NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage
Search CSRC:
AppVet Logo

6.  Developer's Guide


6.1 AppVet Architecture

To better understand the AppVet source code, it is necessary to understand the AppVet architecture. The AppVet architecture comprises three main components: AppVet Servlet, GWT Client/Server, and Tool Manager. These components are shown in Figure 6-1.


appvet-architecture

Figure 6-1. AppVet architecture. (Enlarge)



6.1.1 AppVet Servlet

The AppVet servlet implements the AppVet API for clients to interact with AppVet. The AppVet servlet is used directly by applications including app stores and third-party applications, but is not directly accessed by users. Instead, users invoke the AppVet API via Google Web Toolkit (GWT) Client code within a web browser.

6.1.2 GWT Client/Server

The GWT Client provides the user interface to AppVet. Here, GWT provides the web browser widgets required for users to interact with AppVet. During development, GWT widgets are written in Java and compiled to AJAX for deployment. In Eclipse, use the GWT Designer to modify AppVet panels, layouts, and widgets. The GWT server supports requests from GWT client widgets including authentication and app info requests. The GWT client communicates via Remote Procedure Call (RPC) with the GWT server. During development, GWT servers are written in Java and compiled as Java classes for deployment. Note that a GWT server does not directly support file uploads from a GWT client and that file uploads from the AppVet GWT client must be sent directly to the AppVet servlet. Figure 6 1 shows a file F being uploaded to the AppVet servlet from a web browser containing the AppVet GWT client code.

6.1.3 Tool Manager

The tool manager is the AppVet component that manages the overall processing of an app by a set of tool services. The tool manager is responsible for removing an app from the queue and forwarding the app to the set of tool services defined by the set of AppVet tool service adapters. The tool manager also processes reports from synchronous tools. Note that reports from asynchronous or push tool services are processed by the AppVet servlet.

6.1.4 Other

Other AppVet components provide a wide variety of functionality from database transactions and file handling to input validation and logging.

6.2 AppVet Source Code

The AppVet source code release includes the files as shown in Figure 6 2.


appvet_source_code_directory

Figure 6-2. AppVet project directory. (Enlarge)



The AppVet source code release comprises two main directories: /src and war . The /src directory contains the AppVet source code while the /war directory contains the files required for deploying AppVet as a web application and service.

Note that it is strongly recommended to conduct AppVet development on a separate staging machine from the production host and to ensure correct operation of AppVet on the staging machine before being deployed to the production host.

6.3 Database

The AppVet database, appvet, and tables are created during installation using the AppVet installer. Appvet tables include:

  • apps: Defines app-related information including app name, owner, and app status.
  • status: Defines tool statuses for each app.
  • users: Defines user information.
  • sessions: Defines user session information.

For more information, see the AppVet Database Schema.