Programming Web Apps for Tiny Devices with Java Card™ 3.0 Connected Edition Laurent LAGOSANTO Jean-Jacques VANDEWALLE Patrick VAN HAVER TS-5910
Programming Web Apps for Tiny Devices with Java Card™ 3.0 Connected Edition
Laurent LAGOSANTOJean-Jacques VANDEWALLEPatrick VAN HAVER
TS-5910
2008 JavaOneSM Conference | java.sun.com/javaone | 2
Discover the features of Java Card platform 3.0 Connected Edition illustrated with live demonstrations
Learn how to program web applications for smart cards and other tiny devices
2008 JavaOneSM Conference | java.sun.com/javaone | 3
Agenda
Java Card platform 3.0 overview and use cases1st demonstration: multimedia server
Focus on web 2.0 use cases 2nd demonstration: mashup with web widgets
Focus on Java Card system programming techniques 3rd demonstration: robots battle
Wrap up
2008 JavaOneSM Conference | java.sun.com/javaone | 4
Java Card Platform 3.0 Editions
Java Card Platform 3.0 Classic Edition• Evolution of Java Card Platform 2.2.2 for the same kind of devices• Targets APDU based applications• Binary backward compatible (at CAP file level)• Out of the scope of this presentation
Java Card Platform 3.0 Connected Edition• Major Release: evolutions of VM and framework• Introduces web applications as a core application model• Leverages hardware evolutions (better connectivity, more RAM, …)• Tool-assisted backward compatibility (normalizer tool)• Main focus of this presentation
2008 JavaOneSM Conference | java.sun.com/javaone | 5
Java Card Platform 3.0 Connected Edition Features (1/3)
New virtual machine• Java Platform 6 file format: pre-verified class files packaged in Java
Archive (JAR) • Regular Java bytecode set (no floating point)• Support for multithreading and automatic garbage collection
New application model: web applications• Subset of Java Servlet API v2.4• Web container is a core part of the JCRE• Container managed authentication & authorization
Richer APIs and language features• CLDC-like APIs, generics, enums, annotations• Optional file system API (suitable for large memories)
2008 JavaOneSM Conference | java.sun.com/javaone | 6
Java Card Platform 3.0 Connected Edition Features (2/3)
Firewall• Same rules as Java Card Platform 2.2• Extended with usability features (object ownership transfer, registry)• No longer limited to a single Java technology package
Extended transaction model• APIs replaced by method annotations (safer, cleaner)• Adapted to multithreaded runtime environment
Extended memory model• Compatible with Java Card Platform 2.2• Objects are created in RAM (if they fit) • Automatic promotion in NVM (transitive persistence)
2008 JavaOneSM Conference | java.sun.com/javaone | 7
Java Card Platform 3.0 Connected Edition Features (3/3)
Access control framework• Applications are loaded “into” protection domains• Permissions are assigned to protection domains• Examples of permissions: thread creation, network access,…
Facilities• Event framework: registry and listener-based• Task registry: list of “Runnables” to be restarted at each platform reset
Extended and classic applets• APDU based application model• Extended applets can use any Connected Edition features• Classic applets restricted to Classic Edition APIs• JCRE guarantees mono-threaded execution for classic applets
2008 JavaOneSM Conference | java.sun.com/javaone | 8
Java Card Platform 3.0 Connected Edition Targeted Devices
Footprint• 400 KB ROM/Flash• 128 KB NVM• 16 KB RAM
Externally powered
Additional memory optional (NAND Flash)
High speed interface (USB)
SIM cards
USB tokens
smart cards
µ-controllers
programmable toys
2008 JavaOneSM Conference | java.sun.com/javaone | 9
Java Card Platform 3.0 Connected Edition is the Platform of Choice for…
Web application use cases• Serving web pages: applications come with UIs, on-card portals• Offering services through web APIs• Leveraging and extending the “Smart Card Web Server”
Connected device use cases• Application data update and backup (download / upload)• Application data synchronization (card and server)• Consuming services through web APIs
Multimedia use cases• Multimedia contents can be stored in the file system• They can also be served by the web container
2008 JavaOneSM Conference | java.sun.com/javaone | 10
First demonstration
Multimedia server
2008 JavaOneSM Conference | java.sun.com/javaone | 11
Agenda
Java Card Platform 3.0 overview and use cases1st demonstration: multimedia use cases
Focus on web 2.0 use cases 2nd demonstration: mashup with web widgets
Focus on Java Card platform programming techniques 3rd demonstration: robots battle
Wrap up
2008 JavaOneSM Conference | java.sun.com/javaone | 12
Serving Web Applications from a Java Card Platform 3 Connected Edition
Allow for making personal web applications portable across system and devices
Maintain privacy of personal data in a controlled local web server (that even works offline)
Using AJAX development techniques allow for rich user experience even from a small device
Local web applications can be mixed with online services using mashup techniques
2008 JavaOneSM Conference | java.sun.com/javaone | 13
Scenario #1: a Local Web Server
The more capable the browser the richer the card web applications
Fast and secure access to on-card content
An alternative to remote server hosting (personal) content
Runs offline
2008 JavaOneSM Conference | java.sun.com/javaone | 14
Scenario #1: Using AJAX Techniques
Application Data
runs business logicin Servlet
initial rendering and behavior JavaScript, CSS, HTML, images static files
resources
accesses data
POJOs in Java Card VM persistent heap
runs JavaScript programsto decode and inject data into the page (DOM object creation or innerHTML)
returns data encodedencoded data
XMLHttpRequest(get/update/del data)
runs JavaScript programs upon user actions
More details at JavaOne 2007 TS-5203 “Web 2.0 Applications on a Next-Generation Java Card Platform”http://developers.sun.com/learning/javaoneonline/j1sessn.jsp?sessn=TS-5203&yr=2007&track=4
Presentation
2008 JavaOneSM Conference | java.sun.com/javaone | 15
Scenario #2: Mixing Local and Online Web Applications
Local applications enriched with online content
Online applications personalized with local content
local web applications
online web applications
2008 JavaOneSM Conference | java.sun.com/javaone | 16
Scenario #2: Using Mashup Techniques
resulting page
<script src=“http://www/do?callback=f&…”/>
http://card/index.html
initial page and JavaScript code
text/javascript… f(data);
online content requested by JavaScript code using Dynamic
Script Tag (DST)
returned JavaScript code implements a call to the provided callback function (f) passing its
generated data as parameters
2008 JavaOneSM Conference | java.sun.com/javaone | 17
Scenario #2: Alternate ImplementationMashup Initiated by Online Code
resulting page
initial page and JavaScript code
http://www/index.html
<script src=“http://card/do?callback=f&…”/>
text/javascript… f(data)
card content fetched by DST from an online web widget
2008 JavaOneSM Conference | java.sun.com/javaone | 18
Second demonstration
Mashup with web widgets
2008 JavaOneSM Conference | java.sun.com/javaone | 19
Agenda
Java Card Platform 3.0 overview and use cases1st demonstration: multimedia server
Focus on web 2.0 use cases 2nd demonstration: mashup with web widgets
Focus on Java Card Platform programming techniques 3rd demonstration: robots battle
Wrap up
2008 JavaOneSM Conference | java.sun.com/javaone | 20
Write Your Own Java Code Robot!
http://robocode.sourceforge.net/
Actions• Move body (ahead, back, turn ...)• Fire, turn radar
Events• onHitByBullet,• onHitWall,• onScannedRobot, …
2008 JavaOneSM Conference | java.sun.com/javaone | 21
Architecture of a Java Card Platform 3.0 Robot
HTTPHTTP robotrobotweb appweb app
RobocodeRobocode
bot-proxybot-proxy
Implements Robocode API
Translates events to HTTP requests sent to the card robot web application
Executes scripts sent back by the card
Implements strategy
Processes game events received by HTTP requests
Generates scripts of actions
2008 JavaOneSM Conference | java.sun.com/javaone | 22
Robot Web Application Design
web tierweb tier robot logicrobot logic data modeldata model
eventevent
controlcontrol
robotrobotstrategystrategy
radarradarresourcesresources
enemyenemycollectioncollectionbo
t-pro
xybo
t-pro
xy
2008 JavaOneSM Conference | java.sun.com/javaone | 23
Web Tier: Roles of the Servlets
1 Servlet used by the bot-proxy
• http://card/jc3bot/event?<query-parameters>• Called when bot-proxy is asking for instructions• Also called when an event occurred on the battle field• Provides contextual parameters :
• X,Y robot coordinates, energy, number of remaining enemies, • Or event type, bearing, distance of the enemy, …
1 Servlet for robot settings configuration
• http://card/jc3bot/control?<query-parameters>• Called to set configuration parameters
2008 JavaOneSM Conference | java.sun.com/javaone | 24
Plumbing: Decoding the Protocol
The event Servlet decodes events, creates and handles the corresponding event objectpublic void doGet(HttpServletRequest req,HttpServletResponse res) throws ServletException, IOException {[…] PrintWriter out = res.getWriter(); MyBot bot=this.getServletContext().getAttribute("jc3bot.me");
String what = req.getParameter("what");
if (EVENT_SCAN.equals(what)) { bot.onScannedRobot(out, new ScannedRobotEvent(req)); } else if (EVENT_HITBYBULLET.equals(what)) { bot.onHitByBullet(out, new HitByBulletEvent(req));
} else if (EVENT_HITWALL.equals(what)) { bot.onHitWall(out, new HitWallEvent(req)); } else […]
2008 JavaOneSM Conference | java.sun.com/javaone | 25
Robot Logic: Enemy Scanned
When an enemy is scanned• Stores information in the enemy repository • Turns radar to track this enemy• Fires!
public void onScannedRobot(PrintWriter out, ScannedRobotEvent e) { enemies.get().add( new Enemy(e.getName(),e.getTargetX(),e.getTargetY(), e.getBearing(), e.getDistance(), System.currentTimeMillis())); next_radar = adjustRadarOn(
event.getRadarHeading(), event.getBearing());
this.fire( out, adjustPower(e) );}
2008 JavaOneSM Conference | java.sun.com/javaone | 26
Robot Logic: Generating Scripts
Actions and parameters written in HTTP stream
public class Robot { public final void fire(PrintWriter out, int power) { out.println("fire"); out.println(power); }
public final void ahead(PrintWriter out, int distance) { out.println("ahead"); out.println(distance); }
[…]
2008 JavaOneSM Conference | java.sun.com/javaone | 27
Data Model: Transient Storage
During a round, every scanned enemy is stored in a collection (that must remain in RAM for efficiency)public class Robot { TransientReference<EnemyCollection> enemies
= new TransientReference(new EnemyCollection()); […]}public class EnemyCollection { private Hashtable<Enemy> enemies; public Enemy add(Enemy en){ return enemies.put(en.name, en); } public EnemyCollection () { enemies = new Hashtable<Enemy>(); } […]}
2008 JavaOneSM Conference | java.sun.com/javaone | 28
Data Model: Persistent Storage
Statistics are written in the file system
public class Stats {
public void saveStats() { try { FileConnection fc=
(FileConnection)Connector.open("file:///~/stats.bin"); DataOutputStream os = fc.openDataOutputStream(); os.writeByte(…); } catch( IOException e ) { … } }}
2008 JavaOneSM Conference | java.sun.com/javaone | 29
Packaging and Deployment
Packaging • Same packaging format as Java Platform, Enterprise Edition (Java EE
platform) servers: .war files• WAR files are JAR files containing codes, resources, and descriptors• Can be built by off-the-shelf tools
Descriptors • WEB-INF/web.xml: subset of the Java Servlet descriptor• META-INF/MANIFEST.MF: deployment information• META-INF/javacard.xml: Java Card Platform specific descriptor
Deployment means• Over HTTP• ant tasks available
2008 JavaOneSM Conference | java.sun.com/javaone | 30
Third demonstration
Robots battle
2008 JavaOneSM Conference | java.sun.com/javaone | 31
Wrap up
What you’ve seen during this session• Overview of Java Card Platform 3.0 features and use cases• Web programming techniques applied to the smart card• Java Card Platform 3.0 is powerful enough to program games
Participate to the Java Card Coding Contest• Build your own robot!• Finalists will fight on stage, during the “Toy Show”, on Day 4• More info on the Sun and Gemalto booths
Free your creativity with Java Card Platform 3.0
2008 JavaOneSM Conference | java.sun.com/javaone | 32
Java Card Platform 3.0 Availability
Specification and development kit publicly available• http://java.sun.com/products/javacard/
TCK available end of 2008: required for products issuance
Will be complemented with Global Platform Card Spec 3.0
Candidate technology for the upcoming ETSI Release 8
2008 JavaOneSM Conference | java.sun.com/javaone | 33
More information
BOF-5366: Java Card Technology Demo Internals Unveiled• Sebastian Hans and Thierry Violleau, Sun Microsystems, Inc. • Tuesday May 06 20:30 - 21:20 - Moscone Center - Esplanade 302
TS-5940: Getting Started with the Java Card™ 3.0 Platform• Bela Gangal, Sun Microsystems, Inc.; Anki Nelaturu, Sun Microsystems, Inc.; Eric
Vetillard, Trusted Labs• Tuesday May 06 18:00 - 19:00 - Moscone Center - Esplanade 303
BOF-5611: Free Mobile-to-Mobile Money Transmission Proves Popular in Many Countries • Ram Banerjee, Sun Microsystems, Inc.; Jean-Yves Bitterlich, Sun Microsystems,
Inc.• Thursday May 08 20:30 - 21:20 - Moscone Center - Esplanade 303
Java card coding contest• http://developer.gemalto.com/javacard3 • http://jc3bot.java.sun.com/
2008 JavaOneSM Conference | java.sun.com/javaone | 34
Laurent LAGOSANTOJean-Jacques VANDEWALLEPatrick VAN HAVERTS-5910