Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
1. Introduction
The basic functions of online examination system include registration, user management,
report generation, question paper matrix entry, question pool management, data entry,
examination conduction etc. The figure 1 shows the process flow of the system.
Some key non functional requirements that had a strong impact on the architecture and the
components used in the architecture included:
Open Source Stack
Scale out vs Scale Up
Ease of Extensibility
Performance/High System Throughput
Reliability
Security/Privacy/Escrow Accounts
All these functional and non-functional requirements have been considered while deciding
on technology components in the solution, described in further sections.
3. System Architecture
The NOES utilizes the following open source framework across it's various tiers ,namely,
Adobe Flex[1] at the Presentation Tier , Blaze DS[2] at the remoting tier, Spring[3] at the
102
National Online Examination System: An Architectural Perspective
business tier, Jasypt[4] at the business tier , Hibernate[5] at the Object Relational Mapping
Tier and Terracotta[6] for providing JVM Level Clustering for High Availability and better
throughput. Fig 2 shows various system components of online examination software.
103
Pradeep Kumar, Pankaj Nirwan , P Govind Raj
Moreover, EJB's are considered to be heavy weight as compared to a Plain Old Java Object
(POJO).
Our business tier design uses Spring Framework to utilize the simplicity of POJO
programming and at the same time relieves the application developer from concerns about
issues like Transaction, Persistence etc. These “concerns” are managed by Spring
Framework itself. Apart from being a replacement to EJB, spring also provides
features and programming paradigms used by the design such as:
Transaction Mgt.
Security
Our design uses Aspect Orientation to solve this problem in a better way [Fig 3]. By using
Aspect Orientation, programmers can express cross-cutting concerns in stand-alone
modules called aspects. Aspects can contains advice (i.e. code joined to specified points in
the program) and inter-type declarations (structural members added to other classes). For
example, a security module included as an aspect can include advice to perform a security
check before accessing a particular record. Since the security module is separated as an
aspect , joined using an advice and joined to specific points in code as required the
problems of code tangling and code scattering is solved.
We have used aspect orientation to implement Role Based Access Control[7] and
Transaction management[8].
104
National Online Examination System: An Architectural Perspective
Application Logic
Security Subsystem
Database
LDAP Biometric storing
Authentication Credential
The security subsystem of the NOES provides Authorization, Role Based Access Control
(RBAC) and cryptographic functions for storing user credentials for authentication. Spring
Security was used to implement these functions. For providing cryptographic functions like
encryption Java Simplified Encryption (Jasypt) was used. Jasypt had to be integrated with
Spring Security and Hibernate, so that Spring Security used password encoders etc from
Jasypt. Fig 5 shows hashing using Jasypt .
105
Pradeep Kumar, Pankaj Nirwan , P Govind Raj
Using the Security Subsystem, access control can be provided at the URL level, Method
Invocation Level, domain object level and view rendering level. The authorization is
implemented with the help of Spring Security as a set of Intercepting Filters as shown in
fig6.
For making Access Control Decisions the Spring Security' Access Decision manager were
used. All these access decision managers require a group of voters to be configured for
voting on access control decision.
NOES utilize Role Voters and Authenticated Voters. Role Voters votes for an access
control decision based on a user’s role. It votes to grant access if the user has the same role
as required to access the resource. It votes to deny access if the user lacks any role required
to access the resource. Authenticated Voter votes for an access control decision based on a
user’s authentication level. It votes to grant access if the user’s authentication level is
higher than the required attribute. From highest to lowest, authentication levels are “fully
authenticated,” “authentication remembered,” and anonymously authenticated.”
106
National Online Examination System: An Architectural Perspective
Design. The term object-relational impedance mismatch is derived from the electrical
engineering term impedance matching. There are various concepts in OOP's which do not
have direct relation to Relational Model. E.g. includes Inheritance, Polymorphism, and
Encapsulation etc. To map these concepts from an object oriented domain to the relational
domain, Object Relational Mapping paradigm has been used in NOES. Hibernate has been
chosen as the implementation framework for implementing OR Mapping. Apart from
providing OR Mapping, Hibernate also relieves the programmer from writing SQL's
thereby improving his productivity.
Our design incorporates HA right at the Java Virtual Machine Level. The advantage of this
approach is that HA is available just like any other service provided by the JVM (e.g.
Garbage Collection), therefore the developer just needs to concentrate on the developing
business logic and worry about implementing scalability and high availability.
107
Pradeep Kumar, Pankaj Nirwan , P Govind Raj
108
National Online Examination System: An Architectural Perspective
NOES utlizes lot of major design patterns and principle presented in [9] .This section
describes some of the major design patterns used in NOES.
109
Pradeep Kumar, Pankaj Nirwan , P Govind Raj
110
National Online Examination System: An Architectural Perspective
the classes and perform dependency injection when needed. Later the Spring Community
came up with Spring BlazeDS Integration Components[11]. The current version of NOES
uses this new scheme to integrate Flex and Spring.
111
Pradeep Kumar, Pankaj Nirwan , P Govind Raj
service method can be used to handle the exception and send relevant message to the
presentation tier.
6. Conclusions
Using the NOES, C-DAC has conducted three PG Entrance Examination and one national
level entrance examination successfully. The National Level Entrance Examination was
conducted across 10 centers of C-DAC for a period of 10 days each day having 3 slots.
Therefore the total number of live runs of the system are more than 300. Further The
National Level Entrance examination for PG/JRF was done using a Computer Adaptive
Test. The details of design and the mathematical model has been mentioned in
[14].DOEACC has also expressed it’s interest in conducting it’s CCC examination.
The initial stress testing result shows that we can conduct an exam for 5,000 users using
just 2 Tomcat server instances. We plan to scale the application to support around 10,000
users in a single session.
NOES uses Hibernate in its ORM Session. One of the criticism of ORM technologies, is
that generates non-optimized SQL Queries for databases. We plan to tweak the ORM layer
and use frameworks like AutoFetch to generate Optimized SQL.
112
National Online Examination System: An Architectural Perspective
Acknowledgment
Authors would like to thank Sh. GV Ragunathan Sr. Director DIT , Sh. Anil Pipal Addl
Director, DIT for their constant motivation and support throughout the project life cycle.
Authors also express their sincere thanks to Sri D K Jain , Sh R K Singh , Sh V K Sharma,
Dr P R Gupta and Dr George Varkey for their constant support in executing the project .
Authors express their acknowledgement to their team members Kartikeya , Vikram , Kanti
Singh , Neha Sharma, Soumya Sengupta , Parag for their efforts to make this software a
reality.
References
About Authors
113
Pradeep Kumar, Pankaj Nirwan , P Govind Raj
114