EMTM 553: E-commerce Systems
Lecture 3: Software Building Blocks
Insup Lee
Department of Computer and Information Science
University of Pennsylvania
lee@cis.upenn.edu
www.cis.upenn.edu/~lee
12/15/00 EMTM 553 1
Background
• Simple view of the original WWW
– Web servers stored pages coded in HTML in their file
systems.
– Pages retrieved by browsers using HTTP.
– The URL of a page was the hostname of the server plus
the filename of the document.
• Later, it was realized that
– HTML Web pages could be produced by programs as well
as stored as files.
– URL specifies the hostname of the server, the name of
the program to run, and arguments for that program.
12/15/00 EMTM 553 2
Static content
Web server fetch the page
http request
This is a web page.
server response
Browser interprets This is a web page.
html page
12/15/00 EMTM 553 3
Dynamic content
Web server fetch the page
http request
Interpret php code
Hello World.
server response
Browser interprets
html page Hello World.
12/15/00 EMTM 553 4
Stateless vs. state
• Stateless server
– The user request a document, and then another
document, and so on.
– Natural for large number of browsers and small number
of servers.
• Why?
– If stateful, it can increase performance. However,
o On server crash, it looses all its volatile state
information
o On client crash, the server needs to know to claim
state space.
12/15/00 EMTM 553 5
Session
• User Session
– A delimited set of user clicks across one or more Web
servers (for multiple Web page requests)
• Server Session
– A collection of user clicks to a Web server during a user
session
• Why sessions are important?
– Complex pages require many connections
– High overhead for establishing a connection due to
privacy and authentication requirements
– E-commerce applications require a series of actions by
the user and the server.
12/15/00 EMTM 553 6
Where to keep state for client?
• How to identify sets of user requests as belong to
the same session and for passing state information
back and forth between client and server
– State is the application information itself
– A session id is a reference to state stored somewhere
else.
• Server-side vs. client-side
– Database on server
– Applications on server
– Cookie on client
• What are tradeoffs?
12/15/00 EMTM 553 7
Session and Client state mechanism
• Techniques
– Cookies
o Data sent by a Web server to a Web client, to be stored
locally by the client and sent back to the server on
subsequent requests
o Cookies are stored as small file in a client machine
– Date and time, user id, password, etc.
– Authentication mechanisms such as client certificate
o Used this to identify the user to the server on each
request to use state stored in application database
– Forms: state or session id can passed as hidden fields
– Applets: client scripting can be used to store session id or state
12/15/00 EMTM 553 8
Active Web Sites
• Allow the user to be sent customized pages
• Support dynamic browsing experience
• Built using with a combination of languages and
technologies
– Client-side technologies
o Used for detecting browser features, responding to
user actions, validating form data, displaying dialog
boxes.
o Adv: reduce network traffic, server load, almost
instant response to user actions
– Server-side technologies
12/15/00 EMTM 553 9
Client-side technologies
• ActiveX controls
– Self-contained program called components written in C++ or
Visual Basic can be called
– tag: can used for bar charts, graphics, timers, client
authentication, database access
– Developed by microsoft
• Java Applets
– Advantage of Java: stand alone, cross plaform, safe.
• Client-side JavaScript and Dynamic HTML
– JavaScript supported by both IE and Netscape Navigator
– Dynamic HTML is like script plus abilities to animate pages and
position graphics.
12/15/00 EMTM 553 10
Java
• An object-oriented language developed by Sun
Microsystems
• Java programs are compiled into Java bytecode,
which are executed by JVM (Java virtual machine)
• Write-once run-anyway
• Security of Java applets is based on a sandbox
model
12/15/00 EMTM 553 11
Java Applets
Web-Server
Web-Server
HTTP-Request Load File
File-System
HTML-page File
Load Applet...
Java-Class Requests
Java-Classes
Server-
Process
Execute Applet...
Java Virtual
Machine (JVM)
12/15/00 EMTM 553 12
Java Applets
• Advantages
– Platform independent: works for every web-server and browser
supporting Java
– Secure
• Disadvantages
– Standalone Character:
o Entire session runs inside applet
o HTML forms are not used
– Slow: loading can take a long time
– Resource intensive: JVM
– Restrictive: can only communicate with server from which
applet was loaded
• Server-Process can be written in any language
12/15/00 EMTM 553 13
Server-side technologies
• CGI
• Active Server Pages, Microsoft
• Server-side JavaScript, Netscape
• Java Servlets and JSP (Java Server Pages), Sun
Micro
• PHP, developed initially by Rasmus Lerdorf, 1994
to track visitors to his online resume.
12/15/00 EMTM 553 14
Benefits of server-side processing
• Minimizes network traffic by limiting the need for
the browser and server to talk back and forth to
each other
• Quickens loading time since, in the end, only the
actual page is downloaded
• Avoids browser-compatibility problems
• Can provide the client with data that does not
reside at the client
• Provides improved security measures, since one
can code things that cannot be viewed from the
browser
12/15/00 EMTM 553 15
The Common Gateway Interface (CGI)
• CGI defines an interface between a Web server
and an independent application program.
• CGI are used to create “gateways” between the
Web and an existing application.
• CGI also serve as the interface for new
applications designed for the Web, not integrated
directly into a Web server (as in plug-ins).
12/15/00 EMTM 553 16
CGI (Common Gateway Interface)
Web Server
CGI
Program Program
Environment Vars Environment Vars
Runtime Environment Runtime Environment
12/15/00 EMTM 553 17
Server API for CGI
• Starting and stopping application
• Passing data from the client to the application
• Passing data from the application to the client
• Status and error reporting
• Passing configuration information to the
application
• Passing client and environment information to the
application
12/15/00 EMTM 553 18
CGI Example
Favorite Pet!
Favorite Pet
What is your favorite pet?
Name:
Email:
Favorite Pet:
12/15/00 EMTM 553 19
CGI Example (GET)
#!/usr/bin/perl -w
use CGI qw(:standard);
print "Content-type: text/html", "\n\n";
@pairs = split('&', $ENV{'QUERY_STRING'});
foreach $pair (@pairs) {
($name, $value) = split('=', $pair);
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/
pack("C". hex($1))/eg;
$info{$name} = $value;
}
print "","\n";
print "Thank you","\n";
print "Name:",$info{name},"","\n";
print "Email:", $info{email},"","\n";
print "Favorite Pet:",$info{pet},"","\n";
print "";
12/15/00 EMTM 553 20
CGI Example (POST)
#!/usr/bin/perl -w
use CGI qw(:standard);
print "Content-type: text/html", "\n\n";
read(STDIN, $buffer,
$ENV{'CONTENT_LENGTH'});
@pairs = split('&', $buffer);
foreach $pair (@pairs) {
($name, $value) = split('=', $pair);
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/
pack("C". hex($1))/eg;
$info{$name} = $value;
}
print "","\n";
print "Thank you","\n";
print "Name: ",$info{name},"","\n";
print "Email: ",$info{email},"","\n";
print "Favorite Pet: ",$info{pet},"","\n";
print "";
12/15/00 EMTM 553 21
CGI Environment Variables
Variable Name Value
HTTP_HOST The hostname of your server
HTTP_USER_AGENT The browser type of the visitor
HTTPS “on” if the script is being called through a secure server
QUERY_STRING The query string
REMOTE_ADDR The IP address of the visitor
REMOTE_HOST The hostname of the visitor
REMOTE_PORT The port the visitor is connected to on the web server
REQUEST_METHOD GET or POST
SERVER_NAME The server’s domain name
SERVER_PORT The port number the server is listening on
SERVER_SOFTWARE The server software used (e.g. Apache 1.3.12)
12/15/00 EMTM 553 22
Evaluation of CGI
• Advantages of CGI
– General: the application is completely decoupled from the
Web server
– Standard: works with every sever and browser
– Flexible: any language (C++, Perl, Java, …) can be used
• Disadvantages of CGI
– Inefficient: the application must be launched/forked
independently for each request
– Stateless: the application exits after a request, there is
no place to remember state between Web requests
– Security: CGI programmer is responsible for security.
No automatic system or language support.
12/15/00 EMTM 553 23
Market Shares of Top Servers
(Nov 1995 to Nov 2000)
Source: http://www.netcraft.com/survey/
12/15/00 EMTM 553 24
Apache HTTP Server
• Developed by Rob McCool at the National Center for
Supercomputing Applications (NCSA) in 1994
• Dominates the Web in numbers, largely because it’s free and
reliable
• Runs on many operating systems
– AIX, BSD/OS, FreeBSD, HP-UX, Irix, Linux, Microsoft NT,
QNS, SCO, Solaris
• Security is well thought out
– Password authentication
– Digital certificate authentication
– Access restrictions
• Application development tools support CGI and several
proprietary APIs
• Supports Active Server Pages (ASP) and Java servlets
12/15/00 EMTM 553 25
Microsoft Internet
Information Server
• Bundled (free) with Microsoft Windows NT
operating system
• Robust and capable, suitable for small sites up to
enterprise-class sites
• Runs only on Windows NT
• Central server management from any server on the
network
• Tightly integrated security with NT
12/15/00 EMTM 553 26
Microsoft Internet
Information Server
• Includes ASP support, along with its own Internet
Services API (ISAPI)
• Database support for ODBC (Open Database
Connectivity) and SQL
• Most popular server software for intranet web
servers, as reported by PC Magazine
12/15/00 EMTM 553 27
Netscape Enterprise Server
• High performance and scalibility
– Optimized caching, multiprocessor support
– HTTP 1.1
• Powerful development environment
– Link management, Web publishing, Agent services
• Information sharing and management
– embedded revision control system and Verity’s embedded
integrated search engine
– Management tools to add, delete, or change user information
• Password/challenge user and digital certificate
authentication
• Dynamic application development
– CGI, Netscape Server API (NSAPI), Java Servlet API
– LiveWire database service provides native database
connectivity to Oracle, Informix, IBM DB2, Sybase
12/15/00 EMTM 553 28
Server-side Scripting
• A middle ground between static content kept in
the file system and pages of dynamic content
created by a complete application
• Server-side scripting
– Embed a language interpreter in the Web server.
– Web pages stored in the file system contains scripts
that are interpreted on the fly.
12/15/00 EMTM 553 29
Server Extensions: The Basic Idea
Web-Server
Web-Server
HTTP-Request File-System
Load File
HTML
HTML?
HTML-File File
Output Script?
Server Extension I/O, Network, DB
12/15/00 EMTM 553 30
Server Extensions
• API depends on Server vendor:
– Apache Foundation Apache Server: Apache API
– Microsoft Internet Information Server: ISAPI
– Netscape Enterprise Server: NSAPI
• One can define it’s own server extension, e.g.,
– Authentication module
– Counter module
12/15/00 EMTM 553 31
Active Server Pages
• Active Server Pages (ASPs)
– Available in Microsoft web servers (IIS
and Personal Web Server)
– Based on VBScript, Jscript
– Modular Object Model
– Active Server Components
– Active Data Objects Web-Server
HTTP-Request Load File File-System
(ADO) for Database
access HTML
HTML-File ASP-File
Output ASP-Script
Active Server Page I/O, Network, DB
Scripting Engine
Active Server
Components
12/15/00 EMTM 553 32
ColdFusion
Web-Server
Web-Server
HTTP-Request Load File File-System
HTML
HTML?
HTML-File File
HTML
CF Script?
Cold Fusion Server Cold Fusion Application
Extension Server
ODBC-Driver Native Email
Directories
DB DB COM/CORBA
12/15/00 EMTM 553 33
PHP
How does PHP differ from
Web-Server ASP and CF?
• Free, open source
Web-Server
• Many client libraries
HTTP-Request Load File File-System integrated
HTML
• Runs on any web
HTML-File PHP-File
Output PHP-Script
server supporting CGIs
(MS Windows or Unix)
PHP
Module
Database APIs,
other APIs SNMP,
• Module version for
IMAP, POP3, Apache
LDAP, ...
12/15/00 EMTM 553 34
Object Technology
• Advantages
– Encapsulation, polymorphism, heterogeneous languages
– Rapid application development
– Distributed applications
– Flexibility of deployment
• Technologies
– CORBA
– COM
– Java Beans/RMI
12/15/00 EMTM 553 35
Enterprise JavaBeans (EJB)
• Server-side component architecture
– Enable and simplify the building of distributed object in Java
– Allow rapid application development
– Support portability and reusability across vendors, I.e.,
platform and implementation independent
• EJB supports CTM (Component Transaction Monitoring)
– hybrid of traditional transaction processing and distributed
object request broker (ORB) services
– TP Monitor is an OS for business systems and manages the
entire environment that a business system runs, including
transactions, resource management,and fault tolerance.
– Distributed objects allow unique objects that have state and
identity to be distributed accrossa network so that they can be
accesses by other systems.
12/15/00 EMTM 553 36
Server-side component Architecture
• EJB server is responsible for
– Making a component a distributed object
– Managing services such as transactions, persistence,
concurrency, security
• Component Advantage
– Divides software into manageable, discrete chunk of logic
– Implements well-defined interfaces
– Enables reuse
o Components can be pieced together to solve larger
problems
12/15/00 EMTM 553 37
Example
• Pricing Component
– Functions:
o Base price
o Quantity Discount
o Bundle Discount
o Preferred customer Discount
o Overhead costs
o Etc.
– Note: This pricing engine can be used by different
businesses
12/15/00 EMTM 553 38
Example Cont.
Post Office
Pricing object
Dumb Terminal Legacy System
12/15/00 EMTM 553 39
Example Cont.
Car Quotes Web Site
Network Pricing object
Web Server
Client Browser
12/15/00 EMTM 553 40
Example Cont.
E-tailer Site
Pricing Object
Workflow Billing Object
logic
Fulfillment
Object
Web Server
12/15/00 EMTM 553 41
N-Tier Architecture
Using EJB
Presentation Logic Presentation Layer
Tier Boundary
EJB object EJB object EJB object
Business Logic Layer
EJB object
(Application Server)
JDBC
Tier Boundary
Database Data Layer
12/15/00 EMTM 553 42
Classes and Interfaces
• Remote interface
– The business methods that a bean present to the outside
world to do its work
• Home interface
– The bean’s life cycle methods for creating, removing and
finding beans
• Bean class
– Actual implementation of the bean’s business methods
• Primary key
– A pointer into the database.
12/15/00 EMTM 553 43
Acquiring a Bean
3: Create
Home Interface
New EJB object
Home Object
5: Return EJB
Client Object Reference
4: Create EJB
Object
6: Invoke Remote Interface
Business method
Enterprise
EJB Object
1: retrieve 2: Return Beans
Home Object Home Reference
Reference
7: Delegate request to object
JNDI
EJB Server
Naming
12/15/00
Service EMTM 553 44
Enterprise Bean Objects
• Session Bean
– Represents business logic
– 1 to 1 relationship to client
– Stateless / Stateful
– Short-lived
• Entity Bean
– Represents permanent business data
– 1 to many relationship to client
– Stateful / Transactional
– Long-lived
12/15/00 EMTM 553 45
The EJB Contract
• Allows for the collaboration of SIX different parties
– Bean provider
o Component writer, provide reusable business logic
– Container provider
o Supplier of low-level runtime execution environment
– Server provider
o Supplier of Application server logic to manage the EJBs
o WebSphere (IBM ), WebLogic (BEA), Oracle8i
– Application assembler
o Application architect for a specific deployment
– Deployer
o Installs Bean components and Application servers
– System Administrator
o Oversees the deployed system
12/15/00 EMTM 553 46
Other features
• Search engines
– Crawl, index, search
• Push technologies
– Web channels
• Intelligent agents
– Locate sites, identify the best vendor, negotiate terms
of buying and selling, etc.
12/15/00 EMTM 553 47
Q&A
12/15/00 EMTM 553 48
EJB
• Application servers
– JRun server by Allaire
– WebLogic by BEA Systems
– WebSphere by IBM
– SynerJ/Server by Sun
• For more information
– www.javasoft.com/products/ejb
12/15/00 EMTM 553 49
EJB Interface
Examples
• Home Interface
• public interface PricingSessionHome extends EJBHome
• {
• public PricingSession create() throws CreateException,
RemoteException;
• }
• Note: Calling this interface creates an EJB object, whose methods can be
invoked through the methods published in the Remote Interface
12/15/00 EMTM 553 50
EJB Interface
Examples
• Remote Interface
• public interface PricingSession extends EJBObject
• {
• public float getBasePrice(String ProductID) throws RemoteException;
• public float getPreferredCustomerPrice(String ProductID, String CutomerID) throws RemoteException;
• public float applyBundleDiscount(String ProductID, Integer Quantity) throws RemoteException;
• }
• This is for the actual methods of a bean.
12/15/00 EMTM 553 51
Relationship between EJB
servers & container
Client: servlets, applets, etc.
EJB Server
EJB Container EJB Container
EJB 1 EJB 3
EJB 2 EJB 4
Note: There is no concrete interface between EJB servers and
12/15/00 containers yet. Until then, one vendor’s container will
EMTM 553 52
not be able to run within another’s server.