LightArmy is PHP application development platform. Bringing together of LightAnt and LightBird as an Enterprise Development platform for all size of organizations.
LightBird will fly as higher as bird and you can utilize as application GUI. LightAnt will work on the ground bridging all systems.
You can develop from simple to enterprise class application.
You can develop from cli, web page, service , message base, ... queue over http and the enterprise service bus (esb)
Security is an integral part of this System. You can securing your url request, any communications and all you want.
Below are System functionalities, features, and usages:
- Optimized and Open Design
- Solid Security Foundation and Security Measure
- Intuitive and Secure System File Structure
- Fundamental Library and Functionalities
- Portable & Scalable System
- Highly Flexible, Adaptable and Maintainable
- Intuitive Configurable & Easy Manageable System
- Intuitive Rendering Framework
- Agile and Consistent Programming
- Robust and Secure System Connectivity Support
- Clustering Aware System (High availability Using Custom Session Handler)
- Intuitive Identity (Account) Management
- Simple But Elegant Presentation
- Rich Basic Applications for Real Enterprise Applications
- Wide Applicable System Usage
Optimized and Open Design
System has been designed to maximize the power of reusable components and extend able. Same components are used to deliver web page, CLI, web service, process, and all functions. This means that the system uses the same library to behave as application server, automation platform, integration platform, distributed platform, service bus and process platform. System can be extended to be whatever kinds of applications as needed. Although depicted in three pictures below, all of that are exactly cannot be separated.
There are layers in this design as drawn at that figures. Bottom layer is Core System in which the other layer will be laid on. Module and Automation are on the top of Core System. Core system itself provided as application server, and distributed platform. Automation, itself provided as automation, integration platform and service bus.
Layering itself defines the openness of design. With this trait, system is expandable to deliver more features or functionalities, making System more powerful, usable and maintainable. Trait also can be reap from extensible user preferences/attributes, extensible user session, extensible startup script, extensible environment, and extensible bootstrap attributes of this design.
Core System is as explain above. Core Extension is provided to extent the Core System. Common Library is library that can be use by many applications.
Application Module as Application of specific purpose can be used by user. Core Application Module is core/engine of application. Application Module Plugin (application module extension) is extension to the application.
Nest is controller which control the runtime of Queen and Worker. Queen is continues process host. Worker is one-time process host. Process Capability is capability of Queen and Worker to perform work.
Design includes basic applications as basic features and proof of design. These basic applications are Kannel, Notify, Notes, To DO, Message, News, and Bookmark.
Solid Security Foundation and Security Measure
System supports user authentication. Authentication can be done using web page interface or web service (SOAP). System differentiates of login and authentication. Login is associate with user session, but authenticate is to validate user and its corresponding password. Authentication can be followed by a request but not create a session. Login can also be done using web interface or web service (SOAP).
System provides two type of secret key to authenticate for different purpose: password and password token.
System has been designed to support Multi-Authentication mechanisms. Default mechanism is called System which authenticate user using user and password manage by System. Today this System only support System Authentication.
System supports authorization using ACL-based authorization. System has been designed to support Multi-Authorization mechanisms.
System supports Dynamic Page Id. Dynamic Page Id is a mechanism to dynamically change the url of a web page. Feature is session-based means that a web page will have different url on different session.
System supports url protection. With this feature user cannot change the url directly from address bar of web browser or if trying will only get page not found message. This feature is called Secure URL. Feature is session-based means that a web page will have different url on different session.
System supports Flooding Detection. Every detected flooding will be stopped by terminating the usage session.
System supports Captcha. Feature protects from automated system do unnecessary request.
System supports session hijacking protection. Feature is called Secure Session. Every detected session hijacking will be terminated immediately.
Encryption tools is an integral part of System.
RSA and OPENSSL are supported by System.
System supports Account locking. User can lock and unlock his/her own account using locking wizard. The wizard will ask a series of questions. The question and the correct answer can be set by user.
System will confirm if a user has already logged in at login trial. This confirmation will be shown if the login trial is successful but the current activity record of user still active.
System supports IP restricted access user. Feature can limit access of user using ip used by user to access the system. Feature is called IP Securities.
System has system-based protection against user agent, domain referring, ip, spider access, and web browser. System can be set to reject request coming from no agent name. System can be set to reject request being refer by a domain. System can be configured to reject request coming from an ip. System can record list of web spiders and using this record to reject a request coming from spider.
System supports Audit Trail and Logging. With this feature, all accesses and events can be traceback.
System provides tools to support filtering input. Feature will sanitize user input before it is used.
System provides Activities Monitor. Administrator can monitor user activities easily and take necessary action if needed.
System supports logged in user to access as another user. Feature is called Access AS. Feature can be used in case of delegation or supervision authority. In supervision authority scenario, the supervisor has access to all his/her descendants. In delegation scenario, user can delegate its access to another.
System supports session timing out. Session timing out is a way to minimize security breach form careless user and trickier suspect. By limiting the idle time and automatic logout will maximize the security. Session timing out can be set per user means that each user has his/her own.
System supports forcing to change password. Administrator can force a user, some users or all users to change his/her password at the next login time. System will be locked to that user until password has been changed successfully.
Intuitive and Secure System File Structure
System using basic system file structure depicted below. An intuitive structure to make System components easy to understand and manageable but secure. This structure also in conformance with Interface/Container model of page/service. Security being the first consideration in designing this structure. There is on one single point of entry to application, that is index.php at the root of structure. A Public folder is provided to store all public files with or without custom protection. A Restricted folder is provided to store files that need special access or security configuration.
System renders container using its configuration. One need to highlight is administrator can store container files on anywhere that may be more secure than inside this structure.
Here is the structure:
- 3rdparty
- Application
- Email
- SMS
- Backups
- Cache
- Colony
- Kannels
- Nests
- Notifies
- Queens
- Queues
- Resources
- Tasks
- tmp
- Workers
- Containers
- CLIContainer
- CommonPages
- JavascriptPages
- LightbirdPages
- PageContainer
- ServiceBusPages
- ServiceContainer
- WSO2ServiceContainer
- XMLRPCContainer
- Docs
- images
- Extensions
- Install
- LicenseFiles
- LogFiles
- MessageBox
- Public
- AJAXOmeter
- codepress
- CSS
- fckeditor
- Images
- JS
- License
- Mochkit
- xmljson.js
- Restricted
- kannel.php
- System
- Ant
- Bird
- Bootstrap
- Configuration
- Core
- Custom
- Environment
- FunctionFiles
- Interface
- Java
- Kannel
- Language
- Library
- Nest
- Notify
- Protect
- Queen
- Resource
- Session
- Source
- StartUp
- Task
- Treading
- Worker
- Tasks
- log.php
- Default.htm
- Default.html
- favicon.ico
- Index.htm
- Index.html
- index.php
Fundamental Library and Functionalities
System supports Autoload and Consistent Library. Autoload is provided to simplify programming. Class's name has relationship with its location, helping to create traceable environment. Class also being simple and manageable.
System provides extensible library. Library has been built using OOP(Object Oriented Programming), open design and configurable using configuration items. This library is extensible to new features/ functionalities.
Below is built-in library provided:
Template Library
Template library is used to render page using template. Library is loaded at bootstrap that means loaded automatically.
Date-Time and Timezone Library
Library provides foundation for System datetime function. There some types of datetime presentation can be chosen. System supports UTC Date setting.
Currency Library
Library provides foundation for System currency function. There some types of currency presentation can be chosen.
Dynamic Page ID Library
Library provides foundation for dynamic page id and run command function. Dynamic Page Id is session-based. A page has different url on different session.
Themer Library
System supports Multi-Themes. Feature provides non-monotone look and feel. User can choose his/her own preference.
Upload handler Library
System provides Upload handler. Feature simplifying on handling uploaded file.
Caching Library
System support dynamic caching utilizes this library. Caching library supports multi storage cache. Supported storage include: file system, database, shmop and memcache.
Crypto Library
System provides easy to use cryptosystem function. This library is utilized to secure System together with RSA, and OpenSSL.
Logger Library
Library provides dynamic & multi storage logger with selectors. System utilizes library to provide dynamic logger functionalities.
Queue Library
Library is dynamic, multi-storage and selector Queue with reference. Queue can be used to construct Queue Router easily. Queue can be accessed easily using reference and reduce programming complexity. Queue is provided as general queue storage to be used by system. Queue is message-based function of System. Now day, there are four types of queue storage: ActiveMQ, FileSystem, Database, and Remote Queue. These types are extensible.
Passage Library
Library is used in automation environment as resource connection tools.
HTTP File Exchange Protocol Library
Library is used to handle File Exchange Protocol over HTTP. System utilizes this library to provide IPC connectivity function.
IOSafe Library
Library is used to handle IO operation safely. File Exchange Protocol utilizes this library to provide safely IO operation function.
Download Library
Library is used to provide partial download function. Using partial download function, download can be resumed at some position of file.
Mailing Library
Library is used to provide rich and flexible mailing function.
REST Library
Library is provided as REST enable function.
RSA Library
Library is provided as RSA public key function.
SMS Library
Library is provided to support SMS function.
SOAP Library
Library is provided to support SOAP function.
WAP Library
Library is provided to support WAP function.
XML Library
Library is provided to support XML function.
Xshell Library
Library is provided to support shell command function.
Array Library
Library is provided to add array function.
Authentication Library
Library is provided to add authentication function. This library is extensible to support various kinds of authentication mechanisms. Default authentication mechanism is System, using user and stored hash password.
Configuration Library
Library is provided to handle configuration file. Library is flexible to read, modify and create configuration file.
Database Connection Library
Library is provided to handle database connection and pooling as necessary.
Database Library
Library is provided to handle data manipulation easily.
LightAnt Library
Library is provided to handle LightAnt functions.
Channel Library
Library is provided to support channel-based communications.
Excel XML Library
Library is provided to handle xml data and file.
Excel Library
Library is provided to handle excel file.
Document Library
Library is provided to handle document file.
DIF Library
Library is provided to handle dif (data interchange format) file.
MultiIO Library
Library is provided to support parallel IO operations.
OpenDocument Library
Library is provided to handle open document (.odt) file.
OpenSSL Library
Library is provided to support OpenSSL functions.
Swish Library
Library is provided to support Swish searching functions.
Captcha Library
Library is provided to support Captcha function.
Email Security Library
Library is provided to secure rendering email address.
FloodBlocker Library
Library is provided to support flooding detection.
Session Security Library
Library is provided to prevent session hijacking.
URL Security Library
Library is provided to support Secure URL, encrypted url.
Session Handler Library
Library is provided to support custom session handler as a way to create cluster-aware applications.
Text Recognizer Library
Library is provided to support text classification using Bayesian. Library is customizable and extensible. Email responder using this library to classify received email.
Threader Library
Library is a means to provide flexible threading environment.
XCS Library
Library is used to handle stylesheet.
Kannel Library
Kannel is provided as SMS function by utilizing queue and queen.
Notify Library
Notify is provided as Notification function by utilizing queue, sms, email and queen.
Portable & Scalable System
System is developed using language (PHP) that can be run on any platform. Coding using library that can be fully running an any platforms. This coding practice is applied to all System components with or without adjustment. Portability attribute of System made System more scalable. Web-based application itself also provide simple and scalable client installation.
System can be customized from every perspectives. Behavior of the system is defined using stored, retrievable, and readable configuration items. End-user has own preferences to customize the system. Implementor build solution by orchestrating configuration items. Provided for developer to create customize features.
Highly Flexible, Adaptable and Maintainable
System unlocks everything using configurable components as much as possible and open for extensions in alignment with the open design. System becomes easy to be changed and extended/scaled to new features or functionalities or capabilities. The flexibility of configuration items, extensible, and scaled System will make System adaptable to changes. The easiness of this effort and web-based application itself make System completely Maintainable.
Explain below is some attributes to achieve above mentions:
- System supports extensible user preferences/attributes. Feature giving an easy way to add new preferences/ attributes.
- System supports extensible user session. Feature giving an easy way to add new user session.
- System supports extensible startup script. Feature giving an easy way to extent/add startup script.
- System supports extensible environment. Feature giving an easy way to extent/add environment script.
- System supports extensible bootstrap. Feature giving an easy way to extent/add bootstrap script.
- System supports reusable component/class. Page can be render completely using the same class and difference only on its configuration.
- System supports dynamic and extensible access right administration.
Intuitive Configurable & Easy Manageable System
System is configurable entity and its behavior is defined using configuration items. This concept makes System can be managed easily. Configuration items are XML-based file. This kind of way making configuration items easy to be configured. Provided web-based tool to manage some of configuration items.
System provides support for configurable components/applications development. Support can be utilized easily by programmer.
System supports rich configurable basic applications. These basic applications are commonly components used to create business applications.
System supports intuitive rendering, agile and consistent programming which the purpose to simplifying the development. This simplified development will speeding development process in an controllable environment.
Intuitive Rendering Framework
System uses intuitive way to render application, interface/containers model. System has several containers. Each container has interface attribute. Interface defines how application should be rendered. Now, there are Page and Service Interfaces. Container with Page interface will render web page. Container with Service interface will render web service. WSDL Generation is part of Service interface.
Page Rendering
Page should be rendered in a Container with type of Page. Page will be rendered using: configuration file, page processor class file, view html file, language file, and plugin as needed. Configuration file is rendering control that define what should be used and how to render
the page. Page processor class file is used to process the request and render the defined output. View html file is used to forming the output together with page processor class file. Language file is used as language source of rendered page. Plugin can be used as additional components of rendered page.
Service Rendering
Service should be rendered in a Container with type of Service. Service will be rendered using: configuration file, service processor class file, and language file. Configuration file is rendering control that define what should be used and how to render the service. Service processor class file is used to process the request and render the defined service. Language file is used as language source of rendered service.
Process Rendering
Process Rendering is applicable to queen processes (for continues processes), worker processes (one-time processes), and kannel handlers. Process will be rendered using configuration file called manifest and its process_type class file. Process should be installed in its appropriate entity (queen, worker or kannel). Configuration file is rendering control that define what should be used and how to render the process. The process_type class file is used to perform the defined process.
Entity Rendering
Entity will be rendered using configuration file, engine files and some additional files. Each entity has its own configuration items and its required support files. Engine files will be shared among entities with same type. Type can be Queen, Worker, Queue, Notify and Kannel.
Agile and Consistent Programming
Framework making an easy and faster way to design, develop and deploy Page, Service, Entity and Process. Framework will force user to focus on the problem itself and thus can simplify efforts needed. Framework also force to narrowing the problem by dividing solution into manageable components. Below is as an example what developer do to add new page, service or process..
It is possible using this programming concept to separate task between each components: one group to create only the presentation, one group to create language, once group focusing on coding using php only and another group to orchestrating the configuration file. In this environment, software quality is on the way and not difficult to be achieved.
Robust and Secure System Connectivity Support
Connectivity is a way to provide communication to System environment (another system). Functionality is integration tools by which System can be integrated with another in easy and secure way. IPC and Remote Queue are provided giving direct access to System resources. The others are easy to use general connectivity resources. General connectivity resources include database, email, ActiveMQ (using Stomp), Jabber, Web Service (SOAP), FTP, LDAP, Queue, and RADIUS.
IPC (Inter-Process Calls)
IPC is a way to provide remote system file access securely. IPC utilize File Exchange Protocol over HTTP. Default IPC is provided that expose the root System file. Additional IPC accesses can be added as necessary.
Remote Queue
Remote Queue is a way to provide remote System queue access securely. Remote Queue utilize IPC to provide its function. RemoteQueue IPC is provided to support the default remote queue. Additional remote queue can be added as necessary.
Database
Connection to Database using PHP AdoDb and connection pooling.
Connection to Email (NNTP, IMAP, and POP3) and connection pooling.
ActiveMQ (using Stomp)
Connection to ActiveMQ Queue Server.
Jabber
Connection to Jabber Network.
FTP
Connection to File Transfer Protocol Server and connection pooling.
LDAP
Connection to Lightweight Directory Access Protocol and connection pooling.
Queue
Queue is multi-storage queue System developed for this System. Queue consists of queue boxes and selectors. Selectors can be used to construct Queue Router. Queue System is extensible and flexible to use. System provides a way to refer queue instance easily. Queue System can also be exposed using Remote Queue.
RADIUS
Remote Access and Dial Up Service connection.
Web Service (SOAP)
Web Service using SOAP is an integral part of System. Web Service is one of interface type, named Service. There are built-in Service provided: LoginService, LogoutService, AccountService, ChannelService, PublicKeyService, SQLService, WebPageService, and WebService.
Clustering Aware System (High availability Using Custom Session Handler)
System provides custom Session Handler. Feature can be useful in cluster environment to build high availability system/service.
Intuitive Identity (Account) Management
System provides identity management. System can be set to provide Single-Sign-On Solution between System Instances. System can use central identity or local identity. This concept will ensure the extensible of this Identity Management.
In Single-Sign-On environment, there are Account and Users. Account will store password but User is not. User can be create using Account. Without Account, User cannot be created. User can be applied on any System leveraged Single-Sign-On.
System supports logged in user to access as another user. Feature is called Access AS. Feature can be used in case of delegation or supervision authority. In supervision authority scenario, the supervisor has access to all his/her descendants. In delegation scenario, user can delegate its access to another.
System supports account registration. Anyone who can access site can create new account using this feature. Registration will request an email address and deliver the response to that email.
System supports account activation. Account need to be authenticated before used. Activation will request registration information. If there is registration and match with submitted data, corresponding account will be activated.
System supports change password. User can change his/her own password after login.
System supports forgot password. User can request password of a given account. Response will be sent using email. The sent password is one-time password and in subsequent login, System will asking for new password.
Simple But Elegant Presentation
These screenshots are an example of the web pages of this System and not all of pages. Looks and feel of these screenshots also as an example. System can be configured/changed to completely has different style (look and feel). Default style is simple but elegant. Language, Color Schema, Style and Background image can be changed dynamically.
Login/Logout
User can login using secure mode or standard mode. In secure mode, login and password will be encrypted using public key cryptosystem. Already logged in message provided as security measure.
Logout action confirmation is provided to ascertain logout request. System may be closed/ destroyed session after a period of time of inactivity.
Rich Basic Applications for Real Enterprise Applications
System provides basic applications as proof of concept and as basis for application development. Below are all basic applications grouped by its category.
Page category basic applications:
Delegation, Escalation, Change Date, Web-based Administration, Note, ToDo, News, Message, Bookmark.
Web Service category basic applications:
Account, Channel, Login , Logout, PublicKey.
Queen Processes (Continue Processing) category basic applications:
ant_workerlaunch, email_autoresponse, email_mimesender, email_notify, email_qmimesender, email_qsender, email_sender, email_scheduled, file_receiver, file_sender, jabber_receive, kannel_queuebroadcast, kannel_queuedeliverystatus, kannel_queuesender, kannel_queueservice, kannel_stompbroadcast, kannel_stompdeliverystatus, kannel_stompsender, kannel_stompservice, message_bridge, message_databank, message_transformer, queue_router, queue_notifyrouter, queue_sender, scheduledtasks_execute, sms_notify, sms_scheduled, stomp_receiver.
Worker Processing (One-time Processing) category basic applications:
gc_cache (Cache Garbage Collector), gc_log(Log Garbage Collector), gc_session(Session Garbage Collector), xml_transformer (XML Transformer), backup_database, backup_sysfiles, restore_database, restore_databaseupdate, restore_sysfiles, restore_sysfilesupdate, buffer_processor(queue), file_cdownloader, file_sdownloader, file_syncronize, csv_export, database_export, database_import, database_update, dif_export, excel_export, files_import, files_export, files_update, json_export, tab_export, xml_export, ant_monitor.
Kannel Handlers(SMS/WAP Service Handler):
queue_handler, stomp_handler, direct_smsreply.
Another basic applications:
Kannel, Notify.
Wide Applicable System Usage
System has widely applicable business cases and scenarios. As stated above this System is application server, automation platform, integration platform, distributed platform, service bus and process platform, by itself define broad capabilities. This System will be continually improved to maximized its power.
General usage of this platform as stated in the background and objective can be depicted as in the figures below. That figures draw the core usage (first expected usage) of this platform but the exact usage can be anythings as widest as its capabilities.
The basic thinking drawn in that figures is networked application (distributed application as narrowing usage). Basic component of network is a node, so in this scenario, application is a node. Nodes are connected and communicate with one and another. Each node has its own capabilities. Same capability can be owned by many nodes. The biggest benefits of this networked application is the collaboration between nodes to maximize each node capacity and to build new unprecedented capabilities. Unprecedented capabilities from the network itself, include but not limited to more Manageable, Adaptable, Scalable, Usable, Resilience.
Networked application using LightArmy can be achieved using scenario explained below as depicted on figure below. Application is an orchestration of module instances. Instances in an application working together in controllable manner. Application has a gateway using Web Services or Queue. Only use this gateway application will communicate with outside (other application or system). Communication represents both service and synchronization. Each module can provide synchronization function. Module can be sync using peer-to-peer relation or master-slave relation.
Sample Applications
Email Autoresponder
Extensible, Customizable, Scalable, and reliable Email Autoresponder system. Extensible in which user can create new responder and use it. Customizable in which user can customize the behavior of the autoresponder. Scalable in which user can create as much as instance as needed and run as necessary. Reliable in which this autoresponder inherits the reliability of the platform. This autoresponder using bayesian to recognize the pattern of incoming message and response with the appropriate email based on the recognized pattern. Autoresponder can be trained to manage unlimited pattern. The correctness of recognized pattern depending on how user train this responder.
Email Scheduled
Email can be scheduled to be sent at predefined time.
SMS Service
This is an SMS Service using Kannel sms-based function.
Extensible, Customizable, Scalable, and reliable SMS Autoresponder system. Extensible in which user can create new responder and use it. Customizable in which user can customize the behavior of the autoresponder. Scalable in which user can create much as instance as needed and run as necessary. Reliable in which this autoresponder inherits the reliability of the platform.
SMS Scheduled
SMS can be scheduled to be sent at predefined time.
Form (Document) Management
Form (Document) Management is extensible, scalable, customizable document management solution using LightArmy System. There are three approval directions with unlimited approval type. Approval directions are forward, backward, and pending approval. Functionalities include: unlimited document templates, manage document life from draft to publishing to archive and removal, document copies, document change with many releases, parallel approval using document copy, dynamic approval system, delegation and escalation approval and more.
Organization Chart Management
Organization Chart Management is extensible, scalable, customizable Organization Chart solution using LightArmy system. Solution becomes the central of organization charts management. There are three approval directions with unlimited approval type. Approval directions are forward, backward, and pending approval.
Example Automation Scenario
Automated Payroll System
Calculation of employee wage or salary can be scheduled at predefined time, for example at 27th each month. Some company may using fixed attributes and another using non-fixed attributes. Each method has its own benefit and drawback.
Fixed attributes wage/salary using completely fixed attributes to calculate employee wage/salary. If changing, that change will affect to the entire or group/level of employees. This kind of change only depend on a few management and the change period is long, a year or even more. Scenario in this situation can be:
A day before calculation or may more time given that can be set at the configuration item, process will asking to perform the calculation. Depending on the setting, if until the time to calculate there is no response, system can continue the calculation or cancel the calculation. Process will send an information of continuation or cancellation. If the action is cancellation, then the process will terminate itself. Process will informing every events arising in calculation. After finishing calculation, process will ask the next process to perform. Again, depending on setting provided, if no response accepted at required time, process will perform the defined setting. The next step can be sending the calculation result for review and correction if possible. Step will continue with sending reviewed/corrected to accounting and/or bank.
Non-Fixed attributes wage/salary using fixed attributes and non-fixed attributes to calculate employee wage/salary. If changing, the fixed change will affect to the entire or group/level of employees. This kind of change only depend on a few management and the change period is long, a year or even more. Non-fixed attributes will change at every calculation and depends on many people. Scenario in this situation can be:
A day before calculation or may more time given that can be set at the configuration items, process will check its data and then sending remainder to which not yet submitted data. Two hours to deadline, process check and send remainder again. Information also be sent to the responsible people. Process will send data status and asking to perform the calculation. Depending on the setting, if until the time to calculate there is no response, system can continue the calculation or cancel the calculation. Process will send an information of continuation or cancellation. If the action is cancellation, then the process will terminate itself. Process will informing every events arising in calculation. After finishing calculation, process will ask the next process to perform. Again, depending on setting provided, if no response accepted at required time, process will perform the defined setting. The next step can be sending the calculation result for review and correction if possible. Step will continue with sending reviewed/corrected to accounting and/or bank.
Links:
Posts
