Transcript servlet

Electronic Commerce
Lecture 8
Needs
Internet
TCP/IP
HTTP
e-Consumers
Form
Input (CGI)
currencies
Web
Server
smartcard
Clients
Client-Side
Programming
•JavaScript
•VBScript
•Applets
•…
Server-Side
Programming
•SSI
•ASP/JSP
•CFML
•Servlets
•…
Servers
Client-Side
Programming
•JavaScript
•VBScript
•Applets
Servers
• Server-side programs
• Written in Java
• http://java.sun.com/products/servlet/
Server-Side
Programming
•SSI
•ASP/JSP
•CFML
•Servlets
JVM
CGI
CGI
Program
Program
Web Server
SSInclude Servlets (SSIS)
<servlet
name=SERVLET_NAME
code=SERVLET.CLASS
codebase=PATH_TO_YOUR_SERVLET_CLASS
INIT_PARAM1=VALUE1
INIT_PARAM2=VALUE2
INIT_PARAM3=VALUE3…
>
<param name=PARAM1 value=PARAM_VALUE1
param name=PARAM2 value=PARAM_VALUE2…
>
</servlet>
SSI with Servlets
• Include embedding of Servlets in HTML
documents
• Named Servlets will be invoked in the
Server side (if they are not loaded)
• Servlets process the SSInclude requests and
format necessary information to send along
the HTML at the point of invocation.
A Sample Servlet
import java.io.*;
import java.sql.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class DBPhoneLookup extends
HttpServlet {
public void doGet(HttpServletRequest req,
HttpServletResponse res) throws
ServletException, IOException {
Connection con = null;
Statement stmt = null;
ResultSet rs = null;
res.setContentType("text/html");
PrintWriter out = res.getWriter();
try {
// Load (and therefore register) the
Oracle Driver
Class.forName("oracle.jdbc.driver.Oracl
eDriver");
// Get a Connection to the database
con = DriverManager.getConnection(
"jdbc:oracle:thin:dbhost:1528:ORCL",
"user", "passwd");
// Create a Statement object
stmt = con.createStatement();
// Execute an SQL query, get a ResultSet
rs = stmt.executeQuery("SELECT
NAME, PHONE FROM
EMPLOYEES");
// Display the result set as a list
out.println("<HTML><HEAD><TITLE>Phonebook</TITLE></HEAD>");
out.println("<BODY>");
out.println("<UL>");
while(rs.next()) {
out.println("<LI>" + rs.getString("name") + " " + rs.getString("phone")); }
out.println("</UL>");
out.println("</BODY></HTML>");
}
catch(ClassNotFoundException e) {
out.println("Couldn't load database driver: " + e.getMessage());
}
catch(SQLException e) {
out.println("SQLException caught: " + e.getMessage());
}
finally {
// Always close the database connection.
try { if (con != null) con.close(); }
catch (SQLException ignored) { }
}
}
}
Why Use servlets Over CGI
• Replacement of CGI
• Servlets are written in Java
– platform independent (write once run
everywhere)
– Hardware independent (WinNT to Unix) without
compiling or changing anything.
• Less resources intensive: CGI takes more
memory and time
Servlets over CGI
• Persistent: They are loaded once, multiple
threads of the same servlet will handle
multiple client requests.
• Fast: Servlets run must faster than CGI
scripts written in interpreted
languages(Perl).
• More powerful database connectivity:
JDBC to connect to different Databases.
• Extensible: since written in Java, brings all
benefits of Java (robust, Object Oriented…)
Client-Side
Programming
•JavaScript
•VBScript
•Applets
Server-Side
Programming
•SSI/PHP3
•ASP/JSP
•CFML
•Servlets
Servers
<html>
<body>
…
<%
On Error Resume Next
rs.MoveFirst
do while Not rs.eof
%>
………...
<%
rs.MoveNext
loop%>
………...
</body>
</html>
Active Server Page
Web Browser
Request
example3.asp
Open RecordSet &
Display Data in HTML Format
Web Server
Establish a Connection with Database
Send SQL Statement to database
Retrieve Data from Database
by using RecordSets
Database
Extract Client’s Input
(CGI)
Server-Side Program
1. Connect/Open
2. Extract/Update
by SQL
3. Format
Needs
Internet
TCP/IP
e-consumers
VB
Perl
Java
Web
Server
ASP
Or
CFML
Product
Information
Web
Data
Web Technology
Requests
Web
Client
Http: Hyper Text Transport Protocol
Internet
Responses
Web
Server
Maintain State
• Hidden Fields in Forms
• SessionID in URL
• Cookies
Examples:
http://lw4fd.law4.hotmail.msn.com/cgibin/getmsg?disk=216.33.148.69_d514&login=sungchichu
&f=33792&curmbox=ACTIVE&_lang=&msg=MSG9494
62271.14&start=422884&len=19988
https://ww3.janus.com/cgibin/gx.cgi/AppLogic+HomeStaticA?GXHC_gx_session_i
d_VJ_WEB=70f2fa69ad7e9e69
Web-based Enterprise Computing
•
•
•
•
•
•
•
•
•
•
Client-server computing
ODBC- & JDBC- compliant
DBMS
Static vs Dynamic HTML
pages
Java
COM
CORBA
Drumbeat 2000
X/Open
Informix, Sybase, Oracle
•
•
•
•
•
•
•
•
•
CGI programs (Unix shell
scripts, C and/or Perl
programs)
HTTP
Applets vs Servlets
API
ASP vs JSP
Lotus Domino, Netscape
Enterprise, IIS, …
SQL
ColdFusion/CFML
XML
Needs
CRM
Internet
TCP/IP
e-consumers
Web
Server
Product
Information
Web
Data
New
Products
Customer Relationship
Management
• Augment quality of products
• Maintain customer intimacy
• Move from ‘cold’ order taking & bye to
partnership throughout the whole buying
experience for the customer (deliver, product
information, billing, installation, repair/return,
renewal)
• Competitive advantage and the key core business
process
Needs
Suppliers
EDI
e-consumers
Internet
TCP/IP
Manufacturing Plants
Web
Server
Product
Information
Web
Data
Data Mining
Product Development
(R&D)
New
Product
Chrysler
(Source: MIS Quarterly, June 1995)
• Established electronic communication with a few
suppliers in 1969
– Not adequate
– Suppliers did not have current information about
Chrysler’s requirements
– Assembly plants did not know exactly the shipment
content
– Keep large safety buffers
– Costly emergency deliveries when shortage occurred
• 1990: EDI
– Over 100$ saved per vehicle
– Annual savings amounted to over $220 millions
EDI
• EDI uses syntax that is commonly known between
the two communicating parties (compressed,
predefined, sequenced)
• No one existing Internet-based tool could interpret
all EDI transmissions
• Record keeping includes specific software to be
kept along with it
• New users of EDI could not expect immediate
deployment without specialized software
The Extended Enterprise
Suppliers
Front
Office
e-Commerce
e-Business
e-Business
Back
Office
SCM
ERP
Channel &
Customers
CRM
e-Store
Issues
• How to encode information such that all
parties involved will be able to use it?
• How to establish communication between
disparate systems over the Internet (instead
of private networks)?
• How could the company be reorganized to
accept this reverse value chain?
Java & CORBA
• Java
“Write Once, Run Any” language since its
announcement April 1995; a short 4 years and
its technology is still in development
• CORBA
Object-based broker to tie together disparity
information systesms; circa 1989;
CORBA
•
•
•
•
Common Object Request Broker Adapter
Object Management Group (OMG), 1989
CORBA 1.1 in 1991, CORBA 3 in 1999
“…allows a distributed,
heterogeneous collection of objects
to interoperate.”
• ORB, IDL, & IIOP (Internet Inter-ORB
Protocol)
Client
IDL
Server
Server
IDL
IDL
ORB
ORB
IIOP
IIOP
Internet
XML
• Extensible ML – again a descendant of SGML or a
subset of
• Work on draft proposal begins July 1996 by the
SGML (Standard General Markup Language)
ERB (Editorial Review Board)
• XML specification 1.0 in February 1998 (by
W3C)
• Participation by Microsoft and Netscape to
support the new standard began the ascent to
popular acceptance
Two Classes of XML Documents
• Well-formed: conform to XML standard;
there exists a structure of its content
• Valid: conform, and adhere to DTD
• Validating vs Non-Validating XML
processors/parsers
Creating XML Documents
•
•
•
•
•
•
•
Start- and end-tags
Attribute assignments
Entity references
Comments
Processing instructions
CDATA sections
Document type declarations
Start- and End-Tags
• Naming conventions quite like variables in
programming language, start with a letter, no
spaces, …
• Nesting is allowed
<district>
<building>
McDonald’s
</building>
</district>
• Start- and End-Tags are required.
– <foo>…</foo>
– <foo/> for empty content within a tag
So?
• Standardize information storage in vertical
markets
• Tools can be developed easily
• <address> means?
• Good for textual data – human-readable
form; not good for floating point numbers
(12,304,000.93 or 12 5/16)
XML/EDI
..only an estimated 125,000 organizations
worldwide have an EDI system.
Furthermore, there are only 80,000 EDI
enabled businesses in the US. That works
out to less than 2% of the 6.2 million
businesses registered in the United States.
http://www.geocities.com/WallStreet/Floor/5815/executive.htm (15-12-99
13:00)
XML/EDI
• New users would adopt XML for interchange of
data over the Internet, especially, e-merchants
• Tools are readily available to encode the data and
interpret the data in XML format
• XML-encoded data could be either filtered to store
in company specific formats and/or for viewing
using common Internet-based tools (soon to be
available; even in an email)
Other Standards
• http://www.onestandard.com : ??
• http://visualgenomics.com : Bioinformatic
Sequence Markup Language (BSML)
• http://www.fpml.com : Financial products
Markup Language
Data Mining
• “Knowledge Discovery in databases”
• Find patterns (visiting periods), outliners
• Analysis market basket (find i-itemset)
– What 2 items appear frequently in a transaction
– What sequence of items that were ordered over
time
– What items were ordered frequently during a
time period
Data Mining
• Cross Industry Standard Process for Data Mining
(CRISP-DM)
http://www.ncr.dk/CRISP/
• Consortium of European companies (NCR,
Integrated Systems Limited (ISL), Daimler Benz
[now DaimlerChrysler?], OHRA Verzekering en
Bankk Groep, B.V.) in July 1997
• First model Jan 1999
CRISP-DM
• Business Understanding
– What does the business need and why do we
need the knowledge? Like requirement
specification
• Data Understanding
– Data collection, quality and quantity
• Data Preparation
– Characteristics of datasets and filtering of data
CRISP-DM
• Modeling
– Select the modeling technique; neural networks
• Evaluation
– Outcome versus objectives
• Deployment
– Accept, implement and fit to other business
processes
WAP Forum
www.wapforum.org
• Wireless Application Protocol
T-Business
Physical Network
E-Business
Air Space
Handheld
Wireless
Device
e-consumers
m-econsumers
Pre-Wintel World
• limited memory (640KB)
• restricted CPU (8088)
• simple interface (DOS)
• low bandwidth (none)
• low battery life (laptop?)
• high latency (unbearable)
• unpredictable availability
• unstable transmission
• different standards
Wireless World
• limited memory
• restricted CPU
• simple interface
• low bandwidth
• low battery life
• high latency
• unpredictable availability
• unstable transmission
• different standards (GSM)
WAP Forum
• Founded in June 1997 by Ericsson,
Motorola, Nokia and Phone.com
• Now has over 100 members (mid-1999)
• Wireless subscribers reach 1 billion by 2004
• Protocol specification brings together
existing Web technology in the wireless
telecommunication domain
WAP Forum
• Accelerate needed infrastructure, network
equipment, applications, and contents
• Device Independent
• Ease of use & pricing structure
• WML, WMLScript, WTA (Wireless
Telephony Applications), microbrowser,
WTLS (WirelessTransport Layer Security)
WAP Programming Model
Source: www.wapforum.org
WAP Protocol Stack
Source: www.wapforum.org
Mobile Computing
•
•
•
•
Connected wherever you go
Same environment wherever you are
Same person whatever you use (smart card)
Know wherever you are (location-aware
systems)
• Any suggestions??
Web Security
(based on article by Rubin & Geer, Jr., 9/1999 IEEE Computer)
• Web server configuration (Apache)
– Misconfigure
– Configuration files in server root directory
• Access to document tree
• Username/Password information
• Permissions
– Web Server should be run as a genuine user (as
‘www’), but not as nobody.
TCP Layers
Application
Presentation
Session
Transport
Network
Data Link
Physical
Application
Transport
host-to-host
Internet
Network
Access
Physical
HTTP
• Not a protocol for transferring hypertext
• But a protocol for transmitting information
for making hypertext jumps easy
• A stateless protocol
• Transaction oriented : TCP connection is
established for each transaction and
terminated at the end of the transaction
HTTP Key Terms
• Cache : stores cacheable responses to
reduce same future references
• Proxy : an intermediary program that acts
on behalf of other clients
• Tunnel : an intermediary program that acts
as a blind relay between two connections
• Connection : A transport layer virtual circuit
between two programs