Comp2513 E-Commerce Infrastructure 2 Daniel L. Silver, Ph.D

Comp2513Comp2513

E-Commerce Infrastructure 2E-Commerce Infrastructure 2

Daniel L. Silver, Ph.D.Daniel L. Silver, Ph.D.

2001 Daniel L. Silver 2

ObjectivesObjectives

To complete an overview of the major To complete an overview of the major architectural components of the Internet that architectural components of the Internet that form the infrastructure for E-Commerceform the infrastructure for E-Commerce

References: portions of Sharma Ch.1 and 2, References: portions of Sharma Ch.1 and 2, and DDEA Ch.7and DDEA Ch.7


OutlineOutline Review of Architectural MapReview of Architectural Map Dynamic Interactive WebpagesDynamic Interactive Webpages

– Forms and CGIForms and CGI– Java and Applets, JavaScriptJava and Applets, JavaScript– CookiesCookies

Servlets and Application ServersServlets and Application Servers Database and Database ServersDatabase and Database Servers Beyond HTML: XMLBeyond HTML: XML Security and AuthenticationSecurity and Authentication Electronic PaymentElectronic Payment


Major Architectural Components Major Architectural Components of the Webof the Web

InternetInternet

Browser

DatabaseServer

Client 1

Server A

Server BBank

Server

URL

HTTPTCP/IP

Browser

Client 2 HTTPServer

App.Server

index.html

BankServer

Dedicated

prog.cgi


Dynamic Internet Pages!Dynamic Internet Pages!

HTTP allows client to request a webpage HTTP allows client to request a webpage (URL) and server to respond(URL) and server to respond

HTML and browser allows display of data HTML and browser allows display of data sent from serversent from server

How do we move data to the server? How do we move data to the server? How do we provide program logic at the How do we provide program logic at the

client?client?– e.g.e.g. Check the postal code: B0P 1XO Check the postal code: B0P 1XO


Forms and CGIForms and CGI

The HTML <FORM> tag specifies that:The HTML <FORM> tag specifies that:– Input data will be received from the keyboardInput data will be received from the keyboard– Data should be processed by a server application if Data should be processed by a server application if

SUBMIT button is pressedSUBMIT button is pressed CGI – Common Gateway InterfaceCGI – Common Gateway Interface

– Standard for HTTP client-server application Standard for HTTP client-server application communications. communications. It defines howIt defines how: :

– A client can request to run an application on a server and A client can request to run an application on a server and use specified input datause specified input data

– A server application can pass the response back to the A server application can pass the response back to the clientclient

– It is It is NOTNOT a programming language a programming language


Forms and CGIForms and CGI

An Example: An Example: greeting.htmlgreeting.html


Java and AppletsJava and Applets

Java is an OOP language developed by Sun Java is an OOP language developed by Sun MicrosystemsMicrosystems

Platform independent – code is interpreted Platform independent – code is interpreted by a Java Virtual Machine (JVM)by a Java Virtual Machine (JVM)

A Java applet is a Java program that is A Java applet is a Java program that is launched by a browser: launched by a browser: – HTML page contains reference to an appletHTML page contains reference to an applet– Applet is downloaded from serverApplet is downloaded from server– Java is executed by JVM assoc. with browserJava is executed by JVM assoc. with browser


Java AppletJava Applet

Advantages:Advantages:– Client side logic for dynamic content and Client side logic for dynamic content and

format of pagesformat of pages– Client side logic for complex algorithms and Client side logic for complex algorithms and

local data manipulationlocal data manipulation

An Example: An Example: HelloApplet.htmlHelloApplet.html


JavascriptJavascript

Introduced by NetScapeIntroduced by NetScape A client-side languageA client-side language Provides program logic embedded in HTML for Provides program logic embedded in HTML for

generation of dynamic webpages and minor generation of dynamic webpages and minor computationcomputation

Manipulation of objects in HTML page including Manipulation of objects in HTML page including the creation and the creation and movement of browser windowsmovement of browser windows

Most importantly allows Most importantly allows validation of entered FORM data validation of entered FORM data


Web Sessions?Web Sessions?

Recall the problem of web sessions being Recall the problem of web sessions being connectionlessconnectionless

TCP/IP is connection oriented but each TCP/IP is connection oriented but each HTTP request/response uses one such HTTP request/response uses one such connection and then terminatesconnection and then terminates

State is not maintained from page to pageState is not maintained from page to page Each item you order is a separate request Each item you order is a separate request So how does a E-Comm site know how to So how does a E-Comm site know how to

accumulate orders for you?accumulate orders for you?


CookiesCookies

A Cookie is a small piece of data placed on a A Cookie is a small piece of data placed on a client system that is used by the server to identify client system that is used by the server to identify the clientthe client– Client, about to make a request to a server, checks to Client, about to make a request to a server, checks to

see if it has an associated cookiesee if it has an associated cookie» If cookie, then send it with the requestIf cookie, then send it with the request

– Server checks for cookie in requestServer checks for cookie in request» If cookie, then pass it to any applications calledIf cookie, then pass it to any applications called

– Server may create a new cookie and return it with the Server may create a new cookie and return it with the response to the clientresponse to the client

– Client receives response and checks for new cookieClient receives response and checks for new cookie» If cookie, then it saves it for this server URLIf cookie, then it saves it for this server URL


Servlets and Application ServersServlets and Application Servers

Java Applets have three major drawbacks:Java Applets have three major drawbacks:– Take time to load unto clientTake time to load unto client– May not work as planned (depends on JVM)May not work as planned (depends on JVM)– Potential security risk for clientPotential security risk for client

Server-side code is preferred for business Server-side code is preferred for business logiclogic

CGI allows an application to run on server CGI allows an application to run on server but creates server performance problems:but creates server performance problems:– Each time a separate process must be spawnedEach time a separate process must be spawned


Servlets and Application ServersServlets and Application Servers

Servlets overcome this problemServlets overcome this problem Servlets rely on a Servlet Engine Servlets rely on a Servlet Engine

(Application Server) to manage multiple (Application Server) to manage multiple requests for the same applicationrequests for the same application

Tomcat is one of the most common Servlet Tomcat is one of the most common Servlet EnginesEngines


JSPs – Java Server PagesJSPs – Java Server Pages

A relatively new Java programming model A relatively new Java programming model from SUN that follows IBM’s older net.data from SUN that follows IBM’s older net.data and MS’s Active Server Pagesand MS’s Active Server Pages

Objective is to separate the application Objective is to separate the application processing code from the HTML processing code from the HTML presentation codepresentation code

Easier to build dynamic E-commerce Easier to build dynamic E-commerce applications without loss of servlet powerapplications without loss of servlet power


Skeleton of a JSPSkeleton of a JSP

<HTML><HTML><HEAD><HEAD><TITLE> HelloJSP1</TITLE><TITLE> HelloJSP1</TITLE></HEAD></HEAD><BODY><BODY><H1>Hello JSP - Example 1 </H1><H1>Hello JSP - Example 1 </H1><BEAN<BEAN name="textProvider"name="textProvider" type="example.Bean.HelloJSP1"type="example.Bean.HelloJSP1" scope="request">scope="request"></BEAN></BEAN><B><%= textProvider.getTextMessage() %></B><B><%= textProvider.getTextMessage() %></B></BODY></BODY></HTML></HTML>

Basic Html Code

Java Object Created as a Java Bean

Calling a method of the Java Object



InternetInternet

Browser

DatabaseServer

Client 1

Server A

Server BBank

Server

URL

HTTPTCP/IP

Browser

Client 2 HTTPServer

App.Server

index.htmlpage.jsp

BankServer

Dedicated

prog.class


Database and Database ServersDatabase and Database Servers

Database - Database - A collection of data, structured in a well A collection of data, structured in a well defined format, accessed by multiple applications using defined format, accessed by multiple applications using standard commands, ensures integrity of accessstandard commands, ensures integrity of access

DBMS – Database Management System – DBMS – Database Management System – facilitates and optimizes database I/Ofacilitates and optimizes database I/O

Database Server – A server that runs a Database Server – A server that runs a DBMS and can field requests for data I/ODBMS and can field requests for data I/O


Database and Database ServersDatabase and Database Servers

raven.acadiau.ca will be our database serverraven.acadiau.ca will be our database server Our DBMS will be PostgreSQL (Postgres)Our DBMS will be PostgreSQL (Postgres) Postgres is a relational database – like a set Postgres is a relational database – like a set

of spreadsheet tablesof spreadsheet tables Used to store all data for products, Used to store all data for products,

categories and storescategories and stores ODBC – Open Database ConnectivityODBC – Open Database Connectivity JDBC – Java Database ConnectivityJDBC – Java Database Connectivity


XMLXML

eXtensible Markup LanguageeXtensible Markup Language HTML tags such as <B>Silver<\B> tell HTML tags such as <B>Silver<\B> tell

how to display the word “Silver” (syntax)how to display the word “Silver” (syntax) But its does not define what it meansBut its does not define what it means XML defines meaning (semantics): XML defines meaning (semantics):

<last_name>Silver<\last_name><last_name>Silver<\last_name> And to create structure …And to create structure …

<mail_adrs> <fname>Homer<\fname> <lname>Simpson<\lname> <strnum>1234<\strnum> <str>Hickup Lane<\str><\mail_adrs>


Security and AuthenticationSecurity and Authentication

HTTP connections can be “sniffed” for their HTTP connections can be “sniffed” for their data – just plain ASCII textdata – just plain ASCII text

Encryption methods encode text to make it Encryption methods encode text to make it unreadableunreadable

Public and private keys are used for coding Public and private keys are used for coding and decoding encrypted messagesand decoding encrypted messages

Authentication concerns ensuring that a Authentication concerns ensuring that a sender is who she says she issender is who she says she is


Security and AuthenticationSecurity and Authentication

Certificate is an entity’s public key plus Certificate is an entity’s public key plus other identification (name., location)other identification (name., location)

SSL – Secure Socket LayerSSL – Secure Socket Layer– Lies between TCP/IP and HTTP and performs Lies between TCP/IP and HTTP and performs

encryptionencryption HTTPS is the HTTP protocol that employs HTTPS is the HTTP protocol that employs

SSL – it will use a separate server port SSL – it will use a separate server port (default = 443)(default = 443)


Security through HTTPSSecurity through HTTPS

Browser

DatabaseServer

Client 1

Server A

URL

HTTPTCP/IP

HTTPServer

App.Server

index.html

BankServer

Dedicated

prog.cgi

HTTPS

port = 80

port = 443


E-PaymentE-Payment

Credit cardCredit card Debit cardDebit card Micro-paymentsMicro-payments Smart cardSmart card



InternetInternet

Browser

DatabaseServer

Client 1

Server A

Server BBank

Server

URL

HTTPTCP/IP

Browser

Client 2 HTTPServer

App.Server

index.html

BankServer

Dedicated

prog.cgi


Successful E-Commerce Successful E-Commerce ApplicationsApplications

Flexible – ever changing products, Flexible – ever changing products, technology, business processtechnology, business process

Multi-channel interfaces - diversity of user Multi-channel interfaces - diversity of user and external application accessand external application access

Security – a primary concernSecurity – a primary concern Integration – no application is an IslandIntegration – no application is an Island


Summary of Technical Summary of Technical Requirements for E-Comm.Requirements for E-Comm.

Dynamic, personalized web user interfacesDynamic, personalized web user interfaces Multi-channel user interface supportMulti-channel user interface support Adheres to standard application interfacesAdheres to standard application interfaces Distributed programming/acrhitectural modelDistributed programming/acrhitectural model Deployment on distributed componentsDeployment on distributed components Distributed transaction supportDistributed transaction support Asynchronous message communicationsAsynchronous message communications Strong securityStrong security

THE ENDTHE END

[email protected]@acadiau.ca

Documents

Comp2513 E-Commerce Infrastructure 2 Daniel L. Silver, Ph.D