Thesis Defence - American University of Armenia

Download Report

Transcript Thesis Defence - American University of Armenia 

Online Library Remote Access
Through Proxy Server
Student: Paruyr Hovakimyan
Supervisor: Albert Minasyan
Referee: Aram Hajian
Abstract
• The purpose of “Online Library Remote Access
through Proxy Server” project is to build the web
application which will allow to login into the
application with given username and password and
access online repositories with IP restrictions.
• This project was initiated by American University of
Armenia in order to let the students and faculty
members to use library materials from abroad of
campus.
Table of Content
• Introduction
• Problem description and research
▫ Detailed description of the problem
▫ Research
• Implementation
▫ Components
▫ Security
• Conclusion
• Suggestions for Future Work
• References
Introduction
AUA E-References
Allowed
User in
AUA
Rejected
2
User abroad
AUA
Authentication
AUA Proxy Server
ACM
EBSCO
AGORA
I
P
C
o
n
t
r
o
l
ACM
AGORA
EBSCO
Problem description and research
• Detailed description of the problem
▫ Requirements
• Research
▫ Solutions
Detailed description of the problem
Consider following situations
• Scenario 1
▫ medical-school professor takes up a practice in a
university-affiliated clinic needs to access BioMed web
site
• Scenario 2
▫ During vacation professor wants to do research and
needs to access Oxford English Dictionary
• Scenario 3
▫ Number of students wants to access library online
materials from home
AUA prescribed the problem
(Requirements)
AUA stated following requirements
▫ To have the system which will give the access to
bought virtual libraries from anywhere to all students
and faculty
▫ The system will work on existing Sun Fireware
hardware with Solaris 10 operating system installed on
it
▫ There should not be any client-side installation or
setup to work with the system
▫ The system should be less expensive and use well
known technologies to simplify further development
and management
Research
• Possible solutions to the problem
▫ VPN Access
▫ Proxy Servers
▫ Pass-Through Proxy Servers
VPN Access
Proxy Servers
Pass-Through Proxy Servers
Why Pass-Through Proxy Strategy
•
•
•
•
•
No client side configuration
Easy to manage
Needs less human resources to maintain
Easy to integrate new services
Easy to use
Pass-Through Proxy Strategy
Implementations
Most known pass-through proxy strategy implementations
▫ EZProxy
▫ LibProxy
EZProxy
•
•
•
•
•
•
Commercial product
Proxy Server with URL rewriting tool
With own user and host database
With own authentication mechanism
Possibility to integrate with Java
Possible to setup in known operating
systems(Windows, Unix, Solaris, etc.)
LibProxy
• Free open source product
• Possible to integrate with MySQL database and
LDAP server
• Configurable to work on port base and host base
strategy (http://avsl.aua.am:2050,
http://2050.avsl.aua.am )
• Possible to setup on limited operating servers
(Unix, Solaris)
• Needs Apache server with perl module
Decision (EZProxy)
Comparing two products EZProxy was chosen
because:
▫ Unlike EZProxy which is simple to install, LibProxy
require a lot of preinstalled packages to be in OS
▫ EZProxy has very good installation and usage guides
▫ Since EZProxy is commercial product it has good
maintenance and support
▫ There are number of publications that advice EZProxy
to use as one of the stabile pass-through proxy server
▫ EZProxy works as stand alone application
Implementation
Components
• Application
▫ E-science-library (which during setup in AUA was
named Armenian Virtual Science Library(AVSL))
• DataBase
▫ MySQL
• Authentication
▫ Open LDAP Server
• Web/EJB container
▫ Sun Java System Application Server
AVSL Web Pages Navigation Work Flow
Request flow chart
Forwarding mechanism
• EZCGIServlet
String forwardUrl = ezproxyUrl + "/login?user=“ + URLEncoder.encode(user, "UTF8“) + "&ticket=“+URLEncoder.encode(getKeyedDigest(ezproxyKey + user +
timestamp)+ timestamp, "UTF-8") + "&qurl=" + URLEncoder.encode(url, "UTF-8");
Security
• Only users with valid session access the
EZCGIServlet
▫ http://avsl.aua.am/AVSL /ezcgi?user=username&url=http://www.bl.uk
• Double checking
▫ ECGI Servlet sends a ticket to EZProxy with MD5.
▫ EZProxy receives the ticket (the user name, time
stamp) it recalculates the message digest and
compare it with the ticket.
▫ Request is valid only if the two are identical
Successful opened ACM portal
Conclusion
• Possibility to purchase the expensive licenses
and provide them freely to the students, faculty
• AVSL uses Directory Server for authenticating
users
▫ Which make administration easier
• The System uses strong security mechanism to
check and give appropriate role to logged in user
• AVSL System uses EZProxy server for accessing
the publishers’ resources
• No need for clients to do any configuration
Suggestions for Future Work
• Full integration with EZProxy
• The ability to synchronize needed virtual hosts
between System and EZProxy hosts list
• The ability to synchronize users between LDAP
System and EZProxy users list
• Add different services, such as enhanced
searching capabilities, digital library control
systems, etc. into AVSL platform.
References
•
•
•
•
•
•
•
•
•
[1] Jalal B Raouf, “Design of Iraqi Virtual Science Library”, 2007.
URL: http://e-science-library.dev.java.net
[2] Albama SuperComputer Authority, “Alabama Virtual Library
(AVL)”, 2000. URL: http://www.avl.lib.al.us/about/index.html
[3] URL: http://www.who.int/hinari/about/en/
[4] URL: http://www.aginternetwork.org/en/about.php
[5] URL: http://portal.acm.org
[6] URL: https://www.ivsl.org
[7] By Jayson Falkner (et. al.), “Servlets and JavaServer Pages™:
The J2EE™ Technology Web Tier”, Addison Wesley, United
State of America, September 19, 2003.
• [8] By Bruce W. Perry, “Java Servlet & JSP Cookbook”, O'Reilly
Media Inc., United States of America, January 2004.
[10] NetBeans(IDE) help contents.
Thank YOU!