View
214
Download
0
Tags:
Embed Size (px)
Citation preview
Copyright © 2005, SAS Institute Inc. All rights reserved.
SAS® Corporate Compliance – A case study for developing reusable
J2EE applications
Zhiyong LiLead Application ArchitectSAS Pharmaceutical / Corporate Compliance Software Development
Copyright © 2005, SAS Institute Inc. All rights reserved. 2
Agenda Background
SAS Drug Development Key Architecture Components
Reuse
Summary
Demo
Copyright © 2005, SAS Institute Inc. All rights reserved. 3
The Sarbanes-Oxley Act of 2002 - What is It?
Contains 11 Titles, 66 Sections • §404 – Management Assessment of Internal Controls• §302 – Corporate Responsibility for Financial Reports• §409 – Real-time Issuer Disclosures
Copyright © 2005, SAS Institute Inc. All rights reserved. 4
The Sarbanes-Oxley Act of 2002 - Who is Impacted? All public companies
Foreign-based companies / foreign subsidiaries of US companies
Chief Executive Officer and Chief Financial Officer
Finance, internal audit, audit committee of the Board of Directors, Chief Risk Officer, Chief Audit Officer
IT, Sales & Marketing, Shipping & Receiving… theoretically the entire company
Copyright © 2005, SAS Institute Inc. All rights reserved. 5
SAS® Corporate Compliance Secure, auditable repository, versioning,
electronic signatures
Highly configurable
Assessment-oriented workflow
Documentation for control procedure, testing activities, issues, etc.
Report for viewing control effectiveness, outstanding issues, etc.
J2EE web application with zero footprint client
Copyright © 2005, SAS Institute Inc. All rights reserved. 6
SAS® Drug Development
Centralized object repository, versioning and electronic signature
Enables compliant environment
Data transformation and integration
Data exploration
Statistical analysis and reporting
Study reports and submissions
(Very) Thin client
Copyright © 2005, SAS Institute Inc. All rights reserved. 7
SAS Drug Development and SAS Corporate Compliance Key Comparison
Similarities• Compliant solution
− Strong audit trail and security functionalities• Web-based platform• Content Management functionality
− objects, documents, versioning, electronic signing
Differences• SAS Drug Development
− Clinic trial oriented concepts (studies, protocols, submissions)
− Java Swing applications • SAS Corporate Compliance
− Process oriented workflow for control self assessment
Copyright © 2005, SAS Institute Inc. All rights reserved. 8
Agenda Background
SAS Drug Development Key Architecture Components
Reuse
Summary
Demo
Copyright © 2005, SAS Institute Inc. All rights reserved. 9
SAS Drug Development Key Architecture Components
FirewallFirewall
WebDAVWebDAV ServerServer
WebDAVWebDAV ServerServer
SASSASServerServerSASSAS
ServerServer
DataData ServerServerDataData
ServerServer
App App ServeServe
rr
Mapped Drive\Web Mapped Drive\Web FolderFolder
WebWebServerServerHTTPSHTTPS
OracleOracle
Copyright © 2005, SAS Institute Inc. All rights reserved. 10
Client
User Interface • HTML, Javascript and Java Swing applications
Client Requirements Include:• Windows 98, NT, 2000 and XP
Browser IE 5.5 or higher, Netscape 7.0
• MAC OS10
Safari on MAC
Copyright © 2005, SAS Institute Inc. All rights reserved. 11
Web/App Server
Web-tier • Handles request/request between client and server
• Maintains user interface flow and user’s states (sessions)
• Communicates with the business tier
Business-tier• EJB based APIs
• Provides business logic services
− searching, events, object management, security, audit trail, etc.
Copyright © 2005, SAS Institute Inc. All rights reserved. 12
Backend Servers
Data Storage-tier• Accesses data in the backend servers.
• WebDAV server
− Stands for "Web-based Distributed Authoring and Versioning".
− Content Management: Version control, security, permission-based access, metadata
• Data server
− Stores all objects and metadata
− Stores all data, documents and files
• SAS server
− The analytical engine: Generating all reports
Copyright © 2005, SAS Institute Inc. All rights reserved. 13
Agenda Background
SAS Drug Development Key Architecture Components
Reuse
Summary
Demo
Copyright © 2005, SAS Institute Inc. All rights reserved. 14
Reuse - Architecture Shares a similar architecture
SAS Corporate Compliance is built on top of SAS Drug Development
Reuses components
SDD/SCC Database and Backend Servers
SCC Business Tier SDD Business Tier
SCC Web Tier SDD Web Tier
SCC User Interface SDD User Interface
Copyright © 2005, SAS Institute Inc. All rights reserved. 15
Reuse – User Interface
Shares the same frame_based layout
Shares the same components / JSP tags• Tree view
• Tab view
• Menu bar and menu
Dynamically generated property pages
Configures menu items, url link, etc.
Copyright © 2005, SAS Institute Inc. All rights reserved. 16
Sample SAS Drug Development Interface
Copyright © 2005, SAS Institute Inc. All rights reserved. 17
Sample SAS Corporate Compliance Interface
Copyright © 2005, SAS Institute Inc. All rights reserved. 18
Sample Configuration File <ObjectAction nameString = "control"
icon = "/p21/portal/common/images/default/icons/icon_control.gif"
openIcon = "/p21/portal/common/images/default/icons/icon_control.gif"
>
<LinkAction nameString = "Default"
url ="mainContent.do?parentPath=$path$&navigate=true&fromShortcut=$fromShortcut$"
targetFrame = "RightFrame"
/>
<LinkAction nameString = "Assign-Control"
url = "assignPersona.do?actionType=edit&objectType=control&parentPath=$parentPath$&path=$path$"
/>
<LinkAction nameString = "My Assignments"
url = "viewAssignments.do?actionType=browse&userMode=user&viewMode=pending&parentPath=$parentPath$"
/>
<LinkAction nameString = "Properties"
url = "property.do?objectType=control&actionType=browse&parentPath=$parentPath$&path=$path$"
/>
<LinkAction nameString = "Audit Trail"
url = "objectAuditTrail.do?objectType=control&parentPath=$parentPath$&path=$path$&entityId=$entityId$"
/>
</ObjectAction>
Copyright © 2005, SAS Institute Inc. All rights reserved. 19
Reuse – Web-tier
Shares the same control framework• Struts-based control framework
• Common services
− Application and Session scope cache
− Configuration
Business-tier independent access strategy• Factory pattern to access business-tier objects
Copyright © 2005, SAS Institute Inc. All rights reserved. 20
Web-tier Architecture
Copyright © 2005, SAS Institute Inc. All rights reserved. 21
Reuse – Business-tier EJB based services
• Audit trail, Search, Object Management
• Assessment
Reuses EJB services
Dynamically defined types and attributes• Shared types: Folder, document, shortcut
• Product specific types:
− SAS dataset, compound, protocol, …
− Time period, entity, process, risk, control
Copyright © 2005, SAS Institute Inc. All rights reserved. 22
Sample Type Definition File Typedef.xml
Typedef.xsd
I18n.xml
AttrLayout.xml
Typedef.xml
<?xml version="1.0" encoding="UTF-8"?>
<TypeDef>
<id>sdd:control</id>
<typeName>control</typeName>
<isContainer>true</isContainer>
<isStateful>true</isStateful>
<typeNamePlural>controls</typeNamePlural>
<handlerClass>com.sas.ibiomatics.p21.server.scc.control.ControlHandler
</handlerClass>
<notifyUpLevel>1</notifyUpLevel>
<standardType>standardcontrol</standardType>
<validationClass>com.sas.ibiomatics.p21.server.scc.StandardIdToPathTypedefRule
</validationClass>
</TypeDef>
Copyright © 2005, SAS Institute Inc. All rights reserved. 23
Data Access Layer Uses Xythos to store object related data
• Object instances and relationships
• Object attributes
Uses Hibernate to access other data • Users, Audit records, Signing, Registration
• SCC assessment, workflow and states
Same approach of accessing Hibernate functions• Sessions, transactions
• Shared database connection pools
Copyright © 2005, SAS Institute Inc. All rights reserved. 24
Summary Uses multiple-tier architecture
• Separates responsibilities
Uses best practices for each tier• Presentation
− Templates, shared components, configurable actions• Web-tier
− Shared control framework− Factory pattern for configurable accessing to business-tier
• Business-tier− Component-oriented design with well-defined APIs− Event-driven design for easy integration (reuse)
• Data-tier− Uses O/R mapping tool to manage relational data− Uses external tools to manage transactions and
connections
Copyright © 2005, SAS Institute Inc. All rights reserved. 25
Agenda Background
SDD Key Architecture Components
Reuse
Summary
Demo• SAS Corporate Compliance
• SAS Drug Development
Copyright © 2005, SAS Institute Inc. All rights reserved. 26
Demo
SAS® Corporate Compliance (SCC)
SAS® Drug Development (SDD)
Copyright © 2005, SAS Institute Inc. All rights reserved. 27Copyright © 2005, SAS Institute Inc. All rights reserved. 27