12/15/00emtm 5531 emtm 553: e-commerce systems lecture 3: software building blocks insup lee...
Post on 19-Dec-2015
217 views
TRANSCRIPT
12/15/00 EMTM 553 1
EMTM 553: E-commerce Systems
Lecture 3: Software Building Blocks
Insup Lee
Department of Computer and Information Science
University of [email protected]
www.cis.upenn.edu/~lee
12/15/00 EMTM 553 2
Background
• Simple view of the original WWW– Web servers stored pages coded in HTML in their file
systems.– Pages retrieved by browsers using HTTP. – The URL of a page was the hostname of the server
plus the filename of the document.
• Later, it was realized that– HTML Web pages could be produced by programs as
well as stored as files.– URL specifies the hostname of the server, the name
of the program to run, and arguments for that program.
12/15/00 EMTM 553 3
Static content
This is a web page.This is a web page.
<html><B> This is a web page. </B></html>
http request
server response
Browser interpretshtml page
Web server fetch the page
12/15/00 EMTM 553 4
Dynamic content
Hello World.Hello World.
http request
server response
Browser interpretshtml page
Web server fetch the page
<html><?php PHP code ?></html>
<html><B> Hello World.</B></html>
Interpret php code
12/15/00 EMTM 553 5
Stateless vs. state
• Stateless server– The user request a document, and then another
document, and so on.– Natural for large number of browsers and small
number of servers.
• Why?– If stateful, it can increase performance. However,
o On server crash, it looses all its volatile state information
o On client crash, the server needs to know to claim state space.
12/15/00 EMTM 553 6
Session
• User Session– A delimited set of user clicks across one or more
Web servers (for multiple Web page requests)
• Server Session– A collection of user clicks to a Web server during a
user session
• Why sessions are important?– Complex pages require many connections– High overhead for establishing a connection due to
privacy and authentication requirements– E-commerce applications require a series of actions
by the user and the server.
12/15/00 EMTM 553 7
Where to keep state for client?
• How to identify sets of user requests as belong to the same session and for passing state information back and forth between client and server– State is the application information itself– A session id is a reference to state stored
somewhere else.
• Server-side vs. client-side– Database on server– Applications on server– Cookie on client
• What are tradeoffs?
12/15/00 EMTM 553 8
Session and Client state mechanism
• Techniques– Cookies
o Data sent by a Web server to a Web client, to be stored locally by the client and sent back to the server on subsequent requests
o Cookies are stored as small file in a client machine– Date and time, user id, password, etc.
– Authentication mechanisms such as client certificateo Used this to identify the user to the server on each
request to use state stored in application database – Forms: state or session id can passed as hidden fields– Applets: client scripting can be used to store session id or
state
12/15/00 EMTM 553 9
Active Web Sites
• Allow the user to be sent customized pages• Support dynamic browsing experience• Built using with a combination of languages
and technologies– Client-side technologies
o Used for detecting browser features, responding to user actions, validating form data, displaying dialog boxes.
o Adv: reduce network traffic, server load, almost instant response to user actions
– Server-side technologies
12/15/00 EMTM 553 10
Client-side technologies
• ActiveX controls – Self-contained program called components written in C++
or Visual Basic can be called– <object> tag: can used for bar charts, graphics, timers,
client authentication, database access– Developed by microsoft
• Java Applets– Advantage of Java: stand alone, cross plaform, safe.
• Client-side JavaScript and Dynamic HTML– JavaScript supported by both IE and Netscape Navigator– Dynamic HTML is like script plus abilities to animate pages
and position graphics.
12/15/00 EMTM 553 11
Java
• An object-oriented language developed by Sun Microsystems
• Java programs are compiled into Java bytecode, which are executed by JVM (Java virtual machine)
• Write-once run-anyway• Security of Java applets is based on a sandbox
model
12/15/00 EMTM 553 12
Java Applets
Web-ServerHTTP-Request
HTML-page
Web-Server
File-System
Load File
FileLoad Applet...
Java-Class Requests
Java-Classes
Execute Applet...
Java Virtual Machine (JVM)
Server-Process
12/15/00 EMTM 553 13
Java Applets
• Advantages– Platform independent: works for every web-server and
browser supporting Java– Secure
• Disadvantages– Standalone Character:
o Entire session runs inside appleto HTML forms are not used
– Slow: loading can take a long time– Resource intensive: JVM– Restrictive: can only communicate with server from which
applet was loaded• Server-Process can be written in any language
12/15/00 EMTM 553 14
Server-side technologies
• CGI• Active Server Pages, Microsoft• Server-side JavaScript, Netscape• Java Servlets and JSP (Java Server Pages), Sun
Micro• PHP, developed initially by Rasmus Lerdorf,
1994 to track visitors to his online resume.
12/15/00 EMTM 553 15
Benefits of server-side processing
• Minimizes network traffic by limiting the need for the browser and server to talk back and forth to each other
• Quickens loading time since, in the end, only the actual page is downloaded
• Avoids browser-compatibility problems• Can provide the client with data that does not
reside at the client• Provides improved security measures, since
one can code things that cannot be viewed from the browser
12/15/00 EMTM 553 16
The Common Gateway Interface (CGI)
• CGI defines an interface between a Web server and an independent application program.
• CGI are used to create “gateways” between the Web and an existing application.
• CGI also serve as the interface for new applications designed for the Web, not integrated directly into a Web server (as in plug-ins).
12/15/00 EMTM 553 17
CGI (Common Gateway Interface)
Runtime Environment
Environment Vars
Program
CGI
Web Server
Runtime Environment
Environment Vars
Program
12/15/00 EMTM 553 18
Server API for CGI
• Starting and stopping application• Passing data from the client to the application• Passing data from the application to the client• Status and error reporting• Passing configuration information to the
application• Passing client and environment information to
the application
12/15/00 EMTM 553 19
CGI Example<HTML><HEAD><TITLE>Favorite Pet!</TITLE></HEAD><BODY BGCOLOR="white"><H1>Favorite Pet</H1>
<B>What is your favorite pet?</B><FORM METHOD="GET" ACTION="cgi-bin/pet.pl"><TABLE><TR> <TD>Name:</TD> <TD><INPUT TYPE="TEXT" NAME="name"></TD></TR><TR> <TD>Email:</TD> <TD><INPUT TYPE="TEXT" NAME="email"></TD></TR><TR> <TD>Favorite Pet:</TD> <TD><INPUT TYPE="TEXT" NAME="pet"></TD></TD></TABLE><P><INPUT TYPE="SUBMIT“ VALUE=“Submit Query”> <INPUT TYPE="RESET"></P></FORM></BODY></HTML>
12/15/00 EMTM 553 20
CGI Example (GET)
#!/usr/bin/perl -w
use CGI qw(:standard);
print "Content-type: text/html", "\n\n";
@pairs = split('&', $ENV{'QUERY_STRING'});foreach $pair (@pairs) { ($name, $value) = split('=', $pair); $value =~ tr/+/ /; $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/
pack("C". hex($1))/eg; $info{$name} = $value;}
print "<HTML>","\n";print "<BODY><H1>Thank you</H1>","\n";print "<B>Name:</B>",$info{name},"<BR>","\n";print "<B>Email:</B>", $info{email},"<BR>","\n";print "<B>Favorite Pet:</B>",$info{pet},"<BR>","\n";print "</BODY></HTML>";
12/15/00 EMTM 553 21
CGI Example (POST)#!/usr/bin/perl -w
use CGI qw(:standard);
print "Content-type: text/html", "\n\n";
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});@pairs = split('&', $buffer);foreach $pair (@pairs) { ($name, $value) = split('=', $pair); $value =~ tr/+/ /; $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/ pack("C". hex($1))/eg; $info{$name} = $value;}
print "<HTML>","\n";print "<BODY><H1>Thank you</H1>","\n";print "<B>Name:</B> ",$info{name},"<BR>","\n";print "<B>Email:</B> ",$info{email},"<BR>","\n";print "<B>Favorite Pet:</B> ",$info{pet},"<BR>","\n";print "</BODY></HTML>";
12/15/00 EMTM 553 22
CGI Environment Variables
Variable Name Value
HTTP_HOST The hostname of your server
HTTP_USER_AGENT The browser type of the visitor
HTTPS “on” if the script is being called through a secure server
QUERY_STRING The query string
REMOTE_ADDR The IP address of the visitor
REMOTE_HOST The hostname of the visitor
REMOTE_PORT The port the visitor is connected to on the web server
REQUEST_METHOD GET or POST
SERVER_NAME The server’s domain name
SERVER_PORT The port number the server is listening on
SERVER_SOFTWARE The server software used (e.g. Apache 1.3.12)
12/15/00 EMTM 553 23
Evaluation of CGI
• Advantages of CGI– General: the application is completely decoupled from
the Web server– Standard: works with every sever and browser– Flexible: any language (C++, Perl, Java, …) can be used
• Disadvantages of CGI– Inefficient: the application must be launched/forked
independently for each request– Stateless: the application exits after a request, there is
no place to remember state between Web requests– Security: CGI programmer is responsible for security.
No automatic system or language support.
12/15/00 EMTM 553 24
Market Shares of Top Servers(Nov 1995 to Nov 2000)
Source: http://www.netcraft.com/survey/
12/15/00 EMTM 553 25
Apache HTTP Server
• Developed by Rob McCool at the National Center for Supercomputing Applications (NCSA) in 1994
• Dominates the Web in numbers, largely because it’s free and reliable
• Runs on many operating systems– AIX, BSD/OS, FreeBSD, HP-UX, Irix, Linux, Microsoft NT, QNS,
SCO, Solaris• Security is well thought out
– Password authentication– Digital certificate authentication– Access restrictions
• Application development tools support CGI and several proprietary APIs
• Supports Active Server Pages (ASP) and Java servlets
12/15/00 EMTM 553 26
Microsoft InternetInformation Server
• Bundled (free) with Microsoft Windows NT operating system
• Robust and capable, suitable for small sites up to enterprise-class sites
• Runs only on Windows NT • Central server management from any server
on the network• Tightly integrated security with NT
12/15/00 EMTM 553 27
Microsoft InternetInformation Server
• Includes ASP support, along with its own Internet Services API (ISAPI)
• Database support for ODBC (Open Database Connectivity) and SQL
• Most popular server software for intranet web servers, as reported by PC Magazine
12/15/00 EMTM 553 28
Netscape Enterprise Server• High performance and scalibility
– Optimized caching, multiprocessor support– HTTP 1.1
• Powerful development environment– Link management, Web publishing, Agent services
• Information sharing and management – embedded revision control system and Verity’s embedded
integrated search engine– Management tools to add, delete, or change user
information• Password/challenge user and digital certificate
authentication• Dynamic application development
– CGI, Netscape Server API (NSAPI), Java Servlet API– LiveWire database service provides native database
connectivity to Oracle, Informix, IBM DB2, Sybase
12/15/00 EMTM 553 29
Server-side Scripting
• A middle ground between static content kept in the file system and pages of dynamic content created by a complete application
• Server-side scripting– Embed a language interpreter in the Web server.– Web pages stored in the file system contains scripts
that are interpreted on the fly.
12/15/00 EMTM 553 30
Server Extensions: The Basic Idea
File-SystemWeb-Server
HTTP-Request
HTML-File
Web-Server
Load File
FileHTML?
HTML
I/O, Network, DB
Script?Output
Server Extension
12/15/00 EMTM 553 31
• API depends on Server vendor:– Apache Foundation Apache Server: Apache API– Microsoft Internet Information Server: ISAPI– Netscape Enterprise Server: NSAPI
• One can define it’s own server extension, e.g.,– Authentication module– Counter module
Server Extensions
12/15/00 EMTM 553 32
• Active Server Pages (ASPs)– Available in Microsoft web servers (IIS
and Personal Web Server)
– Based on VBScript, Jscript
– Modular Object Model
– Active Server Components
– Active Data Objects (ADO) for Databaseaccess
Active Server Pages
File-SystemWeb-Server
HTTP-Request
HTML-File
Load File
ASP-File
HTML
ASP-ScriptOutput
I/O, Network, DBActive Server Page
Scripting Engine
Active Server Components
12/15/00 EMTM 553 33
ColdFusion
File-SystemWeb-Server
HTTP-Request
HTML-File
Web-Server
Load File
FileHTML?
HTML
CF Script?HTML
Cold Fusion Server Extension
Cold Fusion Application Server
ODBC-Driver Native
DB DB
Directories
COM/CORBA
12/15/00 EMTM 553 34
PHP
How does PHP differ from ASP and CF?
• Free, open source• Many client libraries
integrated• Runs on any web
server supporting CGIs (MS Windows or Unix)
• Module version for Apache
File-SystemWeb-Server
HTTP-Request
HTML-File
Load File
PHP-File
HTML
PHP-ScriptOutput
Database APIs,
other APIs SNMP,
IMAP, POP3,
LDAP, ...
PHP
Module
Web-Server
12/15/00 EMTM 553 35
Object Technology
• Advantages– Encapsulation, polymorphism, heterogeneous
languages– Rapid application development– Distributed applications– Flexibility of deployment
• Technologies– CORBA– COM– Java Beans/RMI
12/15/00 EMTM 553 36
Enterprise JavaBeans (EJB)
• Server-side component architecture– Enable and simplify the building of distributed object in
Java– Allow rapid application development– Support portability and reusability across vendors, I.e.,
platform and implementation independent• EJB supports CTM (Component Transaction Monitoring)
– hybrid of traditional transaction processing and distributed object request broker (ORB) services
– TP Monitor is an OS for business systems and manages the entire environment that a business system runs, including transactions, resource management,and fault tolerance.
– Distributed objects allow unique objects that have state and identity to be distributed accrossa network so that they can be accesses by other systems.
12/15/00 EMTM 553 37
Server-side component Architecture
• EJB server is responsible for– Making a component a distributed object– Managing services such as transactions, persistence,
concurrency, security
• Component Advantage– Divides software into manageable, discrete chunk of
logic– Implements well-defined interfaces– Enables reuse
o Components can be pieced together to solve larger problems
12/15/00 EMTM 553 38
Example
• Pricing Component– Functions:
o Base priceo Quantity Discounto Bundle Discounto Preferred customer Discounto Overhead costso Etc.
– Note: This pricing engine can be used by different businesses
12/15/00 EMTM 553 39
Example Cont.Post Office
Pricing object
Dumb Terminal Legacy System
12/15/00 EMTM 553 40
Example Cont.Car Quotes Web Site
NetworkNetwork Pricing object
Client Browser
Web Server
12/15/00 EMTM 553 41
Example Cont.E-tailer Site
Web Server
Workflowlogic
Billing Object
FulfillmentObject
Pricing Object
12/15/00 EMTM 553 42
N-Tier ArchitectureUsing EJB
Presentation Logic Presentation Layer
Tier Boundary
Database Data Layer
Tier Boundary
EJB object EJB object EJB object
EJB object
JDBC
Business Logic Layer(Application Server)
12/15/00 EMTM 553 43
Classes and Interfaces
• Remote interface– The business methods that a bean present to the
outside world to do its work
• Home interface– The bean’s life cycle methods for creating, removing
and finding beans
• Bean class– Actual implementation of the bean’s business
methods
• Primary key– A pointer into the database.
12/15/00 EMTM 553 44
Acquiring a Bean
Client
JNDIJNDI
NamingService
EJB Server
1: retrieve Home Object Reference
2: ReturnHome Reference
Home Object
3: CreateNew EJB object
5: Return EJBObject Reference
EJB Object
4: Create EJBObject
6: InvokeBusiness method
EnterpriseBeans
7: Delegate request to object
Home Interface
Remote Interface
12/15/00 EMTM 553 45
Enterprise Bean Objects
• Session Bean– Represents business logic– 1 to 1 relationship to client– Stateless / Stateful– Short-lived
• Entity Bean– Represents permanent business data– 1 to many relationship to client– Stateful / Transactional– Long-lived
12/15/00 EMTM 553 46
The EJB Contract• Allows for the collaboration of SIX different parties
– Bean providero Component writer, provide reusable business logic
– Container providero Supplier of low-level runtime execution environment
– Server providero Supplier of Application server logic to manage the EJBso WebSphere (IBM ), WebLogic (BEA), Oracle8i
– Application assemblero Application architect for a specific deployment
– Deployero Installs Bean components and Application servers
– System Administratoro Oversees the deployed system
12/15/00 EMTM 553 47
Other features
• Search engines– Crawl, index, search
• Push technologies– Web channels
• Intelligent agents– Locate sites, identify the best vendor, negotiate
terms of buying and selling, etc.
12/15/00 EMTM 553 48
Q&A
12/15/00 EMTM 553 49
EJB
• Application servers– JRun server by Allaire– WebLogic by BEA Systems– WebSphere by IBM– SynerJ/Server by Sun
• For more information – www.javasoft.com/products/ejb
12/15/00 EMTM 553 50
EJB InterfaceExamples
• Home Interface
• public interface PricingSessionHome extends EJBHome • {• public PricingSession create() throws CreateException,
RemoteException;• }
• Note: Calling this interface creates an EJB object, whose methods can be invoked through the methods published in the Remote Interface
12/15/00 EMTM 553 51
EJB InterfaceExamples
• Remote Interface
• public interface PricingSession extends EJBObject • {• public float getBasePrice(String ProductID) throws RemoteException;
• public float getPreferredCustomerPrice(String ProductID, String CutomerID) throws RemoteException;• public float applyBundleDiscount(String ProductID, Integer Quantity) throws RemoteException;
• }
• This is for the actual methods of a bean.
12/15/00 EMTM 553 52
Relationship between EJB servers & container
Client: servlets, applets, etc.
EJB Server
EJB 1
EJB 2
EJB 3
EJB 4
EJB ContainerEJB Container
Note: There is no concrete interface between EJB servers and containers yet. Until then, one vendor’s container will not be able to run within another’s server.