Comp2513 Comp2513 E-Commerce E-Commerce Infrastructure 2 Infrastructure 2 Daniel L. Silver, Ph.D. Daniel L. Silver, Ph.D.
Dec 22, 2015
Comp2513Comp2513
E-Commerce Infrastructure 2E-Commerce Infrastructure 2
Daniel L. Silver, Ph.D.Daniel L. Silver, Ph.D.
2001 Daniel L. Silver 2
ObjectivesObjectives
To complete an overview of the major To complete an overview of the major architectural components of the Internet that architectural components of the Internet that form the infrastructure for E-Commerceform the infrastructure for E-Commerce
References: portions of Sharma Ch.1 and 2, References: portions of Sharma Ch.1 and 2, and DDEA Ch.7and DDEA Ch.7
2001 Daniel L. Silver 3
OutlineOutline Review of Architectural MapReview of Architectural Map Dynamic Interactive WebpagesDynamic Interactive Webpages
– Forms and CGIForms and CGI– Java and Applets, JavaScriptJava and Applets, JavaScript– CookiesCookies
Servlets and Application ServersServlets and Application Servers Database and Database ServersDatabase and Database Servers Beyond HTML: XMLBeyond HTML: XML Security and AuthenticationSecurity and Authentication Electronic PaymentElectronic Payment
2001 Daniel L. Silver 4
Major Architectural Components Major Architectural Components of the Webof the Web
InternetInternet
Browser
DatabaseServer
Client 1
Server A
Server BBank
Server
URL
HTTPTCP/IP
Browser
Client 2 HTTPServer
App.Server
index.html
BankServer
Dedicated
prog.cgi
2001 Daniel L. Silver 5
Dynamic Internet Pages!Dynamic Internet Pages!
HTTP allows client to request a webpage HTTP allows client to request a webpage (URL) and server to respond(URL) and server to respond
HTML and browser allows display of data HTML and browser allows display of data sent from serversent from server
How do we move data to the server? How do we move data to the server? How do we provide program logic at the How do we provide program logic at the
client?client?– e.g.e.g. Check the postal code: B0P 1XO Check the postal code: B0P 1XO
2001 Daniel L. Silver 6
Forms and CGIForms and CGI
The HTML <FORM> tag specifies that:The HTML <FORM> tag specifies that:– Input data will be received from the keyboardInput data will be received from the keyboard– Data should be processed by a server application if Data should be processed by a server application if
SUBMIT button is pressedSUBMIT button is pressed CGI – Common Gateway InterfaceCGI – Common Gateway Interface
– Standard for HTTP client-server application Standard for HTTP client-server application communications. communications. It defines howIt defines how: :
– A client can request to run an application on a server and A client can request to run an application on a server and use specified input datause specified input data
– A server application can pass the response back to the A server application can pass the response back to the clientclient
– It is It is NOTNOT a programming language a programming language
2001 Daniel L. Silver 7
Forms and CGIForms and CGI
An Example: An Example: greeting.htmlgreeting.html
2001 Daniel L. Silver 8
Java and AppletsJava and Applets
Java is an OOP language developed by Sun Java is an OOP language developed by Sun MicrosystemsMicrosystems
Platform independent – code is interpreted Platform independent – code is interpreted by a Java Virtual Machine (JVM)by a Java Virtual Machine (JVM)
A Java applet is a Java program that is A Java applet is a Java program that is launched by a browser: launched by a browser: – HTML page contains reference to an appletHTML page contains reference to an applet– Applet is downloaded from serverApplet is downloaded from server– Java is executed by JVM assoc. with browserJava is executed by JVM assoc. with browser
2001 Daniel L. Silver 9
Java AppletJava Applet
Advantages:Advantages:– Client side logic for dynamic content and Client side logic for dynamic content and
format of pagesformat of pages– Client side logic for complex algorithms and Client side logic for complex algorithms and
local data manipulationlocal data manipulation
An Example: An Example: HelloApplet.htmlHelloApplet.html
2001 Daniel L. Silver 10
JavascriptJavascript
Introduced by NetScapeIntroduced by NetScape A client-side languageA client-side language Provides program logic embedded in HTML for Provides program logic embedded in HTML for
generation of dynamic webpages and minor generation of dynamic webpages and minor computationcomputation
Manipulation of objects in HTML page including Manipulation of objects in HTML page including the creation and the creation and movement of browser windowsmovement of browser windows
Most importantly allows Most importantly allows validation of entered FORM data validation of entered FORM data
2001 Daniel L. Silver 11
Web Sessions?Web Sessions?
Recall the problem of web sessions being Recall the problem of web sessions being connectionlessconnectionless
TCP/IP is connection oriented but each TCP/IP is connection oriented but each HTTP request/response uses one such HTTP request/response uses one such connection and then terminatesconnection and then terminates
State is not maintained from page to pageState is not maintained from page to page Each item you order is a separate request Each item you order is a separate request So how does a E-Comm site know how to So how does a E-Comm site know how to
accumulate orders for you?accumulate orders for you?
2001 Daniel L. Silver 12
CookiesCookies
A Cookie is a small piece of data placed on a A Cookie is a small piece of data placed on a client system that is used by the server to identify client system that is used by the server to identify the clientthe client– Client, about to make a request to a server, checks to Client, about to make a request to a server, checks to
see if it has an associated cookiesee if it has an associated cookie» If cookie, then send it with the requestIf cookie, then send it with the request
– Server checks for cookie in requestServer checks for cookie in request» If cookie, then pass it to any applications calledIf cookie, then pass it to any applications called
– Server may create a new cookie and return it with the Server may create a new cookie and return it with the response to the clientresponse to the client
– Client receives response and checks for new cookieClient receives response and checks for new cookie» If cookie, then it saves it for this server URLIf cookie, then it saves it for this server URL
2001 Daniel L. Silver 13
Servlets and Application ServersServlets and Application Servers
Java Applets have three major drawbacks:Java Applets have three major drawbacks:– Take time to load unto clientTake time to load unto client– May not work as planned (depends on JVM)May not work as planned (depends on JVM)– Potential security risk for clientPotential security risk for client
Server-side code is preferred for business Server-side code is preferred for business logiclogic
CGI allows an application to run on server CGI allows an application to run on server but creates server performance problems:but creates server performance problems:– Each time a separate process must be spawnedEach time a separate process must be spawned
2001 Daniel L. Silver 14
Servlets and Application ServersServlets and Application Servers
Servlets overcome this problemServlets overcome this problem Servlets rely on a Servlet Engine Servlets rely on a Servlet Engine
(Application Server) to manage multiple (Application Server) to manage multiple requests for the same applicationrequests for the same application
Tomcat is one of the most common Servlet Tomcat is one of the most common Servlet EnginesEngines
2001 Daniel L. Silver 15
JSPs – Java Server PagesJSPs – Java Server Pages
A relatively new Java programming model A relatively new Java programming model from SUN that follows IBM’s older net.data from SUN that follows IBM’s older net.data and MS’s Active Server Pagesand MS’s Active Server Pages
Objective is to separate the application Objective is to separate the application processing code from the HTML processing code from the HTML presentation codepresentation code
Easier to build dynamic E-commerce Easier to build dynamic E-commerce applications without loss of servlet powerapplications without loss of servlet power
2001 Daniel L. Silver 16
Skeleton of a JSPSkeleton of a JSP
<HTML><HTML><HEAD><HEAD><TITLE> HelloJSP1</TITLE><TITLE> HelloJSP1</TITLE></HEAD></HEAD><BODY><BODY><H1>Hello JSP - Example 1 </H1><H1>Hello JSP - Example 1 </H1><BEAN<BEAN name="textProvider"name="textProvider" type="example.Bean.HelloJSP1"type="example.Bean.HelloJSP1" scope="request">scope="request"></BEAN></BEAN><B><%= textProvider.getTextMessage() %></B><B><%= textProvider.getTextMessage() %></B></BODY></BODY></HTML></HTML>
Basic Html Code
Java Object Created as a Java Bean
Calling a method of the Java Object
2001 Daniel L. Silver 17
Major Architectural Components Major Architectural Components of the Webof the Web
InternetInternet
Browser
DatabaseServer
Client 1
Server A
Server BBank
Server
URL
HTTPTCP/IP
Browser
Client 2 HTTPServer
App.Server
index.htmlpage.jsp
BankServer
Dedicated
prog.class
2001 Daniel L. Silver 18
Database and Database ServersDatabase and Database Servers
Database - Database - A collection of data, structured in a well A collection of data, structured in a well defined format, accessed by multiple applications using defined format, accessed by multiple applications using standard commands, ensures integrity of accessstandard commands, ensures integrity of access
DBMS – Database Management System – DBMS – Database Management System – facilitates and optimizes database I/Ofacilitates and optimizes database I/O
Database Server – A server that runs a Database Server – A server that runs a DBMS and can field requests for data I/ODBMS and can field requests for data I/O
2001 Daniel L. Silver 19
Database and Database ServersDatabase and Database Servers
raven.acadiau.ca will be our database serverraven.acadiau.ca will be our database server Our DBMS will be PostgreSQL (Postgres)Our DBMS will be PostgreSQL (Postgres) Postgres is a relational database – like a set Postgres is a relational database – like a set
of spreadsheet tablesof spreadsheet tables Used to store all data for products, Used to store all data for products,
categories and storescategories and stores ODBC – Open Database ConnectivityODBC – Open Database Connectivity JDBC – Java Database ConnectivityJDBC – Java Database Connectivity
2001 Daniel L. Silver 20
XMLXML
eXtensible Markup LanguageeXtensible Markup Language HTML tags such as <B>Silver<\B> tell HTML tags such as <B>Silver<\B> tell
how to display the word “Silver” (syntax)how to display the word “Silver” (syntax) But its does not define what it meansBut its does not define what it means XML defines meaning (semantics): XML defines meaning (semantics):
<last_name>Silver<\last_name><last_name>Silver<\last_name> And to create structure …And to create structure …
<mail_adrs> <fname>Homer<\fname> <lname>Simpson<\lname> <strnum>1234<\strnum> <str>Hickup Lane<\str><\mail_adrs>
2001 Daniel L. Silver 21
Security and AuthenticationSecurity and Authentication
HTTP connections can be “sniffed” for their HTTP connections can be “sniffed” for their data – just plain ASCII textdata – just plain ASCII text
Encryption methods encode text to make it Encryption methods encode text to make it unreadableunreadable
Public and private keys are used for coding Public and private keys are used for coding and decoding encrypted messagesand decoding encrypted messages
Authentication concerns ensuring that a Authentication concerns ensuring that a sender is who she says she issender is who she says she is
2001 Daniel L. Silver 22
Security and AuthenticationSecurity and Authentication
Certificate is an entity’s public key plus Certificate is an entity’s public key plus other identification (name., location)other identification (name., location)
SSL – Secure Socket LayerSSL – Secure Socket Layer– Lies between TCP/IP and HTTP and performs Lies between TCP/IP and HTTP and performs
encryptionencryption HTTPS is the HTTP protocol that employs HTTPS is the HTTP protocol that employs
SSL – it will use a separate server port SSL – it will use a separate server port (default = 443)(default = 443)
2001 Daniel L. Silver 23
Security through HTTPSSecurity through HTTPS
Browser
DatabaseServer
Client 1
Server A
URL
HTTPTCP/IP
HTTPServer
App.Server
index.html
BankServer
Dedicated
prog.cgi
HTTPS
port = 80
port = 443
2001 Daniel L. Silver 24
E-PaymentE-Payment
Credit cardCredit card Debit cardDebit card Micro-paymentsMicro-payments Smart cardSmart card
2001 Daniel L. Silver 25
Major Architectural Components Major Architectural Components of the Webof the Web
InternetInternet
Browser
DatabaseServer
Client 1
Server A
Server BBank
Server
URL
HTTPTCP/IP
Browser
Client 2 HTTPServer
App.Server
index.html
BankServer
Dedicated
prog.cgi
2001 Daniel L. Silver 26
Successful E-Commerce Successful E-Commerce ApplicationsApplications
Flexible – ever changing products, Flexible – ever changing products, technology, business processtechnology, business process
Multi-channel interfaces - diversity of user Multi-channel interfaces - diversity of user and external application accessand external application access
Security – a primary concernSecurity – a primary concern Integration – no application is an IslandIntegration – no application is an Island
2001 Daniel L. Silver 27
Summary of Technical Summary of Technical Requirements for E-Comm.Requirements for E-Comm.
Dynamic, personalized web user interfacesDynamic, personalized web user interfaces Multi-channel user interface supportMulti-channel user interface support Adheres to standard application interfacesAdheres to standard application interfaces Distributed programming/acrhitectural modelDistributed programming/acrhitectural model Deployment on distributed componentsDeployment on distributed components Distributed transaction supportDistributed transaction support Asynchronous message communicationsAsynchronous message communications Strong securityStrong security
THE ENDTHE END
[email protected]@acadiau.ca