39. End-user Mashup Step 2: Mashup Assembly Interoperable Ajax Tools and Mashups Widget Catalog Widget-A Widget-B Widget-C Widget-D Widget-E Widget-F etc. Web browser URL: http://example.com/mashup_builder Widget-C Widget-E Widget-A User drags widgets from widget catalog and drops onto the canvas Using the mashup tool, the mashup designer links event publishers with event subscribers. As a result, user actions on one particular widget will cause a message to be sent to the other widgets, thereby triggering updates in those other widgets
40. As the mashup runs, widgets communicate with each other and with various servers Interoperable Ajax Tools and Mashups Communicates in the background with one of the company’s web servers Company server Communicates in the background with a public web server Public server 1 Communicates in the background with a public web server Public server 2 Web browser URL: http://example.com/mashup_builder Widget-C Widget-E Widget-A Message passing between the widgets
41.
42.
43.
44.
45. OpenAjax Hub 2.0 Security Overview Interoperable Ajax Tools and Mashups Communicates in the background with one of the company’s web servers Company server Trustworthy Public Server Communicates in background with a malicious public server Malicious Public Server Web browser URL: http://example.com/mashup_builder Widget-A Widget-B Malicious Widget Communicates in background with a trustworthy public server OpenAjax Hub 2.0 – Widget Isolation and Messaging Mediator Hub 2.0 only permits cross-widget communication via a mediated publish/subscribe messaging bus Hub 2.0 isolates each widget into its own sandbox
46. Hub 2.0 Initialization Interoperable Ajax Tools and Mashups 5 Using the Managed Hub Load OpenAjax Hub Create a “ManagedHub” instance, identifying security manager callbacks Create containers for each component in the mashup and then load/initialize the components within those containers As application runs, components publish messages to other components Typically at initialization time, components subscribe to message topics of interest Component subscribes to message topics: OpenAjax.hub.HubClient.subscribe(…); Component publishes messages on Hub: OpenAjax.hub.HubClient.publish(…); Web browser URL: http://example.com/mashup_builder/my_mashup2 1 2 3 4 3 Container HubClient Component-A HTML/JavaScript Container HubClient Component-B HTML/JavaScript OpenAjax.hub ManagedHub instance 1 2 2 Security manager callbacks 3 4 5
47. Run-time message passing with Hub 2.0 Interoperable Ajax Tools and Mashups Managed Hub Message Passing Component-B publishes a message IFrame container marshalls the message across browser frames IFrame container sends message to Managed Hub Security manager callbacks decide whether to let the message through Component-A’s callback is invoked Message sent to Component-A’s container Web browser URL: http://example.com/mashup_builder/my_mashup2 OpenAjax.hub ManagedHub instance Security manager callbacks 1 2 3 4 5 6 4 IframeContainer HubClient Component-B HTML/JavaScript Component publishes messages on Hub: OpenAjax.hub.HubClient.publish(…); 1 <iframe> (for component isolation) InlineContainer HubClient Component-A HTML/JavaScript Component subscribes to message topics: function MyCallBack() {…} OpenAjax.hub.HubClient.subscribe(…); <div> (inline component) 2 6 3 5