Classifications

• • G—PHYSICS
  • G06—COMPUTING OR CALCULATING; COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
  • G06Q40/02—Banking, e.g. interest calculation or account maintenance

Definitions

• the present invention relates generally to the field of on-line financial institution services, and more particularly to methods and systems for implementing on-line financial institution services, such as on-line banking, alerts, portal building, and authentication services, via a single physical and logical platform.
• on-line financial institution services such as on-line banking, alerts, portal building, and authentication services
• a global financial institution such as a global bank
• Such separate systems typically grow up over time on different platforms developed to meet particular problems and may have been deployed, for example, on their own technology or may be based on inherited technology.
• the financial institution may have an online banking system to support banking transactions for its customers deployed in various businesses worldwide on a proprietary application server and running, for example, on NT.
• the financial institution may also have a separate system built to provide an alerting capability to send email or mobile phone alerts to customers for various banking events likewise deployed in various countries that also runs, for example, on NT, but on MICROSOFT Application Server.
• the financial institution may have a portal project that allows the building of a customized home page when a customer signs on, along with a platform that supports non-financial content that a business can manage, deployed in various businesses, for example, on JAVA 2 ENTERPRISE EDITION ("J2EE”) Server.
• J2EE JAVA 2 ENTERPRISE EDITION
• the financial institution may have an inherited technology portal product based on commercially available products, such as BRO ADVISION Application Server, as well as an authentication system, for example, that is proprietary, deployed elsewhere.
• on-line financial institution services such as on-line banking, alerts, portal building, and authentication services
• SLA pre-defined levels
• JAXB JAVA Architecture for XML Binding
• JCA J2EE Connector Architecture
• MVC model- view-controller
• embodiments of the present invention provide methods and systems for implementing on-line financial institution services, such as on-line banking, alerts, portal building, and authentication services, via a single physical and logical platform, embodiments of which bring a variety of capabilities formerly provided by separate systems, as well as numerous additional capabilities, onto the single physical and logical platform, referred to herein as the JAVA Financial Platform ("JFP").
• JFP for embodiments of the invention includes, for example, on-line banking transactions, alerting capabilities, portal building, and authentication, which run on a standard J2EE Application Server and make the issue of operating system and hardware independent of the development decision. Having JFP based on J2EE provides a great deal of flexibility in terms of the operating systems or hardware on which it runs.
• JFP for embodiments of the invention serve to unify the logical physical architecture of the financial institution's systems. Placing all of these functions on the same application servers allows them to all share the same session context without the need for a single sign-on, provides an opportunity for cost savings via server consolidation, and provides a large degree of flexibility in terms of hardware.
• JFP for embodiments of the invention is a JAVA view control framework that provides the financial institution's customer, for example, with banking applications, alerts, and portal applications, as well as the shared set of facilities that are used by all the applications in terms of language, rules, logging, authentication, authorization, and security, referred to as shared portal services related to navigation, personalization, customization, compositing, and content serving.
• JFP for embodiments of the invention provides a system and method for architecting, designing, packaging and deploying global online banking applications in a J2EE environment.
• JFP enables the building of global online banking applications from a single source base that adapt to business rule and language variability across regions, countries and businesses. It also enables the deployment of global online banking apps in a J2EE container for multiple businesses, while at the same time maintaining the ability for each business to have its own software versions and levels without affecting other businesses within the same container. This is accomplished by creating separate web apps for each individual business. Thus, separate web app context can be created for each individual business, all of which are allowed to run in the same J2EE container, while at the same time, keeping each business separate, so that particular businesses who want different versions or levels of software can be accommodated.
• Embodiments of the invention provide methods and systems for implementing on-line financial institution services via a single physical and logical platform, in which multiple applications consisting, for example, of on-line banking, alert, portal building, and authentication applications run on the same application server for multiple businesses, while allowing each of the businesses to select different software versions independent of one another.
• Creating separate web apps for each of the businesses allows separate web app context to be created for each of the businesses running in the same servlet container while keeping each business separate and allowing multiple businesses to share the same session context.
• a shared set of facilities such as languages, business rules, navigation, personalization, content, customization, compositing, logging, authentication, authorization, and security services, is provided for use by all of the applications.
• content is provided for each business, such as language, business rules, and personalization via a business hierarchy database structure, and businesses are allowed to inherit business rules, language and other content from a standard base while allowing individual country and business variation.
• An embodiment of the invention involves, for example, caching content in memory to eliminate database access and decrease response time, as well as caching rules, phrases, and HTML content in memory and dynamically updating caches in a running system using specific cache controller classes.
• caching content in memory to eliminate database access and decrease response time
• caching rules, phrases, and HTML content in memory and dynamically updating caches in a running system using specific cache controller classes.
• all of the financial institution's business rules and language phrases, and at least a portion of its content are cached in memory, and each business is allowed, through cache controllers and an admin counsel, options to change a business rule or update business phrases and to cause a running system to purchase current content and update content in the running system.
• Embodiments of the invention allow orderly, online cutover from one version of an application to another on a per country basis without requiring shut-down of the application server. This is accomplished, for example, via use of forwarding and drain servlet filters that enable forwarding of new session requests to a new version of software, while at the same time supporting existing sessions on an old version of the software.
• the forwarding and drain servlet filters look at all the new requests and determine for a particular business where the new session requests should be forwarded based on a configuration file.
• a business is allowed to install a new version of software while existing sessions are allowed to run against the old version of software, and new session requests are directed to the new version without shut ⁇ down of the application server.
• An embodiment of the invention provides integration, for example, of a model-view-control framework and a companion open source framework that provides server-side page composition and layout with a concurrent parallel thread package in a manner such that multiple portlets are allowed to be spawned from a single home page request and to be proces sed so that each portlet runs in a thread safe way.
• each portlet is provided with its own cloned copy of request and response objects, thereby allowing each portlet to ran in a thread safe way even with non- thread safe implementations of request / response objects.
• the site entrance filter is a central filter that checks all requests for new sessions and insures that all new session requests are provided with a new session object and a default profile object with the role set to a lowest entitled user.
• the site entrance filter insures that all requests undergo an authorization check based on the user role and other information. Thus, all requests call out to an authorization check to confirm a user's level of authorization.
• Additional embodiments of the invention integrate trie authentication application into a servlet container.
• inventions provide overload protection for any application whose performance has exceeded pre-defined levels using, for example, a site entrance filter to refuse new session requests if a baseline performance of a system has exceeded pre-defined levels.
• portlets are automatically disabled from a home page if a portlet exceeds pre-defined levels.
• This aspect provides an orderly shut-off or disabling of portlets if individual functions exceed the pre-defined levels, and the portlets are taken out of rotation if a pre-determined time to gather data from external sources is exceeded, while allowing a system to continue running for a user.
• Embodiments of the invention also provide sequence protection of any application without requiring overt procedural code in the application.
• extending action mappings are extended to allow declaring that an action mapping is an entry point whereby an attempt to access request to an action mapping that is not marked as an entry point for which there is no existing subappcontext is automatically refused.
• An aspect of such embodiments involves declaring that every action mapping is sequence protected.
• a token embodied in a hidden field and set via a custom tag must be present in order to access the action mapping.
• inventions involve, for example, informing a user who accesses an application at a client browser and attempts to navigate away from an in-process transaction that the transaction is incomplete.
• the user can be given a warning that the transaction is incomplete or the user can be prohibited from navigating away from the incomplete transaction.
• the warning aspect involves, for example, declaring by an application that the user should be warned if the user attempts to navigate away from a currently incomplete transaction via the use of custom tags
• the prohibiting aspect involves declaring by an application that the user should be prohibited from navigating away from a currently incomplete transaction at pre-determined commit points in a screen sequence via the use of custom tags.
• Embodiments of the invention also allow expression of variability of business rules via use of standard business rules methods.
• Such business rules methods ask standard questions of business objects, and the answers are embodied offline in the form of XML data whose content is read-in, transformed and embedded or cached in business objects.
• the business rule objects are organized in terms of business, product and transaction hierarchy, whereby business rules can be addressed at a granularity of individual transactions within a product and business structure
• Further embodiments provide a separation from control and model in a MYC framework via the use of stateless model helpers.
• the stateless model helpers provide discrete functionality that is independent of a sequence of an application and independent of other model helpers.
• inventions provide automatic generation of message objects and transforms using XML schema definitions, JAXB, and message transformation rules from a global abstract interface to a specific regional interface. Still other embodiments provide a connectivity to externa.1 banking hosts via use of standard JCA connector framework.
• FIG 1 is a schematic diagram that illustrates an overview example of the JFP architecture for embodiments of the invention
• FIG. 2 is a schematic diagram that shows an example of the common, and portal services of the JFP architecture for embodiments of the invention
• FIG. 3 is a directory structure that shows an example of the deployment of each sub-app or module inside a single web-app context of JFP for embodiments of the invention
• FIG. 4 is a schematic flow diagram that illustrates an overview example of the JFP banking application request flow for embodiments of the invention
• FIG. 5 is a schematic flow diagram that illustrates an overview example of the JFP banking application response flow for embodiments of the invention
• FIG. 6 is a flow diagram that illustrates an example of the process of code and content deployment onto target systems in the JFP of embodiments of the invention
• FIG. 7 is a flow diagram that illustrates an example of the process of installing JFP code for an embodiment of the invention.
• FIG. 8 is a schematic diagram that shows examples of key components of the physical architecture of JFP for embodiments of the invention.
• FIG. 9 shows a directory structure that illustrates an example of a package from a global development group for embodiments of the invention.
• FIG. 10 shows an example of a staging area directory structure for two packages on an application server for embodiments of the invention
• FIG.11 is a table that illustrates an example of the structure of a ship media a first-time JFP installation for embodiments of the invention
• FIG. 12 is a table that illustrates an example of the structure of staging areas ("SAs") case for the first- time JFP installation for embodiments of the invention
• FIG. 13 is a table that illustrates an example of the structure of the media repackaged as a single package per CD for the first-time JFP installation for embodiments of the invention
• FIG. 14 is a table that illustrates an example of the structure of the SAs for the first-time JFP installation with the ship media repackaged as a single package per CD for embodiments of the invention
• FIG. 15 is a table that illustrates an example of the structure of the ship media for a subsequent installation of new regional applications for embodiments of the invention
• FIG. 16 is a table that illustrates an example of the structure of the SAs for the subsequent installation of new regional applications for embodiments of the invention
• FIG. 17 is a table that illustrates an example of the structure of the ship media for a subsequent incremental installation with one package (i.e, field patch) for embodiments of the invention.
• FIG. 18 is a table that illustrates an example of the structure of the SAs for the subsequent incremental installation with one package (i.e., field pPatch) for embodiments of the invention.
• FIG. 19 is a schematic diagram that illustrates an example of a regional business hierarchy, such as Asia, in the JFP for embodiments of the invention.
• FIG. 20 is a schematic diagram that depicts an example of components and the flow of information between the components involved in providing cache Management to all JFP caches for embodiments of the invention
• FIG. 21 shows a sample JFP console GUI screen for embodiments of the invention
• FIG. 22 is a schematic flow diagram that illustrates an example of the activities involved in aggregating portlets using a parallel processing manager (“PPM”)in the JFP portlet framework for embodiments of the invention
• FIG. 23 is a sequence diagram showing an example of the interaction using the PPM controller in Struts and Tiles environment for embodiments of the invention.
• FIG. 24 is a schematic diagram that illustrates an example of the PortletResponse Wrapper for embodiments of the invention
• FIG. 25 is a schematic diagram that illustrates an example of the PortletRequest Wrapper for embodiments of the invention.
• FIG. 26 is a schematic representation that illustrates an example of the JAVA Authentication and Authorization Service ("JAAS”) subject for embodiments of the invention.
• JAAS JAVA Authentication and Authorization Service
• FIG. 27 is a sequence diagram that illustrates an example of the process of authenticating a user using JAAS with CCS as the back end authentication system for embodiments of the invention
• FIG. 28 is a diagram that illustrates the multi-pronged approach of JFP to authorization enforcement for embodiments of the invention.
• FIG. 29 is a schematic flow diagram that illustrates an overview example of the programmatic JFP authorization service for embodiments of the invention.
• FIG. 30 is a diagram that illustrates an example of the Class Structure in the synchronizer token aspect for embodiments of the invention.
• FIG. 31 is a diagram that illustrates an example of the class structure in the action mappings aspect for embodiments of the invention.
• FIG. 32 is a sequence diagram that illustrates an example of the JFP:link sequence protection in JFP for embodiments of the invention.
• FIG. 33 is a sequence diagram that illustrates an example of the JFP: form sequence in JFP for embodiments of the invention.
• FIG. 34 is a sequence diagram that illustrates an example of the process action sequence protection processing in JFP for embodiments of the invention
• FIG. 35 is an activity diagram that illustrates an example of the process of server-side management of sub-app context cleanup of JFP for embodiments of the invention
• FIG. 36 is a schematic diagram that illustrates an example of participants and responsibilities the server-side management of sub-app context cleanup of JFP for embodiments of the invention.
• FIG. 37 is a sequence diagram that illustrates an example of sub-app context manager creation in JFP for embodiments of the invention.
• FIG. 38 is a sequence diagram that illustrates an example of sub-app context manager termination in JFP for embodiments of the invention.
• FIG. 39 is a sequence diagram that illustrates an example of get or create a sub-app context in JFP for embodiments of the invention.
• FIG. 40 a diagram that illustrates an example of the contents of the memory structure held by the PolicyConfig object for the sample template
• FIG. 41 is a diagram that illustrates an example of the structure in the
• FIG. 42 is a diagram that illustrates an example of the structure in the shared context between sub-apps (server-side clipboard) aspect for embodiments of the invention.
• FIG. 43 is a schematic flow diagram that illustrates an example of the flow of information between the control and the model using a data transfer object ("DTO") for embodiments of the invention
• FIG. 44 is a schematic diagram that illustrates examples of the structure of JFP banking unit objects for embodiments of the invention.
• FIG. 45 is a schematic flow diagram that illustrates an example of JFP banking profile objects for embodiments of the invention.
• FIG. 46 is a schematic flow diagram that illustrates an example of JFP banking relationship object for embodiments of the invention.
• FIG. 47 is a schematic flow diagram that illustrates an example of JFP customer account objects for embodiments of the invention.
• FIG. 48 is a schematic flow diagram that illustrates an example of JFP messaging data binding for embodiments of the invention.
• FIG. 49 is a schematic flow diagram that illustrates an example of the manner in which message generation and data binding using JAXB provides for automatic class generation and serialization / de-serialization code for embodiments of the invention
• FIG. 50 is a schematic flow diagram that illustrates am example of how the thin message router routes messages to the appropriate target host and maintains customer session affinity with host connections for embodiments of the invention.
• FIG. 51 is a schematic flow diagram that illustrates an example of resource adaptor instance for embodiments of the invention.
• JFP Java Financial Platform
• JFP provides systems and methods for architecting, designing, packaging and deploying global online banking applications in a J2EE environment.
• JFP for embodiments of the invention enables the building of global online banking applications from a single source base that adapt to business rule and language variability across regions, countries and businesses.
• JFP for embodiments of the invention also enables the deployment of global online banking apps in a J2EE container for multiple businesses, while at the same time maintaining the ability for each business to have its own software versions and levels without affecting other businesses within the same container. This is accomplished by creating separate webapps for each individual business. Thus, separate web app context can be created for each individual business, all of which are allowed to run in the same J2EE container, while at the same time, keeping each business separate, so that a particular business that wants different versions or levels of software can be accommodated.
• JFP for embodiments of the invention provides, within a J2EE Application Server, an integrated customer experience for global online consumer banking that includes a financial institution's existing functionality, such as its global online consumer banking functionality, its email and alerts functionality, its consumer bank portal toolkit, its J2EE-based authentication and credential storage system, and its trust-chain single sign-on (“SSO") mechanism that creates and checks signed and encrypted SSO tokens.
• JFP provides interactive consumer bank applications that run in J2EE Application Servers. These J2EE Application Servers exist behind the firewall and talk to the Internet via web servers in the DMZ.
• JFP application servers communicate with various consumer bank transaction processing systems (sometimes referred to herein as "TPS”, “SFS”, “BAFES” etc.) via message-based communications.
• JFP application servers are responsible for the interaction with customers using web browsers or other web-based protocols or devices.
• JFP application servers are also responsible for authenticating customers, providing menus of functionality and information and for carrying out the interactive dialogs with the customer for any selected banking functionality or information requests.
• JFP application servers provide a single place where consumer bank customers can access banking functionality, alerts functionality, and portal functionality (e.g. consolidated home page, portlets etc.)
• JFP Primary design features of JFP include, for example, a framework for developing and running complex internationalized consumer banking applications in a J2EE environment; support for multiple businesses, languages, business rules and release versions on a single centralized server or multiple de- centralized servers with full continuity of business; a select-a-model view controller framework capable of supporting multi-business, internationalized consumer banking applications; and enhanced MVC framework with domain specific "parts" or "services" needed to fulfill the business mission.
• such design features include, for example, domain specific parts or services that are independent of each other so they can be used in various combinations and reused as independent parts in other projects; support for logical or physical integration/federation with existing third party banking services / portals; reuse of certain existing data, tools, mechanisms, processes and specifications from existing global consumer banking applications; and reuse of existing business rule gathering processes, rule data, phase data, message class generators and presentation templates.
• a main advantage of JFP for embodiments of the invention is the provision of a single integrated J2EE system that provides internationalized, multi-business support for online banking functionality, alerts functionality and portal functionality.
• the JFP applications is able to run on multiple operating systems and multiple hardware platforms, which allows businesses to scale vertically and horizontally.
• the JFP applications are built to ran on J2EE compliant servlet containers, and vendor specific features are avoided.
• deployment can be, for example, on WebLogic Express from BEA Systems.
• IFP applications such as online banking, alerts functionality, and portal services are integrated and enabled to run within the same JVM and servlet container and to share the same core services, such as session, authentication, logging etc.
• the JFP architecture allows use of off-the-shelf monitoring tools to monitor and inspect the health of the system.
• the servers running JFP are able to support multiple businesses. Each business running JFP applications is able to independently control the software release level that it wants to use, so that the servers running JFP applications are able to scale vertically and / or horizontally.
• JFP application design and packaging for embodiments of the invention allow online deployment changes and minimize server downtime to administer changes.
• JFP components are built, packaged and released independent of each other.
• JFP development leverages industry and open source frameworks and focuses on building value-added domain specific parts and applications.
• JFP also preserves the existing investment in phrase database and rule data.
• JFP applications adhere to the facilities and constraints of standard J2EE servlet containers. Developing applications in JFP is less expensive than current NTDS based application development, and JFP can be implemented in such a way as to minimize the impact on backend systems, such as BAFES, SFS and TPS.
• JFP applications meet all known existing business rule requirements. For example, JFP banking applications meet all online banking rule requirements.
• JFP applications for embodiments of the invention are globally enabled (e.g. language, rules), designed consistent with standard J2EE MVC design patterns, utilize the Struts open source framework that supports the MVC design pattern, and run frameless or in frames.
• JFP applications support portlet homepage views, full page views" and “web services views” as appropriate to the requirements of individual apps.
• JFP applications support presentation customization through various means, including CSS stylesheets, Tiles layout templates etc., and are globally enabled (e.g. language, rules).
• JFP applications provide statef ⁇ l integrity but are also navigationally flexible (e.g. back button support etc.), support task level integration with initialization parameters to support portal menu integration and such things as "actionable alerts", and minimize the use of browser cookies.
• FIG 1 is a schematic diagram that illustrates an overview example of the JFP architecture for an embodiment of the invention.
• the overview example of the JFP architecture shown in FIG. 1 illustrates a number of key concepts.
• the JFP architecture is concerned with the structure of J2EE-based application server software that provides consumer banking services .
• the JFP application servers 10 communicate with various consumer bank transaction systems via message-based host adapters 12. All persistent customer financial information is obtained from the transaction systems, and the JFP application servers do not persistently hold customer financial information.
• the JFP implementation consists of vendor, open source and financial institution supplied software.
• JFP interactive applications are built around a model view control (MVC) framework.
• MVC model view control
• the MVC framework selected is the open source Struts framework.
• Struts as the MVC framework, a companion open source framework called Tiles that provides server-side page composition and layout functionality.
• the architecture supports MVC dialog pairs all supported by a single Model.
• FIG. 2 is a schematic diagram that shows an example of the common and portal services of JFP for embodiments of the inventions.
• the JFP architecture supports multiple models. Host messaging is supported via abstract message classes. Host targeting is abstracted behind a thin message router. Host communication in terms of specific messaging protocols (e.g. CGMS) is supported by JCA compliant message adapters.
• JFP has a set of "common” services that provide language support 14, business rule support 16, logging support 18.
• JFP also has a set of "portal" services that provide navigation support 20, personalization 22, customization support, 24 and contact support 26.
• a personalization engine for the deployment in one region can be the native JFP personalization engine, an external personalization engine for another region, and BroadVision for still another region.
• Embodiments of the invention include the J2EE servlet container environment, the JFP application and services, and request and response flows in the JFP application.
• the minimum runtime environment required for the JFP platform is a J2EE compliant servlet container or engine, such as BEA' s Weblogic Express or IBM 's Websphere servlet engines.
• J2EE compliant servlet engines reside within a standard Java JVM, available from multiple sources.
• JVMs available for the major operating system platforms include, for example, Unix, Linux, Solaris, NT, Windows 2000 and IBM .
• each web- app context has its own set of classloaders, which means that it provides a "firewall" for class scope.
• classloaders For example, classes with identical names but at different versions of implementation can exist in different web-app contexts, and each ⁇ veb-app context instantiates its own set of classes.
• Another major implication of the web-app contexts is that all code (i.e. servlets, JSPs, Java classes etc.) within a web-app context can share a session context.
• JFP JFP deployment approach for embodiments of the invention
• support is provided for multiple businesses at potentially different versions of software for eacli business on the same server or set of servers. All software for a particular business is able to share session context.
• All JFP software for each business for each major release level is deployed into its own web-app context. This provides a natural way to maintain different versions of software for different businesses. It also provides a way for a single business to provide "switchover" and "fallback" between major release levels by establishing a separate web-app context for each major release level.
• JFP consists of a set of services and applications integrated within a common MVC framework.
• the JFP services provide a set of share facilities for commonly used services in the architecture. Referring against to FIG. 2, these services can be categorized (arbitrarily) into two main groups consisting respectively of common or shared services (e.g. language 14, rules 16, logging 18) and portal services (e.g. navigation 20, ' personalization 22, customization 24 and content 26).
• common and business rules services 16 emanate primarily from the needs of the JFP banking applications and alert applications and share some aspects of architecture design with similar services in existing financial institution home banking and alert applications.
• portal services emanate primarily from existing financial institution portal services and from portal service requirements in existing financial institution online banking services.
• JFP Services are provided to support the JFP applications, and the JFP applications are primarily the interactive applications for banking, alerts etc. provided by the JFP servers.
• JFP services for embodiments of the invention include, for example, language services 14, business rule services 16, messaging services 30, navigation services 20, personalization services 22, content serving services 26, customization services 24, logging services 18, authentication and authorization services 32, and security services 34.
• a JFP banking module for embodiments of the invention can be defined as the set of config files, phrases, servlets, JSP pages etc. that realizes a specific logical banking function.
• JFP banking modules tend to be logically and physically grouped by the kind of functionality they provide.
• JFP banking modules include a transfer module, a bill pay module, an account information module etc.
• application the meaning of the JFP term "application” is not to be confused with the meaning of the J2EE servlet container term "application”, which means a unique web application context. Accordingly, the servlet container context is referred to herein as a " web-app context” or a "web- application context” and not simply as an "application”.
• JFP banking module A distinct banking function, with all its parts packaged together, is referred to herein as a JFP banking module or a JFP banking sub-app.
• module and “sub-app” imply that a particular banking function is self-contained and is one of many separate banking functions.
• JFP banking applications or “JFP applications” may be used herein.
• a JFP banking module or JFP banking sub-app consists, for example, of its own Struts-config.xml, its own tiles- defs.xml, the module specific set of JSP pages or servlets that supports its view, the module specific set of Java action classes that support its control, the module specific set of Java classes, if any, that support its model, the module specific set of message classes, if any, that support its model, and the language resource bundles specific to this module.
• FIG. 3 is a directory structure that shows an example of the deployment of each sub-app or module inside a single web-app context of the JFP for embodiments of the invention.
• the web-app context is named "multiapp9-4-8- 2003" 40.
• each sub-app e.g., "addapayee” 42, “addapayee2” 44
• the deployment example illustrated in FIG. 3 is only an example of directory structure for deployment and that embodiments of the invention are in no way limited to this particular example of directory structure.
• FIG. 4 is a schematic flow diagram that illustrates an overview example of the JFP banking application request flow for embodiments of the invention.
• FIG. 5 is a schematic flow diagram that illustrates an overview example of the JFP banking application response flow for embodiments of the invention.
• the JFP product consists of many software components that may be developed by different development groups both in the United States and internationally. For any JFP product deployment, these varied components must integrated and properly configured on target systems.
• FIG. 6 is a flow diagram that illustrates an example of the process of "code” and content deployment onto the target systems in the JFP of embodiments of the invention.
• Software components i.e., "code” 50
• JFP for embodiments of the invention comprise procedural code (e.g. Java code), declarative code (e.g. struts- config.xml), JSPs, database schema creation scripts, and default configuration data.
• "reference content” 52 such as static HTML, graphic images, and CSS are also included in the software shipments. All subsequent changes to the content are managed by the business, typically via a content management system (e.g. ICMS) 54.
• ICMS content management system
• a typical JFP deployment process utilizes, for example, a system integration test (“SIT”) system 56that exists for integrating and testing "code”. This is the system onto which changes are installed and tested.
• SIT system integration test
• UAT user acceptance testing
• Configuration changes that have been verified in SIT 56 are installed and tested in UAT 58, and additional changes can be applied directly to UAT.
• UAT user acceptance testing
• FIG. 7 is a flow diagram that illustrates an example of the process of installing JFP "code” for an embodiment of the invention.
• the "code” deployment process involves, for example, development groups 60, integration groups 62, and datacenter personnel 64. Responsibilities of development groups 60 include releasing individual JFP software components.
• a development group 60 creates a releasable entity 66 that contains all files that need to be installed (e.g. *.jar, *.sql, *.jsp, etc.), installation script for automated installation of these files to their final deployment location, a list of minimum bootstrap configuration parameters to be collected from the installer, which are generally environment-specific settings, such as server names, IP addresses, the business id, etc., and an optional list of configuration elements to be included in the applicable common configuration files (e.g. custom tag libraries to be included into web.xml for this entity).
• Global and regional integration groups 62 are responsible for integrating, packaging, and preparing the individual release media for shipment to a business 's datacenter. Such groups' responsibilities include, for example, bundling one or more releasable entities that need to be installed together into an installation package 68 that can be tested, shipped, and installed as a single unit.
• One or more installation packages 68 can be deployed to the same target location. For example, there may be one package containing all global JFP components and another package containing regional applications.
• Each installation package contains an additional releasable entity called JII installation utility. The overall purpose of this utility is to orchestrate the installation of the other entities within the package in the proper sequence and according to the scripted instructions each entity provides. Separate installation packages are created for each type of target server.
• a database package 70, an application server package 72, and/or a web server package 74 may be created.
• Regional integration group(s) 62 may optionally repackage global and regional releasable entities into a single package for each type of target server in the data center.
• Datacenter personnel 64 responsibilities include installing JFP shipments.
• a datacenter receives installation packages 68 provided by various integration groups 62 for subsequent installation.
• the installer designates a staging area on each target server. This is a repository location for all the first time and subsequent installation packages required for that server.
• the installer manually invokes the JII installation utility for each installation package, according to the sequence defined in the package shipment instructions.
• the JII installation utility collects the bootstrap configuration information, either from configuration files, command-line parameters, or by prompting the installer.
• the collected bootstrap configuration parameters are placed in appropriate configuration files (property files or database insert scripts) via token substitution.
• An installation package can be reused to install the same JFP shipment (software releases) many times. For example, the same application server package can be installed several times in a multi-business environment.
• the individual releasable entities are provided by the global 60 or regional 62 development groups to their respective integration group 64.
• Releasable entities may typically contain "code” or “reference content” 70 or both.
• "Reference content” 70 is default data used for first-time deployments, and further changes to the content are managed by the business. Release management (configuration management) is an integral part of the process.
• These releasable entities are subsequently packaged by the integration group 62 into an installation package 68, and shipped to the data center(s).
• Packages 68 can be of different formats (JFP native package, SOE Wrap - Unix Package). The type of a package determines how it gets to the target server (e.g. in the case of a SOE wrap, an SOE file server will be used).
• the installation process on a given target node is a two-step process.
• the releasable entities ("code" 50 and "reference content” 70) in the packages 68 are installed onto a staging area.
• the releasable entities are installed (deployed) into the final location on the target server.
• Bootstrap parameters are collected prior to deployment onto final location. Deployment is done in phases, i.e., installation into SIT 56, UAT 58, and then production frames 60. The same installation packages are used for each frame.
• Configuration data changes to the shipped default values are migrated from SIT 56 to UAT 58, and from UAT to production environments 60.
• Modified "reference content” 70 is migrated from SIT 56 to XJAT 58 and production 60 using tools provided by the JFP system.
• After production launch content is synchronized with the ICMS server 54 and subsequently exclusively managed using the ICMS system.
• aspects of the installation process for embodiments of the invention include, for example, automation, OS independence, full and incremental installation, installation order, versioning support, SOE compliance, minimal configuration, common/shared files, regional applications support, installation log and installation validation.
• the installation process is extensively automated to minimize the time necessary to install and configure the product as well as to reduce the number of potential human errors usually associated with manual steps.
• the installation is OS system independent, allowing for the installation process to work in any operating system environment (e.g. Solaris, Windows, Linux).
• the installation process is able to support full installations of the product as well as incremental (including patches) installations.
• the installation process provides the flexibility to define the installation order for individual software releases that must be installed together, because software releases may have installation interdependencies.
• a JFP system administrator is able to determine which shipment has been installed on the target node, including the version of each software release installed for a given business.
• the version info is explicit to include the package name, software version id (e.g., JPS 1.2.3), and software release id (e.g., JPS994m2).
• the installation process is done in a manner that renders itself well for SOE-compliant installation if required. This implies that a Unix Package is created to represent an "installation package”.
• SOE utilities such as SPUD Multi-Server Package Update utility ("SPUD") are used to transmit these packages from the SOE central file server to target servers in the data center 64. The installation process minimizes the interactive configuration data entry required from the installer.
• SPUD SPUD Multi-Server Package Update utility
• the parameters obtained from the installer are automatically populated in the component-specific configuration files. These parameters are retained for future use in reinstallations. Note that default values for the remaining parameters can be shipped with each releasable entity (these are in property files or DB configuration scripts).
• a mechanism can be provided (e.g. configuration tool) to customize the configuration parameters on the target system prior to going live.
• the installation process is able to handle the shared common files (e.g. web.xml) in a dynamic automated fashion, i.e., the installation process is able to collect and place configuration information required by single or several components into the respective common files.
• the installation process supports the installation of regional applications and is generic enough so that regional applications can be installed as part of the same process.
• the installation process maintains a log which includes, among other things, the installation completion status.
• the installation process confirms that the target environment is ready for the actual installation to proceed (e.g., verify that the required vendor software is present on the target node), and in a post-installation aspect, the installation process facilitates the execution of the optional validation checks provided by the releasable entities 66 included in the package 68.
• the checks can be a set of installation validation tests that can be run after completion of the installation in order to determine if the product was installed successfully. They can also be a set of tests to check the configuration values. A mechanism to review the configuration values remotely can be provided.
• FIG. 8 is a schematic diagram that shows examples of key components of the physical architecture of the JFP for embodiments of the invention.
• the target environment for JFP comprises, for example, web servers 80, application servers 82, and database servers 84.
• JFP can run, for example, on Sun servers with Solaris operating systems.
• JFP for embodiments of the invention utilizes an installation process that can also be applied to install releasable entities 66 onto the different types of servers (database 84, application 82, and web servers 80).
• the workflow of the installation process involves, for example, aspects of packaging, installation onto staging area, installation onto target area, configuration, and installation validation.
• the software to be installed is shipped in installation packages which are first installed onto the staging area.
• these packages are installed into the target deployment area, which involves single package installation, multiple package installation, first-time installation, subsequent installations, handling of common / shared files. It may be necessary to perform customizations after installation of the software prior to going live, and steps must be performed to validate the installation integrity of the installed components prior to going live.
• FIG. 9 shows a directory structure that illustrates an example of a package from a Global Development Group for embodiments of the invention.
• the development group 60 for each component creates a releasable entity 66 by adding required files needed for the proposed installation framework, which allows for an arbitrary combination of packaged releasable entities 68 to be installed as a single unit, as long as each included releasable entity abides by a pre ⁇ defined set of rules.
• One such rule is that the releasable entity must have an XXX_install.xml file 90 (ANT script) under its root directory, where XXX may be anything, but would be preferred to be the component's release abbreviation (e.g. JPS).
• the releasable entity can additionally provide an XXX_install.properties file 92.
• This file contains the initial configuration parameters needed for the component's "bootstrap" information. These parameters are used to replace the properties needed by the component during runtime.
• the releasable entity can additionally include an XXX_version.in file. This file contains the version information of the component being installed (e.g. "JCP041_h03). If this file is provided, then this version information is used for history and logging purposes.
• the releasable entity can provide a file (e.g.
• XXX_common_web.xml 94 that contains the data that it needs to be included in the common files.
• a still further such rule is that the releasable entity exists in its own directory, which is under the common package root directory on the same level as the installation utility.
• the various JFP releasable entities 66 are int& grated into either single or multiple installation packages 68 for subsequent shipment and installation in the business data centers 64.
• Each package 68 contains releasable entities 66 that are to be installed onto the target machine.
• the installation framework supports many different packaging formats. For example, for Unix platforms, the packages can be collections of Solaris Unix packages, or just collections of content files (e.g. jar files, JSPs, SQL scripts, etc.). For Windows platforms, the packages can be Windows cab files or zip files. For Sun Solaris target machines, packaging the JFP releasable entities as a Solaris UNIX package allows the JFP software to be SOE-compliant if required. In general, Solaris packages include very robust options for running scripts, including during the pre-installation phase (preinstall), post-installation phase (post- install), pre-removal phase (pre-remove), and post-removal phase (post-remove).
• the JPS directory contains among other things the files that are to be installed (copied) into the target area.
• the database server package ma.y contain, among other things, the SQL scripts to create the database schema.
• the installation utility JII
• This utility executes and orchestrates the actual installation of multiple releasable entities.
• the same application server package can be installed for multiple businesses. In the case of an apps server, there is one business per webapp.
• FIG. 10 shows an example of the staging area directory structure for two given packages on an application server for embodiments of the invention.
• the installation package(s) 68 are shipped to the regional data centers 64 for subsequent installation (e.g. UAT 58, production 60).
• UAT 58, production 60 As part of the first step in the installation process, ftie shipped package is installed into a staging area on the target machine.
• all the releasable entities included in the package resides under one common directory.
• Using a staging area has certain advantages. For example, the installation packages 68 expanded to the staging area can be re-used for subsequent installations. Further, if Solaris UNIX packages are used, expanding the package 68 into a staging area is necessary to be able to install the same package into different target areas for multiple businesses.
• JII is the installation utility that contains the master installation script along with some supporting files.
• This script is an ANT-driven script that is developed once and included with each package to be installed.
• ANT is a Java-based build tool that is included in the package to achieve self-sufficiency.
• the installation onto target area aspect involves, for example, single and multiple package installation, first- time and subsequent installations, and subsequent full and incremental installations.
• single package installation from the staging area, the releasable entities 66 of a given package 68 are individually installed as part of an automated process.
• this process installs and minimally configures (e.g. business ID, IPs) the product for the specified business into the business' s target directory structure.
• the same process of installing a given package can be repeated for multiple business installations by specifying the business's target installation directory and business-specific parameters.
• the database server contents must be installed before the application server 82.
• the application server software may either require configuration data from the database or it may be necessary to deposit system information into the database during their installation.
• the master installation script provided in the package 6 S (master- install. xml 96) is manually invoked. It makes sure that all the minimally required configuration parameters (“bootstrap”) are collected, and then runs the individual installation scripts provided in each releasable entity 66 in a fully automated fashion.
• the order of the individual installation scripts' execution can be defined by a component list as an input to the master-install.xml 96.
• This component list is typically created by the package integration group 62. This list contains the installation sequence of the components to be installed. For example, if one of the portal services components (JSO) and a banking applications component (JBA) are both included in a package 6> 8 to be installed and JBA needs to be installed before JSO, then the list indicates this dependency; and the master-install.xml 96 runs the JSO component's installation script before it runs the JPS component's installation script.
• JSO portal services components
• JBA banking applications component
• the master-install.xml 96 script After installing the components in the component list, the master-install.xml 96 script will install all other components in the package in any order. When run, the master-install.xml 96 script performs pre-defined functions in order. First, for each XXXJristall.properties file, it concatenates the provided properties to a temporary master-install.properties file. It is each group's responsibility to provide the minima.1 bootstrap configuration parameters in the XXX_install.properties file for their respective releasable entity. After the completion of this step all bootstrap information required for the package installation has been identified and is ready to be collected from the installer in the following step.
• the master-install.xml 96 script prompts the installer to manually customize/edit the newly created master-install.properties file, either through a text editor or a graphical user interface. This information is saved for possible reuse by subsequent installations. Thereafter, for each releasable entity (taking into consideration any order dependencies), the master-install.
• xml 96 script runs the corresponding XXXJnstall.xml (ANT script) which backs up the original files (to allow for a future rollback if necessary), installs (copies) the new files into the target (deployment) area in the case of an application and/or web server; execute the SQL scripts in the case of a database server, substitutes the configuration parameter tokens with the values in the master- install.properties file, creates and/or edits the common files if necessary with information provided in each releasable entity, and saves the version history for subsequent inquiries.
• ANT script XXXJnstall.xml
• the process for a single package installation is repeated for each package.
• the installation sequence of the packages may be important, and in this case the shipment instructions will indicate this order to be manually followed.
• the first-time installation is always a full installation, i.e., all the packages to be installed onto a target node are installed.
• the packages 68 are different depending on the target node (e.g. for the application server 82 the software to be installed includes middleware, banking applications, etc.; for the database server 84 the software to be installed include SQL scripts to be run to create DB schema).
• the full installation can be either a single package or a combination of multiple packages, as long as they make up the complete set.
• the contents of each package will be installed into proper locations as already described above.
• the software is installed with the collected bootstrap configuration and the default configuration values that came with the package(s).
• After installation there is often a need to customize the configuration values for the installed software. These customizations can be done either manually or via a separate tool.
• the installation is ready to be tested and activated. This whole process can be repeated for multiple businesses.
• a subsequent installation can be either full or incremental.
• new functionality releases are always full installations (new webapps); patches are incremental installations.
• new functionality releases are incremental installations (updates to existing database instances) as long as they are backwards compatible.
• a subsequent full installation is similar to that of a first-time installation, in that the package(s) 68 to be installed make up the complete set.
• the new subsequent full installation is done on a different location (e.g. on the application server 82 a new webapp is created, on the database server 84 a new database instance is created). Because of this, the original installation is still completely operational during the installation of the new one.
• the bootstrap values used during previous installation show up as default values for the necessary parameters.
• the installer enters values for the new required parameters, and can edit the pre-filled ones if necessary. Once the new installation has been configured and tested to function properly, it is used instead.
• an application server 82 For an example of an application server 82, assume that during a first-time installation, two packages (CDC software, and regional applications) were installed. Assume also that at a later time, a few more regional applications are developed and packaged, and need to be installed as well. Now, there are a total of three packages to be installed onto the target area, with two of them already installed onto the staging area from the first-time installation. The new package (the third one) is installed onto the same staging area. From there, the complete set is installed to a new webapp separate from the original one. In this example, the minimal bootstrap configuration values that were saved from the first-time installation are re-used.
• the installer When the installer is prompted to enter values for the required bootstrap parameters, the ones from the first three packages are defaulted to the saved values, allowing the installer to modify them if necessary. Once the new webapp is installed and configured, proper steps are taken to configure the system to use the new webapp.
• Subsequent incremental installations may consist of just a few parts of the system, and can be files of any type (e.g. a few jar files on an application server 82, some insertions into tables on the database server 84).
• An incremental installation is not a full set, and is intended to be installed on top of the existing (live) installation. That is, the files in the incremental installations are copied directly into the target directory (replacing existing older files).
• the same master-install.xml 90 script is invoked to install the upgrades (as previously described), but depending on the nature of the content, the sequence of extra steps necessary before and during the upgrade process must to be specified.
• the upgrade may require a "green zone" for the duration of the installation; or perhaps the upgrade can be done on the live system and take effect immediately without extra action.
• the exact operational procedure is provided with the shipment.
• the individual component's install script may keep a backup of the files that are replaced in order to facilitate installation rollback if required.
• the database server 84 In the full versus incremental installation aspect, there are a number of considerations for the database 84, application 82, and web servers 80. Regarding the database server 84, most of the time the changes that need to be made to the database schema and its content are backwards compatible, allowing for the SQL scripts to be executed on the live database as an incremental installation. However, this is not always the case. In the cases where the SQL scripts cause changes that are not backwards compatible, the scripts are run on a new database instance as a subsequent full installation. During the installation and configuration of the new full installation, the original business database is still completely operational. Once the new installation has been configured and tested to function properly, the new database is used instead of the old one. This involves data migration from the old database to the new one.
• the installation utility is packaged with a template for each of these common files. If the common file to be edited does not already exist on the target deployment area, then the one included with the utility is used as a template. If the file does exist, then either the existing is used for editing or the one included with the utility is used to replace it completely, depending on what the utility is configured to do.
• JPS portal services
• JCP middleware
• JPS portal services
• JCP middleware
• Tag libraries, servlet, and filter information from JPS, servlet information from JCP is included in the web.xml file. If a web.xml file does not already exist in the target area, then the installation utility copies the template web.xml over and adds the information that needs to be in it. If the web.xml file does already exist, then the installation utility either adds the information to that file or copies the template over anyway, depending on what it is configured to do.
• configuration process after the installation process with the minimal (“bootstrap") configuration is complete, additional configuration steps may be required for further customization. As mentioned earlier, these customizations are done either via manual updates or a separate configuration tool. Since installation / configuration first takes place on the SIT 56 and UAT 58 systems prior to going into production 60, it is highly desirable to be able to export configuration data from these systems into the production environment in order to minimize the number of manual steps during installation. To facilitate this export, the configuration data maintained by the configuration tool on a given frame is exported into an installation package containing the data. This package can then be installed on another system via the same installation utility that is used for software installation.
• manual steps can be executed after the software has been installed and configured.
• An implementation approach to automated validation is to have each releasable entity optionally provide a sequence of automated test steps (e.g. JUnit tests) to validate the installation and configuration integrity.
• a separate utility can be developed to run these validation checks.
• rollback typically entails rollback of both
• FIG.11 is a table that illustrates an example of the structure of the ship media for the use case for a first- time JFP installation for embodiments of the invention.
• JFP is installed for a single business for the first time onto database 84, application 82, and web servers 80. Since this is a first-time installation, it is a full installation for each server.
• JFP core portal services, banking apps, middleware
• regional application stock quotes "SQ"
• the ship media is shipped as three CDs, one for each type of server (Database 106, Application 108, and Web 110), with up to three packages on each. It is noted that embodiments of the invention do not preclude combining packages targeted for different servers onto the same CD, in which case, it is the installer's responsibility to extract the proper packages onto the respective target nodes.
• FIG. 12 is a table that illustrates an example of the structure of the staging areas (SAs) for the use case for the first- time JFP installation for embodiments of the invention.
• SAs staging areas
• Packages are installed according to the order prescribed in the shipment instructions by manually invoking the installation utility in each package.
• FIG. 13 is a table that illustrates an example of the structure of the ship media repackaged as a single package per CD for the use case for the first-time JFP installation for embodiments of the invention. All of the installation sequence information is reflected in the component list for the package.
• FIG. 14 is a table that illustrates an example of the structure of the SAs for the use case for the first-time JFP installation with the ship media repackaged as a single package per CD for embodiments of the invention.
• the installations are done in the following order: 1) database server 84, 2) application server 82, and 3) web server 80.
• database server installation a new database instance is created as part of the installation.
• the master-install. xml 96 is run, the SQL scripts for each releasable entity are executed. These scripts create schema and populate the tables with releasable entity-specific content (e.g. configuration data, phrases, personalization rules).
• the files for each releasable entity in each package are copied into the target web application, and for the web server installation, the files for each releasable entity in each package are copied into the proper directories.
• FIG. 15 is a table that illustrates an example of the structure of the ship media for the use case for a subsequent installation of new regional applications for embodiments of the invention.
• the regional applications II package 102 is expanded into the same staging area into which the first three packages were expanded during the use case for the first-time installation.
• FIG. 16 is a table that illustrates an example of the structure of the SAs for the use case for the subsequent installation of new regional applications for embodiments of the invention.
• packages are installed according to the order prescribed in the shipment instructions by manually invoking the installation utility in each package.
• the installation utility gathers the list of minimal configuration data that is needed for the bootstrap installation. It then prompts the installer to provide these required fields before the installation continues. Since some of the packages that are to be installed have already been installed before, the saved bootstrap data from the previous installation is pre-filled for the installer.
• the database server installation is an incremental installation.
• the scripts for the new package (Reg. App. II DB Package 102) are run on the existing database instance by the installation utility. Since the scripts are backwards compatible, the original business database is still operational during the upgrade process.
• the new packages are installed into a separate webapp than the previous installation. Since the installation is in a new target directory, the original business webapp can remain completely operational during this process. Once the new installation has been configured and tested to function properly, the existing live website is changed to point to the new webapp. This process may involve either "session drainage” or require a "green zone” in order to switch over completely. The web server is not affected in this scenario.
• FIG. 17 is a table that illustrates an example of the structure of the ship media for the use case for a subsequent incremental installation with one package (field patch) for embodiments of the invention.
• the incremental installation is a patch for portal services to be installed onto the application server 82.
• the ship media is one CD with a single package, i.e., JFP core (portal services) 102.
• JFP core portal services
• the ship media is expanded into the staging area, which contains the installation utility (JII) 122 and a superset of all the releasable entities to be installed.
• FIG. 18 is a table that illustrates an example of * the structure of the SAs for the use case for the subsequent incremental installation with one package (field patch) for embodiments of the invention.
• the installation utility is manually invoked, which copies over the single jar file.
• the database server 84 is not affected in this particular scenario.
• the files in the incremental installation package(s) are copied directly into the webapp (replacing existing older files). Special steps may be necessary since the new files are replacing the ones in a live application.
• the sequence of steps necessary during the upgrade e.g. "green zone" for the duration of the upgrade, redeploying the website after the upgrade, or upgrading the live system without subsequent redeployment
• the web server 80 is not affected in this particular scenario.
• a global financial institution deals with areas around the world that it treats as bank regions, such as Asia, Europe, North America, Latin America, and Japan, within which there are typically multiple countries.
• Asia includes Singapore, Hong Kong, China, Malaysia, etc.
• Europe includes the UK, France, Germany, Spain, Greece, etc., which is usually a management point.
• a bank region such as Asia is allowed, via a business hierarchy, to both inherit business rules, phrases and other content from a standard base and also have individual country / business variation. This is accomplished thru a business hierarchy database structure for content sucJh as phrases, rules etc.
• a business hierarchy support is applied to content, such as phrases and business rules in the JFP.
• a business hierarchy is way of configuring a business such that the content needed ⁇ by one business can be inherited from another business.
• the basic requirement is to avoid duplication of data between the businesses, thereby minimizing the content and reduce the cost of managing the data.
• the content is stored in a database keyed by hierarchy and is loaded in the cache by following the hierarchy defined in a tree format.
• FIG. 19 is a schematic diagram that illustrates an example of a business hierarchy for Asia in the IFP for embodiments of the invention.
• APAC Asia Pacific region
• the middle of the hierarchy contains content for a country or a business such as Singapore (SGGCB) 132 and Hong Kong (HKGCB) 134, and at the lowest level is the content for a sub-business that serves a specific group of customers such as Gold (SGCGOL) 136, Blue
• the business hierarchy in the JFP for embodiments of the invention provides a number of advantages with regard to content management (i.e., stora-ge and maintenance of content). For example, if a new business can use the content for another business that has been previously rolled out, then the new bixsiness rollout is faster. In addition, since it is no longer necessary to store duplicate records for the businesses at the different levels in the business hierarchy, the database is used more efficiently. When a content that is the same across different levels in the hierarchy is modified, the changes need to be done only at one level, thus saving the cost of content management as well as reducing the chances for error.
• the business hierarchy is implemented by defining relationship between the businesses.
• a business may choose to have all the content at one level, thus effectively having no hierarchy, or spread the content over as many levels as needed.
• the trade-off is between ease of content management vs. desired change isolation.
• JFP provides, for example, the phrase content needed for banking applications , portal and alert services using one database schema and a common infrastructure to fetch the content at runtime.
• the business rule implementation in these applications is not the same, primarily because the purpose, usage and structure of the business rules are different in these applications.
• Business rule content for portal services is implemented the same way as the phrase content; hence the implementation of business hierarchy for rules and phrases is identical in portal services.
• Alert services "rules" are configuration parameters that are business specific, and alert services does not use business rules at runtime.
• JFP for embodiments of the invention involves implementation of business hierarchy for phrases for all JFP applications, business rules for banking applications;, and portlet and page layout configuration.
• business hierarchy for phrases in order to support business hierarchy in a consistent manner in all JFP applications, one database schema containing phrases for banking application, portal services and alert services is created. Some fields in the table are needed only by portal services and are ignored by other applications.
• a field "Hierarchy Name” is used to support business hierarchy.
• the "Hierarchy Name” is set to the nodes of the hierarchy tree, an example of which is described in FIG. 19, such as "SGCGOL” 136, "SGCBOL” 138, "SGGCB” 132, etc.
• the reason this field is called “Hierarchy Name” and not "Business Code” is to clarify that the hierarchy exists inside a business.
• Gold” and “Blue” represent customer types or banking relationships and not separate businesses such as Singapore, Hong Kong, etc.
• Each MessageResource that represents a sub-app can be configured to one of the caching options such as preload, lazyload, firstaccess , etc.
• JFPMessageResources uses the hierarchy name contained in the profile object and looks for an entry in the cache using the hierarchy name, locale and key. For example, a phrase "Hello World” for "Gold” customers in Singapore is fetched using "SGCGOL.enJJS. Hello World”.
• Substantial flexibility is provided in how business hierarchy of JFP for embodiments of the invention can be used by the businesses.
• the hierarchy for Singapore is specified as: SGCGOL 136, SGGCB 132, APAC 130.
• Hong Kong wants to use content from Singapore and does not have its own content
• the hierarchy for Hong Kong is specified as: HKCGOL, SGCGOL 132, HKGCB 134, SGGCB 132, APAC 130.
• Malaysia and Guam have some content that is identical which has been moved to "APAC" level
• the hierarchy for Malaysia is specified as: MYGCB, APAC 130 and for Guam it will be specified as: GUGCB, APAC 130.
• the hierarchy for Australia is specified as: AUCGOL, AUGCB.
• JFP for embodiments of the invention requires that the application server must be deployed with one webapp per business or country. Since applications in a webapp run in its own context, this structure isolates businesses from each other and allows the business staff to make changes independent of each other. Hence in JFP, for example, there is one webapp for Singapore and another webapp for Hong Kong. When considering business hierarchy in this context, the sub-businesses "Gold” and “Blue” are part of the webapp. In other words, there is no separate webapp for "Gold” or "Blue”. Each webapp has its own set of caches.
• Sharing of content across any hierarchy level means that changes made to the shared content at a higher level will affect the lower level. If the hierarchy is contained within a webapp, meaning it is limited to customer type such as SGCGOL 136, SGCBOL 138 and SGGCB 132, then any updates at these levels affects only the Singapore webapp, and there is no impact on other businesses such as Hong Kong, Malaysia, etc. On the other hand, if two or more businesses require some content at the regional level such as APAC 130, then any change of APAC content affects these businesses.
• JFP In addition to a "getMessage” method that uses locale as a parameter to get the business ID, several methods are provided in JFP that get the hierarchy name from the profile object. These methods are used for various types of content needed by the portal services such as simple phrases, personalized phrases, keywords and links.
• the portal services provide tag libraries to support new jsp tags defined to support various types of content. These tags are used by JFP applications (banking apps, alert apps, portal apps, and any other set of apps for the JFP platform).
• JFP applications banking apps, alert apps, portal apps, and any other set of apps for the JFP platform.
• portal services implements the required portlet configuration and page layout configuration data source readers that support business hierarchy.
• Existing banking application business rules contain, for example, two parts - rule signature and rule data.
• the rule signatures for all global banking applications are the same for all businesses, whereas the rule data differs by business.
• each rule is represented in XML and contains rule signature as well as data specific to a business such as Singapore, Hong Kong, etc.
• each business has a set of XML files with data specific to their business.
• the set XML rule files for a business are stored, for example, inside a webapp directory structure for that business.
• the rules are cached in a set of banking unit objects.
• the XML files are updated and the rule files are reloaded in the cache without bouncing the webapp. If an update involves changing the rule signature, then it requires bouncing the webapp because change of rule signature will involve application code changes as well.
• the business hierarchy structure for phrases is not applicable to the business rules for global banking applications in the same way. In global banking applications, for example, there are no rule signatures that are specific to a business or a customer type.
• rule data may be shared between two or more businesses such as Malaysia and Guam. In that case, the rule caches for these businesses are loaded with some rules from Malaysia and some from Guam based on specified business hierarchy.
• the existing design requires that the rule files containing rule data for a business must be stored inside the directory structure of a webapp for that business.
• the rule infrastructure component loads the rule files in cache using a relative path within its own webapp context.
• it is necessary to store rules at a server level.
• At the "root” there is a “rules” directory, which contains a sub-directory for the region such as “apac” or “global” and separate sub ⁇ directories for each business in the region such as "sggcb", "hkgcb”, etc.
• Some rules that apply to all businesses can be stored in the "apac” or "global” directory. Rules such as “jbalCMessageSupport” and “jbaCharacterSetCode” which contain data for multiple businesses are good candidates for this directory. Also rules such as “jbaCurrenyParamsByCountry” and “jbaCurrenyParamsByCurrency” which do not have business code can be located in this directory. Other rules with data specific for a business are stored in the directories such as “sggcb”, “hkgcb”, etc. The rule infrastructure component is modified to load cache from these directories based on a business hierarchy configuration.
• Changes required to support business hierarchy for rules include, for example, code changes to the rule infrastructure component of JFP middleware and installation changes for rule files in banking applications.
• portal services extends the business hierarchy to portlet and page layout configurations.
• Portlet configuration refers to portlet attributes such as portlet name, title, description, portlet url, portlet edit url, etc. With business hierarchy, these attributes need to be configured only once for a given portlet(s) for a parent business, and the children businesses inherit them when the business hierarchy between parent and children is configured appropriately.
• SGGCB 132 business can configure and set up a commonly used portlet such as account information at SGGCB business level. If SGCGOL 138 is configured to be a child of SGGCB 132 in the business hierarchy, the account information portlet information is automatically available to SGCGOL 138 the necessity of setting up account information portlet again for SGCGOL business.
• Page layout configuration refers to the default home page layout for VISITOR, FRIEND, and CUSTOMER roles (one for each).
• business hierarchy allows setting the page layout configuration for a parent business and children businesses to automatically inherit the same setup so that it is not necessary to set up the page layout again for the children businesses.
• JFP for embodiments of the invention allows for a graceful, online cutover from one version of software to another, on a per country basis without the need to shut down an application server. JFP does this via the use of "Forwarding" and “Drain” servlet filters that support the ability to forward "new" session requests to a new version of the software, while at the same time supporting existing sessions on the old version of the software.
• a business is able to install a new version of software and allow existing sessions to run against the old software, but to direct new session requests to the new version without taking the system down. This is accomplished via the use of the "Forwarding" and “Drain” servlet filters that look at all the new requests and determine for that particular business, based on a configuration file, where these new session requests should be forwarded.
• the JFP for embodiments of the invention caches various content in memory, such as rules, phrases, HTML etc., in order to eliminate database access and decrease response time. It also provides for dynamic update of caches in a running system using JFP specific cache controller classes.
• JFP specific cache controller classes all of the financial institution's business rules and language phrases, and a substantial portion of its content are cached in memory, and the financial institution has the ability to allow the business through these cache controllers and an admin counsel to change, for example, the business rule or update business phrases and then cause the running system to purchase current content and update it, all in a running system.
• Embodiments of JFP employ a caching approach that includes, for example, server-side caching of various types of content, as well as client-side caching of certain objects, such as images and scripts.
• Caching which is one of the oldest and most fundamental metaphors in modern computing, denotes a small fast memory holding recently accessed data, designed to speed up subsequent access to the same data.
• JFP for embodiments of the invention provides server-side memory caching of frequently-accessed, database-resident information, such as phrases, business rule data and managed-content of various types, in order to reduce CPU processing, database connections usage and response time.
• JFP provides for updating of information and reloading of various server- side memory caches without the need to take down the web-app context.
• JFP provides server-side memory caching of customer relationship and account information in order to speed up the processing of responses and reduce the number of message accesses to backend hosts.
• JFP allows certain frequently used objects (e.g. images, stylesheets, js scripts etc.) to be efficiently and automatically cached at the client, in order to reduce the payload size sent to a client and reduce transmission time of a response.
• JFP for embodiments of the invention has several individual caches. Each cache provides "in-situ" caching of data and each cache provides its' users with an API that is domain specific to the of type of information being accessed.
• the API is a industry standard API, such as the Strut's MessageResources API.
• the API is a industry standard API, such as the Strut's MessageResources API.
• the JFP caches implement a standard JFP cache management interface which in turn uses a standard JFPCacheController mechanism for loading, maintenance and reloading of caches.
• JFP The general approach in JFP for embodiments of the invention is to cache data inside the objects in which the data is used and to access that data indirectly via domain specific APIs.
• a reason for this approach is that there are pre-existing objects that are leveraged in JFP, such as the Struts Message Resource classes and the portal services content classes, that already provided "in situ" caching of data.
• Another reason is that some data that is cached must be first pre-processed before it can be used, such as business rule data.
• a further reason for the general approach is that some cached data is not accessed directly but behind domain appropriate APIs. Examples of this again include business rule data, which is not accessed directly but behind business unit APIs, and phrases held in Message Resource classes, which are accessed behind standard pre-defined APIs.
• a still further reason is that using individual caches, embedded within domain specific objects and APIs, instead of inside one large content cache allows for more specific APIs and faster lookup and access to the content.
• JFP standardizes on a single way to load and reload caches by having individual caches all implement the JFPCacheManagement interface which in turn uses the standard
• JFPMessageResources classes cache phrases.
• the approach leverages both the native Struts MessageResource API and caching approach and implements the JPFCacheManagement interface, which in turns uses the JFPCacheController mechanism. All portal and banking phrases are preloaded at startup.
• business rules are accessed, processed and business rule data is cached in the banking unit objects for fast access.
• Business rule data is cached at startup and the Business rule accessor implements the JPFCacheManagement interface, which in turns uses the JFPCacheController mechanism.
• JFP portal services caches content-managed content such as URLs, images, links, menus etc.
• the JFPCollectionCache is the base class used by portal service for caching. This class implements JFPCacheManagement interface for reloading caches using the standard JFPCacheController mechanism. All the caches except the file content cache (IPT Lite) are preloaded at startup time. The file content cache is lazy loaded (on demand).
• the content cached by JFP portal services includes, for example, URL cache, image cache, link cache, menu cache, personalization rule cache, portlet definition cache, portlet layout cache, URL home cache, advertisement cache, form cache, business hierarchy definition cache, and file content cache - used for caching the HTML Content Service (IPT Lite).
• the SiteEntranceFilter caches the cross-site scripting policy in memory. Moving the policy from embedding in Java code to an XML policy file allows cross-site scripting policy to be defined in an XML policy file and not built into the SiteEntranceFilter itself.
• the authentication and authorization services cache the JFPPoIi cy and CCS LoginModule policy. These services migrate to using the standard JFPCacheManagement interface.
• the JFPPolicy cache allows authorization policy to be updated in a running system.
• the sub-app context policy is cached.
• the sub-appp context policy defines which applications are allowed to co-exist at the same time within a session. These services migrate to using the standard JFPCacheManagement interface.
• the customer's base profile is cached (saved) in the session object using the standard J2EE Servlet API.
• the base profile includes items like business, language and role.
• a customer's portal profile and banking relationship profile are also cached in the session object.
• the portal profile includes items such as layout preferences, portlet preferences etc.
• the banking profile includes the set of banking relationship objects that contain the customers relationships and account list.
• the banking relationship objects cache account information received from the backend host. These objects also support re- fetching information from the host if their local cache is invalidated because of customer actions during a session.
• JFP for embodiments of the invention also supports client-side caching of the various types of information, such as Images, using standard HTTP techniques and CSS-Stylesheets, using standard HTTP techniques, including creating a standard set of Stylesheets that all pages used.
• the Stylesheets are loaded once instead of being included in the payload of all pages.
• JFP also supports client-side caching, for example, of js script files wherein frequently used Java Scripts, for things such as menus, security checks etc., are encapsulated in js script files. They are loaded once instead of being included in the payload of all pages.
• Examples include JFPNav.js - all Navigation related JavaScripts, coolmenu.js - cooljs DHTML menuing product (vendor product), cooltree.js - cooljs DHTML menuing product (vendor product), portal AdminMenu.j s - used only for Admin site, and mapping.js - a special DHTML style button used only in the JFP maintenance site.
• Client-side caching is related to the larger issixe of payload size reduction strategies employed in JFP for embodiments of the indention including, for example, Use of non- verbose compact names for URL Actions, Use of non- verbose compact names for variables, Use of non-verbose compact names for CSS classes, Stripping of all comments and use of JSP comments instead of HTML comments (also a security issue), Development time white-space compression of JSP files, and Runtime use of gzip compression for all dynamic response pages (Approach is under study).
• JFP for embodiments of the invention provides a unified mechanism for loading and updating various JFP caches. All caches can uniformly be scheduled for reloading using JFP Console application which is integrated with the JFP maintenance site.
• FIG. 20 is a schematic diagram that depicts an example of components and the flow of information between the components involved in providing cache management to all JFP caches for embodiments of the invention.
• the JFP Cache Controller 140 is a singleton object responsible for clearing or reloading JFP caches.
• Cache Controller 140 keeps a list of registered components which implement JFPCacheManagement interface 142. Each component is identified by a display name and list of items that the cache controls.
• Cache components are initially registered with the Cache Controller 140 at the startup of JFP web-app.
• Cache Controller 140 is responsible for notifying registered component or components of cache management events (such as flush cache) when prompted to do so by command interface or when scheduled time occurs.
• Cache Controller 140 also holds on to scheduling information for timed and repeating events. Referring further to FIG.
• JFP Cache components must implement JFPCacheManagement interface 142 in order to recei ⁇ ve notification of cache modification events from the JFPCacheController 14O.
• JFP Cache components receive reload events for selective cache items that are managed by the particular cache component.
• JFPConsole 144 is the GUI component of maintenance web-site which allows for immediate or scheduled reloading of caches.
• FIG. 21 shows a sample JFPConsole GUI screen 146for embodiments of the invention. Any reload action will reload all the caches of that the selected type in that particular web-app. An operator can be more selective about which caches are reloaded by clicking th_e "Details" button, which displays all the caches registered of that particular type.
• an operator can specify one or more caches to reload, reload parameters such as one or more namespaces per cache, flush and timeout, along "with when the reload should occur.
• Reload can be scheduled for a later time or occur right away.
• a reload task that is scheduled for a later time can be canceled however if the reload is scheduled as "Now", it cannot be canceled.
• JFP for embodiments of the invention provides a thread safe integration of Struts and Tiles with the concurrent thread package (a kind of standard JAVA package for making it easier to manage multiple threads) in a way that allows multiple "portlets” to be spawned from a single "home page” request and be processed in such a way that each portlet can run in a thread safe way.
• the JFP does this by providing each "portlet", its own “cloned” copy of the request and response objects, so that even with non-thread safe implementations of request / response objects, each portlet can run in a thread safe way.
• JFP portlets are Struts modules which will generally return page fragments to a controller object in charge of parallel processing portlets and aggregating the response of the portlets on a page.
• JFP portlets are Struts modules (sub-apps) returning HTML or xml fragments.
• JFP portlets always go through Struts controller, follow Struts framework as closely as possible and modify Struts flow as little as possible (for example forward or include), and are parallel processed independent of the under lying portal such as Epicentric, WebLogic, and JFP portal services page-composition (i.e., JFP portal service parallel processes non Struts portlets such as .jsp.
• FIG. 22 is a schematic flow diagram that illustrates an example of the activities involved in aggregating portlets using a parallel processing manager in the JFP portlet framework for embodiments of the invention.
• the controller responsible for parallel processing the portlet creates a thread (task) for each invocation of portlet 150. Inside each thread, the framework performs server- side include using RequestDispatcher object 152 sending request to JFP portlet. This include is performed on individual thread, and the response of each HTTP request is cached by the PortletResponse wrapper 154. When all the threads are finished with their tasks, the controller then assembles the responses in the correct order by streaming the caches to the HTTP response object of main portal request.
• the "portal.home” definition extends a Tiles default layout and calls a controller class before laying out the view (portlets.jsp).
• FIG. 23 is a sequence diagram showing an example of the interaction using PPM controller in Struts and Tiles environment for embodiments of the invention. However, it is noted that the sequence diagram depicted in FIG. 23 does not show all the objects involved in Struts framework.
• FIG. 24 is a schematic diagram that illustrates an example of the PortletResponse Wrapper 154 for embodiments of the invention.
• a main function of the PortletResponseWrapper 154 is to provide a separate response buffer for each request to a JFP portlet (Struts module). The response buffers are aggregated after all parallel processing is done.
• FIG. 25 is a schematic diagram that illustrates an example of the PortletRequest Wrapper for embodiments of the invention.
• Embodiments of the invention provide an implementation of this wrapper in order to buffer attributes that are set through setAttribute and catch other functions that need to return these attributes. Specifically, these are the following attributes usually set through the RequestDispatcher.include process, such as:
• attributes are usually attributes that are set by Struts or JFP.
• the above APIs are the main mechanism for returning things such as query string, path info, and other vital request information. This information are usually passed to the request in the RequestDispatcher.include() using the ServletRequest. set Attribute() . Security
• JFP for embodiments of the invention provides security protection for all requests via the use of a site entrance filter that filters all requests and provides automatic authorization role provisioning, authorization checks, and cross-site scripting checks.
• the JFP site entrance filter is a central filter that looks at all requests for new sessions and insures that all new session requests are provided with a new session object, and a default profile object with the "role" set to a lowest entitled user.
• Site entrance insures that all requests undergo an authorization check based on the user role and other information.
• the JFP site entrance filters insure that all requests call out to an authorization check to make sure that whatever the user is trying to do is acceptable given the user's particular role.
• a still further aspect of JFP for embodiments of the invention integrates a proprietary authentication system, referred to herein as the Combined Credential Store ("CCS") into a J2EE container.
• CCS Combined Credential Store
• authentication is the process of verifying that a user is who he or she claims to be by means of verifying known credentials such as user-name and password, digital certificate, biometric information, etc.
• Authorization is the process of giving someone permission to do or see something. Logically, authorization is usually preceded by authentication. Entitlement or entitlement level refers to the level of privileges granted to an authenticated user, often accomplished by assigning a user to a role (with associated privileges) or a group (with associated privileges).
• An authorization service often provides entitlements to an authenticated user.
• Typical roles within JFP for embodiments of the invention include, for example, visitor, friend and customer.
• a visitor is a user that is not registered with the site and is not a (known) customer of the financial institution. In some environments, a visitor is known as a guest.
• a friend is a user that is registered with the site but is not a (known) customer of the financial institution. In some environments, a friend is known as a "registered user”.
• a customer is a known customer of the financial institution (has a banking or other transactional relationship).
• Typical groups within the JFP environment are "Blue" customer, "Gold" customer, bill payer, and customer service representative.
• site entrance in JFP is the processing needed to provide authorization pre-processing of a new session request from a user until such time as the user is identified and the server is ready to process the initial "home" screen and to provide authorization processing/filtering of all subsequent requests from a user in a session.
• Security services are those set of centralized services in JFP to protect against common hacking attacks such as cross-site scripting, buffer overflows, invalid parameters, command injection etc.
• JFP authentication features for embodiments of the invention include, for example, provision by JFP of support for user authentication performed by financial institution front ends transaction processing systems (sometimes referred to as "TPS”, “SFS”, “BAFES”, etc.), support for the use of CCS for user authentication and credentials aggregation, an authentication interface that allows support for an external authentication engine such as Netegrity SiteMinder, allowance of support for a native OS authentication engine (which can include LDAP/active directory implementations), support of one authentication engine that does not preclude support for any other authentication engine, allowance of authentication by use of different types of credentials, an authentication process that records usage at various stages, and the ability to audit both successful and failed authentication attempts.
• JFP provides that if it is necessary to decrypt a PIN / Password using one key and then re-encrypt the PIN/Password using another key (e.g. a TPS key), this process takes place within a hardware security module ("HSM").
• HSM hardware security module
• JFP authentication features e.g., when CCS is the authentication engine, JFP supports credential aggregation, supports enforced periodic password change (configurable per business), prohibits a user from submitting a wrong password more than N consecutive times (configurable per business), and supports shared secrets that allow the user to reset their password if they forget it (configurable per business).
• JFP provides that all passwords and shared secrets must be encrypted in permanent storage and transit. They are never placed in the clear on a session object. All passwords and shared secrets must be encrypted in transit at all times. AU passwords and shared secretes must be encrypted on a disk or in a relational database.
• JFP provides that only 3DES and PKI algorithms may be used except for cases where backwards compatibility is an issue; that within a particular server, several solutions to the authentication interface may be used; that if a user does anything which may be construed as suspicious, then to the extent possible this activity must be logged in a separate security log; and that each time a user logs in the last login time must be persisted so that this information is accessible and may be presented to the user; i.e. 'Hello Joe Smith: We are glad to see you. Your last logon was on 4/4/04 at 3 :30 PM EST.'
• JFP provides a mechanism for specifying access-policies, supports access-policy creation based on parameters such as action requested, user-role, user-group, origin-device, time-of-day etc., enforces a mechanism requiring each JFP "sub-app" to specify an access-policy; provides a mechanism for online centralized changes to access- policies, including emergency changes to "turn-off" access to particular functions; restricts access based on time or device entry etc.; and provides an API for checking access-policy compliance.
• This API can be used both by the JFP authorization service for "coarse-grain” authorization checking and by an individual application for doing "fine-grain” authorization checking.
• JFP also provides coarse-grain authorization checking and enforcement of each request, based on access-policies and authorization enforcement of each request that will reject any request that is not authorized and respond to the user with an error page (configurable).
• the Java authentication and authorization service (“JAAS”) is used to provide authentication services for JFP for embodiments of the invention.
• the JAAS authentication framework is based on pluggable authentication modules (“PAM”) and thus supports an architecture that allows the development of authentication mechanisms that meet security requirements. Clients that authenticate against the JAA.S authentication interfaces may use any authentication mechanism that also implements the JAAS authentication interfaces.
• FIG. 26 is a schematic representation that illustrates an example of the JAAS subject for embodiments of the invention.
• An authentication mechanism utilized in JFP for embodiments of the invention is a proprietary mechanism referred to herein as the Combined Credential Store (CCS).
• CCS Combined Credential Store
• Pluggable authentication modules are created that delegate to CCS, thus presenting JAAS interfaces to JFP and insulating JFP from both CCS interfaces and CCS objects.
• JAAS creates a subject object to represent users. Associated with each subject object are zero or more principal objects.
• a principal object serves as the representation of the subject either as the master credential ID and as a holder of a single sign-on token for any federated services linked to the master identify.
• the subject object may encapsulate a principal object that corresponds to the master ID.
• This principal will contain the master ID of the user and the primary role (e.g. VISITOR, FRIEND, CUSTOMER, CSR, etc.).
• the master ID may be masked.
• the subject object may also encapsulate another principal object that corresponds to a banking customer, if the user is a banking customer. In this case, the principal contains the customer's card identification number ("CIN").
• the CIN may be masked.
• the subject object may encapsulate additional principal objects that correspond to additional federated services and that contain at the least a user-ID meaningful to the federated server.
• the subject will contain a principal without a user-ID, and set to the default role with the least permissions (i.e. VISITOR).
• VISITOR to the consumer bank site is a non- credentialed user, who is not required to login, and who has minimal privileges (e.g for example has the ability to view product literature but nothing else).
• JAAS supports the notion of re-authentication, thus supporting the JFP requirement to be able to re- authenticate a user.
• the subject object in addition to containing any number of principals, may contain both public and private credentials.
• Public credentials typically include public keys and private credentials typically include private keys, PINs and passwords. Access to the private credentials given a subject object is restricted to code that has been granted specific permissions to access private credentials.
• server specific tokens are single sign-on tokens, such as the eACE single sign-on token. Any tokens returned are stored in the principal object that corresponds to the respective federated service and not in the subject object. Because the tokens are encrypted, their storage in the principal object introduces no security risks.
• the URLs of the specific federated server that receive the server specific tokens are also populated within the principal object. For each federated server, multiple sever specific tokens, along with their corresponding URLs, may be returned.
• Each token / URL pair corresponds to a specific federated server function (e.g. "SIGNON”, “SIGNOFF”, etc.). Additionally during authentication, for those conditions where a server specific token is not required but JFP stills needs to cache private user credentials, JAAS can populate the set of private credentials contained within the subject object with the user's private credentials. In addition to normal Java 2 security that is imposed on accessing these credentials, the credentials are encrypted.
• JAAS requires the use of a custom written login module that typically causes the user to be prompted for their user credentials (typically a user name and password). This situation is handled by a thin MVC/ J A AS interface that pre- populates the login module (during its construction) with the user credentials. The subject is cached for the duration of the session in the servlet container's session object.
• JFP application authenticating a user whose master and product credentials are maintained by CCS.
• FIG. 27 is a sequence diagram that illustrates an example of the process of authenticating a user using JAAS with CCS as the back end authentication system for embodiments of the invention.
• the JFP action 160 instantiates a helper class, JfpLoginContext 162, that interfaces with JAAS 164.
• the JAAS methods require the specification of configuration tag names and class names specific to the CCS authentication service.
• the helper class insulates JFP from having to supply this information.
• the user credentials have already been collected and are available in a form bean. User credential information is extracted from the form bean and passed to JfpLoginContext' s constructor 162.
• the JFP action 160 calls the login method of JfpLoginContext 162, the helper class, which delegates to the JAAS LoginContext's login method 164.
• the JAAS LoginContext 164 instantiates the CcsLoginModule 168 and then calls the initialize method.
• CcsLoginModule 168 processes the configuration file whose name was passed to it by JAAS 164.
• the configuration file specifies the CCS requestor name, which server specific tokens should be built and for which function (e.g. "SIGNON”, "SIGNOFF”, etc.) and which product credentials should be encrypted and stored in the private credential set within the subject.
• the JAAS LoginContext 164 then calls CcsLoginModule's login method 168.
• the CcsLoginModule 168 creates a CCSIdentity object corresponding to the requestor (from information passed to it from JAAS).
• the CcsLoginModule 168 then instantiates the CcsCallback object 170 (which simply stores user credentials) and then calls the CcsLoginCallbackHandler's handle method 166.
• the handle method causes the user credential data to be copied from the CcsLoginCallbackHandler 166 (the information was passed to its constructor by JfpLoginContext 162) to the CcsCallback object 170.
• CcsLoginModule 168 extracts the user credential data from the CcsCairback object 170 and calls the CCS method validateMasterCredentialsEx 172.
• the returned user profiles are cached in the CcsLoginModule object 168 and CcsLoginModule returns to the JAAS LoginContext object 162.
• the JAAS LoginContext 162 then calls CcsLoginModule's 168 commit method.
• the CcsLoginModule 168 uses the cached user profiles from CCS to create the JfpPrincipal objects and store them in the subject object.
• the CcsLoginModule 168 object then returns to the JAAS LoginContext 164 object, which returns to the JfpLoginContext 162, which returns to the JFP action 160.
• the JFP action 160 then calls the JfpLoginContext 162 object's getSubjectw which delegates the call to the JAAS LoginContext 164.
• the returned JAAS subject object is stored in the user's session object. This subject object represents the authenticated user and contains a collection of JfpPrincipals. It is this subject object that is passed back to JAAS for subsequent re-authentication.
• JFP action 160 calls only standard JAAS methods on
• JfpLoginContext 162 a helper class, regardless of what mechanism actually authenticates the user.
• the JfpLoginContext 162class in turn calls only standard JAAS methods.
• Other CCS methods than validateMasterCredentialsEx can be called. For example, during re-authentication, it may be necessary to call validateProductCredentials.
• the details surrounding the calling of CCS methods are implemented only in the JAAS pluggable modules used to authenticate against CCS and have no effect on how the JFP actions are coded (i.e. JFP is coded against only the JAAS interfaces, even in the case of re-authentication).
• a JAAS subject object is created and is associated with a JfpPrincipal object that corresponds to the master credential.
• any product credentials linked to the master credential are represented by the creation of additional JfpPrincipal objects that correspond to the linked product credentials. These additional JfpPrincipal objects are associated with the subject object.
• the purpose of the JFP authorization service is to restrict access to resources based on user entitlements.
• JFP takes a multi- pronged approach to authorization enforcement in JFP by using programmatic enforcement of coarse-grained entitlements, servlet container-provided declarative security, and optional fine-grain entitlement via application query and enforcement.
• FIG. 28 is a diagram that illustrates the multi-pronged approach to authorization enforcement of JFP for embodiments of the invention.
• each application is configured (in struts-config.xml) with a reference to a security policy to use to restrict access to that application.
• the JFP authorization service is informed as to the current user's access rights at runtime (as the session starts, as the user logs in, etc.) by other services within JFP, including primarily by the JFP authentication service.
• the "processRoles" method of the Struts ActionS ervlet' s RequestProcessor is called.
• the JFP authentication service extends this method.
• the name of a security policy associated with this action is passed to the "processRoles" method.
• the security policy is specified in the "roles" parameter in "struts-config.xml” for this action.
• the JFP authorization service verifies that the action requested is in policy, for the current user's entitlements. If no security policy is specified for this action or if the action is not in policy, the request is forwarded to an error page (configurable per module).
• standard J2EE servlet container configuration settings are used to supplement the JFP authorization service.
• FIG. 29 is a schematic flow diagram that illustrates an overview exampl e of the programmatic JFP authorization service for embodiments of the invention.
• a JFP user belongs in a role (e.g. visitor, customer), and may belong to zero or more additional groups (e.g. Gold, Blue) in addition to tlxat role, other runtime factors may also be used for authorization. All such access rights are set by other JFP services and mapped within the authorization service. Groups are associated with the user and may be identified by profile information or by database content. All access rights are available at runtime in a well-known format, e.g. ROLE_VISITOR or GROUP_CITIGOLD.
• ROLE_VISITOR or GROUP_CITIGOLD.
• Roles include, for example, VISITOR, FRIEND, CUSTOMER, and CSR.
• Groups include, for example, Gold, Blue, PrivateBank, BillPaymentEnabled, UserRegisteredForService, and CardTType.
• Other access rights include, for example, time of day restrictions, account balance value, source device type, and whether a service is available.
• JFP authorization service for embodiments are, for example, abstracting the actual authorization mechanism from JFP applications and services, enforcing entitlements, providing an API that allows setting user access rights, and providing an API that allows programmatic testing of user access rights.
• the JFP authorization service provides a consistent API for JFP applications and services. It is implemented as a single instance (per web application), with a per-user (per-session) object (JFPUserEntitlements) that holds the user's access rights.
• most security policies are enforced using a policy handler that processes XML-defined policies.
• Embodiments of the invention involve an entitlement roles and entitlement attributes setting aspect.
• a reference to the JFPUserEntitlements object is stored in the JFP Base Profile.
• the JFPUserEntitlements object is initialized with a primary role "Visitor", which has the lowest level of entitlements.
• the user's primary role is set to a specific customer role at a later time by the authentication service when and if the user is authenticated.
• Additional access rights are set by product profile initialization code based on per-product profile information (e.g. Gold, card type, etc.).
• other runtime access rights can be provided by other services or applications as needed (e.g. current time, device type).
• Instancing of the JFPUserEntitlements object is one per-user-session. It holds a specific user's role(s), group(s), etc. for the duration of the session.
• the JFPAuthorizationService singleton (per servlet context) object is created at web application startup, maps policies to policy handlers and interfaces to the policy handlers, and supports policies, such as per user, where the user's access rights are provided in the call (the normal case) and per servlet context, where the policy applies to all requests.
• the primary API method is called from JFPUserEntitlements to determine whether a user is entitled to operate within the supplied policy.
• the access rights are the collection of values for this user from JFPUserEntitlements. If an action value was not set in the isUserlnPolicy call to JFPUserEntitlements, action-mapping is set to null.
• deployment descriptor settings are used only for "global" (to the web application) settings - e.g. settings that apply to all servlets in the web application. This is limited to a small set of functions.
• declarative security means specifying what URL patterns are secured and what users may access those URLs.
• Servlet declarative security is configured in the servlet deployment descriptor file, web.xml. Declarative security in web.xml is done using two main elements - security constraints and the login configuration.
• JFP for embodiments of the invention addresses common server-side security issues and threats.
• the mitigation for a particular threat is a specific service, sometimes it is a process, procedure or best practice.
• Vulnerabilities include, for example, unvalidated parameters, broken access control, broken account and session management, cross-site scripting (XSS) flaws, buffer overflows, command injection flaws, error handling problems, insecure use of cryptography, remote administration flaws, and web and application server misconfiguration.
• XSS cross-site scripting
• the JFP for embodiments of the invention provides overload protection for a system whose performance has exceeded defined limits ("SLAs").
• SLAs defined limits
• JFP uses the site entrance filter to refuse new session requests if the baseline performance of the system has exceeded an SLA.
• This aspect relates to the overall performance of the system and the refusal JFP for embodiments of the invention automatically disables "portlets" from a homepage if a "portlet” exceeds its SLA.
• certain functions are gracefully shut off or disabled if individual functions exceed their SLA's.
• difficulties arise in maintaining a home page with a number of different portlets (i.e., the little rectangles of information displayed on the home page) that typically get their data from different external systems. If any of these portlets begin to take too long to gather data from their external sources, the JFP for an embodiment of the invention automatically disables them and takes them out of the rotation, while keeping the system running for the customer, albeit with slightly diminished functionality.
• JFP for embodiments of the invention represent an improvement over the methods discussed in the above- identified paper.
• the particular thing about which users care, namely response time is controlled in embodiments of the invention.
• response time is controlled in embodiments of the invention.
• JFP for embodiments of the invention utilizes a weighted average response time which is computationally desirable and has been found to yield good results.
• embodiments of the invention use only two values for p (i.e., 0 and 1).
• a session throttle in the site entrance filter acts to limit the number of new sessions during an overload situation.
• the response time of the "login" page is monitored and as it exceeds the threshold, no new sessions are taken by responding with a "Sorry, Fm busy now" page.
• the Weblogic queue length is monitored and the throttle is based on the measure which is available in the standard Weblogic MIB through the JMX Mbeans.
• BusyThreads current number of busy threads at the arrival of a request for the login page
• W response time weight, a number between 0 and 1,
• WBT the weighted queue length, WBT-W*WBT+(l-W)*BusyThreads,
• BTmax maximum busy thread threshold
• MTmin minimum busy thread threshold.
• BusyThreads executeQueueRuntimeExecuteThreads -
• WBT W*WBT+(1-W)*BT
• BusyThreads executeQueueRuntimeExecuteThreads -
• WBT W*WBT+(1-W)*BT
• Another aspect of embodiments of the invention involves monitoring individual portlet response time and automatically turning off a portlet that is not responsive.
• W response time weight, a number between 0 and 1 ,
• WRT the weighted average response time
• RTmax maximum response time threshold
• RTmin minimum response time threshold.
• the portlet throttle permanently turns off a portlet and requires human interaction to restore it.
• Sequence Protection and Sub-App Context Management JFP for embodiments of the invention also provides sequence protection of any application without the need for overt procedural code in the application by the application programmer. This is accomplished by extending Struts action mappings in order to allow an application developer to declare several aspects of sequence protection.
• an application developer can declare an action mapping to be an "entry point", so that any attempted access request to an action mapping that is not marked as an entrypoint for which there is no existing "subapp" context, will be automatically refused. Further, an application developer can declare that each and every action mapping is sequence protected. If an action mapping is declared to be sequence protected a "token" (embodied in a hidden field and set via a custom JFP tag) must be present in order to access an action mapping.
• a user is only allowed access to those action mappings, that previously appeared in a response.
• the application is therefore able to declaratively proscribe which action mappings can be accessed and ⁇ vhen, in order to enforce the sequential use of action mappings and to prohibit arbitrary "jumping around" in an application.
• sequence protection is necessary in many financial applications where a controlled sequence of screens is necessary to safely and completely carry out a financial transaction for a user. In either case, users are prevented from accidentally or maliciously jumping around in a financial application and must instead follow the sequencing that the application needs to enforce in order to maintain the integrity of the financial application process.
• the JFP for embodiments of the invention also provides for a user at a client browser to be informed and or prohibited from abandoning an "in-process" transaction. JFP does this with custom JSP tags and JavaScripts. There are two levels, warn and prohibit. At certain stages of a transaction, via the use of customer JSP tags, an application is able to declare that users should be warned if they try to "navigate away” from a currently incomplete transaction. An application can also prohibit "navigating away", again thru the use of custom JFP tags at certain "commit” points in a screen sequence where the transaction is in the process of being "committed” and the user must wait for a response. Thus, a user in the middle, for example, of making a payment who attempts to navigate away from that process can be prevented from doing that. An application can basically declaratively say either "I want to warn a user" or "I want to prohibit the user from navigating away”.
• a user is warned against navigating away if the user is in the middle of a particular process and has not completed it.
• a user is prohibited from navigating away if the user is at the midpoint of the application where everything needed for a transaction has been collected and the application is off performing and committing the transaction, and it is important for the user to wait until a response is received.
• the application declaratively tells the system the user is to be either warned or prohibited from navigating away from a function.
• JFP sub-app framework for embodiments of the invention include, for example, sub-app sequence protection, sub-app switching and context cleanup, and shared context between sub-apps.
• JFP framework provides protection from sub-app actions being requested out of sequence. Synchronizer token and valid action mappings mechanisms working together give the JFP framework the ability to protect order or flow of request.
• the synchronizer token mechanism protects clients from out of sequence and duplicate request submissions. Generally duplicate request submissions occur when a user submits a form which was already submitted.
• process action based on the value of action mapping attribute, "tokenRe quired” generates a token value using TokenProcessor API.
• This token value is stored in the sub-app context associated with the action mapping.
• the token is stored as a hidden field on the form or as query string parameter on a link.
• JFP custom tag (jfp:link) is responsible for retrieving the token from the sub-app context if the action mapping attribute, "tokenRequired” is set to "true”. Token is placed on the query string parameter.
• JFP custom tag (j fp : form) behaves similar to j fp : link tag .
• a difference is when "tokenRequired” is set to "true”, then the tag writes a hidden input field to the response stream.
• Logic added to the process action checks the token in request parameter matching the token stored in the sub-app context if "tokenRequired" attribute of action mapping is set to true. This logic is affected by two flags declared as ⁇ set-property> sub-elements of action mapping in struts-config:
• attribute is the name of the session or request attribute under which sub-app context is stored.
• a sub-app context may reside either under an attribute in request or session. It is used by JSP tags to locate sub-app context.
• property ⁇ 'entryPoint is a Boolean value indicating whether an action is the start action. This field is optional and by default is set to u false.
• FIG. 30 is a diagram that illustrates an example of the class structure in the synchronizer token aspect for embodiments of the invention. Referring to FIG.
• JFPProcessAction 180 checks for start(entryPoint) action, checks for tagRequired flag and if set to true compares the token retrieved from SubAppContext 190 of the action with the token returned from the client in a request parameter, and generates a token if the "tokenRequired" attribute of action mapping is set to "true".
• the token is generated calling API of TokenProcessor 194 object (derived or using standards Struts util classes).
• JFPFormTag 182 writes a hidden field with the token value in a form by accessing the token value from SubAppContext 190.
• JFPLinkTag 184 writes token string to query string parameter when the corresponding action mapping tias the attribute "tokenRequired" set to "true”.
• JFPProcessActionMapping 186 holds the entry point attribute, holds the token required attributes, and holds the sub-app context name of an action in attribute "attribute”.
• SubAppContextManager 188 is a session object which holds the reference to all active sub-app contexts. This object is referenced by the session attribute, "SUBAPP_CONTEXT_MANAGER".
• SubAppContext 190 holds the value of synchronizer token.
• ContextUtil 192 provides helper static function for retrieving a sub-app context belonging to an action mapping and provides helper static function for getting an action mapping given an action name.
• Valid action mappings mechanism is a complementary mechanism to synchronizer token for providing sequence protection.
• the JFP navigation tag when ActionForwards are being rendered to the outgoing response (at the tail-end of request/response cycle), the JFP navigation tag first finds the action mapping instance representing an action specified on the "Action" attribute of the navigation tag. A comparison is then made between the sub-app context names associated with this action mapping and the action mapping of the current request. If the two sub-app context names are the same, the navigation tag adds the tag's action mapping belonging to a list of valid action mappings kept with the SubAppContext 190.
• the JFP navigation tags which provide this service are jfp:link and jfp:form.
• JFPProcessAction 180 checks to see if its action mapping is in the list of valid action mappings.
• Each sub-app supporting the valid action mappings must use JFP navigation links.
• FIG. 31 is a diagram that illustrates an example of the class structure in the action mappings aspect for embodiments of the invention.
• the participants include, for example, JFPProcessAction 180, JFPLinkTag 184, JFPFormTag 182, SubAppContextManager 188, and SubAppContext 190.
• JFPProcessAction 180 compares the current action mapping with the valid action mapping list stored in the SubAppContext. If a match is found, then ProcessAction 180 continues with the normal operation. Otherwise, the out-of-sequence ActionForward is invoked.
• JFPLinkTag 184 gets a link's address, translates the address to action mapping (using RequestUtil 200 and ModuleConfig 202), and if the link's action mapping has ⁇ set-property> "entryPoint" set to "true", then return. In addition, JFPLinkTag 184 compares the sub-app context names of the link's action mapping against the request's action mapping (using
• ContextUtil getSubAppContextName(ActionMapping) to obtain the context names) and if names are different then return. Further, JFPLinkTag 184 gets the sub-app context of the request action mapping (using
• JFPFormTag is similar to JFPLinkTag except a hidden input field in written to the response stream.
• SubAppContextManager 188 comprises a map holding the active sub-app contexts that resides in a session attribute (SUBAPP_CONTEXT_MANAGER).
• SubAppContext 190 holds a reference to the valid action mappings (map).
• FIG. 32 is a sequence diagram that illustrates an example of the jfp:link sequence protection in JFP for embodiments of the invention.
• FIG. 33 is a sequence diagram that illustrates an example of the jfp: form sequence in JFP for embodiments of the invention.
• FIG. 34 is a sequence diagram that illustrates an example of the process action sequence protection processing in JFP for embodiments of the invention.
• JFP navigation framework and sub-app framework are primarily responsible for providing enforcement mechanism of policies regarding cleanup of sub-app context and switching.
• JFP framework allows individual sub-apps to be responsible for cleaning up of their own state when possible such as when a transaction is done or when the user calls cancel.
• Primary mechanisms for this purpose include, for example, a client-side enforced, server-side specified, mechanism to warn or prohibit a user from switching between sub-apps under certain conditions, a server-side mechanism to manage sub-app context cleanup, based on a "sub-app co-existence" policy file, and a companion server-side mechanism to allow automatic sub-app context cleanup after a sub-app has sent its "final" response.
• IFP provides client-side JavaScript support for warning and prohibiting users from switching away from an active sub-app to a different sub-app or site.
• JFP navigation framework provides a jfp:warn tag that provides a navigation warning pop-up to the user. The user can either click "ok” for the navigation request to be sent to the server or press "cancel" in which case no request is sent to the server.
• the JFP navigation framework provides a jfp:lock tag that prohibits the user from navigating away and pops-up a dialog indicating this prohibition.
• FIG. 35 is a schematic flow diagram that illustrates an example of server-side management of sub-app context cleanup of JFP for embodiments of the invention.
• server-side enforcement is provided primarily by the base action class JFPProcessAction.
• ProcessAction 210 on each request invocation checks whether the action mapping is an "EntryPoint". "EntryPoint" is a ⁇ set-property> attribute of action mapping in struts-conf ⁇ g.xml. If the action mapping is an EntryPoint, a call 212 is made to the SubAppContextManager class to get or create a sub-app context.
• the SubAppContextManager is a session object responsible for managing the state of sub- app contexts.
• This class holds a map of active sub-app contexts and generally is responsible for returning a sub-app context 214 for an action mapping if context already exists in the map of active sub-app contexts or for creating one.
• a sub-app context can be "request” or "session” scoped.
• the implication is that the SubAppContextManager for the case of "request” scoped objects creates the sub-app context and places the context in a session attribute. "Session” scoped objects are placed in a session attribute and a reference kept in the active sub-app context list.
• the context scoped is defined as a ⁇ set-property> element of action mapping in struts- config. xml .
• context manager Before creating the sub-app context, context manager will check to see for a particular sub-app context name if there are any co-existence policy defined 216 using the SubAppContextPolicyManager (policy manager). The job of this class is to provide a group of co-existing sub-app contexts in the active sub-app context. There is a template used for defining co-existing contexts. ContextManager then compares each member of this group against a member of active sub-app context map. Any context that is not present in the group is destroyed by calling the sub-app context's release and destroy API. The context manager then removes the reference to the context from session 218. If there is no policy defined for a sub-app context, all context in active the sub-app context list is destroyed. Process action will then perform its normal activities by calling model helpers and controller helper.
• Controller helper's execute method is modified to return a controllerHelperResult object.
• This object has an attribute, "controllerStatus", which is a hint for further cleanup of sub-app contexts. If a controller helper is aware that a certain transaction has either completed or aborted 220, it sets the controllerStatus to "exit”. Process action then calls the re-scope API of SubAppContextManager to remove a "session" scoped context from session attribute and active sub-app context map. The release API of SubAppContext is called and the context is added to a request attribute which is eventually cleaned up at the end of request-response cycle.
• a lifecycle session listener object is a J2EE session listener responsible for creating an instance of SubAppContextManager and placing a reference in session attribute (on session created event). This object is also responsible for destroying the SubAppContextManager object (on session destroyed event).
• attribute "/jba/jbaMakeTransferContext” is name of the request or session attribute under which sub-app context is stored. It is used by jsp tags to locate sub-app context.
• property "entryPoint” is a Boolean value indicating whether an action is the start action. This field is optional and by default is set to "false”.
• property "contextScope” is a string which provides the directive to SubAppContext Manager to create a sub-app context in "request” or "session” scope. This field is optional and by default is set to "request”. "Request” scope allows for easy and automatic cleanup of sub-app contexts at the end of a request-response cycle.
• JSP pages may contain the tags, jfp:warn Tag and jfp:lock Tag, which provide warning pop-up or prohibit user from navigating away to other sub-apps.
• the jfp:warn Tag is a custom tag that sets a JavaScript variable which causes a pop-up to display when a user tries to navigate away from the sub-app. If a user presses the "OK" button, a request is sent to server for an action that is an EntryPoint. Process action then handles the appropriate sub-app context cleanup and context creation. If a user presses cancel, no request is generated.
• key is contentld for the message to be displayed;
• setSubappBusy is a JavaScript function which sets the warn flag and the message to be displayed.
• the navigation framework at appropriate places, such as clicks on links or submits of form, calls the JavaScript function: conf ⁇ rmGo().
• An attribute is also added to jfp:link to direct the confirmGo function not to pop-up warning dialogs as follows.
• the jfp:lock Tag is a custom tag that sets a JavaScript variable which prohibits any task switching after a user has submitted the form. A pop-up displays with an appropriate message.
• JavaScript code for onSubmit checks the lock flag and if set, code calls setSubAppBusy("lock", message).
• the format of the jfp:lock Tag is as follows.
• FIG. 35 is a diagram that illustrates an example of participants in the server- side management of sub-app context cleanup of JFP for embodiments of the invention.
• the participants include JFPProcessAction 180, SubAppContextManager 188, HttpSessionListener 230, and ContextUtil 192.
• JFPProcessAction 180 checks for start (EntryPoint) action and then makes a getContext call to SubAppContextManager 188 to either get or create a sub-app context.
• JFPProcessAction 180 is responsible for checking the controllerStatus attribute of ControllerHelperResult 232 object.
• SubAppContextManager 188 is responsible for managing active sub-app contexts. When a request comes in for a specific sub-app contextname, context manager 188 will first check to see if the object is in the active sub-app context map. If the object is in the list, the context manager 188 returns the pointer to object. Otherwise, it will consult the SubAppContextPolicyManager 234 for a group of sub- app contexts that can co-exist together in the active sub-app context map.
• SubAppContextManager 188 is also responsible to destroying sub-app contexts that are not in the co-existmg group, for creating a sub-app context either in the "request” or “session” scope, and for re-scoping operations such as rescoping a sub-app context from "session” to "request”.
• HttpSessionListener 230 is responsible for creating one instance of SubAppContextManager in the HttpSession object.
• the name of the session attribute holding the context manager object is: " SUBAPP_CONTEXT_MANAGER" and for destroying the SubAppContextManager on the session destroyed event.
• SubAppContextManager 188 in turn destroys all the active sub-app contexts.
• ContextUtil 192 provides helper static function for retrieving a sub-app context belonging to an action mapping and helper static function for getting an action mapping given an action name.
• FIG. 37 is a Sequence Diagram that illustrates an example of sub-app context manager creation in JFP for embodiments of the invention.
• FIG. 38 is a Sequence Diagram that illustrates an example of sub-app context manager termination in JFP for embodiments of the invention.
• FIG. 39 is a Sequence Diagram that illustrates an example of get or create a sub-app context in JFP for embodiments of the invention.
• each sub-app context name has a structure that includes, for example, prefix and full name, the following of which are examples.
• jba/jbaxxxx - "jba” is the prefix and "jbaxxxx” is the full name portlet/jbaxxxx - "portlet” is the prefix and "jbaxxxx” is the full name
• JFP will provides a centralized method of defining sub-app contexts which can co-exist together using a site policy template.
• This policy is the single point of entry where the JFP sub-app framework can retrieve the list of sub-app contexts that can co-exist with a specific sub-app context.
• the template is an xml file, and the following is a sample template.
• ⁇ /site-policy> The template contains only one ⁇ site-policy> element and can contain many ⁇ coexist- group> elements.
• Each ⁇ coexist-group> tag contains zero to many ⁇ sub-app- context> elements, and each ⁇ sub-app-context> tag contains attributes, including "id” which is a required attribute that represents a single sub-app context name or a collection of sub-app context names represented by "wildcards”, "exclude” which is an optional attribute that directs the policy to exclude a sub-app context or collection of sub-app contexts to be excluded from the co-existence list, and "wildcard” which is an optional attribute that identifies the "id” as having "wildcard” character.
• site policy allows declaration of collections of co- existing sub-app contexts by using wildcard characters such as "(*)”.
• Site policy performs regular expression pattern matching on "id” values whose "wildcard” attribute is set to "true”. The following is an example of a policy element.
• Java doc for class java.util.regex.Pattern provides all the regular expression constructs that can be used in "id” attribute of "sub-app-context” element. After all "wildcards" are resolved to specific sub-app context names, there is only one reference to a co ⁇ existing context group from the sub-app context list.
• SubappContextPolicyConf ⁇ g is the object wliich loads the template in memory ready to be accessed by the JFPProcessAction. This object is called from a Struts module to read the site-policy and load the information in memory ready for access by JFPProcessAction. This object resolves all the wildcards specified in the "id" attributes of ⁇ sub-app-context> elements to specific sub-app context names.
• FIG. 40 a diagram that illustrates an example of the contents of the memory structure held by the PolicyConfig object for the sample template.
• FIG. 41 is a diagram that illustrates an example of the structure in the PolicyConfig aspect for embodiments of the invention.
• FIG. 40 a diagram that illustrates an example of the contents of the memory structure held by the PolicyConfig object for the sample template.
• FIG. 41 is a diagram that illustrates an example of the structure in the PolicyConfig aspect for embodiments of the invention.
• SubAppContext 190 is responsible for providing access to StiaredData 250.
• SubAppContextManager 188 the context manager passes a reference of SharedData 250 to SubAppContext 190. Any object needing a reference to SharedData 250 accesses it using getSharedData API of SubAppContext 190.
• SharedData 250 is a map holding all data shared between sub- apps such cross-linked data, etc.
• SubAppContextManager 188 is responsible for passing the SharedData 250 reference to sub-app context object wlien first created.
• LifeCycleSessionListener 252 creates a SharedData object and sets this object as an attribute of the HttpSession object.
• the attribute name is "SUBAPP_CONTEXT_SHARED_DATA”.
• HttpSession 254 holds on to a reference to SharedData 250.
• JFP JFP for an embodiment of the invention
• JFP enables expression of business rule variability thru the use of standard business rules methods.
• These business rule methods allow standard "questions" to be asked of business objects.
• the answers are embodied offline in the form of XML data, whose content is read- in, transformed and then embedded / cached in global banking business objects.
• these business rule objects are organized in terms of business, product and transaction hierarchy, so that business rules can be addressed at the granularity of individual transactions within a product and business structure.
• business rules can be organized in a hierarchy of business product and transaction, so that a particular business rule question can be directed to the lowest level, e.g., "I am trying to perform this transaction against this product within this business; am I allo ⁇ wed to do it; what are the rules?"
• This structure provides support for the variations needed to support online banking in an international context with all the inherent regulatory and business dependent variations.
• An additional aspect of JFP for embodiments of the invention provides a clean separation from control and model in a MVC architecture via the use of stateless model helpers.
• stateless model helpers provide discrete functionality that is independent of the sequence of an application and independent of other model helpers.
• a list of independent model helpers can be executed via a manifest defmecL in a JFP process bean.
• JFP for embodiments of the invention implements a JFP banking model which embodies the country and business specific variations in business logic and business rules needed to support the complete set of global online consumer banking functionality (e.g . bill payment, transfers, account information etc.) from a single globally-enabled code base.
• the JFP banking model supports the existing set of home banking business rules and business rule data, is independent of any particular control- view dialog flow; supports multiple different control- view dialog pair flows; and supports a "coarse grain" interface between it and the control which can be efficient and performed "at a distance" (i.e. from container to container or server to server).
• the JFP banking model is designed so that most of its specific implementation details are hidden from the control via some type of "facade” and in such a way that it can be externalized in the future into a separate container (e.g. EJB container) or a separate server (e.g. middleware server).
• the JFP banking model supports a flexible, document-style interface to its services. More specifically, the JFP banking model supports a coarse grain interface between the control and itself by using a data transfer object design pattern.
• the receptor of the coarse grain interface on the model side is a set of "helper" objects, which are singleton, stateless objects, acting as a "facade” to isolate the control from the details of the model.
• JFP banking business rule data is encapsulated behind a set of banking unit objects (i.e. business unit, product type and transaction type) which are singleton objects (one set per business unit per web-app scope) and which cache business rule data.
• banking unit objects i.e. business unit, product type and transaction type
• Customer profile and account information is encapsulated behind a set of banking profile objects, which are stateful objects, one set per customer session and have customer session scope.
• FIG. 43 is a schematic flow diagram that illustrates an example of the flow of information between the control and the model using a data transfer object (DTO) design pattern JFP banking model for embodiments of the invention.
• DTO data transfer object
• the model helper objects form a "facade" between the control 264 and the model.
• the actual model objects e.g. banking unit objects 266, banking profile objects 268, and messaging objects 270
• parameters and method calls that are likely to be used together are packaged together in a single coarse-grain call.
• the process beans have a document-style like interface that allows the arbitrary combination of various model helper method calls to be executed.
• the model helper objects 262 are the only visibility the control 264 has into the model. All other model objects (i.e., the banking unit objects 266, the banking profile objects 268, and the messaging objects 270) are accessed only indirectly and unknowingly via the helper objects 262. This allows the implementation of the bulk of the model objects to change over time behind the constancy of the helper objects 262.
• the helper objects 262 themselves are stateless, which allows them to be implemented as multi-threaded singleton objects.
• the first line specifies the name of this group (i.e. "GetSourceAndDestinationAccounts").
• the next two lines specify input parameters to be taken from the ActionForm and passed (i.e. "transactionTypeCode" and
• the JFP banking model helper objects 262 provide a "facade" interface between the control and the model.
• the JFP banking model interface consists of a set of “helper” methods.
• the helper methods perform well known and typically needed units of work on behalf of the control 264 (e.g. GetSourceAccountSelectionList 272, GetDestinationAccountSelectionList 274, etc.).
• helper methods can be grouped arbitrarily into larger units of work. For example a grouping such as GetSourceAccountSelectionList 272, then GetDestinationAccountSelectionList 274, then getWireTransferDisclosure 276 and return all results. Helper methods are independent of each other and are extensible.
• Helper methods can be added over time. Helper methods are "one- shot", they do not retain request state after a response is returned. They carry request state only on the stack during execution. Helper methods interface to other model objects that retain customer/transaction state as appropriate.
• JFP banking model "helper" methods can be both generic (i.e. not transaction specific) or specific to a particular transaction. Examples of generic helper .methods include getSourceAccountSelectionList 272, getDestinationAccountSelectionList 274, getDisclosure etc. Examples of specific helper methods include: doTransfer 278, getWireTransferDisclosure 276 etc. Using JFP process beans, arbitrary groupings of helper methods can be specified via a configuration file. FIG.
• JFP banking unit objects are a set of objects called the JFP banking unit objects that "model" and encapsulate the global consumer online banking business rules.
• the global consumer online banking business rules define the business and regulatory differences in the global online banking functionality.
• the JFP banking unit objects exist as a singleton-set per business unit at the web-app scope. They encapsulate and cache at runtime business rule data and provide both generic and specific method calls.
• JFP banking unit objects include, for example, business unit 280 (one per consumer business e.g.
• JFP banking unit objects are generally not called directly by the control 264, but are used by other model objects.
• banking unit objects include, for example, extensibility (to accommodate new rules) and commonality (a predictable and constrained set of method signatures). These features are enabled by a design with “generic” methods that can handle multiple rules and that also accommodate “plug- able” rule handlers, based on method signatures and rule identifiers.
• Generic methods can be used in many different ways. Each generic method, depending on its parameters, provides a different abstraction for its client. An example of an abstraction is "What are the valid ready-to-use source accounts?"
• the transaction type class 284 provides the generic method "Object getListOfObjects(String ruleldentifier)" with the ruleldentifier as "RTUSourceProducts".
• the objects returned are of a specific class that answers the "What are the valid ready-to-use source products" question.
• This class provides the needed information for the banking relationship object to build the valid ready-to-use source customer account objects.
• the JFP banking model for embodiments of the invention also includes a set of objects, called the JFP banking profile objects that "model" and encapsulate information about a customer, their banking relationship, their accounts, payees, drawees, etc.
• the JFP banking profile objects exist as a per customer instance set of objects at session scope.
• FIG. 45 is a schematic flow diagram that illustrates an example of JFP banking profile objects for embodiments of the invention.
• the banking unit objects include banking profile object 290 (one per customer containing customer ID and a limited set of customer identity information [such as customer name, tax Id, etc.]), banking relationship object 292 (one per customer - control point for access to all linked accounts, payees, etc.
• JFP banking profile objects are generally not called directly by the control, but are used by other model objects, especially the helper objects 262.
• the JFP banking relationship object 292 for embodiments of the invention is the focal point for access and control for most of the customer specific financial information.
• FIG. 46 is a schematic flow diagram that illustrates an example of JFP banking relationship object 292 for embodiments of the invention.
• the JFP customer account objects 294 for embodiments of the invention are the holders of actual account information.
• FIG. 47 is a schematic flow diagram that illustrates an example of JFP customer account objects for embodiments of the invention.
• the JFP messaging objects 270 for embodiments of the invention provide a property setting/getting interface that abstracts and is based on a global messaging layer interface (GMLI).
• GMLI global messaging layer interface
• the JFP messaging objects 270 provide a facility for mapping the global definition to various regional implementations. This mapping is hidden from the application model.
• the application model deals with the global properties, abstracted behind property getting/setting methods on messaging objects.
• the messaging objects in turn, rely on the JFP thin message router to discover at runtime what actual host is the target for any specific message.
• the JFP messaging objects 270 are produced offline using an XML schema definition of the GMLI and using code generation and serialization facilities of JAXB. FIG.
• JFP for embodiments of the invention also provides automatic message object generation and transforms, using XML schema definitions, JAXB, and message transformation rules from a global abstract interface to a specific regional interface. It is necessary for the financial institution to talk to external hosts, and the JFP provides a way that all of these message can be automatically generated using a standard XML schema and facilities known as JAXB, as well as creating message transformation rules from a global abstract interface to a specific regional interface. Thus, the JFP provides an automatic message generation system.
• Host Messaging Service Embodiments of the invention utilize messaging objects and thin message router support to support the host messaging requirements of the JFP banking applications.
• Major aspects of the JFP host messaging service include, for example, the provision of flexible and extensible support for communicating with a variety of external hosts and an abstract representation of messaging for global banking applications messages based on the global message level interface (GMLI), the shielding of client applications from specific details of message encoding and transport and from knowledge of the specific host target of any particular message, the provision of the ability to select target host based on business, message type and customer ID range and the ability to decompose and transaction manage a single logical message into potentially multiple messages to different hosts, and the provision of a host simulator to support "demo-mode" for global banking applications.
• GMLI global message level interface
• the JFP host messaging service includes the use, for example, of XML schema for GMLI message definitions, abstract message object API based on GMLI, Java data binding via JAXB for automatic class generation and serialization/de- serialization between objects and XML, message adapters for regional message mapping and validation, and thin message router for flexible host targeting and transaction management.
• XML schemas are used to specify GMLI message definitions. Advantages of using XML schemas include, for example, use of standard definition language that avoids dependencies on custom tools, removal of limitations of one level of nesting in current home banking application message tools, allowing use of off the shelf tools like XMLSpy for schema creation and modification, and provision of conversion from existing message definitions to schemas.
• Additional advantages of using XML schemas include, for example, allowing generation of Java code from XML schema using data binding technology, direct code generation from XML schemas to Java classes (interfaces and get/set methods) that increases productivity and reduces programming errors, use of standard Java data binding library, JAXB, from Sun, and automatic code generation provided by JAXB for runtime marshalling/unmarshalling to XML.
• a message adapter maps data from the GMLI to target host encoding.
• Message adapters are built from auto- generated interface classes for GMLI (JAXB used for auto-generation of interface classes) and developed for each host and each request-response pair.
• JAXB provides base classes for each message adapter, but custom code for regional element mapping, validation and processing are added for each message.
• a message factory is used to create appropriate message adapters, and thin message router determines the host target and in some cases provides transaction management.
• Message factory creates an appropriate message adapter based on business, message type, and customer ID range.
• the thin message router routes/transaction-manages messages to the appropriate host, maps message types to appropriate host using configuration table, based on business, message type and customer ID range, manages the host connection(s) for each customer session and maintains affinity between a given customer session and host connection(s).
• FIG. 49 is a schematic flow diagram that illustrates the manner in which messages are generated and data binding using JAXB provides for automatic class generation and serialization/de-serialization code for embodiments of the invention.
• a thin message router per web-app, which handles all customer sessions and host connections in that web- app.
• the thin message router determines which host to route to based on business, message type and customer ID range (configurable) and calls the appropriate host accessor to do the work, then stores state (host connection, terminal ID) for each customer session.
• FIG. 50 is a schematic flow diagram that illustrates how the thin message router routes messages to the appropriate target host and maintains customer session affinity with host connections for embodiments of the invention.
• a host accessor 3 10 per host per web-app, which handles processing for this host in this web-app for all customer sessions, keeps affinity between a session and each host it uses by getting, saving and reusing a host connection for each session, stores state (e.g. host connection, terminal id) for each session, uses helper classes to open connections, assign terminal Ids and sequence numbers, manipulates overhead elements, calls a method to serialize the data, and calls the resource adapter 312.
• the host accessor 312 is a singleton, but it uses the helper classes which store state about this host and its connections, terminal ids and message sequence numbers. For each accessor, there is one instance of the helper classes for its host.
• the host accessor 310 also enables adding new accessors without changing thin message router, except for configuration.
• JFP J2EE Java Connector Architecture
• the JCA specification defines a standard architecture for connecting the J2EE platform to heterogeneous "hosts", also known as front-end systems or enterprise information systems O'EIS").
• Features of the JFP host adapter service include, for example, support for multiple hosts on one server and support for TCP/IP communications protocol only.
• the JCA host adapters support loading one key per server.
• the internal application interface to the JCA host adapter for the payload provides an efficient and flexible XML structure. Further, the JCA host adapter provides support for logging and instrumentation.
• FIG. 51 is a schematic flow diagram that illustrates an example of resource adaptor instance for embodiments of the invention.
• the JFP host adapter service
• BAFES Resource Adapter for embodiments of the invention provides a standard interface for getting a connection to the host, sending a message on that connection, receiving the response, registering and receiving unsolicited messages, and releasing the connection.
• the BAFES resource adapter is implemented for example, per the Java connector architecture (JCA vl .0) and uses the interfaces therein defined for creating and releasing connections. Interfaces are also defined for sending and receiving solicited and unsolicited messages.
• the link 322 is the component that establishes the physical socket connection to the host 324, handles re ⁇ establishing the connection when it goes down, sends keep-alives (if configured) and handles the actual sending and receiving of data to/from the host.
• a gateway 320 is a layer on top of the link 322 which handles the logical connection to the host 324.
• a gateway 320 may send control messages to sign on to the host 324 after the physical link is established, send handshake messages, handle message timeouts, handle message response matching and handle unsolicited message notifications.
• the BAFES resource adapter internally bring up a gateway 320 as per configuration.
• the client is able to configure which gateway implementation to use for a specific connector instance.
• the BAFES resource adapter supports, for example, two gateway implementations, SF and SFC.
• the SF gateway supports the sending of control messages between the gateway 320 and the host 324 and additional error handling not included in the SFC gateway.
• the BAFES resource adapter establish / maintains the link; 322 with the host, supports keep alive messages to / from the host, sends / receives control messages, as needed, per the gateway implementation, converts XML/DOM format messages to/from the desired host format (for BAFES host, this is ELF format), adds appropriate message headers, as needed, with information supplied by the client in request, handles / reports message timeouts/errors at various levels, and handles packetizing / de- packetizing of message.
• the BAFES resource adapter provides a callback mechanism for solicited message responses, provides a register / callback mechanism for unsolicited messages, provides utilities to assist client in loading xml / building message elements, and uses the Hostlnfo module as a mechanism to record/publish diagnostic information such as instrument values/statuses, statistics and logs.
• the BAFES resource adapter for embodiments of the invention is written in such a way that multiple instances of the adapter (configured with different parameters for different businesses) and/or multiple adapters can be used on the same system without interfering with each other.
• the resource adapter there are factories for handing out connections (as per JCA).
• a single resource adapter can be configured to create / hand out many connection objects 326.
• Each connection object 326 will belong to a managed connection object 328.
• Each managed connection object has a reference to the one gateway object instantiated for this connector, and the particular gateway object has a reference to one (in the case of BAFES) or more (in the case of a TPS adapter) link objects.

Landscapes

• Business, Economics & Management (AREA)
• Accounting & Taxation (AREA)
• Finance (AREA)
• Engineering & Computer Science (AREA)
• Development Economics (AREA)
• Economics (AREA)
• Marketing (AREA)
• Strategic Management (AREA)
• Technology Law (AREA)
• Physics & Mathematics (AREA)
• General Business, Economics & Management (AREA)
• General Physics & Mathematics (AREA)
• Theoretical Computer Science (AREA)
• Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Applications Claiming Priority (2)

Publications (2)

Family

ID=36143159

Family Applications (1)

Country Status (2)

Cited By (1)

Families Citing this family (4)

Family Cites Families (3)

• 2005
  • 2005-10-03 WO PCT/US2005/035718 patent/WO2006039706A2/en not_active Ceased
  • 2005-10-03 EP EP05802843A patent/EP1810133A4/de not_active Ceased

Non-Patent Citations (3)

Also Published As

Similar Documents

Legal Events