View
214
Download
0
Embed Size (px)
Citation preview
3/23/01 EMTM 553 1
EMTM 553: E-commerce Systems
Lecture 3: Software
Insup Lee
Department of Computer and Information Science
University of [email protected]
www.cis.upenn.edu/~lee
3/23/01 EMTM 553 2
Background
• Simple view of the original WWW– Web servers stored pages coded in HTML in their file
systems.– Pages retrieved by browsers using HTTP. – The URL of a page was the hostname of the server
plus the filename of the document.
• Later, it was realized that– HTML Web pages could be produced by programs as
well as stored as files.– URL specifies the hostname of the server, the name
of the program to run, and arguments for that program.
3/23/01 EMTM 553 3
Static content
This is a web page.This is a web page.
<html><B> This is a web page. </B></html>
http request
server response
Browser interpretshtml page
Web server fetch the page
3/23/01 EMTM 553 4
Dynamic content
Hello World.Hello World.
http request
server response
Browser interpretshtml page
Web server fetch the page
<html><?php PHP code ?></html>
<html><B> Hello World.</B></html>
Interpret php code
3/23/01 EMTM 553 5
Stateless vs. state
• Stateless server– The user request a document, and then another
document, and so on.– Natural for large number of browsers and small
number of servers.
• Why?– If stateful, it can increase performance. However,
o On server crash, it looses all its volatile state information
o On client crash, the server needs to know to claim state space.
3/23/01 EMTM 553 6
Session
• User Session– A delimited set of user clicks across one or more
Web servers (for multiple Web page requests)
• Server Session– A collection of user clicks to a Web server during a
user session
• Why sessions are important?– Complex pages require many connections– High overhead for establishing a connection due to
privacy and authentication requirements– E-commerce applications require a series of actions
by the user and the server.
3/23/01 EMTM 553 7
Where to keep state for client?
• How to identify sets of user requests as belong to the same session and for passing state information back and forth between client and server– State is the application information itself– A session id is a reference to state stored
somewhere else.
• Server-side vs. client-side– Database on server– Applications on server– Cookie on client
• What are tradeoffs?
3/23/01 EMTM 553 8
Session and Client state mechanism
• Techniques– Cookies
o Data sent by a Web server to a Web client, to be stored locally by the client and sent back to the server on subsequent requests
o Cookies are stored as small file in a client machine– Date and time, user id, password, etc.
– Authentication mechanisms such as client certificateo Used this to identify the user to the server on each
request to use state stored in application database – Forms: state or session id can passed as hidden fields– Applets: client scripting can be used to store session id or
state
3/23/01 EMTM 553 9
Active Web Sites
• Allow the user to be sent customized pages• Support dynamic browsing experience• Built using with a combination of languages
and technologies– Client-side technologies
o Used for detecting browser features, responding to user actions, validating form data, displaying dialog boxes.
o Adv: reduce network traffic, server load, almost instant response to user actions
– Server-side technologies
3/23/01 EMTM 553 10
Client-side technologies
• ActiveX controls – Self-contained program called components written in C++
or Visual Basic can be called– <object> tag: can used for bar charts, graphics, timers,
client authentication, database access– Developed by Microsoft
• Client-side JavaScript and Dynamic HTML– JavaScript supported by both IE and Netscape Navigator– Dynamic HTML is like script plus abilities to animate pages
and position graphics.
• Java Applets– Advantage of Java: stand alone, cross platform, safe.
3/23/01 EMTM 553 11
Java
• An object-oriented language developed by Sun Microsystems
• Java programs are compiled into Java bytecode, which are executed by JVM (Java virtual machine)
• Write-once run-anyway• Security of Java applets is based on a sandbox
model
3/23/01 EMTM 553 12
Java Applets
Web-ServerHTTP-Request
HTML-page
Web-Server
File-System
Load File
FileLoad Applet...
Java-Class Requests
Java-Classes
Execute Applet...
Java Virtual Machine (JVM)
Server-Process
3/23/01 EMTM 553 13
Java Applets
• Advantages– Platform independent: works for every web-server and
browser supporting Java– Secure
• Disadvantages– Standalone Character:
o Entire session runs inside appleto HTML forms are not used
– Slow: loading can take a long time– Resource intensive: JVM– Restrictive: can only communicate with server from which
applet was loaded• Server-Process can be written in any language
3/23/01 EMTM 553 14
Server-side technologies
• CGI• Active Server Pages, Microsoft• Server-side JavaScript, Netscape• Java Servlets and JSP (Java Server Pages),
SunMicro• PHP, developed initially by Rasmus Lerdorf,
1994 to track visitors to his online resume.
3/23/01 EMTM 553 15
Benefits of server-side processing
• Minimizes network traffic by limiting the need for the browser and server to talk back and forth to each other
• Quickens loading time since, in the end, only the actual page is downloaded
• Avoids browser-compatibility problems• Can provide the client with data that does not
reside at the client• Provides improved security measures, since
one can code things that cannot be viewed from the browser
3/23/01 EMTM 553 16
Web Server Software Feature Sets
• Core Capabilities– Process and respond to Web client requests using the HTTP
protocol• Security
– Validation of username and password– Processing certificates and key pairs
• FTP– Transferring of files to or from the server
• Searching– Searches the existing site or entire Web for documents– Indexing provides full-text indexes for files stored on the server
• Data Analysis– Capture visitor information
o Who, how long, date & time, what pages were visited.
3/23/01 EMTM 553 17
The Common Gateway Interface (CGI)
• CGI defines an interface between a Web server and an independent application program.
• CGI are used to create “gateways” between the Web and an existing application.
• CGI also serve as the interface for new applications designed for the Web, not integrated directly into a Web server (as in plug-ins).
3/23/01 EMTM 553 18
CGI (Common Gateway Interface)
Runtime Environment
Environment Vars
Program
CGI
Web Server
Runtime Environment
Environment Vars
Program
3/23/01 EMTM 553 19
Server API for CGI
• Starting and stopping application• Passing data from the client to the application• Passing data from the application to the client• Status and error reporting• Passing configuration information to the
application• Passing client and environment information to
the application
3/23/01 EMTM 553 20
CGI Example<HTML><HEAD><TITLE>Favorite Pet!</TITLE></HEAD><BODY BGCOLOR="white"><H1>Favorite Pet</H1>
<B>What is your favorite pet?</B><FORM METHOD="GET" ACTION="cgi-bin/pet.pl"><TABLE><TR> <TD>Name:</TD> <TD><INPUT TYPE="TEXT" NAME="name"></TD></TR><TR> <TD>Email:</TD> <TD><INPUT TYPE="TEXT" NAME="email"></TD></TR><TR> <TD>Favorite Pet:</TD> <TD><INPUT TYPE="TEXT" NAME="pet"></TD></TD></TABLE><P><INPUT TYPE="SUBMIT“ VALUE=“Submit Query”> <INPUT TYPE="RESET"></P></FORM></BODY></HTML>
3/23/01 EMTM 553 21
CGI Example (GET)
#!/usr/bin/perl -w
use CGI qw(:standard);
print "Content-type: text/html", "\n\n";
@pairs = split('&', $ENV{'QUERY_STRING'});foreach $pair (@pairs) { ($name, $value) = split('=', $pair); $value =~ tr/+/ /; $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/
pack("C". hex($1))/eg; $info{$name} = $value;}
print "<HTML>","\n";print "<BODY><H1>Thank you</H1>","\n";print "<B>Name:</B>",$info{name},"<BR>","\n";print "<B>Email:</B>", $info{email},"<BR>","\n";print "<B>Favorite Pet:</B>",$info{pet},"<BR>","\n";print "</BODY></HTML>";
3/23/01 EMTM 553 22
CGI Example (POST)#!/usr/bin/perl -w
use CGI qw(:standard);
print "Content-type: text/html", "\n\n";
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});@pairs = split('&', $buffer);foreach $pair (@pairs) { ($name, $value) = split('=', $pair); $value =~ tr/+/ /; $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/ pack("C". hex($1))/eg; $info{$name} = $value;}
print "<HTML>","\n";print "<BODY><H1>Thank you</H1>","\n";print "<B>Name:</B> ",$info{name},"<BR>","\n";print "<B>Email:</B> ",$info{email},"<BR>","\n";print "<B>Favorite Pet:</B> ",$info{pet},"<BR>","\n";print "</BODY></HTML>";
3/23/01 EMTM 553 23
CGI Environment Variables
Variable Name Value
HTTP_HOST The hostname of your server
HTTP_USER_AGENT The browser type of the visitor
HTTPS “on” if the script is being called through a secure server
QUERY_STRING The query string
REMOTE_ADDR The IP address of the visitor
REMOTE_HOST The hostname of the visitor
REMOTE_PORT The port the visitor is connected to on the web server
REQUEST_METHOD GET or POST
SERVER_NAME The server’s domain name
SERVER_PORT The port number the server is listening on
SERVER_SOFTWARE The server software used (e.g. Apache 1.3.12)
3/23/01 EMTM 553 24
Evaluation of CGI
• Advantages of CGI– General: the application is completely decoupled from
the Web server– Standard: works with every sever and browser– Flexible: any language (C++, Perl, Java, …) can be used
• Disadvantages of CGI– Inefficient: the application must be launched/forked
independently for each request– Stateless: the application exits after a request, there is
no place to remember state between Web requests– Security: CGI programmer is responsible for security.
No automatic system or language support.
3/23/01 EMTM 553 25
Server-side Scripting
• A middle ground between static content kept in the file system and pages of dynamic content created by a complete application
• Server-side scripting– Embed a language interpreter in the Web server.– Web pages stored in the file system contains scripts
that are interpreted on the fly.
3/23/01 EMTM 553 26
Server Extensions: The Basic Idea
File-SystemWeb-Server
HTTP-Request
HTML-File
Web-Server
Load File
FileHTML?
HTML
I/O, Network, DB
Script?Output
Server Extension
3/23/01 EMTM 553 27
• API depends on Server vendor:– Apache Foundation Apache Server: Apache API– Microsoft Internet Information Server: ISAPI– Netscape Enterprise Server: NSAPI
• One can define it’s own server extension, e.g.,– Authentication module– Counter module
Server Extensions
3/23/01 EMTM 553 28
• Active Server Pages (ASPs)– Available in Microsoft web servers (IIS
and Personal Web Server)
– Based on VBScript, Jscript
– Modular Object Model
– Active Server Components
– Active Data Objects (ADO) for Databaseaccess
Active Server Pages
File-SystemWeb-Server
HTTP-Request
HTML-File
Load File
ASP-File
HTML
ASP-ScriptOutput
I/O, Network, DBActive Server Page
Scripting Engine
Active Server Components
3/23/01 EMTM 553 29
ColdFusion
File-SystemWeb-Server
HTTP-Request
HTML-File
Web-Server
Load File
FileHTML?
HTML
CF Script?HTML
Cold Fusion Server Extension
Cold Fusion Application Server
ODBC-Driver Native
DB DB
Directories
COM/CORBA
3/23/01 EMTM 553 30
PHP
How does PHP differ from ASP and CF?
• Free, open source• Many client libraries
integrated• Runs on any web
server supporting CGIs (MS Windows or Unix)
• Module version for Apache
File-SystemWeb-Server
HTTP-Request
HTML-File
Load File
PHP-File
HTML
PHP-ScriptOutput
Database APIs,
other APIs SNMP,
IMAP, POP3,
LDAP, ...
PHP
Module
Web-Server
3/23/01 EMTM 553 31
Object Technology
• Advantages– Encapsulation, polymorphism, heterogeneous
languages– Rapid application development– Distributed applications– Flexibility of deployment
• Technologies– CORBA– COM– Java Beans/RMI
3/23/01 EMTM 553 32
Enterprise JavaBeans (EJB)
• Server-side component architecture– Enable and simplify the building of distributed object in
Java– Allow rapid application development– Support portability and reusability across vendors, I.e.,
platform and implementation independent• EJB supports CTM (Component Transaction Monitoring)
– hybrid of traditional transaction processing and distributed object request broker (ORB) services
– TP Monitor is an OS for business systems and manages the entire environment that a business system runs, including transactions, resource management,and fault tolerance.
– Distributed objects allow unique objects that have state and identity to be distributed accrossa network so that they can be accesses by other systems.
3/23/01 EMTM 553 33
Server-side component Architecture
• EJB server is responsible for– Making a component a distributed object– Managing services such as transactions, persistence,
concurrency, security
• Component Advantage– Divides software into manageable, discrete chunk of
logic– Implements well-defined interfaces– Enables reuse
o Components can be pieced together to solve larger problems
3/23/01 EMTM 553 34
Example
• Pricing Component– Functions:
o Base priceo Quantity Discounto Bundle Discounto Preferred customer Discounto Overhead costso Etc.
– Note: This pricing engine can be used by different businesses
3/23/01 EMTM 553 36
Example Cont.Car Quotes Web Site
NetworkNetwork Pricing object
Client Browser
Web Server
3/23/01 EMTM 553 37
Example Cont.E-tailer Site
Web Server
Workflowlogic
Billing Object
FulfillmentObject
Pricing Object
3/23/01 EMTM 553 38
N-Tier ArchitectureUsing EJB
Presentation Logic Presentation Layer
Tier Boundary
Database Data Layer
Tier Boundary
EJB object EJB object EJB object
EJB object
JDBC
Business Logic Layer(Application Server)
3/23/01 EMTM 553 39
Classes and Interfaces
• Remote interface– The business methods that a bean present to the
outside world to do its work
• Home interface– The bean’s life cycle methods for creating, removing
and finding beans
• Bean class– Actual implementation of the bean’s business
methods
• Primary key– A pointer into the database.
3/23/01 EMTM 553 40
Acquiring a Bean
Client
JNDIJNDI
NamingService
EJB Server
1: retrieve Home Object Reference
2: ReturnHome Reference
Home Object
3: CreateNew EJB object
5: Return EJBObject Reference
EJB Object
4: Create EJBObject
6: InvokeBusiness method
EnterpriseBeans
7: Delegate request to object
Home Interface
Remote Interface
3/23/01 EMTM 553 41
Enterprise Bean Objects
• Session Bean– Represents business logic– 1 to 1 relationship to client– Stateless / Stateful– Short-lived
• Entity Bean– Represents permanent business data– 1 to many relationship to client– Stateful / Transactional– Long-lived
3/23/01 EMTM 553 42
The EJB Contract• Allows for the collaboration of SIX different parties
– Bean providero Component writer, provide reusable business logic
– Container providero Supplier of low-level runtime execution environment
– Server providero Supplier of Application server logic to manage the EJBso WebSphere (IBM ), WebLogic (BEA), Oracle8i
– Application assemblero Application architect for a specific deployment
– Deployero Installs Bean components and Application servers
– System Administratoro Oversees the deployed system
3/23/01 EMTM 553 43
Other features
• Search engines– Crawl, index, search
• Push technologies– Web channels
• Intelligent agents– Locate sites, identify the best vendor, negotiate
terms of buying and selling, etc.