Web Application DevelopmentJonathan YoderWeb Application Engineer

May 16, 2013

Topics for Today• Single Sign On with CAS• Lung Cancer Explorer Changes• Introduction to RESTful Web Services• RESTful Services• LCDB• ProbeMapper• JSON Table Schema Serialization/Deserialization• Authentication with CasHmac• Authorization with CasHmac

• Graph Databases with Neo4j

Single Sign on with CAS• “Central Authentication Service”• Open Source Project available at http://www.jasig.org/cas• Runs on Tomcat (no need for additional servers)• Integrates with Web Applications without modification• Proxy Support for Web Services

CAS Authentication Process

Web Browser

Central Authentication

Server

Web Application

1. Request

3. Ticket

2. Authentication

4. Validation

<ticket>

Lung Cancer Explorer• Meta Analysis• Survival Analysis with Group Segmentation• Dataset Suggestions• Dataset Filtering• Analysis Caching with Redis

Intro to RESTful Web Services• Terminology• Representational State Transfer• GET, DELETE, PUT, POST

• Benefits• Popular and simple (vs. SOAP)• Responds with valid JavaScript (JSON)• Supported by many open-source frameworks• Very easy to consume

• Purpose• Provide data to applications• Expose services to outside applications

Example REST Request

http://qbrc.swmed.edu/probemapper/entrez/genes?gene_id=3845,51562&taxonomy=9606

Example REST Response{"java_type": "edu.swmed.qbrc.probemapper.shared.models.Gene","fields": [...{"id": "geneId","label": "geneId","type": "integer"},{"id": "name","label": "name","type": "string"},...],"data": [["12","HGNC:6407|MIM:190070|Ensembl:ENSG00000133703|HPRD:01817|Vega:OTTHUMG00000171193","v-Ki-ras2 Kirsten rat sarcoma viral oncogene homolog",3845,1220665,"-","12p12.1","v-Ki-ras2 Kirsten rat sarcoma viral oncogene homolog","O","KRAS","KRAS","C-K-RAS|K-RAS2A|K-RAS2B|K-RAS4A|K-RAS4B|KI-RAS|KRAS1|KRAS2|NS|NS3|RASK2",9606,"protein-coding"],["14","HGNC:20427|MIM:609431|Ensembl:ENSG00000151332|HPRD:14368|Vega:OTTHUMG00000140222","MAP3K12 binding inhibitory protein 1",51562,1229582,"BM-015","14q13.3","MAP3K12 binding inhibitory protein 1","O","MBIP","MBIP","-",9606,"protein-coding"]]}

Example REST Response…."fields": [

...{

"id": "geneId","label": "geneId","type": "integer”

},{

"id": "name","label": "name","type": "string”

},...

],

Example REST Response"data”:[[

"12","HGNC:6407|MIM:190070|…|HPRD:01817|Vega:OTTHUMG00000171193","v-Ki-ras2 Kirsten rat sarcoma viral oncogene homolog",3845,1220665,"-","12p12.1","v-Ki-ras2 Kirsten rat sarcoma viral oncogene homolog","O","KRAS","KRAS","C-K-RAS|K-RAS2A|K-RAS2B|…|KI-RAS|KRAS1|KRAS2|NS|NS3|RASK2",9606,"protein-coding"

],…]

New RESTful Web Services• LCDB• Datasets (GET, DELETE, and PUT)• Patients (GET, DELETE, and PUT)• Samples (GET, DELETE, and PUT)• Expression Data (GET, DELETE, and PUT)• Histologies• Normalizations• Races• Smoking Statuses• Tissues

New RESTful Web Services• ProbeMapper (migrated from SOAP)• Authorities• Platforms (GET, DELETE, and PUT)• Probes (GET, DELETE, and PUT)• Genes• Genes for Probes (GET, DELETE, and PUT)• Probes for Genes

• Lung Cancer Explorer uses ProbeMapper

JSON Table Schema• For more information:http

://www.dataprotocols.org/en/latest/json-table-schema.html• A “simple schema for tabular data”• Saves bandwidth by assuming a consistent format• Speeds our implementations of ProbeMapper and LCDB with

our custom Jacksonate serializer/deserializer.• See https://github.com/QBRC/Jacksonate• See https://github.com/QBRC/Guiberest

Authentication with CasHmac• Supports CAS for authentication• Supports HMAC for authentication• User has and ID and a Secret Key• Request information is combined into a string• User’s Secret Key is used to create a hash from the string• User’s ID is sent with the request• Server looks up user’s Secret Key based on ID• Server recreates hash and verifies that it matches the client’s

hash that was included with the request.• See https://github.com/QBRC/CasHmac• See https://github.com/QBRC/Guiberest

Authorization with CasHmac• Method-based authorization by Role• ACL-based: Access Control List• Authorization to access/update/delete a specific object• Authorization may be tied to dependent objects

• Allows us to annotate our classes for security

Graph Databases with Neo4j• See http://www.neo4j.org/• Graph Databases:• Store objects• Focus on relationships between objects (uses verbs)

• Jonathan -> (is employed by) -> QBRC• Jeff -> (supervises) -> Jonathan

• Allow very fast retrieval of objects based on their relationships to one another

• Neo4j and Bioinformatics:http://watch.neo4j.org/video/47275633

Summary• Single Sign On with CAS• Lung Cancer Explorer Changes• RESTful Services• Graph Databases with Neo4j