App Store App store is a mobile web application which provides a one-step solution for the downloading applications

for the users. App Store is developed for a group of users related to an organization and it is to provide security on accessing or downloading mobile applications related to the organization. This application can be simulated for all the mobiles but in this scenario this is only developed for iPads.

Features:
There are two types of logins. a. User login and b. Admin login. User Login: 1. Facilitating the user to select the preferred application form a list that is shown on the home screen with limited details about each application. 2. After selecting desired application it provides detailed information about that including screenshots. It also provides a link for installation. 3. Facilitating the user to select the preferred application form the list shown, by selecting a specific category from list of categories shown in other page, with limited details about each application related to the selected category. 4. Facilitating the user to view Reports on applications downloaded data, if the user is having credential to view reports, then he will be able to view the download details according to any specific application and/or date ranges and/or user Id. And this report is able to download in the form of a CSV file, through the link provided on the same page. Admin Login: 1. This login consists of all 4 facilities as of User Login. 2. Facilitates the admin for adding a new Category and its details to the existing category list in a special page.

3. In the Category adding page, providing a facility to update the details of an existing category, on selecting a specific category from a list of categories. 4. Facilitates the admin for adding a new application and its details along with facility for uploading installation file to store in a special page. 5. In the Application adding page, providing a facility to update the details of an existing application, on selecting a specific application from a list of applications. 6. Facilitating the user with upload/update/delete functionality on screenshots related to an existing application. 7. Facility to update the availability status of an application, in order to make application available to user or not.

Security:
Have to provide security in two areas. One at App Store access and the other at accessing .ipa file. App Store Access: Problem: As App Store is a mobile web application, a user can have the capability to store URLs of the application at any point in the middle of his access time. So, in this scenario, if first user saved a URL and that is going to be used by the second user or URL used by first user is hacked by other, the web page related to that URL request can be accessed and by which it is not supposed to access by the second user. Solution and Implementation: App Store will have a facility to ask the user to provide the user credentials at its Login Page. So when a user wants to access the application he must give his details in Login Page. These details are maintained across the session of his access. Before serving each and every request, application will authenticate the user according to the details available to with the session and also with some access credential details (weather the user has right to access the requested page or not) related to same user from DB. If authentication fails then application responds with an error page or with login screen. As user details are present in session rather than in URLs, mall usage will not affect in any ways. .ipa Files Access: Problem: On selecting an application form App Store, if the user wants to install it on his iPad, App Store provides an installation button. This button contains the URL for .ipa file. On

clicking this button it will redirect the ipa URL to installation modules of iPad and the module then requests with the ipa URL provided to get the ipa file as response and then to install it. The installation module of iPad wont maintain any type of sessions or cookies and so we cant use the user details present in session for authentication. As this is a mobile web application, a user can have the capability to store the URL and this can be accessed by anyone without any authentication. iPads Installation module on accessing ipa file it interprets and reads a PLIST file URL and accesses it again in same way to install the application. And here the above security issue will repeat again while accessing PLIST file. Solution and Implementation: In the installation button instead of giving ipa URL, App Store provides a servlet URL which intern responds with an ipa file which is generated dynamic according to the request. As the installation module does not maintain any session, request for the servlet coming from installation module is treated as new session by the server. To solve this if we pass any details along with the URL as parameters, installation module will discard the parameters after ?. So the servlet pattern would be in the form of normal URL without parameters (like http://ip:port/appstore/ipaServlet/userId/NONCE/appId). After creating this NONCE(custom Number used Once) App Store stores this value in server context. When a request comes from installation module, server checks all NONCEs present in server context with value in url and on found it makes the NONCE invalid and validates the other details in the url and then responds accordingly with dynamically generated ipa file having PLIST servlet url generated in same format as of ipa servlet url. The same process repeats while accessing of PLIST servlet url by installation module of iPad. These two servlet urls are rewritten at server side by a concept known as url rewriting, when requested, in the form of url with parameters.

Technology:
Java Server Faces is used for business logic as well as UI and for Database MySQL is used. Tomcat Apache Server is used for running the application.