web applications can access the functionality provided by
SashXB components. Calls in JavaScript code are routed to the appropriate components.
SashXB keeps components out of the runtime. The advantage of such an architecture
is its extensibility [3]. First, it is easier to develop a location where an application can
execute or an extension to access operating system functionalities. A developer will
rarely have to modify runtime when a new component is used. A SashXB component
need only be installed once. After that, any web application can access it. So if
5
all necessary components are already exist on a system, only the application source files
need to be loaded and installed. Thus, the installation time is reduced.
2.2. SashXB runtime
The name of a Weblication Definition Format (WDF) file is passed as a command-
line argument to the runtime. A WDF file is a XML file which includes locations where
applications execute, extensions provided by SashXB to access system functionalities,
and source code files. The runtime is responsible for dependency checking, security,
embedding Mozilla HTML rendering widgets, registry access, configuration, and
registration with the SashXB task manager [3]. Once everything necessary is present, it
sets up the location where a SashXB application will run, and then starts that application.
2.3. Locations
A location is the place where a weblication runs [3]. A weblication is an application
that executes on the SashXB runtime. A location is responsible for loading source files
and interpreting them. There are three kinds of locations: Windowapp, PanelApp, and
console locations.
• WindowApp requires an HTML file which may contain JavaScript code. The
embedded JavaScript code may call SashXB extensions. Users can specify
callbacks and display properties for the window.
• PanelApp location is provided for applications running in the Gnome panel. If
the source file is HTML, PannelApp will render it through a GTKMozEmbed
6
widget that sits inside another GTK widget in the panel. If the source file is a
JavaScript file, PanleApp will evaluate the JavaScript.
• Console location is for the application where user interface is designed with
Glade or simply a shell command line.
2.4. Extensions
Extensions are libraries, which provide new functions beyond what is authorized by
regular JavaScript code. They are written in C++ and can be used as any other JavaScript
function.
An extension is at its core an XPCOM object. Its interface is what is actually exposed
to JavaScript. It defines the methods and properties that weblication writers can access in
an XPCOM IDL file.
The following paragraph shows a simple IDL file [6] “SashIEcho.idl”. It defines
interface for the extension “Echo”.
#include "nsISupports.idl" #include "nsIVariant.idl" // we'll need this later [scriptable, uuid(E84BB338-5021-43BC-935D-94FC9307C43A)] interface sashIEcho : nsISupports { attribute string Prefix; void Print(in string toPrint); };
The above file describes the interface which contains one function, “Print”, and on
attribute, “Prefix”. All XPCOM components inherit from nsISupports, so include it at the
beginning of the file. A new uuid is generated for each extension. This IDL file is then
converted into header and xpt file by running the xpidl program. The header file is used
7
when creating the implementation of the extension. The xpt file is the “compiled” version
of the extension’s interface. The IDL semantics and types are similar to those of C.
The “Print” function can be accessed in JavaScript as Sash.Echo.Print(). Extension
“Echo” may have other private functions and data, which are not included in IDL file.
Currently SashXB support a wide variety of extensions [7].
• Core: provides some basic functionality, consisting six sub-parts:
o Channels: provide means to communicate with other weblications.
o Cursor: manipulate the cursor.
o Process: create and kill processes.
o UI: show basic user input boxes and returns the responses.
o Net: Download and upload data and files.
o Platform: get information about the system the weblication is running on.
• Linux: expose command-line arguments and UI input boxes.
• Registry: store and retrieve values
• Filesystem: manage files and folders.
• GTK: manipulate GUI elements.
• Glade: use Glade GUIs.
• Comm: use network sockets.
• FTP: access remote files.
• Jabber: send instant messages.
• XML: parse XML documents.
• Vorbis: play ogg vorbis sound files.
• LDAP: access LDAP databases.
8
• MySQL: access MySQL databases.
2.5. Weblications
A weblication is an application that executes in the SashXB runtime. It can be written
using web technologies, such as HTML, JavaScript, and XML. The SashXB runtime
exposes native operating system functionality, such as file system, networking, user
interface into a weblication’s JavaScript environment. Thus, weblications are able to
make calls to system functionality within normal JavaScript code.
A weblication contains one or more actions, which are the blocks of codes that do
things. In this way, several related components are combined into a package. A user can
choose which one of them to run.
SashXB exposes native system functionality through extensions. Each extension
encapsulates a particular aspect, such as file system, channel. A weblication may use one
or more of extensions. Extensions can be installed at the time when a weblication is
installed.
A location determines where a weblication is running. There are two fundamental
types of location: those that use an embedded Mozilla and those that use just a JavaScript
interpreter. For the former, the weblication is designed as a HTML file. Sash code is put
between <script> tags within that file. User interaction is done through JavaScript
callbacks. For the later, Sash code is saved into a .js file. A developer has to build a user
interface for it.
9
3. WRITING A WEBLICATION: A FILE SYSTEM EXPLORER
I created a weblication to support operations to local and remote filesystems in
RedHat Linux 7.1. It includes the following three files:
• Explorer.glade: a user interface file
• Explorer.js: a JavaScript source file
• Explorer.wdf: a configuration file
This weblication runs on a console location. A graphical user interface is needed so
that users are able to interact with the weblication.
The weblication “explorer” contains the following function:
• List files and directories by name, size or last modified time
• Copy and Paste a file or directory
• Delete and rename a file or directory
• Create a new directory
• Open a selected file in a text editor (see Figure 3.1)
In the editor, the opening file can be changed and saved. Copy and Paste the
selected text in clipboard.
• Connect to a remote FTP server (see Figure 3.2)
• Transfer files and directories between local system and remote server
10
Figure3.1. Screenshot of the explorer main window and the editor window. In the
explorer window, files and folders in the directory /root are listed by name. In text editor
window, a file in “/root/sash/explorer/explorer.js” is open.
11
Figure3.2. Screenshot of the explorer main window and the FTP window. In the FTP
window, files and directories in the directories /home/te_h1/wuye001/files/SashXB are
listed.
3.1. Creating a Glade GUI
Glade is used to create a graphical interface on top of Console. Glade is an open
source graphical user interface design program. GTK is the underlying toolkit that allows
developers to manipulate graphical components individually. Glade is able to create GUIs
quickly by dragging and dropping desired elements into containers [9].
Glade shows several windows when it starts up, main window, palette window and
property window (Figure 3.3). The main glade window can make operation on project
12
and file management. Developers can open an existing glade project file or start a new
one. As shown on Figure 3.3, my project contains four windows. I can choose and edit
any one of them individually. The main window “explorer” is used to list files and
directories. It provides buttons to make operations for files and directories, such as copy
or delete a file. The window “editor” is used to show the content of a file, modify it and
save the modification. The window “ftp” is used to show the file system on the remote
server. The last window “open_connection” is used to let user input the login information
for remote server, such as username and password.
Figure3.3. Screenshot of the main window, palette and property window of Glade.
The opened project “explorer” contains four windows: explorer, editor, ftp and
open_connection.
13
The palette window contains all Glade elements that can be added into a project.
Elements include text fields, text boxes, drop-down lists, buttons, check boxes, and radio
buttons, etc. Tables, vertical and horizontal box elements are used to create rows and
columns. All of them can be easily added to a selected graphical interface by convenient
operations. Each of them has properties that can be modified by a developer to meet
special requirements. The properties window is used to set properties of an element, such
as names, sizes, positions, signals, etc.
The property window in Figure 3.3 shows the property of the top level window
“explorer”. Its name is “explorer”, it is the top level widget, and the window “explorer” is
allowed to shrink and grow.
To add an element, just click it on the palette, and then click in the appropriate area.
To edit an element’s properties, click and select it, and then edit properties shown on the
property window. The name of an element can be accessed from JavaScript code. An
element may emit a signal depending on user’s actions. For example, a mouse button is
pressed on the X in the upper right corner of the explorer main window. The signal
handler or callback is the function that responds to that signal. The following source code
of Glade means that when window “explorer” is destroyed, function
“on_explorer_destroy” will be called.
<signal> <name>destroy</name> <handler>on_explorer_destroy</handler> <last_modification_time>Mon, 17 Nov 2003 05:17:14 GMT</last_modification_time> </signal>
14
This JavaScript function “on_explorer_destroy” is saved in the source file explorer.js.
The Glade project source code is saved in the explorer.glade file.
3.2. Writing Sash code
Sash code is JavaScript with Sash extensions and objects [9]. JavaScript functions are
used to interact with GUI events (like button pressed).
Sash extension exposes native operating system functionality to the weblication’s
JavaScript environment. Developers can insert extension calls to system functionality
into normal JavaScript code. SashXB extensions hide low-level implementation detail
and expose the native functionality in abstract form, thus, even difficult tasks can be
accomplished in one line. Let’s see an example to explain this.
The following example shows how easy that SashXB make operation on file system.
The function “on_paste_local_clicked” will be called when the button “Paste” on
“explorer” main window is clicked (Figure 3.1). It is used to paste a selected file or
directory to the current directory. “copy_files” is an array to contain all selected files or
directories to be pasted. It is a global variable. Its value is determined when “Copy”
button is clicked. “copy_files” will be pasted from “old_path” to “local_path”. At first
this function checks if “copy_files” is a file or folder in “old_path” by using SashXB
extension “Sash.FileSystem.FolderExists”.
if (Sash.FileSystem.FolderExists(Sash.FileSystem.BuildPath(old_path, copy_files[i][0])))
15
The function “Sash.FileSystem.BuildPath(old_path, copy_files[i][0])” creates a new
file or directory named “copy_files[i][0]” in the directory “old_path”. Then check if a file
or folder named “copy_files” already exists in new directory “local_path”.
if (Sash.FileSystem.FolderExists(Sash.FileSystem.BuildPath(local_path, copy_files[i][0])))
If it is, users will decide whether overwrite the old one. The file is pasted by using the
extension “Sash.FileSystem.CopyFile” and the folder is pasted by using the extension
“Sash.FileSystem.CopyFolder”.
Sash.FileSystem.CopyFolder(Sash.FileSystem.BuildPath(old_path,
copy_files[i][0]), Sash.FileSystem.BuildPath(local_path, copy_files[i][0]), true);
Sash.FileSystem.CopyFile(Sash.FileSystem.BuildPath(old_path,
copy_files[i][0]), Sash.FileSystem.BuildPath(local_path, copy_files[i][0]), true);
This example already shows that Sash extensions provide more functions to
JavaScript and are very easy to be used by a developer. The following paragraph shows
the complete source code for function “on_paste_local_clicked”.
function on_paste_local_clicked() { for (var i = 0; i < copy_files.length; i++) { if (copy_files[i][0] && copy_files[i][0] != "") { //check if the copied object is a folder if (Sash.FileSystem.FolderExists(Sash.FileSystem.BuildPath(old_path, copy_files[i][0]))) { //if the folder exit in new path if (Sash.FileSystem.FolderExists(Sash.FileSystem.BuildPath(local_path, copy_files[i][0])))
16
{ //Ask user to decide if overwrite the existing folder if (Sash.Linux.Dialog("Are you sure?", "Are you sure you want to overwrite the following folder?\n"+copy_files[i][0], ["Button_Yes", "Button_No"], 1, 1) == 0) Sash.FileSystem.CopyFolder(Sash.FileSystem.BuildPath(old_path, copy_files[i][0]), Sash.FileSystem.BuildPath(local_path, copy_files[i][0]), true); } //copy folder “copy_files” from old_path to local_path else { var m = Sash.FileSystem.BuildPath(local_path, copy_files[i][0]); var n = new Sash.FileSystem.Folder(m, true); Sash.FileSystem.CopyFolder(Sash.FileSystem.BuildPath(old_path, copy_files[i][0]), Sash.FileSystem.BuildPath(local_path, copy_files[i][0]), true); } } else //the copied object is a file { // check if the file is existing in the new directory if (Sash.FileSystem.FileExists(Sash.FileSystem.BuildPath(local_path, copy_files[i][0]))) { //ask user to decide if overwrite the existing file if (Sash.Linux.Dialog("Are you sure?", "Are you sure you want to overwrite the following file?\n"+copy_files[i][0], ["Button_Yes", "Button_No"], 1, 1) == 0) Sash.FileSystem.CopyFile(Sash.FileSystem.BuildPath(old_path, copy_files[i][0]), Sash.FileSystem.BuildPath(local_path, copy_files[i][0]), true); } //Copy file “copy_files” from old_path to local_path else Sash.FileSystem.CopyFile(Sash.FileSystem.BuildPath(old_path, copy_files[i][0]), Sash.FileSystem.BuildPath(local_path, copy_files[i][0]), true); } copy_files[i][0] = ""; } } }
17
3.3. Creating a WDF file
The WDF file is a configuration file which contains all of the necessary information
for installing the weblication. It tells the installer which locations, extension, and source
files are needed. The WDF file is a XML file. SashXB provides a convenient way to
create a WDF file. A new WDF file can be created by using the WDF editor [9]:
[root@localhost explorer]# sash-wdf-editor explorer.wdf
Figure3.4. Screenshot of the wdf-editor which is used to create a XML file,
explorer.wdf.
18
Figure 3.4 shows the WDF editor. Every weblication must have a GUID (Global
Unique Identifier). GUID is a 128-bit number which is used to uniquely identify a
particular SashXB component [8]. It can be generated by clicking button “Generate”.
For weblication “explorer”, its version is set to 1.0.0.0. In Figure 3.4, “Import
Registry” button is used to set the weblication's default registry settings based on an
XML registry file, which can be created and edited with sash-registry-editor. “Edit
Security” allows a developer to specify the security settings that the weblication
“explorer”will require to run (see Figure 3.5).
Figure3.5. Screenshot of the security window after clicking “Edit Security” button in
Figure 3.4.
19
There is only one action for “explorer”. The dependencies section lists all the
extensions and locations that need to be installed so that the weblication “explorer” is
able to run properly. There are two files required for the weblication, explorer.glade and
explore.js. They are source files. “Linux” is the platform for the “explorer”.
20
4. INSTALLATION AND MANAGEMENT
4.1. Installation of SashXB
I installed SashXB in RedHat Linux 7.1 system. The following packages should exist
on the system before SashXB can be installed:
• Mozilla: its version should be greater than 1.1.
• Mozilla-nspr: its version should be greater than 1.1.
• Libxml2
• Libgdome2: its version should be greater than 0.7.0.
• Glibc: its version should be greater than 2.2.3.
• Libglade
For my system, I updated and installed the following packages:
[root@localhost sash]# rpm -U glib-1.2.10-5.i386.rpm [root@localhost sash]# rpm -U libxml2-2.4.24-2.i386.rpm [root@localhost sash]# rpm -U gdome2-0.7.2-1.i386.rpm [root@localhost sash]# rpm -Fvh glibc-2.2.4-30.i386.rpm
glibc-common-2.2.4-30.i386.rpm glibc-devel-2.2.4-30.i386.rpm [root@localhost sash]# rpm -Fvh mozilla-1.1-0.i386.rpm SashXB 1.1 RPM can be downloaded from website http://www-
124.ibm.com/developerworks/oss/sashxb/download/. Install it using the following
command:
[root@localhost sash]# rpm -ivh sashxb-1.1-2.i386.rpm
21
4.2. Installation of the weblication “explorer”
SashXB provides three programs, sash-install, sash-task-manager and sash-runtime.
They cover how to install, run and manage weblication on Linux platform[8]. The
program sash-install is a utility to install or uninstall weblications, extensions, and
locations.
To install a component, run sash-install with the component’s WDF file as the first
argument. For my weblication, first change to the directory containing the configuration
file explorer.wdf, then run sash-runtime on the weblication’s WDF file.
[root@localhost explorer]# sash-install explorer.wdf
Components can also be installed by using a GUID. The installer will use the SashXB
locator to try to find the requested component.
A graphical installer will present with a series of page. It shows the information about
the installed weblication, the weblication’s licence information, and the weblication’s
requested security settings (figure 4.1). Figure 4.1 shows the security setting page. It
shows security permissions that the weblication is requesting. The permission can be
changed by clicking “Edit Security Settings” button.
During installation process, the installer will check all dependencies (extensions and
locations) listed in weblication’s WDF file, explorer.wdf. If there are necessary
dependencies on the system, installer will download and install them itself. In my
weblication, the following extensions will be installed: FileSystem, Glade, GTK, Registry
and FTP. The Core and Linux extensions are installed by default.
22
Figure4.1. Screenshot of the security page when the weblication “explorer” is
installing.
4.3. Task manager
The program sash-task-manager is a graphical utility that displays the SashXB
weblications, extensions, and locations installed on the system. It also lists currently
running weblications, controls settings for proxy servers, and SashXB component locator
services.
The task manager can be run by using the following command:
[root@localhost sash]# sash-task-manager &
23
Then a task manager icon will appear in panel (see Figure 4.2). Click on this icon to bring
up the task manager’s main window, as shown in Figure 4.3. The task manager also can
be run as a standard application with –no-panel argument. It is useful if a user is not
running a Gnome window manager, thus, do not have a Gnome panel.
[root@localhost sash]# sash-task-manager –no-panel&
Figure4.2. The task manager icon shown on the Gnome panel.
Figure4.3. The window of task manager with “Installed” tab is clicked.
24
By clicking on the “Installed” tab (Figure 4.3), a list of installed weblications is
displayed. A weblication can be run by clicking the “Run” button to run all actions in this
weblication or clicking the “Run Action” button to select which action is wished to be
run.
Clicking the “Security”, “Update” or “Uninstall” buttons will allow a user to edit the
security setting, check for updates to the weblication, or uninstall the weblication. Figure
4.4 shows the security setting for the weblication “explorer”.
Figure4.4. Security window after “Security” tab on the task manager window is
clicked.
25
Click on the “Extensions” (see Figure 4.5) or “Locations” tab to show the list of the
installed extensions and locations. Each one of them can be updated or uninstalled. The
“Setting” tab is used to see the current configuration of proxies and component location
services.
Figure4.5. Screenshot of task manager when extension tab is clicked.
26
4.4. sash-runtime
Sash-runtime is a command-line program used to run weblications installed on the
system. So in addition to running my weblication from the task manager, I can run my
weblication by using the following command.
[root@localhost explorer]# sash-runtime explorer.wdf
To run the weblication by its GUID, use the following command.
[root@localhost explorer]# sash-runtime {CE29D282-09A5-42BA-8BF3-
ECCD7E0B1540} &
If a weblication has multiple actions, users can spsecify the specific action by using the
action name as an additional argument to sash-runtime.
27
5. SECURITY OF SASHXB
5.1. Security of Sash extensions
There is a security problem when a user downloads machine-specific binary code and
begins to execute it. The machine code cannot be proved to be safe. So a user has to trust
it. He may sandbox it to a very limited degree to prevent any malicious behavior.
Sash extensions have such a problem. A user has to download extensions from
Internet and install them in a local machine. It is possible for a malicious developer to
write code that accesses the file system without security checking. Thus the safest way to
install an extension is to download source code, read it (SashXB is open source), and then
compile it on the local machine.
5.2. Security of weblications
A weblication is more secure than an extension. Developers and users have more
security control on it. Before a weblication is installed, all security settings are stored in a
registry file “security.dat”, which is actually a XML file. The file is created by a
developer. At installation time, the user grants those permissions. When the weblication
runs, every line of code is checked by the runtime for those permissions.
There are 13 security settings for a weblication:
1. Registry_accessn (name=”0”): Registry access level
28
2. Channel_use (name=”1”): allow channels
3. Process_spawning (name=”2”): allow starting of other applications
4. Printing (name=”3”): allow printing
5. Clipboard (name=”4”): allow copying and pasting from the clipboard
6. Register (name=”5”): allow COM object registration
7. Download (name=”6”): allow uploads/downloads
8. Action_spawning (name=”7”): allow starting of other weblications
9. Filesystem_access (name=”8”): filesystem access level
10. Restart_browser (name=”9”): allow the weblication to restart Mozilla
11. Java (name=”10”): Java power
12. RPC (name=”11”): allow XML RPC/SOAP
13. Undefined (name=”-1”)
The above number in the parenthesis is the name of each security setting in file
“security.dat”. A security setting can be a boolean (allow or disallow an action), a string
enumeration (various levels of access), a number, or a string (perhaps for only allowing
access to specified internet addresses). For the above 13 settings, three of them use string
enumeration as their security type: registry_access, filesystem_access, and Java. There
are three levels that can be specified by users: none, local, or all. The other 10 security
settings are expressed by a boolean number.
In the file “security.dat”, each setting contains three parts: Type, Value, and
EnumValue. Type contains the type of setting it is (boolean, number, etc.). If the type is a
string enumeration, then Value contains the string array and EnumValue is the index of
the selected string. Otherwise, Value contains the value of the security setting. The
29
following paragraph shows an example of the setting “filesystem_access”. Its name is “8”.
Its type is string enumeration (CDATA[3.0000]). Its value is contained in an “array” with
3 elements: none, local, and all. Since its EnumValue is 2.00 (CDATA[2.000000]), the
file system access level is “all”.
<key name="8"> <value name="Description"
type="string"><![CDATA[46696c6573797374656d20616363657373206c6576656c]]></value> <value name="Type" type="number"><![CDATA[3.000000]]></value> <value name="Value" type="array"><![CDATA[3 4 6e6f6e655 6c6f63616c3 616c6c]]></value> <value name="EnumValue" type="number"><![CDATA[2.000000]]></value> </key>
Another example is the security setting for “Channel_use”. Its name is “1”. Its type is
Boolean number (CDATA[0.000000]). Its value “1.00” (CDATA[1.000000]) shows that
HTTP connection is allowed.
<key name="1"> <value name="Description"
type="string"><![CDATA[416c6c6f772046545020636f6e6e656374696f6e73]]></value> <value name="Type" type="number"><![CDATA[0.000000]]></value> <value name="Value" type="number"><![CDATA[1.000000]]></value> <value name="EnumValue" type="number"><![CDATA[0.000000]]></value> </key>
For a weblication, security is first set by a developer when a WDF file, such as
explorer.wdf, is edited. The WDF editor provides a way to set security permissions (see
Figure 3.4 and 3.5). Users can specify security setting when they install a weblication
(see Figure 4.1). They also can change the default value by using Sash task manager (see
Figure 4.3 and 4.4).
For my weblication, the secrity setting is as following:
• Allow FTP connections
30
• Registry access level: local
• Filesystem access level: all
• Java power: low
The weblication allows an FTP connection to access remote FTP server. The
filesystem access level is granted the highest since the weblication will make operations
to local and remote file systems.
JavaScript alone does not have access to native functionality, so security checks are
only necessary when Sash code is called. The SashXB security manager provides
methods for querying user security settings, but it is the responsibility of the extension to
use these methods before executing code that accesses a resource.
For example, in my weblication, if a user wants to upload a file to remote FTP server,
the callback JavaScript function “on_send_clicked” is executed. This function uses the
function Put() provided by Sash extension SashFTP. Put() calls the function
“createRequest()” to create a transfer request. Then createRequest() pass the file’s path to
a runtime function AssertFSAccess() to check the filesystem access level.
NS_IMETHODIMP ActionRuntime::AssertFSAccess(const char* path) { bool local = FileSystem::IsLocal(path,DataDirectory(m_WeblicationDirectory)); if (local) AssertSecurity(m_SecurityManager, GSS_FILESYSTEM_ACCESS, (float)FSS_LOCAL); else AssertSecurity(m_SecurityManager, GSS_FILESYSTEM_ACCESS, (float)FSS_GLOBAL); return NS_OK; }
31
The above function AsserFSAccess is used to verify with the Security Manager if the
running weblication is allowed access to it. There are three setting level for file system
access: none, local and all. “none” grants no access at all. “local” only allows to access
files in its own data/ directory, and “all” permits access to all files. Since the requested
files are in remote system, the file system access level should the highest “all”
(FSS_GLOBAL). If the weblication’s security setting is not high enough, a dialog box
pops up and ask user if the access should be denied, allowed once, or allowed always. If
users grant the permission, implementation code continues to execute.
32
6. CONCLUSION
SashXB is a good programming environment which provides extensions to JavaScript
functionality. Extensions hide low level details and provide weblication writers
capabilities to access native operating system functionalities. It allows people with
HTML and JavaScript skills to create applications without having to learn another
programming language. In my project, I only used JavaScript and SashXB extensions to
implement operations on file system and connect a remote FTP server. SashXB also
provides several graphic tools that make it easy to write and use applications. For
examples, a graphical WDF file editor is provided to create a XML configuration file. A
graphical installer downloads all necessary dependencies for a weblication and makes
installation very easy. A user can use task manager to manage installed weblications and
extensions. SashXB also provides good security control for developers and users. A
developer can set security options for a weblication by editing a WDF configuration file.
A user can modify it during installation and by using task manager. If a weblication tries
to exceed its rights, it will be stopped by the runtime with a warning to the user.
However, SashXB is not for writing any type of applications since JavaScript is not
for developing large software projects. It is a good choice for small to medium
applications. It provides access to common system resources and network protocols. In
the future, new extensions will provide even more opportunities for developers.
33
7. REFERENCE
1. Heitner, A. Past, Present and Future of SashXB.
http://developer.gnome.org/feature/archive/sashxb/ (Jan. 12, 2004).
2. Mora, F. 2003. HOWTO: Quickly Create Graphical Applications with SashXB.
http://www.linuxjournal.com/article.php?sid=6696 (Jan. 12, 2004).
3. Yung, W. and Corwin J. 2002. SashXB Lends mini-RAD to Linux. http://www-
106.ibm.com/developerworks/linux/library/l-sashxb/index-MINE.html (Jan. 12,
2004).
4. Parrish, R. 2001. XPCOM Part1: An Introduction to XPCOM. http://www-
106.ibm.com/developerworks/webservices/library/co-xpcom.html (Jan. 12, 2004).
5. Parrish, R. 2001. XPCOM Part2: XPCOM Component Basics. http://www-
106.ibm.com/developerworks/webservices/library/co-xpcom2.html (Jan. 12, 2004).
6. SashXB for Linuux Developer: Extension Writing Guide. http://www-
124.ibm.com/developerworks/oss/sashxb/documentation/extensions/ (Jan. 12, 2004).
7. SashXB for Linuux Developer: Using SashXB Extensions. http://www-
124.ibm.com/developerworks/oss/sashxb/documentation/apis/ (Jan. 12, 2004).
8. SashXB for Linuux Developer: Using SashXB for Linux. http://www-
124.ibm.com/developerworks/oss/sashxb/documentation/base/ (Jan. 12, 2004).
34
9. SashXB for Linuux Developer: Writing Weblications. http://www-
124.ibm.com/developerworks/oss/sashxb/documentation/weblications/ (Jan. 12,
2004).
35
Appendix. The security file “security.dat” for weblication “explorer” <?xml version="1.0"?> <SashRegistry version="1.1"> <key name="^Top"><key name="{542AE96F-53C2-40E1-8839-DF8050EA2C71}"> <key name="-1"><value name="Description" type="string"><![CDATA[465450]]></value><value name="Type" type="number"><![CDATA[0.000000]]></value><value name="Value" type="number"><![CDATA[0.000000]]></value><value name="EnumValue" type="number"><![CDATA[0.000000]]></value></key> <key name="1"><value name="Description" type="string"><![CDATA[416c6c6f772046545020636f6e6e656374696f6e73]]></value><value name="Type" type="number"><![CDATA[0.000000]]></value><value name="Value" type="number"><![CDATA[1.000000]]></value><value name="EnumValue" type="number"><![CDATA[0.000000]]></value></key></key> <key name="Global"><key name="-1"><value name="Description" type="string"><![CDATA[476c6f62616c]]></value><value name="Type" type="number"><![CDATA[0.000000]]></value><value name="Value" type="number"><![CDATA[0.000000]]></value><value name="EnumValue" type="number"><![CDATA[0.000000]]></value></key> <key name="10"><value name="Description" type="string"><![CDATA[4a61766120706f776572]]></value><value name="Type" type="number"><![CDATA[3.000000]]></value><value name="Value" type="array"><![CDATA[3 3 6c6f776 6d656469756d4 68696768]]></value><value name="EnumValue" type="number"><![CDATA[0.000000]]></value></key> <key name="11"><value name="Description" type="string"><![CDATA[416c6c6f7720584d4c205250432f534f4150]]></value><value name="Type" type="number"><![CDATA[0.000000]]></value><value name="Value" type="number"><![CDATA[0.000000]]></value><value name="EnumValue" type="number"><![CDATA[0.000000]]></value></key> <key name="0"><value name="Description" type="string"><![CDATA[526567697374727920616363657373206c6576656c]]></value><value name="Type" type="number"><![CDATA[3.000000]]></value><value name="Value" type="array"><![CDATA[3 4 6e6f6e655 6c6f63616c3 616c6c]]></value><value name="EnumValue" type="number"><![CDATA[1.000000]]></value></key> <key name="1"><value name="Description" type="string"><![CDATA[416c6c6f77204368616e6e656c73]]></value><value name="Type" type="number"><![CDATA[0.000000]]></value><value name="Value" type="number"><![CDATA[0.000000]]></value><value name="EnumValue" type="number"><![CDATA[0.000000]]></value></key> <key name="2"><value name="Description" type="string"><![CDATA[416c6c6f77207374617274696e67206f66206f74686572206170706c69636174696f6e73]]></value><value name="Type" type="number"><![CDATA[0.000000]]></value><value name="Value" type="number"><![CDATA[0.000000]]></value><value name="EnumValue" type="number"><![CDATA[0.000000]]></value></key> <key name="3"><value name="Description" type="string"><![CDATA[416c6c6f77207072696e74696e67]]></value><value name="Type" type="number"><![CDATA[0.000000]]></value><value name="Value" type="number"><![CDATA[0.000000]]></value><value name="EnumValue" type="number"><![CDATA[0.000000]]></value></key>
36
<key name="4"><value name="Description" type="string"><![CDATA[416c6c6f7720636f7079696e6720616e642070617374696e672066726f6d2074686520636c6970626f617264]]></value><value name="Type" type="number"><![CDATA[0.000000]]></value><value name="Value" type="number"><![CDATA[0.000000]]></value><value name="EnumValue" type="number"><![CDATA[0.000000]]></value></key> <key name="5"><value name="Description" type="string"><![CDATA[416c6c6f7720434f4d206f626a65637420726567697374726174696f6e]]></value><value name="Type" type="number"><![CDATA[0.000000]]></value><value name="Value" type="number"><![CDATA[0.000000]]></value><value name="EnumValue" type="number"><![CDATA[0.000000]]></value></key> <key name="6"><value name="Description" type="string"><![CDATA[416c6c6f772075706c6f6164732f646f776e6c6f616473]]></value><value name="Type" type="number"><![CDATA[0.000000]]></value><value name="Value" type="number"><![CDATA[0.000000]]></value><value name="EnumValue" type="number"><![CDATA[0.000000]]></value></key> <key name="7"><value name="Description" type="string"><![CDATA[416c6c6f77207374617274696e67206f66206f74686572207765626c69636174696f6e73]]></value><value name="Type" type="number"><![CDATA[0.000000]]></value><value name="Value" type="number"><![CDATA[0.000000]]></value><value name="EnumValue" type="number"><![CDATA[0.000000]]></value></key> <key name="8"><value name="Description" type="string"><![CDATA[46696c6573797374656d20616363657373206c6576656c]]></value><value name="Type" type="number"><![CDATA[3.000000]]></value><value name="Value" type="array"><![CDATA[3 4 6e6f6e655 6c6f63616c3 616c6c]]></value><value name="EnumValue" type="number"><![CDATA[2.000000]]></value></key> <key name="9"><value name="Description" type="string"><![CDATA[416c6c6f7720746865207765626c69636174696f6e20746f2072657374617274204d6f7a696c6c61]]></value><value name="Type" type="number"><![CDATA[0.000000]]></value><value name="Value" type="number"><![CDATA[0.000000]]></value><value name="EnumValue" type="number"><![CDATA[0.000000]]></value></key> </key></key></SashRegistry>
