Home > Store

Building Web Applications with UML, 2nd Edition

Register your product to gain access to bonus material or receive a coupon.

Building Web Applications with UML, 2nd Edition


  • Sorry, this book is no longer in print.
Not for Sale


  • Copyright 2003
  • Dimensions: 7-3/8" x 9-1/4"
  • Pages: 496
  • Edition: 2nd
  • Book
  • ISBN-10: 0-201-73038-3
  • ISBN-13: 978-0-201-73038-8

The Unified Modeling Language (UML) is the standard modeling language for software systems. Using UML to model web application design allows designers to easily integrate web applications with other systems modeled in UML. Building Web Applications with UML, Second Edition presents an extension to UML suitable for web application design. Based on the author's own experience developing UML web applications, and incorporating helpful reader feedback from the first edition, the book identifies and addresses modeling problems unique to page based web applications, and offers a clear and straightforward solution. The reader is left with a clear understanding how to deal with the unique problems of modeling the design of page-based web applications, and how to take the model directly into working code.

Sample Content

Online Sample Chapter

Building Web Applications with UML: Web Application Basics

Downloadable Sample Chapter

Click below for Sample Chapter(s) related to this title:
Sample Chapter 2

Table of Contents



1. Introduction.
What This Book Is About.
Role of Modeling.
Role of Process.
Influences of Architecture.

2. Web Application Basics.
Document Identification.
Domain Names.
Resource Identifiers.
Fault Tolerance.


Web Applications.
Client State Management.
Enabling Technologies.

3. Dynamic Clients.
Document Object Model.
JavaScript Objects.
Custom JavaScript Objects.
Java Applets.

4. Beyond HTTP and HTML.
Distributed Objects.
Web Services.

5. Security.
Types of Security Risks.
Technical Risk.
Server-Side Risks.
Client-Side Risks.
Plug-ins and MIME Types.

Security Strategies.
Best Practices.

Modeling Secure Systems.


6. Process.
Overview of Software Development.
Software Development for Web Applications.
Develop Software.
Software Iteration.

The Artifacts.
Project Management Set.
Domain Set.
Requirements Set.
Analysis Set.
Design Set.
Implementation Set.
Test Set.
Deployment Set.

7. Defining the Architecture.
Architectural Viewpoints.
Requirements Viewpoint.
Design Viewpoint.
Realization Viewpoint.
Test Viewpoint.
Viewpoint Mappings.

Architecture Activities.
Examining and Prioritizing Use Cases.
Developing Candidate Architectures.
Prototyping: Knowing when to stop.

Web Application Presentation Tier: Architectural Patterns.
Thin Web Client.
Thick Web Client.
Web Delivery.

8. Requirements and Use Cases.
The Vision.
Gathering and Prioritizing Requirements.
Use Cases.
The Use Case Model.
Avoiding Functional Decomposition.
Use Case Model Structure.

The User Experience.

9. The User Experience.
Artifacts of the UX Model.
Navigational Paths.

UX Modeling with UML.
Screen Flow.
User Input.
Screen Compartments.
Storyboard Realizations.

Navigational Map.
UX Model Stereotype Summary.

10. Analysis.
Analysis Model Structure.
Defining the Top Level Model.
Analysis Elements.

Structural Elements.
Behavioral Elements.

UX Model Mapping.
Architecture Elaboration.

11. Design.
Introduction to the Web Application Extension for UML.
Logical View.
Component View.

Designing Web Applications.
Thick Web Client Applications.
Web Delivery Web Applications.
Identifying Web Pages.
Client Side Scripting.

Mapping to the UX Model.
Integrating with Content Management Systems.
Guidelines for Web Application Design.

12. Advanced Design.
HTML Frames.
Advanced Client-Side Scripting.
Script Libraries.
Script Objects.

Virtual and Physical HTTP Resource.
JavaServer Page Custom Tags.

13. Implementation.
Number Store Main Control Mechanism.
Glossary Application Tag Libraries.

Appendix A: Web Application Extension Profile, Version 2.
URL Resolution.

Component Packages.
Association Class: «URL Parameters».

Mapping Web Elements to UML, and Vice Versa
JavaServer Page to UML.

UML to JavaServer Page.



The first edition of this book hit the streets late in 1999. For the most part, it was based on my experiences in developing Active Server Page-based applications for the retail and healthcare industries. I was an independent consultant then, but shortly before finishing the book I joined Rational Software Corporation. Working for Rational has given me the opportunity to visit and to work with many organizations that are in the process of building Web-centric applications. And I've seen everything, from well-managed teams producing top-quality software to chaotic teams desperately seeking the right guidance, plus a few others that still seem to be in denial.

In the two years since the publication of the first edition I've also seen the rise of the J2EE platform, and have to say that since then most of my Web application development experience has been with J2EE architectures. The result of this is that most of the material in this second edition is oriented towards the Java environment. This doesn't mean that .NET developers or even Cold Fusion and PHP developers, can't build applications with the guidance in this book. You can. It's just that the majority of the examples in the design and implementation chapters, and in the reference applications, are written for JavaServer Page-based applications.

The ideas in this book and in the previous edition are all a result of a desire to combine my object-oriented skills to the area of Web application development. I had little problem applying use case analysis, and it wasn't until I started creating analysis and design models I realized that things were going to get difficult. When creating a Web application, my conceptual focus was always on the Web page; and my idea of a model kept revolving around the concept of a site map. I knew that the navigation paths throughout the system were incredibly important to understanding the application and that any system model would have to include them.

My earliest attempts at modeling Web applications started with the Rumbaugh's OMT, and later when UML version 0.8 was publicly released, I began to apply it. I knew that for any modeling technique to be useful it needed to both capture the relevant semantics of Web-specific elements, such as Web pages and hyperlinks, and their relation to the back-end elements of the system (e.g., middle-tier objects and databases). At the time, I found both OMT and UML inadequate to express the things I thought were important in a Web application.

Being a somewhat successful object practitioner and engineer, I jumped to the conclusion that a whole new development methodology and notation was what was needed. After all, if the existing methods and notation didn't have what I needed then the obvious solution was to invent a new one. This of course is a trap into which many of us in the software industry fall. In my free time, I started to draft new graphical and semantic ways to represent Web application architectures. Proud of my work, I began showing it to two of my colleagues--Joe Befumo and Gerald Ruldolph, both experienced object practitioners. Their immediate reaction was: Why? I tried to explain the issues involved with Web application development and the need for visually expressing their designs. Still, everyone I spoke with continued to think that a new method and notation was a little overkill.

I started to rethink what I was doing. I wasn't stuck up enough to think that I was right and everyone else was wrong; I had more homework to do. I reexamined my original needs: to express Web application designs at the appropriate level of abstraction and detail, and most important, as a part of the rest of the system's design. Because UML was taking the industry by storm, I realized that anything I did would have to work with UML.

So I went back to UML; this time it was in version 0.91 and a new concept was included--stereotypes. At first I was clueless as to what a stereotype was. The UML specification is not the easiest reading, after all. It was long and difficult, but I knew that any success in the area of modeling Web applications had to come from this direction. Eventually, I started to understand what was meant by stereotyping and the other extension mechanisms: tagged values and constraints. I was finally starting to see a light at the end of the tunnel.

I now had a mechanism with which I could introduce new semantics into the UML grammar, without disturbing the existing semantics. I always knew the key was to provide a consistent and coherent way to model Web-specific elements at the right level of abstraction with the models of the rest of the system. The UML extension mechanism provided me with the framework to do so.

The next step was to start defining the extension by creating stereotypes, tagged values, and constraints. For me the ability to use custom icons in diagrams with stereotyped elements went a long way to ease my concern for intuitive diagrams, also Rational Rose; my visual modeling tool of choice had just introduced a way to use your own stereotypes in Rose models. I quickly created a set of icons for Web-page abstractions. I tried to make them consistent, mostly rectangular with the stereotype indication in the upper-left corner. I used filled in dog ears to represent pages, and unfilled dog ears to denote components. Icons without any dog ears typically represented contained classes, which cannot be requested directly by a Web browser. The icon for Web-page components is pretty much a copy of the icon used by the three amigos in their UML Users Guide book.

Looking back, I remember spending less than a day drawing the icons; I didn't spend much time on it then, since I always believed that eventually someone with a little more experience would design some meaningful ones. In the almost four years since then, the icons have essentially remained the same; however, a more compact version is now available as a "decoration." This edition of the book also includes examples of how I hand draw many of the icons, just to show that it is possible to model Web systems on cocktail napkins. (Really, I do a fair amount of modeling and thinking about these things at conferences.)

As the extension evolved, and as a lot of the details and inconsistencies were getting corrected, I always kept an eye out for code-generation possibilities. In my mind, the modeling technique could be validated if it was possible (in theory only) to unambiguously generate and reverse-engineer code. I even prototyped some Rose scripts that did limited forward-engineering. From that point, things proceeded at a tremendous rate. I published a white paper on the Internet and presented the topic at the1998 Rational Users' Conference in Orlando. Grady Booch took an interest in the work and encouraged me. Addison-Wesley asked if I was interested in expanding the topic into a book. If I had only known how difficult it was going to be to write I'm not sure that I would have agreed. I followed the original white paper with a stream of other articles for both online and print publications and started to get a regular stream of email comments on the extension.

Since the publication of the first edition of this book, Rational Rose has included automation for the Web modeling that was introduced in that book. I have had the opportunity to work with some top-notch engineers throughout that process namely--Tommy Fannon and Simon Johnston--and have a greater appreciation for what goes on under the scenes of UML round-trip engineering functionality. With their insights and the input of many others, both in and out of Rational, I believe this new edition of the book and the Web-modeling profile are even more robust and applicable to the Web-centric architectures in use today.

Who Should Read This Book?

This book is meant to introduce architects and designers of client/server systems to the issues and techniques of developing for the Web. It will give the project manager an understanding of the technologies and issues related to developing Web applications. Because this book builds on existing object-oriented (OO) methodologies and techniques, it does not attempt to introduce them. It is expected that the reader has some familiarity with OO principals and concepts and with UML in particular. It is also expected that the reader is familiar with at least one Web application architecture or environment.

For the client/server architect, this book serves as a guide to the technologies and issues of Web applications. The systems architect needs to make decisions regarding which technologies are appropriate to serve business needs, as expressed by the requirements and use cases. Chapter 7 defines three major client-tier architectural patterns that can help categorize a Web application's architecture. By examining these patterns and their advantages and disadvantages the architect can make decisions that will define the technological bounds of the application. As with any engineering discipline, the architect must consider the tradeoffs for each technology to be employed in the application architecture. With a solid understanding of the technologies available, and their consequences, an appropriate combination can be put together to best meet the needs of the business problem.

For the analyst and designer this book introduces an extension to UML that is suitable for expressing Web application design. This extension's key goals are:

  • To model the appropriate artifacts (e.g., Web pages, page relationships, navigation routes, client-side scripts, server-side page generation).
  • To model at the appropriate level of abstraction and detail.
  • To enable the Web-specific elements of the model to interact with the rest of the system's elements.

The analyst/designer should be able to express the execution of the system's business logic in terms of UML models. The idea is to have one unified model of a system's business logic. In it some of the business logic is executed by traditional server-side objects and components (e.g., middle-tier components, transaction processing monitors, databases) and some of it by Web elements (e.g., browsers, client-side scripts).

For the project manager, this book discusses the potential problems and issues of developing Web applications. It also serves as a guide to the development team members' responsibilities, activities, and roles. In addition to the analyst/designer and architect, other roles in the development process are discussed. The project manager, being responsible for the overall health of a project, needs a clear understanding of all the roles and responsibilities of the people involved with the process.

This edition of Building Web Applications with UML contains significantly more examples and diagrams. Responding to input from readers, I realized that they, like myself, can learn more and faster from well-constructed examples than lengthy prose. To compliment the book, I've provided two reference applications--a J2EE version of the Glossary application, which was described in the first edition; and sample eRetail application. The eRetail application, however, just contains the client and presentation tiers because this is the focus of this book's modeling efforts.

It was my original intention to update the original ASP-based Glossary application for .NET, however due to the delayed release of the .NET tools and environment, I was unable to develop the application such that it properly leveraged all that the .NET environment has to offer.

Organization of This Book

This book is divided into 13 chapters. Conceptually it is also divided into two major parts. Chapters 1 through 5 are essentially an introduction to modeling, Web application technologies and concepts. They provide the foundation on which the second part of the book is based. These chapters can be skipped by those intimately familiar with Web application architectures; however, at least a cursory reading is still suggested, especially of Chapter 1, Introduction.

Chapter 2, Web Application Basics, is an introduction to the very basic Web application architecture. In it, the term Web application is defined, and thereby its scope and focus. The chapter continues with definitions of the principal communication mechanisms and languages. Web application-enabling technologies are discussed. These are the infrastructures that transform simple Web sites (Web systems) into business logic execution systems.

Most of the complexities of designing Web applications are encountered when the client performs some of the business logic in the system. The technologies for allowing this are described in Chapter 3, Dynamic Clients. In this chapter, common Web technologies, such as JavaScript, applets, and ActiveX controls are discussed. The Document Object Model (DOM) is introduced as the main object interface to client-side resources.

The basic Web application architecture, as described by the technologies in Chapters 2 and 3, are capable of delivering very useful Web applications and are especially useful for public Internet applications such as retail storefronts. For some applications these basic ingredients are insufficient to deliver the sophisticated level of functionality that some applications require. The limiting factors are often the fundamental technologies of HTTP and HTML themselves. Web applications can be extended to encompass and use other communication and formatting technologies in addition to HTTP and HTML. In Chapter 4, Beyond HTTP and HTML, the most common of these technologies are reviewed and discussed.

The final chapter of the first part is Chapter 5, Security. No matter how nonthreatening or uninteresting an application may be, if it is on the Internet, then security is a concern. Even for intranet applications, security should be a concern. Securing a Web application is in many ways much harder than a traditional client/server application. By their very nature, Web servers are open to requests to any node on the network. The trick to making an application secure is in understanding the nature of security risks. Unfortunately, there is no one product or service that you can buy to guarantee a secure application. Security needs to be designed in an application, and it needs to be constantly maintained in that application. New security holes in off-the-shelf software are being discovered all the time. Eventually, one of them will represent a risk to your application. By designing your system with this in mind, managing the next security risk that pops up will be easier.

The second part of this book is devoted to the process of building Web applications. It begins with Chapter 6, Process, in which the entire process of developing OO systems is reviewed. A sample Web application-development process is introduced. This process is not a complete process but does provide enough detail to establish the context in which the models and artifacts of the process can be understood.

Chapter 7, Defining the Architecture, discusses the actual activities of defining the architecture of a Web application. Even though this activity usually follows a nearly complete examination of the requirements and use cases of the system, it is discussed earlier to help create the mind-set of developing Web applications. Because the process used here is an iterative and incremental one, use case specifiers will have, in the back of their minds, a Web system architecture when defining and elaborating the system's use cases. In theory, this shouldn't be the case; however, in practice and in an incremental and iterative process it is not necessarily wrong to place use cases in the context of a specific architecture.

Chapter 8, Requirements and Use Cases, reviews the process of gathering a system's requirements and defining the system's use cases. There are all sorts of requirements that can be gathered to help specify a particular system. One of the most useful techniques for gathering functional requirements is with Use Cases. Use Cases are a structured way to gather and express the functional requirements of a system; and they describe the interaction between a user of the system (called an actor) and the system. They are textual documents that describe in the language of the domain, what the system should do, without specify how it should it. The hows are expressed in the next two chapters.

Chapter 9, User Experience, introduces a new model to the development process--the User Experience (UX) model. The UX model describes the architecturally significant elements of the user interface. The creation of the UX model allows you to better separate look-and-feel issues from engineering ones. In this chapter the UX model is described as a contract between the user experience team that is responsible for designing and building the look and feel and the engineering team that is responsible for implementing the required business logic and functionality. The UX model is introduced after the Requirements chapter and before the Analysis chapter; this is because, in many of the organizations I've visited, the activities of fleshing-out user-experience artifacts happen shortly after the first set of requirements has been created, which is at about the same time analysts start modeling the solution.

About the same time the user experience is being investigated, the analysis team is analyzing the use cases and requirements specifications of the system and starting to express them in terms of objects. This is the topic of Chapter 10, Analysis. Analysis is the activity of transforming the requirements of a system into a design that can be realized in software. An Analysis Model, which contains classes and class collaborations that exhibit the behavior of the system, is created, as defined by the use cases.

Chapter 11, Design, and Chapter 12, Advanced Design, discuss how to transform the Analysis Model into something that maps directly into system components (actual delivered modules). Chapter 11 is where the bulk of the Web Application Extension (WAE) for UML is introduced.

Once the Design Model is completed, it can be directly mapped into executable code. This book's final chapter, Chapter 13, Implementation, discusses the creation of code from the UML model. Because this edition of the book comes with several reference applications, and a detailed description of the WAE's code mappings (Appendix A), this chapter just introduces a few examples of implementing WAE designs.



Click below to download the Foreword file related to this title:


Click below to download the Index file related to this title:


Submit Errata

More Information

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.


Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.


If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information

Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.


This site is not directed to children under the age of 13.


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.


Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020