610 likes | 825 Views
EMTM 553: E-commerce Systems Lecture 3: Software Building Blocks. Insup Lee Department of Computer and Information Science University of Pennsylvania lee@cis.upenn.edu www.cis.upenn.edu/~lee. Background. Simple view of the original WWW
E N D
EMTM 553: E-commerce SystemsLecture 3: Software Building Blocks Insup Lee Department of Computer and Information Science University of Pennsylvania lee@cis.upenn.edu www.cis.upenn.edu/~lee EMTM 553
Background • Simple view of the original WWW • Web servers stored pages coded in HTML in their file systems. • Pages retrieved by browsers using HTTP. • The URL of a page was the hostname of the server plus the filename of the document. • Later, it was realized that • HTML Web pages could be produced by programs as well as stored as files. • URL specifies the hostname of the server, the name of the program to run, and arguments for that program. EMTM 553
Static content Web server fetch the page http request <html> <B> This is a web page. </B> </html> server response This is a web page. Browser interprets html page EMTM 553
Dynamic content Web server fetch the page <html> <?php PHP code ?> </html> http request Interpret php code <html> <B> Hello World.</B> </html> server response Hello World. Browser interprets html page EMTM 553
Stateless vs. state • Stateless server • The user request a document, and then another document, and so on. • Natural for large number of browsers and small number of servers. • Why? • If stateful, it can increase performance. However, • On server crash, it looses all its volatile state information • On client crash, the server needs to know to claim state space. EMTM 553
Session • User Session • A delimited set of user clicks across one or more Web servers (for multiple Web page requests) • Server Session • A collection of user clicks to a Web server during a user session • Why sessions are important? • Complex pages require many connections • High overhead for establishing a connection due to privacy and authentication requirements • E-commerce applications require a series of actions by the user and the server. EMTM 553
Where to keep state for client? • How to identify sets of user requests as belong to the same session and for passing state information back and forth between client and server • State is the application information itself • A session id is a reference to state stored somewhere else. • Server-side vs. client-side • Database on server • Applications on server • Cookie on client • What are tradeoffs? EMTM 553
Session and Client state mechanism • Techniques • Cookies • Data sent by a Web server to a Web client, to be stored locally by the client and sent back to the server on subsequent requests • Cookies are stored as small file in a client machine • Date and time, user id, password, etc. • Authentication mechanisms such as client certificate • Used this to identify the user to the server on each request to use state stored in application database • Forms: state or session id can passed as hidden fields • Applets: client scripting can be used to store session id or state EMTM 553
Active Web Sites • Allow the user to be sent customized pages • Support dynamic browsing experience • Built using with a combination of languages and technologies • Client-side technologies • Used for detecting browser features, responding to user actions, validating form data, displaying dialog boxes. • Adv: reduce network traffic, server load, almost instant response to user actions • Server-side technologies EMTM 553
Client-side technologies • ActiveX controls • Self-contained program called components written in C++ or Visual Basic can be called • <object> tag: can used for bar charts, graphics, timers, client authentication, database access • Developed by microsoft • Java Applets • Advantage of Java: stand alone, cross plaform, safe. • Client-side JavaScript and Dynamic HTML • JavaScript supported by both IE and Netscape Navigator • Dynamic HTML is like script plus abilities to animate pages and position graphics. EMTM 553
Java • An object-oriented language developed by Sun Microsystems • Java programs are compiled into Java bytecode, which are executed by JVM (Java virtual machine) • Write-once run-anyway • Security of Java applets is based on a sandbox model EMTM 553
Java-Class Requests Java-Classes Server-Process Execute Applet... Java Virtual Machine (JVM) Java Applets Web-Server Web-Server HTTP-Request Load File File-System HTML-page File Load Applet... EMTM 553
Java Applets • Advantages • Platform independent: works for every web-server and browser supporting Java • Secure • Disadvantages • Standalone Character: • Entire session runs inside applet • HTML forms are not used • Slow: loading can take a long time • Resource intensive: JVM • Restrictive: can only communicate with server from which applet was loaded • Server-Process can be written in any language EMTM 553
Server-side technologies • CGI • Active Server Pages, Microsoft • Server-side JavaScript, Netscape • Java Servlets and JSP (Java Server Pages), Sun Micro • PHP, developed initially by Rasmus Lerdorf, 1994 to track visitors to his online resume. EMTM 553
Benefits of server-side processing • Minimizes network traffic by limiting the need for the browser and server to talk back and forth to each other • Quickens loading time since, in the end, only the actual page is downloaded • Avoids browser-compatibility problems • Can provide the client with data that does not reside at the client • Provides improved security measures, since one can code things that cannot be viewed from the browser EMTM 553
The Common Gateway Interface (CGI) • CGI defines an interface between a Web server and an independent application program. • CGI are used to create “gateways” between the Web and an existing application. • CGI also serve as the interface for new applications designed for the Web, not integrated directly into a Web server (as in plug-ins). EMTM 553
CGI (Common Gateway Interface) Web Server CGI Program Program Environment Vars Environment Vars Runtime Environment Runtime Environment EMTM 553
Server API for CGI • Starting and stopping application • Passing data from the client to the application • Passing data from the application to the client • Status and error reporting • Passing configuration information to the application • Passing client and environment information to the application EMTM 553
CGI Example <HTML> <HEAD> <TITLE>Favorite Pet!</TITLE> </HEAD> <BODY BGCOLOR="white"> <H1>Favorite Pet</H1> <B>What is your favorite pet?</B> <FORM METHOD="GET" ACTION="cgi-bin/pet.pl"> <TABLE> <TR> <TD>Name:</TD> <TD><INPUT TYPE="TEXT" NAME="name"></TD> </TR> <TR> <TD>Email:</TD> <TD><INPUT TYPE="TEXT" NAME="email"></TD> </TR> <TR> <TD>Favorite Pet:</TD> <TD><INPUT TYPE="TEXT" NAME="pet"></TD> </TD> </TABLE> <P><INPUT TYPE="SUBMIT“ VALUE=“Submit Query”> <INPUT TYPE="RESET"></P> </FORM> </BODY> </HTML> EMTM 553
CGI Example (GET) #!/usr/bin/perl -w use CGI qw(:standard); print "Content-type: text/html", "\n\n"; @pairs = split('&', $ENV{'QUERY_STRING'}); foreach $pair (@pairs) { ($name, $value) = split('=', $pair); $value =~ tr/+/ /; $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/ pack("C". hex($1))/eg; $info{$name} = $value; } print "<HTML>","\n"; print "<BODY><H1>Thank you</H1>","\n"; print "<B>Name:</B>",$info{name},"<BR>","\n"; print "<B>Email:</B>", $info{email},"<BR>","\n"; print "<B>Favorite Pet:</B>",$info{pet},"<BR>","\n"; print "</BODY></HTML>"; EMTM 553
CGI Example (POST) #!/usr/bin/perl -w use CGI qw(:standard); print "Content-type: text/html", "\n\n"; read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'}); @pairs = split('&', $buffer); foreach $pair (@pairs) { ($name, $value) = split('=', $pair); $value =~ tr/+/ /; $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/ pack("C". hex($1))/eg; $info{$name} = $value; } print "<HTML>","\n"; print "<BODY><H1>Thank you</H1>","\n"; print "<B>Name:</B> ",$info{name},"<BR>","\n"; print "<B>Email:</B> ",$info{email},"<BR>","\n"; print "<B>Favorite Pet:</B> ",$info{pet},"<BR>","\n"; print "</BODY></HTML>"; EMTM 553
CGI Environment Variables EMTM 553
Evaluation of CGI • Advantages of CGI • General: the application is completely decoupled from the Web server • Standard: works with every sever and browser • Flexible: any language (C++, Perl, Java, …) can be used • Disadvantages of CGI • Inefficient: the application must be launched/forked independently for each request • Stateless: the application exits after a request, there is no place to remember state between Web requests • Security: CGI programmer is responsible for security. No automatic system or language support. EMTM 553
Market Shares of Top Servers (Nov 1995 to Nov 2000) Source: http://www.netcraft.com/survey/ EMTM 553
Apache HTTP Server • Developed by Rob McCool at the National Center for Supercomputing Applications (NCSA) in 1994 • Dominates the Web in numbers, largely because it’s free and reliable • Runs on many operating systems • AIX, BSD/OS, FreeBSD, HP-UX, Irix, Linux, Microsoft NT, QNS, SCO, Solaris • Security is well thought out • Password authentication • Digital certificate authentication • Access restrictions • Application development tools support CGI and several proprietary APIs • Supports Active Server Pages (ASP) and Java servlets EMTM 553
Microsoft InternetInformation Server • Bundled (free) with Microsoft Windows NT operating system • Robust and capable, suitable for small sites up to enterprise-class sites • Runs only on Windows NT • Central server management from any server on the network • Tightly integrated security with NT EMTM 553
Microsoft InternetInformation Server • Includes ASP support, along with its own Internet Services API (ISAPI) • Database support for ODBC (Open Database Connectivity) and SQL • Most popular server software for intranet web servers, as reported by PC Magazine EMTM 553
Netscape Enterprise Server • High performance and scalibility • Optimized caching, multiprocessor support • HTTP 1.1 • Powerful development environment • Link management, Web publishing, Agent services • Information sharing and management • embedded revision control system and Verity’s embedded integrated search engine • Management tools to add, delete, or change user information • Password/challenge user and digital certificate authentication • Dynamic application development • CGI, Netscape Server API (NSAPI), Java Servlet API • LiveWire database service provides native database connectivity to Oracle, Informix, IBM DB2, Sybase EMTM 553
Server-side Scripting • A middle ground between static content kept in the file system and pages of dynamic content created by a complete application • Server-side scripting • Embed a language interpreter in the Web server. • Web pages stored in the file system contains scripts that are interpreted on the fly. EMTM 553
Script? Output I/O, Network, DB Server Extension Server Extensions: The Basic Idea Web-Server Web-Server HTTP-Request File-System Load File HTML HTML? File HTML-File EMTM 553
Server Extensions • API depends on Server vendor: • Apache Foundation Apache Server: Apache API • Microsoft Internet Information Server: ISAPI • Netscape Enterprise Server: NSAPI • One can define it’s own server extension, e.g., • Authentication module • Counter module EMTM 553
Web-Server File-System HTTP-Request Load File HTML HTML-File ASP-File Output ASP-Script Active Server Page Scripting Engine I/O, Network, DB Active Server Components Active Server Pages • Active Server Pages (ASPs) • Available in Microsoft web servers (IIS and Personal Web Server) • Based on VBScript, Jscript • Modular Object Model • Active Server Components • Active Data Objects (ADO) for Databaseaccess EMTM 553
Cold Fusion Application Server ODBC-Driver Native Email Directories COM/CORBA DB DB ColdFusion Web-Server Web-Server HTTP-Request Load File File-System HTML HTML? HTML-File File HTML CF Script? Cold Fusion Server Extension EMTM 553
PHP How does PHP differ from ASP and CF? • Free, open source • Many client libraries integrated • Runs on any web server supporting CGIs (MS Windows or Unix) • Module version for Apache Web-Server Web-Server File-System HTTP-Request Load File HTML HTML-File PHP-File Output PHP-Script PHP Module Database APIs, other APIs SNMP, IMAP, POP3, LDAP, ... EMTM 553
Object Technology • Advantages • Encapsulation, polymorphism, heterogeneous languages • Rapid application development • Distributed applications • Flexibility of deployment • Technologies • CORBA • COM • Java Beans/RMI EMTM 553
Enterprise JavaBeans (EJB) • Server-side component architecture • Enable and simplify the building of distributed object in Java • Allow rapid application development • Support portability and reusability across vendors, I.e., platform and implementation independent • EJB supports CTM (Component Transaction Monitoring) • hybrid of traditional transaction processing and distributed object request broker (ORB) services • TP Monitor is an OS for business systems and manages the entire environment that a business system runs, including transactions, resource management,and fault tolerance. • Distributed objects allow unique objects that have state and identity to be distributed accrossa network so that they can be accesses by other systems. EMTM 553
Server-side component Architecture • EJB server is responsible for • Making a component a distributed object • Managing services such as transactions, persistence, concurrency, security • Component Advantage • Divides software into manageable, discrete chunk of logic • Implements well-defined interfaces • Enables reuse • Components can be pieced together to solve larger problems EMTM 553
Example • Pricing Component • Functions: • Base price • Quantity Discount • Bundle Discount • Preferred customer Discount • Overhead costs • Etc. • Note: This pricing engine can be used by different businesses EMTM 553
Example Cont.Post Office Pricing object Dumb Terminal Legacy System EMTM 553
Example Cont.Car Quotes Web Site Network Pricing object Web Server Client Browser EMTM 553
Example Cont.E-tailer Site Pricing Object Workflow logic Billing Object Fulfillment Object Web Server EMTM 553
N-Tier ArchitectureUsing EJB Presentation Layer Presentation Logic Tier Boundary EJB object EJB object EJB object Business Logic Layer (Application Server) EJB object JDBC Tier Boundary Database Data Layer EMTM 553
Classes and Interfaces • Remote interface • The business methods that a bean present to the outside world to do its work • Home interface • The bean’s life cycle methods for creating, removing and finding beans • Bean class • Actual implementation of the bean’s business methods • Primary key • A pointer into the database. EMTM 553
Acquiring a Bean 3: Create New EJB object Home Interface Client Home Object 5: Return EJB Object Reference 4: Create EJB Object 6: Invoke Business method Remote Interface EJB Object Enterprise Beans 1: retrieve Home Object Reference 2: Return Home Reference 7: Delegate request to object JNDI EJB Server Naming Service EMTM 553
Enterprise Bean Objects • Session Bean • Represents business logic • 1 to 1 relationship to client • Stateless / Stateful • Short-lived • Entity Bean • Represents permanent business data • 1 to many relationship to client • Stateful / Transactional • Long-lived EMTM 553
The EJB Contract • Allows for the collaboration of SIX different parties • Bean provider • Component writer, provide reusable business logic • Container provider • Supplier of low-level runtime execution environment • Server provider • Supplier of Application server logic to manage the EJBs • WebSphere (IBM ), WebLogic (BEA), Oracle8i • Application assembler • Application architect for a specific deployment • Deployer • Installs Bean components and Application servers • System Administrator • Oversees the deployed system EMTM 553
Other features • Search engines • Crawl, index, search • Push technologies • Web channels • Intelligent agents • Locate sites, identify the best vendor, negotiate terms of buying and selling, etc. EMTM 553
Q&A EMTM 553
EJB • Application servers • JRun server by Allaire • WebLogic by BEA Systems • WebSphere by IBM • SynerJ/Server by Sun • For more information • www.javasoft.com/products/ejb EMTM 553
EJB InterfaceExamples • Home Interface • public interface PricingSessionHome extends EJBHome • { • public PricingSession create() throws CreateException, RemoteException; • } • Note: Calling this interface creates an EJB object, whose methods can be invoked through the methods published in the Remote Interface EMTM 553