An Introduction to Electronic Commerce (E-Commerce)

Rhodes University Memorabilia Web Store Submitted in partial fulfillment of the requirements of the degree Bachelor of Science (Honours) of Rhodes University (Joint Project) By Farisai Mabvudza Computer Science Department November 2002 Acknowledgements I have found this year to be enjoyable and rewarding, but this has only been possible due to a number of people. I would like to offer my heartfelt thanks to the following people:      My supervisors, Dr George Wells and Dr Greg Foster for their guidance, help and support during the year – they always kept their doors open for assistance. My team member and dear friend, Uma Rudraraju for her support during the year – the project could not have been done without her input. The Honours class of 2002 for adding excitement to the labs during the sleepless nights spent there! My family for the support they have given me throughout my University years Most importantly of all, God for always being there for me, no matter what. Abstract E-Commerce is rapidly finding its way into many businesses worldwide, and such is the nature of the Web that any organization can participate in this new business paradigm. This project aims to investigate the viability and implementation concerns associated with developing an e-commerce application at an institutional level, using Java-based technologies. The system being investigated consisted of a web-based application modelled on the three-tier client-server architecture using free and low-cost software. The implementation of this project has resulted in a small to medium scaled practical system, which proves that such a system is feasible and affordable to Rhodes University. Table of Contents CHAPTER 1 : AN INTRODUCTION TO ELECTRONIC COMMERCE ............................ 1 1.1 What is E-Commerce? ............................................................................................................ 1 1.2 Why Rhodes University Memorabilia? ................................................................................. 2 1.3 Objectives ................................................................................................................................. 2 1.4 Scope ......................................................................................................................................... 3 1.5 Division of Work ...................................................................................................................... 3 1.6 Deliverables .............................................................................................................................. 4 1.7 Report Overview ...................................................................................................................... 4 CHAPTER 2 : THE R.U.M ARCHITECTURE .................................................................. 5 2.1 Description of the Tiers ........................................................................................................... 5 2.2 Reasons for this approach ....................................................................................................... 6 2.3 Other Architectural Options .................................................................................................. 7 2.3.1 Two Tier Architecture ........................................................................................................ 7 2.3.2 N-Tier Architecture ............................................................................................................ 7 2.4 Technologies used in each Tier ............................................................................................... 8 2.4.1 Development and Deployment Options ............................................................................. 8 2.4.2 Java for R.U.M. ................................................................................................................ 10 2.4.3 Hypertext Markup Language (HTML) / Cascading Style Sheets (CSS) ......................... 11 2.4.4 JavaScript ......................................................................................................................... 12 2.4.5 JavaMail ........................................................................................................................... 12 2.4.6 Java Database Connectivity (JDBC) ................................................................................ 12 2.4.7 Java Server Pages (JSP) and Java Beans .......................................................................... 12 CHAPTER 3 : THE CLIENT TIER (FRONT-END) ......................................................... 13 3.1 Responsibilities of the Front-End......................................................................................... 13 3.2 Thin Client Architecture ....................................................................................................... 13 3.3 Page Centric Approach with JavaBeans ............................................................................. 13 3.4 Form Elements ....................................................................................................................... 14 3.5 Front-End Technologies ........................................................................................................ 14 3.5.1 Web Browser .................................................................................................................... 14 3.5.2 Scripting Languages ......................................................................................................... 14 CHAPTER 4 : THE APPLICATION SERVER (MIDDLE-TIER) ..................................... 15 4.1 The Responsibilities of The Middle-Tier ............................................................................. 15 4.1.1 Enforcing the Business Rules ........................................................................................... 15 4.1.2 Fetching and Posting data for the user interface .............................................................. 15 4.2 The Server .............................................................................................................................. 16 4.2.1 The Web Server ................................................................................................................ 16 4.2.2 The Application Server ..................................................................................................... 16 4.2.3 Choosing a server for R.U.M............................................................................................ 17 4.3 Middle-Tier Technologies in Detail ..................................................................................... 17 4.3.2 Apache Tomcat ................................................................................................................. 17 4.3.3 Tomcat and Other Application Servers ............................................................................ 18 4.4 Session Tracking ................................................................................................................. 19 4.4.1 Cookies ............................................................................................................................. 20 4.4.2 URL (Uniform Resource Locator) rewriting .................................................................... 21 4.4.3 Hidden Form Fields .......................................................................................................... 22 4.4.4 The Session Tracking API ................................................................................................ 22 4.5 Java Server Pages (JSP) ........................................................................................................ 22 4.5.1 Overview .......................................................................................................................... 22 4.5.2 JSP Scripting Elements..................................................................................................... 23 4.5.2.1 JSP Expressions ......................................................................................................... 23 4.5.2.2 JSP Scriptlets ............................................................................................................. 24 4.5.2.3 JSP Declarations ........................................................................................................ 25 4.5.3 JSP Directives ................................................................................................................... 25 4.5.3.1 Page Directive............................................................................................................ 25 4.5.3.2 Include Directive ....................................................................................................... 26 4.5.4 JSP Actions ....................................................................................................................... 26 4.5.4.1 Forward...................................................................................................................... 27 4.5.4.2 JSP Bean Tags ........................................................................................................... 27 4.6 The Fundamentals of JavaBeans ......................................................................................... 27 4.6.1 JavaBean Conventions...................................................................................................... 28 4.6.1.1 The JavaBeans API.................................................................................................... 28 4.6.1.2 Beans Are Objects ..................................................................................................... 28 4.6.1.3 Class Naming Conventions ....................................................................................... 29 4.6.1.4 Introspection .............................................................................................................. 29 4.6.2 Using the JavaBeans with JSP .......................................................................................... 29 4.6.2.1 The tag ............................................................................................. 30 4.6.2.2 The tag ........................................................................................ 31 4.6.2.3 The tag ........................................................................................ 31 4.6.3 An Example From R.U.M. ............................................................................................... 32 4.7 Java Mail ................................................................................................................................ 33 4.8 Security in R.U.M. ................................................................................................................. 35 CHAPTER 5 : THE DATA TIER (BACK-END) .............................................................. 37 5.1 Responsibilities of the Back-End .......................................................................................... 37 5.2 The Database .......................................................................................................................... 37 5.3 Talking to the Database using JDBC ................................................................................... 38 5.3.1 Benefits of JDBC .............................................................................................................. 38 5.3.2 The JDBC API Core Classes ............................................................................................ 38 5.3.3 Using JDBC to Access The R.U.M. Database ................................................................. 40 5.3.4 Types of JDBC Drivers .................................................................................................... 42 5.3.4.1 JDBC-ODBC Bridge ................................................................................................. 42 5.3.4.2 Part Java, Part Native Driver ..................................................................................... 43 5.3.4.3 Intermediate Database Access Server........................................................................ 43 5.3.4.4 Pure Java Drivers ....................................................................................................... 43 5.3.5 Alternatives to JDBC ........................................................................................................ 43 CHAPTER 6 : R.U.M. IMPLEMENTATION.................................................................... 45 6.1 The Middle-Tier – An Overview of the JavaBeans used in RUM..................................... 46 6.1.1 ConnectionBean ............................................................................................................... 46 6.1.2 CountryBean ..................................................................................................................... 46 6.1.3 CustomerBean .................................................................................................................. 46 6.1.4 EmailBean ........................................................................................................................ 47 6.1.5 OrderBean ......................................................................................................................... 47 6.1.6 ShoppingCart .................................................................................................................... 47 6.1.7 ProductBean ..................................................................................................................... 47 6.1.8 ProductDisplay ................................................................................................................. 47 6.1.9 SearchBean ....................................................................................................................... 48 6.1.10 Result .............................................................................................................................. 48 6.1.11 ValidationBean ............................................................................................................... 48 6.1.12 The Property Sheet ......................................................................................................... 48 6.2 Implementing the JavaBeans................................................................................................ 49 6.2.1 The Welcome page ........................................................................................................... 49 6.2.2 Logging Into R.U.M. ........................................................................................................ 50 6.2.3 Registering as a new User ................................................................................................ 50 6.2.3.1 Connecting to the Database ....................................................................................... 50 6.2.3.2 Validating the Form ................................................................................................... 51 6.2.3.3 Sending the E-mails ................................................................................................... 53 6.2.4 Existing user logging into R.U.M..................................................................................... 54 6.2.5 Forgotten Password .......................................................................................................... 55 6.2 The Products Pages ............................................................................................................... 56 6.2.6 The Product Category Pages ............................................................................................ 56 6.2.7 Checkout Process – Shipping Details ............................................................................... 61 6.2.8 Checkout Process - Delivery Costs .................................................................................. 61 6.2.9 Checkout Process - Payment Details ................................................................................ 63 6.2.10 Checkout Process - Confirmation ................................................................................... 63 6.3 Database Implementation ..................................................................................................... 64 6.4 Implementation Problems ..................................................................................................... 65 CHAPTER 7 : CONCLUSION ........................................................................................ 67 7.1 Overview ................................................................................................................................. 67 7.2 The Future .............................................................................................................................. 67 7.2.1 Automatic Stock Control .................................................................................................. 67 7.2.2 Connection Pooling .......................................................................................................... 68 7.2.3 Improved Credit Card Validation ..................................................................................... 68 7.2.4 Dynamic recommendations .............................................................................................. 68 REFERENCES ............................................................................................................... 69 APPENDIX A: R.U.M.’S FILE HIERARCHY .................................................................. 73 APPENDIX B: INSTALLING AND CONFIGURING R.U.M. UNDER WINDOWS .......... 74 1. Copying the Files ................................................................................................................... 74 2. Setting up the Environment Variables ................................................................................ 75 3. Configuring RUM .................................................................................................................. 75 APPENDIX C: GLOSSARY ........................................................................................... 77 APPENDIX D : PROJECT POSTER .............................................................................. 83 Chapter 1 : An Introduction to Electronic Commerce 1.1 What is E-Commerce? E-Commerce (electronic commerce) may be defined, by Joseph (2000), as the practice of buying and selling products and services over the Internet, utilizing technologies such as the Web, electronic data interchange, e-mail, electronic fund transfers, and smart cards. In recent years, ecommerce has exploded, and future trends indicate that more and more businesses will connect themselves to the Internet. It is now becoming imperative for some organizations to engage in ecommerce in order to remain competitive. There are various reasons why e-commerce is making an impact on the computing world. Businesses have realised that there are lower start-up and overhead expenses. Running costs are also quite low since the order processing is automated and there is no need to employ people to take care of this. Before the advent of e-commerce, businesses were often restricted and expansion was difficult. Since the Internet is accessible from almost anywhere on the planet, businesses can have global exposure. Businesses can also advertise thousands of products without incurring huge costs. It is clear that the low cost factor plays a major role in inspiring organizations to travel the e-commerce route. The consumer also reaps numerous benefits from e-commerce. Customers can shop whenever they want, from the comfort of their homes and there is no need for them to even leave their houses. All the hassles of driving to the store, finding parking and hunting for products, are eliminated. After placing their orders, the customer can then sit back and wait until their goods are delivered to their doorstep. Despite the many advantages of e-commerce, many e-businesses found themselves failing. Many of them over-rated the Internet revolution and made misjudgements about the purchasing habits over the Internet, in its current state. This does not mean that there is no future for e-commerce, for only its growth was slowed down momentarily. According to Nayzak Communications (2002), there is still a bright future ahead for e-commerce. Once the details of online commerce are worked out, it and the Internet in general could reshape the structure of the business world. 1 1.2 Why Rhodes University Memorabilia? The sale of Rhodes University Memorabilia is currently paper-based – old Rhodians are sent brochures describing the products available and their respective prices. The alumni can then order the memorabilia by completing the supplied forms and then mailing it to the Alumni Department, which then processes the order and sends the goods. This system has been in place for a good number of years, but as with any manual based system, there are problems. The time period, between the order being mailed and the order being received by the department, can be large. For instance, an order from the United States could take as much as four weeks to reach the department. These time delays are likely to put off potential customers, and of course, there is always the chance that the order may get lost on the way and never reach Rhodes. Security is also a major issue, as it is possible for the customer‟s order to be intercepted, and their credit card details to be stolen. In addition, a significant number of leavers change their addresses and do not inform the Alumni department of this. This means that there is little chance of them receiving the brochures in the first place. These problems can be solved by harnessing the power of the Internet and e-commerce. Most graduates from the University are likely to have Internet access regardless of their location. An online shop to sell the memorabilia would be an ideal addition to the existing system. The alumni can then view and order products wherever they are, using their web browsers. They will have peace of mind, knowing that their details have been transmitted securely, and that their order will definitely have reached the University. 1.3 Objectives The primary objective of this project is to deliver this online store. This will involve an investigation into Java Server Page (JSP) technology and how it can aid web designers to rapidly develop and easily maintain, information-rich, dynamic web pages. Throughout this document the system, known as Rhodes University Memorabilia, will be referred to with the acronym R.U.M. 2 1.4 Scope Since this project can be classified as a small to medium-scale e-commerce endeavour, the developers have investigated and implemented the vital features for the successful operation of an e-commerce website. The developers have not delved into issues such as using purchasing habits in order to target certain products at customers and stock control. It is felt that such large features would not be applicable to a small institution such as Rhodes and would add inconveniences for the maintainers of the system. However, these features have been considered as possible extensions to the project. Please refer to Section 7.2 for more details. 1.5 Division of Work Since this project is a small to medium-scale endeavour, it has been undertaken by two people, one of them being the author. The task has been considered too big for a single individual to handle in the time allotted. The tasks were fairly divisible and this meant that two major parts of the project had been worked on concurrently. The task was quite complex and for this reason it was thought that different team members would contribute different knowledge and skills. Furthermore, the real world also requires projects of this nature to be undertaken by teams. The division of the work for the project is highlighted below. The reader should be aware that some of the sections of work have overlapped and so a clear division of work could not be shown. The Author (Farisai Mabvudza) – Back End       Database setup and validation. Linking the RUM interface to database using Java Database Connectivity (JDBC) and the Tomcat web server. Implementation of security features into RUM. Product search engine. Development of the supporting JavaBeans for the above tasks. Documentation for the above mentioned tasks of the project. 3 Team Member (Uma Rudraraju) - Front End      Development of RUM user interface using Hyper-Text Markup Language (HTML), Cascading Style Sheets (CSS), JavaScript and Java Server Pages (JSP). Form Validation and Error Handling. Context sensitive help system. Development of the supporting JavaBeans for the above tasks. Documentation for the above mentioned tasks of the project. 1.6 Deliverables The investigation has resulted in this report as well as a practical system, which the University can implement for the use of old Rhodians, as well as existing students. R.U.M. allows its users to browse the range of memorabilia that Rhodes has to offer, interacting with the system using their web browser software. Before they can actually buy anything, they need to create an account by registering with the web shop. At any point, the customer can modify his account details. Once they are registered, they can run through the checkout process to complete their orders. The order information is then e-mailed to the Alumni department for processing. 1.7 Report Overview The report is structured as follows: Chapter 2 “The R.U.M. Architecture” discusses the architecture used in the R.U.M. system as well as the technologies which have been used. Chapter 3 “The Client Tier (Front-End)” gives an overview of the first tier of the system, being the Client Tier. Similarly Chapter 4 “The Application Server (Middle Tier)” explores the middletier, and Chapter 5 The Data Tier (Back-End)” explores the back end of the system. Chapter 6 “R.U.M. Implementation” describes how the author implemented the R.U.M. system. It is designed to help future developers to build a website similar to R.U.M. Finally Chapter 7 “Conclusion” concludes the thesis and highlights how the project can be extended in the future. 4 Chapter 2 : The R.U.M Architecture (3) Web Tier (1) Client Tier (4) Data Tier (2) Business Tier Figure 2-1: Three-tiered Client-Server Architecture [Adapted from Sun Microsystems, 2002] It has been decided by the developers to use a three-tiered Client-Server architecture for R.U.M. as illustrated in Figure 2-1 above. The main components of the tiers are described briefly below, with reference to Figure 2-1: 2.1 Description of the Tiers The Client Tier (1) of the system, sometimes known as the Front-end is responsible for the rendering of web pages to the client, which in this case would be a web browser such as Internet Explorer or Netscape Communicator. The Application Server Tier (Middle Tier) of the system is usually sub-divided into the Business Tier (2) and the Web Tier (3), although they may appear to be separate tiers. The Business Tier retrieves data from the database and processes it if necessarily before delivering it to the Web Tier. The Business Tier then sends the data to the Web Tier, which dynamically generates the 5 HTML page for display by the Front-end. The data for the Business Tier, which could either be Customer data or Product data, is supplied by the Data Tier (4). The Data tier stores the data in a Microsoft Access Database. The data is read and/or modified using SQL queries. Each of the three tiers is discussed in great detail in Chapters 2, 3 and 4. 2.2 Reasons for this approach By breaking down R.U.M. into three distinct and separate tiers, advantages were gained in several areas. Marston (2002) suggests several advantages:  Scalability and deployment flexibility - component roles are specialized, improving maintainability, networking, and Input/Output (I/O) overheads. An application constructed using the three-tier software architecture is an ideal candidate for being deployed on three layers of hardware. For R.U.M. this meant that the Back-end could be stored on one machine, the Middle Tier stored on another machine, and the customers would access the system using the Front-end on their own machines  Component roles are also clearly defined within a three-tier framework. This provides a good basis for component-based development and reusability. Components in the business layer can be shared by any number of components in the presentation layer. Chapters 3 and 6 contain detailed descriptions of the components which ended up being shared and reused in R.U.M.  Infrastructure independence is enhanced by the use of a 3-tier architecture. This is because presentation and data access - areas that are often infrastructure-dependent are separated from the application's business logic.  A specific set of skills is required for the development of each tier This meant that the tiers could be developed independently of each other. The author could then concentrate on developing the Back-end and Middle Tier of the system without being affected by developments in the Front-end. 6 2.3 Other Architectural Options 2.3.1 Two Tier Architecture Request CLIENT Response SERVER Figure 2-2 : The Two-Tier Architecture The two-tier architecture consists of two computers as shown in Figure 2-2 - a client and a server, with areas of logic combined on the client. The components comprise of presentation, processing, and data which are divided among two software entities or tiers, client application code and database server. Presentation is handled exclusively by the client while processing is split between client and server. The data for the system is stored on and accessed through the server. Communication between the components is fairly simple – the client sends a request to the server. The server simply processes the request and sends the results back to the client over the network. Such an architecture was clearly not suitable for R.U.M as it has limitations which would have made the implementation of R.U.M. difficult, if not impossible. Users of R.U.M. would have to install a program on their computers. If there were any upgrade to the system as a whole, then each user would have to download the upgrade for their client program. Small changes to the application would require a complete rollout of the “R.U.M. Client”. 2.3.2 N-Tier Architecture N-Tier architectures are similar to three-tier architectures. According to Poulton (2002) N-tier architectures, however, solve some problems inherent in the three-tier architecture. Many applications are likely to share application objects, and so the middle tier from the three-tier system would be extended to support these shared objects. These objects will have a common interface, which allows them to communicate and work together. 7 At first glance, this approach would appear to be ideal for a system such as R.U.M. However, there are a number of reasons why the N-tier architecture was not adopted. With N-tier architectures, there is quite a steep learning curve. It also takes time to learn how to use a new Application Program Interface (API) [www.javaworld.com]. Secondly, a quality web server which supports the N-tier model, such as BEA's Weblogic or IBM's WebSphere, can easily cost tens of thousands of Rands and would not be worth it in the long run, especially for a system like R.U.M. In addition, there are also some architectural issues, which need to be considered. It is fairly difficult to make objects reusable – the design and implementation effort put into making the objects reusable could be used on other aspects of the system. The complexity of the system would increase and would be more prone to bugs. Distributed web applications are also notoriously slow due to the slowness of the protocols themselves. Finally, in an n-tier system, load balancing is difficult. In a three-tier architecture, if the number of users accessing the system increases, then additional servers can be introduced. This is known as load balancing. However with an n-tier system, the objects would reside on many different machines, and it would be difficult to pinpoint the machine, which needs load balancing. 2.4 Technologies used in each Tier 2.4.1 Development and Deployment Options The developers of R.U.M. had two major choices of deployment environments being Java and Microsoft .NET. Java 2 Enterprise Edition (J2EE), as described by Poulton (2002), is essentially a collection of specifications for web services, business objects, data access, and messaging. This collection of APIs is provided to define the way in which web applications communicate with the servers, which host them. J2EE primarily focuses on making web applications portable. This means that the web applications can run on any server regardless of its hardware or operating system. Oberg (2002) defines Microsoft‟s .NET initiative as a set of tools, which “address issues of application development and delivery in both the PC and web domains”. It draws on some of the best ideas in the industry, including Java, XML and Microsoft‟s own Component Object Model 8 (COM). The key differences between these two technologies are outlined in Table 2-1 below taken and adapted from Farley (2000): Microsoft.NET J2EE Key Differences C# and Java both derive from C and C++. Most significant features (e.g., garbage collection, hierarchical namespaces) are present in both. C# borrows some of the component concepts from JavaBeans (properties/attributes, events, etc.), adds some of its own (like metadata tags), but incorporates these features into the syntax differently. C# programming language Java programming language Java runs on any platform with a Java Virtual Machine. C# only runs in Windows for the foreseeable future. C# is implicitly tied into the IL common language runtime (see below), and is run as just-in-time (JIT) compiled bytecodes or compiled entirely into native code. Java code runs as Java Virtual Machine (VT) bytecodes that are either interpreted in the VM or JIT compiled, or can be compiled entirely into native code. High-level .NET components will include support for distributed access using XML and SOAP (see ADO.NET below). ASP.NET uses Visual Basic, C#, and other languages for code snippets. All get compiled into native code through the common language runtime (as opposed to being interpreted each time, like ASPs). JSPs use Java code (snippets, or JavaBean references), compiled into Java bytecodes (either on-demand or batchcompiled, depending on the JSP implementation). NET common language runtime allows code in multiple languages to use a shared set of components, on Windows. Underlies nearly all of .NET framework (common components, ASP.NET, etc.). Java's Virtual Machine spec allows Java bytecodes to run on any platform with a compliant JVM. CORBA allows code in multiple languages to use a shared set of objects, on any platform with an ORB available. Not nearly as tightly integrated into J2EE framework. Similar web components (e.g., based on JSP) not available in Java standard platform, some proprietary components available through Java IDEs, etc. Win Forms Forms and Web Java Swing Win Forms and Web Forms RAD development supported through the MS Visual Studio IDE - no other IDE support announced at this writing. Swing support available in many Java IDEs and tools. ADO+ is built on the premise of XML data interchange (between remote data objects and layers of multi-tier apps) on top of HTTP (AKA, SOAP). .NET's web services in general assume SOAP messaging models. EJB, JDBC, etc. leave the data interchange protocol at the developer's discretion, and operate on top of either HTTP, RMI/JRMP or IIOP. NET common components (also known as the ".NET Framework SDK") Java core API Active Server (ASP.NET) Pages+ Java ServerPages (JSP) IL Common Runtime Language Java Virtual Machine and CORBA IDL and ORB ADO.NET and SOAPbased Web Services JDBC, EJB, JMS and Java XML Libraries (XML4J, JAXP) 9 Table 2-1: J2EE vs. Microsoft .NET 2.4.2 Java for R.U.M. In light of the features of Java mentioned in Table 2-1, the developers have decided to use the Java environment for the development and deployment of R.U.M. In addition, Java has numerous features which can be taken advantage of, when developing an e-commerce application such as R.U.M. The benefits that are applicable to R.U.M. are summarized briefly below: [Naughton and Schildt, 1999]  Simple Java was designed to be easy for professional programmers to learn and use effectively. This meant that the creation of R.U.M. was done fairly quickly and efficiently.  Object Oriented Java has borrowed liberally from many seminal object-software environments of the last few decades. The object model in Java is simple and easy to extend, while primitive types such as integers are retained as non-objects with a high performance. This allowed the developers to visualize the components of the system in a simple way and helped the coding to be done quickly and easily.  Robust The multi-platformed environment of the Internet places significant demands on a program. For this reason, the ability to create robust programs was given high priority in the design of Java. An e-commerce application such as R.U.M. needs to execute reliably on a variety of systems – there is no room for system crashes due to unreliable software.  Distributed 10 Java has been designed for the distributed environment of the Internet, because it can handle the common network protocols. This simplified the development of R.U.M. since it inevitably involved the use of network protocols to communicate.  Multithreaded An e-commerce application has to be able to handle simultaneous requests as well as respond to several users simultaneously. This is known as multithreading. Because Java supports multithreaded programming, it was the ideal language for use in R.U.M.  Architecture-Neutral Before the arrival of Java, there was no guarantee that programs written to run on today‟s computers would run on tomorrow‟s computers. Operating system upgrades and processor upgrades could all combine to make a program malfunction. Using Java for R.U.M. ensures that even if Rhodes should upgrade their existing hardware and/or software, R.U.M. will still operate on that new system.  Portability Many types of computers and operating systems are in use throughout the world. It is likely that the Alumni department may wish to run the system on a different machine such as Linux. Java programs are compiled into byte code and this byte code will run under any system, which has a Java Virtual Machine (JVM) installed and running. Since most computers nowadays have this JVM installed, R.U.M. can be ported to any machine regardless of the operating system. 2.4.3 Hypertext Markup Language (HTML) / Cascading Style Sheets (CSS) To publish information for global distribution, a universally understood language is needed. The publishing language used by the World Wide Web is HTML (Hypertext Mark-up Language). This was used for the development of the Front-end of R.U.M. and is discussed in the other team member‟s report. 11 Cascading Style Sheets (CSS) is a mechanism for adding style (for example, fonts, colours and spacing) to Web documents. It is merely an extension to HTML and was used to add enhancement to the online help system of R.U.M. 2.4.4 JavaScript JavaScript is a scripting language, which is similar to Java. Developed by Netscape, it carries with it a smaller command set and a much simpler structure, though it remains an Object Oriented Programming Language (OOP). It was used to add dynamic content to R.U.M. in the Front-end and is also detailed in the other team member‟s report. 2.4.5 JavaMail JavaMail provides a set of APIs and provider implementations, which allow for the development of fully functional e-mail applications. These applications can read, compose and send e-mails. This technology is discussed further in Chapter 5 2.4.6 Java Database Connectivity (JDBC) JDBC technology is an API that allows developers to create Java programs, which can access virtually any tabular data source. JDBC was used extensively in the back-end of R.U.M. and allowed the middle-tier to access a Microsoft Access Database. 2.4.7 Java Server Pages (JSP) and Java Beans Java Server Pages (JSP) is a Sun Microsystems specification for combining Java with HTML to provide dynamic content for Web pages. When a web designer creates dynamic content, JSPs are more convenient to write than HTTP servlets because they allow him to embed Java code directly into his HTML pages, in contrast with HTTP servlets, in which HTML is embedded inside Java code. JSP is part of the J2EE, and is also supported by Apache Tomcat. JSP was used for the dynamic content in many of the R.U.M. web pages. 12 Chapter 3 : The Client Tier (Front-End) 3.1 Responsibilities of the Front-End The Front-end is responsible for providing services that an application needs to allow the user to view and manipulate it. Fields & Kolb (2000) state that the Front-end can be thought of as the user interface because it is used to get input from the end user and display the application‟s results. The Front-end is not concerned with the details of how the information was obtained or where it came from. It is only responsible for displaying information and passing any activity up the chain to the other tiers. In R.U.M. the development of the Front-end was undertaken by the author‟s team member, so it will not be discussed in detail. The author will only briefly describe the features of the Front-end of R.U.M. 3.2 Thin Client Architecture A thin client option is described by Poulton (2002) as one where the application and data exist server, while the client simply uses a generic presentation application in the form of a web browser. In contrast, in a thick client model, most, if not all the processing is done on the client machine and the client must download software (e.g. Java applets), in order to access the system. Maintenance is a problem because any changes in the server side software will usually require the client side software to be changed as well. Therefore R.U.M. has made use of the thin client model to avoid the issues associated with the thick client option. 3.3 Page Centric Approach with JavaBeans R.U.M. has been designed so that there was a series of interrelated JSP pages where the user could proceed from one page to another. The JSP pages accessed resources, such as the database, with the assistance of JavaBeans. The Page Centric Approach was chosen over the Servlet Centric approach, which would have involved the use of servlets of to send the required page to the user; the servlet acting is a controller for the whole application. 13 3.4 Form Elements HTML Form elements have been used in R.U.M. These form elements include text boxes, text areas, selection lists, combination boxes and buttons. They are created using static HTML tags. This was considered to be the ideal method of displaying forms, as opposed to applets, because again, no software needs to be downloaded onto the client machine; the user‟s web browser is more than adequate. 3.5 Front-End Technologies 3.5.1 Web Browser R.U.M. has been designed and tested to run well under Microsoft Internet Explorer 6.0. It was also tested under Netscape Communicator 4.7x, and although there are slight visual discrepancies, the web shop is still completely useable. 3.5.2 Scripting Languages The Front-end of R.U.M. was constructed using mainly HTML code for the static content and the visual output, which was generated by the HTML, was enhanced by using CSS. The dynamic content was generated by JavaBeans and Java Server Pages. These two technologies are discussed in depth in Chapter 3. Finally JavaScript was used for limited client side validation in R.U.M, as well as for some special effects, such as the fading product display on the front page. 14 Chapter 4 : The Application Server (Middle-Tier) 4.1 The Responsibilities of The Middle-Tier As mentioned earlier, the middle-tier consists of server-side business application logic components. Booth brings to light the fact that the responsibilities of these objects vary widely. Functions such as the enforcement of business rules, separation of the user interface and the database source, and providing a single data access layer for multiple divergent database servers are amongst the possible responsibilities. The design of the system will have a strong influence on the actual functions, which are provided by the middle-tier object. Two of the functions will now be outlined below briefly. 4.1.1 Enforcing the Business Rules Booth highlights the fact that in many database systems there are sets of rules, which determine whether data is valid, or not. Such rules can be divided into two types, mainly domain constraints and business rules. A domain describes all of the possible values that an entity or an attribute can have. For instance, in R.U.M. the domain for the country field includes all of the countries in the world. Business rules are a subset of a domain. Business rules place further restrictions on the possible values for a domain. For example if R.U.M. was only serving people residing in South Africa, then the domain for the city field would encompass all the cities of the world, but the business rules would restrict the field to only the cities within South Africa. The Middle-Tier business tier objects of R.U.M. have been considered to be the most ideal candidates to enforce the business rules. This is because a database like Microsoft Access is likely to be over-restrictive if the validation rules were enforced there. 4.1.2 Fetching and Posting data for the user interface As mentioned in Chapter 2, in the three-tier design, the user interface is separated from the data source by the middle-tier. There is thus a need for some sort of mechanism to retrieve the data from the database so that the Front-end can use it. There is a middle-tier object, which performs the role of translating the data from the format found in Microsoft Access to a format that can be used by the user interface. It also works the other way round, and translates data from the user 15 interface into a form, which can be stored in the database. Using this design approach ensured that any changes to the database would only require minor enhancements to the middle-tier, and any changes to the user interface would require the middle-tier to be enhanced. 4.2 The Server There are two main types of servers, which can reside in the middle-tier – an application server and a web server. There is often confusion regarding the functions of each type of server. Sintes (2002) reckons that “a Web Server exclusively handles HTTP (Hyper-text Transfer Protocol) requests, whereas an application server serves business logic to application program through any number of protocols”. Each will now be examined in more detail: 4.2.1 The Web Server When a web server receives a request for a web page (via HTTP), it responds with an HTTP response in the form of an HTML page. The response may also be an image or a page redirect. The Web server may even delegate dynamic response generation to some other program - in the case of R.U.M. dynamic responses are handled by JSP. A web server‟s delegation model is fairly simple. When the web server receives, a request, it simply passes this request to a program, which can handle it. The web server does not provide any functionality besides providing an environment in which the server-side program (JSP) can execute and pass back the relevant response. While a web server may not itself, support transaction management or connection pooling, it can employ certain strategies for fault tolerance and scalability such as load balancing, caching, and clustering. erroneously associated with application servers only. 4.2.2 The Application Server An application server exposes business logic to client applications through various protocols, including HTTP. The application program can then use this logic just as if it were calling a method on an object. Examples of application clients can include GUIs (graphical user These features are often interfaces) running on a workstation, a Web server, or even other application clients. The data travelling between the application server and the client is not just display information as is the case with a Web server. Instead, the data contains the program logic. 16 In many cases, the business logic is exposed through a component API such as the EJB (Enterprise Java Bean) component model found on J2EE application servers. In addition, the application server is capable of managing its resources. Such functions would include security, transaction processing, resource pooling and messaging. The application server is also able to it employ strategies for fault tolerance and scalability, similar to a web server. 4.2.3 Choosing a server for R.U.M. The developers of R.U.M. had to choose whether to use a web server, application server, or both. It was decided that both a web server and an application server would be the best choice for R.U.M. This is because the R.U.M. middle-tier serves web pages in addition to handling business logic. The middle-tier takes care of transaction processing, e-mailing users and security among other things. Apache Tomcat was chosen as the server because it adequately meets the needs of a system as complex as R.U.M. Apache Tomcat will be discussed in detail below. 4.3 Middle-Tier Technologies in Detail 4.3.2 Apache Tomcat According to Bollinger & Natarajan (1999), the Apache Software Foundation supports Java Server Pages with the mission “to provide commercial-quality server solutions based on the Java Platform.” Apache Tomcat is the official JavaSoft-endorsed reference implementation for the Servlet 2.2 and JSP 1.1 specifications. To support JSP, a special component present in Tomcat was needed – the JSP container. Bollinger & Natarajan define containers as special Java classes to which the Web server directs HTTP requests when the resource requested is a servlet or a JSP page. Such containers manage one or more Java Virtual Machines (JVMs) to execute the servlets and Java Server Pages. The Tomcat containers support both stand-alone and hybrid configurations. A stand-alone configuration is one where the container can also perform the functions of a web server such as Apache or Microsoft‟s Internet Information Services (IIS), while a hybrid configuration is one where the container runs alongside the web server. Bollinger & Natarajan emphasise that Web servers are best suited to handling static resources such as HTML, while servlet and JSP containers handle servlets and Java Server Pages best. This implies that the hybrid configuration is able to improve response times and scalability. 17 R.U.M. has been deployed on Tomcat as a stand-alone system. The developers have felt that while a hybrid configuration would perform better than a stand-alone configuration, such additional features would not benefit a system, which attracts low volumes of traffic, such as R.U.M. If the need to improve response time arises, then industrial-strength servers can be installed and configured, but that is beyond the scope of this investigation. 4.3.3 Tomcat and Other Application Servers The developers had numerous options with regards to choosing a web/application server. Tomcat was chosen because it is free, supports JSP, and has detailed documentation available from third parties. It was also found that the most commonly used Java application server execution environment today is Tomcat, according to BZ Research‟s latest Java Awareness Study [Zeichick, 2002], conducted in August 2002. In the study, 52.2 percent of all respondents said Tomcat was currently in use at their companies. Table 4-1 shows the percentages pertaining to the other Java application servers. Java Application Server Apache Tomcat IBM WebSphere BEA WebLogic Oracle‟s Oracle9iAS Macromedia JRun JBoss Sun ONE app server (iPlanet), Borland AppServer/Enterprise Server Percentage 52.2% 29% 24.4% 20.8% 14.7% 13.9% 11.8% 9.4% Table 4-1: Popular Java application server execution environments The survey also found that ease of use and standards compliance were the most important features, which a Java application server execution environment needs to exhibit. In addition Schultz (2001) provided Table 4-2, showing how Apache Tomcat compared with JRun and JServ: 18 Product Pros   Free Active open-source development effort Very current in terms of servlet API compliance Free for development purposes Relatively speedy Supported by Allaire (Macromedia) Cons   Not the fastest implementation on the planet Poor support from Apache themselves Apache Tomcat     JRun    Costs money for production use Versions before 3.0 had numerous configuration headaches Slightly behind the times with updates (compared to open source projects) No longer in active development (Tomcat inherited this effort) Has some thread-leaking issues Only supports servlet API 2.0 (not later) Poor support  Free    Apache JServ  Table 4-2: Apache Tomcat compared with other web servers The author considered the above pros and cons of Tomcat as well as the fact that numerous companies, which are pursuing the Java route, use Apache Tomcat, and concluded that Tomcat is well suited to real-world applications such as R.U.M. 4.4 Session Tracking Poulton (2002) classifies communication between a client and a web server as being either stateless or stateful. The key difference between the two is the nature of the connection. HTTP is inherently a stateless protocol. This means that the web server knows nothing about what the client is doing. In the case of R.U.M. this would mean that the server would not be able to keep track of shopping carts, for example. This can be extremely problematic – when a customer adds products to their shopping cart, the server would not know about what was already in the cart. Worse still, browsing through another page, such as one of the products pages, would cause the contents of the shopping cart to be lost. Hall (1999) highlights four typical solutions to this problem: 19 4.4.1 Cookies HTTP cookies can be used to store information about a shopping session. Cookies are small text files, which are stored on the client machine and maintained by the web browser software. The text files can contain information about the customer‟s session. According to Mayer-Schönberger (2002), cookies are based on a two-stage process. First the cookie is stored on the client machine without their consent or knowledge. For example, with customisable Web search engines like My Yahoo!, a user selects categories of interest from the web page. The Web server then creates a specific cookie, and then transmits this cookie to the client machine. The user's web browser receives the cookie and then stores it in a special file called a cookie list. With each subsequent connection the server can request for the information stored on the client, and the client‟s browser will transmit it to the server. Servlets and JSP have a high-level and easy-to-use interface for cookies, but there are a number of relatively tedious details that need to be handled:    Extracting the cookie that stores the session identifier from the other cookies, Setting an appropriate expiration time for the cookie (sessions interrupted by 24 hours probably should be reset), and Associating information on the server with the session identifier (there may be far too much information to actually store it in the cookie, plus sensitive data like credit card numbers should never be stored in cookies). Cookies were not used in R.U.M. for the following reasons:  Cookies can be controlled by programming a low-level API, which is more difficult to implement than some other approaches. This would have made the development of R.U.M. difficult and cumbersome,   All data relating to a session is stored on the client machine. Corruption, expiration or purging of cookie files can all result in incomplete, inconsistent, or missing information, Cookies may not be available for many reasons: the user may have disabled them (due to privacy issues), the browser version may not support them, or the browser may be behind a firewall that filters cookies. Servlets and JSP pages that rely exclusively on cookies for client-side session state will not operate properly for all clients. Automatically detecting 20 whether cookies are enabled would have created unnecessary programming headaches for the developers,  Historically, cookie implementations in both browsers and servers have tended to be buggy, and/or vary in their conformance to standards. While the developer may have direct control of the web servers, buggy or non-conformant browser versions are still in use by many people, and  Browser instances share cookies, so users cannot have multiple simultaneous sessions. [Sun Microsystems, 2001] 4.4.2 URL (Uniform Resource Locator) rewriting It is possible to append extra data, to the end of each URL, which identifies the session. An example of URL rewriting is shown below: http://www.somehost.com/somefile.html?s=34324324324324 The example shows a unique session identifier being appended to a URL request. The server can then read this data and can associate that session identifier with data it has stored about that session. This solution avoids the problems associated with cookies – it works with browsers that do not support cookies, or browsers which have cookies disabled. URL rewriting also allows multiple simultaneous sessions for a user. This is because session information is local to each browser instance. Each web page in the system will need to have dynamically generated links (i.e. the session state will need to be appended to each link). URL rewriting was not used for R.U.M. because every page would need code to extract the session ID from the URL. Furthermore, this session ID would have to be appended to every link and that would have been extremely cumbersome. 21 4.4.3 Hidden Form Fields Poulton (2002) highlights the fact that HTML defines a HIDDEN form element, which is not rendered by the browser. Such elements are submitted along with the other visible form elements, when the user clicks the „SUBMIT‟ button on the form. The JSP page or Servlet which processes the form can then read the value of the hidden form field and process it accordingly. Similar to URL rewriting, each hidden form element needs to be dynamically generated. Thus to maintain the session, the session ID is included as one of the hidden form fields. The use of hidden form fields for session tracking would require that every page in the system be dynamically generated. Since not all of R.U.M.‟s pages are dynamic, the developers have opted not to use this method of session tracking. 4.4.4 The Session Tracking API Java provides an HttpSession API which allows for session tracking with Servlets and JSP. This means that Servlets and JSP pages have built-in session tracking capabilities. The Session Tracking API, as we call the portion of the Servlet API devoted to session tracking, should be supported in any web server that supports Servlets, such as Apache Tomcat. When a user accesses R.U.M. a session object is created for them. This session object can be examined and manipulated by all the JSP pages in the system. There is no need to manipulate cookies or information appended to the URL. In R.U.M. session tracking is done using Session Beans. For example, customer information is stored in a Session Bean known as CustomerBean. Session Beans are placed into the user‟s session object and are hence accessible from any page in the system. Session Beans effectively eliminate the problems inherent in URL rewriting, Hidden Form Fields and Cookies. 4.5 Java Server Pages (JSP) 4.5.1 Overview As mentioned in Chapter 2, Java Server Pages allows web designers to separate the dynamic contents of their pages from the static HTML. According to Hall (1999), the designer simply has to write the regular HTML in the normal manner, either by hand or using a web design tool. The code for the dynamic content is enclosed using special tags usually starting with “<%” and ending 22 with “%>”. For example, a code snippet from R.U.M. is shown in Listing 4-1, which welcomes the customer who is currently logged in. The JSP code is in bold. Welcome <%=customer.getfstname()%>! Please click on the above tabs to begin your shopping experience. If you are not <%=customer.getfstname()%> then please click here. Listing 4-1 : Welcome page logic The files containing the code are usually given a .jsp extension. Although what is written often appears like regular HTML, behind the scenes, the JSP page is converted to a servlet by the JSP container in Apache Tomcat. This conversion process is quite time consuming and, thus, is only done the first time the page is requested, or if any changes are made to the code. Aside from regular HTML, there are three main types of JSP constructs that can be embedded in a page – scripting elements, directives and actions. 1. Scripting elements allow the designer to specify Java code which will become part of the resultant servlet, 2. Directives allow the designer to control the overall structure of the servlet, and 3. Actions allow the designer to specify existing components that should be used, and otherwise control the behaviour of the JSP engine. 4.5.2 JSP Scripting Elements Hall emphasises that scripting elements allow Java code to be inserted into the servlet that will be generated from the current JSP page. There are three types of elements, being expressions, scriptlets and declarations and are detailed below: 4.5.2.1 JSP Expressions A JSP expression is used to insert Java values directly into the output. It has the following format: <%= Java Expression %> 23 The Java expression is evaluated, converted to a string, and subsequently inserted into the web page. The evaluation is performed at run-time (i.e. when the page is requested), and thus has full access to information about the request. The following code snippet shows the date and time that the page was requested: Current time: <%= new java.util.Date() %> 4.5.2.2 JSP Scriptlets JSP scriptlets allow the designer to do more complex tasks than simple expressions. JSP scriptlets let the designer insert arbitrary code into the servlet method that will be built to generate the page. Scriptlets have the following form: <% Java Code %> Hall emphasizes that scriptlets have access to the same automatically defined variables as expressions. He also notes that code inside a scriptlet gets inserted exactly as written and any HTML text before or after a scriptlet gets converted to the appropriate servlet code. The code fragment in Listing 4-2, taken from R.U.M., illustrates a mixture of static HTML and scriptlets:

<% if (!customer.getloggedin()) { %> A warm welcome to all our Rhodents!  Rhodes University would like to thank
you for visiting RUM.  We hope this website will provide you with a pleasant shopping experience. We are continually adding new items to our stock; please bookmark this page and visit us regularly for the latest product information.  We always strive to update and improve the RUM webpage.  Any suggestions and comments are welcomed! 

<% } else { %> Welcome <%=customer.getfstname()%>! Please click on the above tabs to begin your shopping experience. If you are not <%=customer.getfstname()%> then please click here.

Listing 4-2 : Mixing HTML with Scriptlets <% } %> 24 4.5.2.3 JSP Declarations JSP declarations allow developers to define methods or fields that get inserted into the main body of the servlet class. It has the following form: <%! Java Code %> Such declarations are not meant to generate any output for end users. They are normally used in conjunction with JSP expressions or scriptlets. Variables declared in this manner, will become “global” and hence, any servlet instances can access them. The following code fragment prints out the number of times that the current page has been accessed: <%! private int accessCount = 0; %> Accesses to page since server reboot: <%= ++accessCount %> Listing 4-3 : An Example of JSP Declarations JSP declarations were not used in R.U.M. because there was no need to use global variables in the system. 4.5.3 JSP Directives Fields & Kolb (2000) state that directives are used to convey special processing information about the page to the JSP container. The directives can be used for the following:    To specify the scripting language for the page, To include the contents of another page and To indicate that a page uses a custom tag library. Like declarations, directives do not directly display any output, but they affect the way in which the JSP container processes the page. 4.5.3.1 Page Directive Fields & Kolb rate the page directive to be the most complicated JSP directive, primarily because it allows a wide range of attributes and associated functionality. The syntax of the page directive is as follows: 25 <%@ page attribute1 = “value1” attribute2 = “value2” attribute3 = … %> The page directive supports a total of eleven attributes. Only one of those attributes was used in R.U.M. The import attribute was used in all the JSP pages to extend the set of Java classes that the pages could reference. This meant that the developers did not have to explicitly specify class package names. It is analogous to Java‟s import statement, which is used when writing Java class files. 4.5.3.2 Include Directive The include directive enables designers to include the contents of one file in another. The file to be included is specified as a local URL. The directive effectively replaces itself with the contents of the specified file. The file may be a static HTML file or it may consist of additional JSP elements that will be processed as if they were in the original page. It was used in R.U.M. to add a text menu at the bottom of every JSP page as follows: <%@ include file = “bottom.jsp” %> 4.5.4 JSP Actions According to Fields & Kolb, JSP actions enable JSP pages to interact with JavaBean component objects residing on the web server. Actions serve three major roles in a system such as R.U.M. JSP actions allow for:    The Transfer of control between pages, The Specification of Java applets in a browser-independent manner, and The Interaction of JavaBeans component objects residing on the server. The developers did not use all of the above actions in R.U.M. Since R.U.M. does not make use of Java applets, there was no need for the developers to use Java applet specifications. The two actions which were used are described in the next section. 26 4.5.4.1 Forward Fields & Kolb emphasise that the action can be used by developers to transfer control from one JSP page to another page on the local server. Any content which is currently being generated by the current page is discarded and processing of the request begins at the alternate location. The following example shows one of the tags which have been used in R.U.M.: The page attribute of the action is used to specify the web page which control needs to be passed to. This page may be a static document, a servlet, or another JSP page. In R.U.M. forwarding was used in all the JSP pages which did server-side processing. 4.5.4.2 JSP Bean Tags JSP provides three different actions for interacting with server-side JavaBeans. These actions are , , and . The interaction between JSP and JavaBeans will be discussed in detail in the next section. 4.6 The Fundamentals of JavaBeans JavaBeans are described by Infobus Technology (2002) as the Java component architecture, which allows the creation and distribution of reusable components. Fields & Kolb describe a Bean as simply a Java class that adheres to a set of simple naming and design conventions outlined by the JavaBeans specification. The specification was created by Sun Microsystems with the co-operation of the industry and “dictates the rules that software developers must follow in order to create stand-alone, reusable software components”. Beans encapsulate both state and behaviour. Fields & Kolb emphasise that developers can use JSP‟s collection of Bean-related tags to leverage the power of Java to add dynamic elements to their web pages. 27 4.6.1 JavaBean Conventions If a Java class file adheres to the JavaBean conventions, then the Bean container can analyse the class file and interpret its methods as properties, designating the class as a JavaBean. Fields & Kolb add that the conventions dictate rules for defining a Bean‟s constructor and the methods that will define its properties. According to Hall (1999), in order for a class to be a bean it must meet the following requirements: 1. Have a constructor which takes no arguments. 2. Have no publicly declared instance variables. All instance variables in a JavaBean class must be declared with a private access modifier. 3. Accessor and setter operations must have methods that take the following format: - getXxx (or isXxx): to get the values stored in instance variables (known as Bean attributes). - setXxx: to set the values stored in instance variables. (where Xxx is replaced with the method or instance variable name). 4.6.1.1 The JavaBeans API By adhering to the conventions which are stated in the JavaBeans API, the JSP container can interact with Beans at a programmatic level, despite the fact that the container has no knowledge about the functions of the Bean. For JSP, the developers need only concern themselves with the aspects of the API which dictate how the Bean‟s constructors and property access methods are written. 4.6.1.2 Beans Are Objects Fields & Kolb reiterate that like any other Java class, instances of Bean classes are simply Java objects. This allows developers to reference the Beans and their methods directly through Java code in other classes or through JSP scripting elements. Bean containers, such as the JSP container bundled with Apache Tomcat, can provide easy access to Beans and their properties. 28 The developers of R.U.M. had to create methods, which controlled access to each property within the Bean, in order to adhere to the coding conventions. For example, in the ShoppingCart bean, there was a getsize() function to return the size of the cart. Beans can also have regular methods just like any other Java object. In order for the JSP pages to manipulate the Beans, the developers had to use scriptlets and expressions within the JSP code. 4.6.1.3 Class Naming Conventions Most of the Bean classes which have been used in R.U.M. have included the word “Bean” in their name. Fields and Kolb consider this to be a common approach, which allows other developers to immediately understand the intended role of the class. However, it is not a requirement for a Bean to be used inside a JSP page, or any other Bean container. JavaBeans follow the same class naming rules as normal Java classes – the initial character must be alphabetic and the rest of the characters can contain only alphanumeric and underscore characters. compulsory. 4.6.1.4 Introspection Fields et al highlights the fact that the JSP container cannot interact with a Bean object without the benefit of a common interface. Java manages this via a process known as introspection. Introspection, which happens at run time, allows a class to expose its methods and capabilities on request. In addition, the Bean class usually starts with a capital letter, but this is not Introspection occurs through a mechanism known as reflection, which allows the Bean container to examine any class to determine its method signatures. The Apache Tomcat Bean container effectively searches the Bean for public methods, which meet the criteria defined by the JavaBeans API. For a property to exist, its Bean class must have methods, which can change the property and/or change the value of the property. 4.6.2 Using the JavaBeans with JSP To interact with a Bean, the JSP page needs to know where to find the Java class file that defines the Bean and assign it a name [Fields & Kolb, 2000]. This name can then be used to access the 29 values stored in the Bean‟s properties. The three JSP actions which provide the link are now discussed in-depth. 4.6.2.1 The tag The tag effectively makes a JavaBean available to a JSP page. If a Bean object does not exist on the server, then a new one is created, otherwise the existing one is retrieved. The tag is supplied attributes which specify the type of Bean that the developer wishes to use as well as the name that can be used to refer to it. The comes in two forms. The simplest form of the tag requires only two attributes to be specified – id and class. The basic syntax for the tag‟s two forms is: initialisation code Listing 4-4 : The useBean tag    The id attribute specifies a name for the Bean which will be a unique value that will refer to this particular Bean throughout its lifetime, The class attribute specifies the class name of the JavaBean itself, The scope attribute controls a Bean‟s accessibility and lifespan. Table 4-3, taken from Fields & Kolb, briefly explains all the possible Bean scopes. Scope Page Accessibility Current page only Current page and any included or forwarded pages The current request and any subsequent request from the same browser window The current and any future request that is part of the same web application Life Span Until page is displayed or control is forwarded to a new page Until the request has been completely processed and the response has been sent back to the user Life of the User‟s session. Request Session Application Life of the application Table 4-3 : Possible Bean scopes 30 For R.U.M., the developers chose to use most of the Beans with a session scope, in order to maintain the state of the objects throughout the users‟ sessions. The Validation and Country Beans were the only Beans whose lifespans were not valid for the users‟ sessions. The developers chose to make the Validation Bean valid for the request only, since it was only needed for processing and validating forms, while the Country Bean was valid for the page, since it was only needed for that page. Keeping both of these Beans active for the entire session would waste valuable memory. 4.6.2.2 The tag The primary way to access a Bean‟s properties is through the tag. [Fields & Kolb, 2000]. Unlike the tag, this one actually produces content which can be seen in the HTML which is generated by the page. The getproperty tag has no body element and requires two attributes, being name and property. Its syntax is  The name attribute specifies the Bean that is being evaluated and it should correspond to the name that was selected in the tag‟s id attribute,  The property attribute is the name of the Bean attribute which needs to be accessed. The property name must correspond with the name of the Bean attribute and there must be a corresponding accessor method within the Bean. In the resulting HTML that is displayed at run-time, the tag is replaced with the value of the property of the requested Bean. The developers made use of the tag to get the forms to “remember” the data that had been typed in, when the forms are redisplayed in the event of validation errors. 4.6.2.3 The tag The tag modifies the attributes of Beans. Fields & Kolb add that the tag can be used to modify the properties, provided that the property has been made writable by the Bean developer. Property values are usually modified to control the specifics of the Bean‟s 31 operation or to access its services. The tag may be used anywhere in the JSP page after the Bean has been defined with the useBean tag. The tag requires three attributes, being name, property and value. The format is of the tag is: The name and property attributes function exactly like those of the tag. The optional value attribute is used to specify the text that the property needs to be set to. Again, there must be a corresponding property and a corresponding setter function in the Bean. If the value attribute is omitted, then the value is extracted from the page request. This allows developers to dynamically configure the Beans based on the data entered in forms. If multiple form field names map directly to Bean properties, then a special wild card character “*” can be used in place of the property name. This means that the value of any Bean property, whose name corresponds to the name of a request parameter, will be set. During the coding phase of R.U.M. the author noted that if a form element is left blank, then the property is not set. Why this is the case, is not known, but it could possibly be a bug inherent in Apache Tomcat. 4.6.3 An Example From R.U.M. To illustrate the use of Beans in R.U.M., a code extract is provided, which covers the aforementioned JSP tags. The JSP code is highlighted in bold. 32  <%@ page import="java.sql.*, java.util.*, ValidationBean, CustomerBean, CountryBean" %> <%@ include file = "https" %> . . . <% if (customer.getloggedin()) { %>           <% } else { %>          <% } %> . . . " size="20" maxlength = "50"> . . . <%@ include file = "bottom.jsp" %> Listing 4-5 : An example from R.U.M. It should be evident that JavaBeans form a major part of R.U.M. The author has found that they are easy to use, yet provide powerful processing units, which form the core of the Middle tier. For this reason, the author has used JavaBeans extensively to facilitate user sessions. 4.7 Java Mail The developers of R.U.M. achieved client interaction via two methods. The most obvious method is visually via the web pages themselves. The other method is to inform the user of events via e-mail. In order to provide the latter, the author had to make use of the JavaMail API. To send e-mails the application needs to communicate with the Rhodes University Internet Message Access Protocol (IMAP) server. The only way Java-based applications can do this is via the JavaMail API. [www.welicon.net]. The JavaMail API is included as part of the standard 33 Java 2 API, so the developers did not have to install it as an add-on package. Using the JavaMail API offers the following advantages:  Well-defined, abstract, object-oriented API for accessing messages via POP3, SMTP and IMAP. A single API can be used to access internal mailboxes via IMAP and external mailboxes via POP3. The JavaMail API hides the complexity of the underlying protocols by offering an object-oriented API to folders and messages,  Plug-In architecture can be extended to support additional transport protocols. Additional transport protocol modules (such as the Simple Network Management Protocol (SNMP)) might be licensed from 3rd parties, and  The source code of the JavaMail API is available for licensing by JavaSoft. This removes dependency on 3rd party libraries and licensing costs associated. In addition, the JavaMail API “offers a clean object-oriented framework of classes that model a theoretical mail system” [Patzer, 1999], JavaMail is platform-independent and protocolindependent, and therefore presents an ideal way to build e-mail and messaging solutions that will work with web applications, such as R.U.M. JavaMail provides facilities for both sending and receiving mail. R.U.M. needed to send mail, and this was done using the SMTP protocol. The author has written a mail sending JavaBean, called EmailBean to handle the task. This Bean is used by all the JSP pages which need to send e-mails. The EmailBean is used to:     Send a welcome e-mail once when a new customer creates a profile with R.U.M., Automatically send a customer‟s username and password if they click the “Lost password” button, Send a confirmation e-mail once a customer has placed an order for memorabilia and, Send an e-mail to the Alumni Department with the order details and payment details 34 4.8 Security in R.U.M. When a user accesses R.U.M., there will be situations where sensitive information needs to be transferred from the client machine to the web server and vice-versa. Such sensitive information includes credit card details, contact details, R.U.M. password, etc. Normal communication between the two parties is done using the HTTP protocol. According to Coggeshall (2001), the majority of HTTP transmissions are not secure. The data will travel across the Internet in plaintext, and can easily be intercepted by malicious individuals. Security is crucial for ecommerce applications, because customers obviously do not want their personal details revealed. In order to solve this dilemma, there is a need to secure the communication link between the client and the server. Secure communications in R.U.M. has been achieved via Secure Socket Layer (SSL) technology. The Apache Software Foundation (2002) states that SSL allows data being sent to be encrypted by one side, transmitted, and then decrypted by the other side before processing. This is a twoway process, meaning that both the server and the browser encrypt all traffic before sending out data. The Apache Software Foundation also states that another important aspect of SSL is Authentication. This means that when the web browser initially establishes a connection to the web server over a secure connection, that server will present the web browser with a set of credentials, in the form of a "certificate", as proof that the site is valid. This is the method that R.U.M. uses to keep communications secure. In some cases the web server may also request the client for proof of identity, but this is usually only used in business-to-business (B2B) transactions. This is known as client authentication. R.U.M. does not request client authentication, since it only involves business-to-customer (B2C) transactions. The Apache Software Foundation recommends that Tomcat should only be configured to take advantage of secure sockets, if it is being run as a stand-alone server. Since the developers are making use of Tomcat in this way, Tomcat was configured accordingly. Tomcat did not come with built-on SSL features, so the Java Secure Socket Extensions (JSSE) package was installed. The complete configuration details are outlined in Appendix B. Once Tomcat was configured, 35 pages could be accessed over a secure socket by prefixing the address with https, instead of http. The Apache Software Foundation highlights an important issue. Although the SSL protocol was designed to be as efficient and secure as possible, encryption and decryption are computationally intensive processes, from a performance point of view. It would be inefficient to make every web page secure, so the author ensured that only pages which involved the exchange of sensitive information, such as the credit card details page, were made secure. There was also a need for each page to check that the users had not manually typed in the incorrect URL prefix. The author placed code, at the top of each page, to automatically redirect the page to the correct URL, if the original URL was incorrect. 36 Chapter 5 : The Data Tier (Back-End) 5.1 Responsibilities of the Back-End The database server, which forms part of the back-end of the system, is responsible for storing and maintaining the data, which is required by the middle-tier. [Webopedia, 2002]. The middletier communicates with the database using a JDBC driver. In R.U.M. the back end was responsible for the storage and retrieval of product information and customer information. 5.2 The Database The developers of R.U.M. chose Microsoft Access 2000 as the database management system (DBMS). Microsoft Access is flexible, very powerful and easy to learn, according to Bluefoot Software (2001). The author found that it was more than adequate to do the job of storing and retrieving the business critical data pertinent to R.U.M. Naude (2001) lists some disadvantages of Access, which could potentially make it unsuitable for an e-commerce application. The author will now motivate why these disadvantages have little or no effect on R.U.M.  Visual Basic is the main language supported and used by Access. This did not affect R.U.M. because there was no need for Visual Basic to be used to access the database. The database was accessed using Java (via a JDBC-ODBC bridge), which was easy to setup.  Access is not a free product. Since the University has a licence to run the entire Microsoft Office suite on any campus PC, this did not greatly affect the system. The University had already purchased the licence and hence the Alumni department would simply have to install the product on their intended database server.  Access is a “stand-alone desktop database for personal use, departmental use or for an entire organization” with distributed networking capabilities available as add-ons to the software, not as built-in features of the software. Since it is unlikely that more than 5-10 users would need to access the database at the same time, so one database server would easily cope with the load. If there is a need to increase the number of database servers to achieve load balancing, then the distributed networking components can easily be installed. 37 5.3 Talking to the Database using JDBC As mentioned in Chapter 2, JDBC technology is an API which allows Java programs to access virtually any tabular data source. Sun Microsystems (2002) emphasizes the fact that it provides cross-DBMS connectivity to a wide range of SQL databases. Karkala (2000) points out that one of the major benefits of using JDBC is that “the programmer does not need to know the databasespecific interfaces for each of the databases and the program can connect to multiple databases at the same time.” 5.3.1 Benefits of JDBC Because JDBC abstracts much of the vendor-specific details and generalizes the most common database access functions, if an application conforms to the most commonly available database features, then the application can easily be reused with another database by changing to a new JDBC driver [Raj, 2002]. In addition, database connectivity does not just involve connecting to databases and executing statements. Raj emphasizes that in a business environment, there are some important requirements, which need to be met such as optimising network usage via connection pooling, and distributed transactions. JDBC effectively meets these requirements. 5.3.2 The JDBC API Core Classes Table 5-1 on the following page, extracted from lists the core classes that make up the JDBC API and outlines the use of each of these [JDBC API 1998]. 38 Class/Component Use This is a very important class. Its main purpose is to provide a means of managing the different types of JDBC database driver. On running an application, it is the DriverManager's responsibility to load all the drivers found in the system property JDBC drivers. For example, this is where the driver for the Microsoft Access 2000 database may be defined. This is not to say that a new driver cannot be explicitly stated in a program at runtime which is not included in JDBC drivers. When opening a connection to a database it is the DriverManager' s role to choose the most appropriate driver from the previously loaded drivers. When a connection is opened, this represents a single instance of a particular database session. As long as the connection remains open, SQL queries may be executed and results obtained. This interface can be used to retrieve information regarding the table descriptions, and any other information about the database to which you are connected. By using Connection, a commit is automatic after the execution of a successful SQL statement, unless auto commit has been explicitly disabled. In this case a commit command must follow each SQL statement, or changes will not be saved. An unnatural disconnection from the database during an SQL statement will automatically result in the rollback of that query, and everything else back to the last successful commit. The objective of the Statement interface is to pass to the database the SQL string for execution and to retrieve any results from the database in the form of a ResultSet. Only one ResultSet can be open per statement at any one time. For example, two ResultSets cannot be compared to each other if both ResultSets stemmed from the same SQL statement. If an SQL statement is re-issued for any reason, the old ResultSet is automatically closed A ResultSet is the retrieved data from a currently executed SQL statement. The data from the query is delivered in the form of a table. The rows of the table are returned to the program in sequence. Within any one row, the multiple columns may be accessed in any order A pointer known as a cursor holds the current retrieved record. When a ResultSet is returned, the cursor is positioned before the first record and the next command (equivalent to the embedded SQL FETCH command) pulls back the first row. A ResultSet cannot go backwards. In order to re-read a previously retrieved row, the program must close the ResultSet and re-issue the SQL statement. Once the last row has been retrieved the statement is considered closed, and this causes the Resu1~Set to be automatically closed. A PreparedStatement object is an SQL statement which is pre-compiled and stored. This object can then be executed multiple times much more efficiently than preparing and issuing the same statement each time it is needed. When defining a variable type in JDBC, the program must ensure that the type corresponds with the database field type for IN and OUT parameters. This interface is used to execute previously stored SQL procedures in a way which allows standard statement issues over many relational DBMSs. Consider the SQL example: SELECT cname FROM tnaine WHERE cname = var; DriverManager Connection Statement ResultSet PreparedStatement CallableStatement If this statement were to be stored, the program would need a way to pass the parameter var into the callable procedure. Parameters passed into the call are referred to sequentially, by number. When defining a variable type in JDBC the program must ensure that the type corresponds with the database field type for IN and OUT parameters. Table 5-1 : The JDBC Package 39 5.3.3 Using JDBC to Access The R.U.M. Database The following examples illustrate how the author used JDBC in R.U.M. to access the database. The guidelines were taken from Hwang (2000). 1. Setting up the database The database was created using the GUI available in Microsoft Access. The default options were considered to be sufficient for the purposes of R.U.M. 2. Establishing a connection to the database Before Java programs can communicate with the database, a connection needs to be established. Linking the middle tier to the back end in R.U.M. involved two steps: (1) Loading the driver and (2) making the connection. Loading the driver was a trivial task because it involved only two lines of code: private static final String driver=“sun.jdbc.odbc.JdbcOdbcDriver"; . . . Class.forName(driver); Listing 5-1 : Loading the JDBC driver Since a Microsoft Access database is an Open Database Connectivity (ODBC) source, the author needed to find a method of getting the JDBC API to talk to the ODBC driver, which was installed under Windows 2000. Luckily the Java Development Kit (JDK) provided a JDBC-ODBC bridging driver specifically for this purpose, and this driver was referenced using the first line of code above. There were other driver options, which could have been used, and these options are discussed in the next section. 40 After the driver was loaded, the author had to use the driver to actually connect to Microsoft Access. This step was also simple and was achieved with the following lines of code: private static final String dbURL = "jdbc:odbc:Products"; private static final String login = ""; private static final String password = ""; ... connection=DriverManager.getConnection(dbURL, login, password); Listing 5-2 : Connecting to MS Access No usernames or passwords were required to connect to the database, so these were left blank. 3. Creating JDBC statements Statement objects are used to send SQL statements to the DBMS. The statement object is simply created and executed in order to query the database. Normal statements however were not used in R.U.M. PreparedStatement, This is because another type of statement, known as a is available. According to Crawford and Farley (2002), the main difference between prepared statements and normal statements is that prepared statements allow developers to pre-compile their SQL and run it repeatedly, adjusting specific parameters as necessarily. Since processing SQL strings is a large portion of a database‟s overhead, getting compilation done at the beginning significantly improves performance. It also simplifies otherwise tedious database tasks. An example of a prepared statement in R.U.M. is now shown. The SQL code is in bold. query="INSERT INTO CUSTOMER VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)"; PreparedStatement statement = conn.prepareStatement(query); statement.setString(1,fstname); statement.setString(2,lstname); statement.setString(3,idno); … statement.setString(20,passwd); statement.executeUpdate(); Listing 5-3 : Welcome page logic 41 4. Retrieving Values from Result Sets JDBC returns the results of the query in a ResultSet object. The ResultSet object contains a next method, which allows the results to be processed row by row. The pointer is initially positioned above the first row of the ResultSet object, so before any operations are done, it needs to be moved to the next row. The next method effectively moves a pointer to the next row (called a current row), which can then be operated on. The value in each column of the current row can be obtained by using getXXX() methods, where XXX is the data type of the field being read. For example, in R.U.M. the following line of code reads a customer‟s first name from the current row: fstname = rs.getString("First Name"); 5.3.4 Types of JDBC Drivers The author had to explore four different methods of connecting to the database using JDBC. Raj (2002) suggests the following: 5.3.4.1 JDBC-ODBC Bridge ODBC was developed to create a standard for database access in the Microsoft Windows environment. ODBC is a Windows API standard for SQL and is based on a standard API for database access, known as X / Open Call Level Interface (CLI). CLI is vendor, platform, and database neutral. The ODBC API also defines a set of functions directly accessing the data without using SQL statements embedded in high-level languages. Raj adds that the JDBC API is originally based on the ODBC API. It thus becomes feasible for a bridge to exist between the JDBC API and the ODBC API. The bridge effectively translates the standard JDBC calls into the corresponding ODBC calls. The ODBC driver then delegates these calls to the data source. The JDBC-ODBC Bridge was chosen for R.U.M. because it is currently the only way of connecting Java applications to Microsoft Access databases. 42 5.3.4.2 Part Java, Part Native Driver According to Raj, this approach uses a combination of Java implementation and vendor-specific native APIs for data access. When a database call is made using JDBC, the driver translates the request into vendor-specific API calls. The database processes the request and the results are returned to the vendor API, which forwards it to the JDBC driver, which in turn returns it to the Java program. Raj is of the opinion that this approach is more efficient than the JDBC-ODBC bridge. 5.3.4.3 Intermediate Database Access Server “This approach is based on intermediate (middleware) database servers with the ability to connect multiple Java clients to multiple database servers”. [Raj, 2002]. With this configuration, clients connect to the database using and intermediate server which functions as a gateway to the database server. The Java client sends a JDBC call via a JDBC driver to the intermediate server. The intermediate server then requests the data from the database server, receives it, and then forwards the results to the Java client. The intermediate server effectively abstracts the details of connections to the database server. 5.3.4.4 Pure Java Drivers Raj (2002) describes this as a pure Java alternative to the part Java, part Native driver. These drivers effectively convert the JDBC API calls to direct network calls by making direct socket connections to the database. This is the most efficient method of accessing databases with regards to performance and development time. It is also the simplest to deploy since there is no need to install additional libraries or middleware. This clearly would have been the most ideal type of driver for using in R.U.M. Unfortunately after extensive searching, the author established that there are no drivers of this type available specifically for Microsoft Access 2000. 5.3.5 Alternatives to JDBC Raj (2002) suggests that at present, there are two alternatives to JDBC. They are ODBC (on its own) and SQL-Java (SQLJ), which is a non-approved Java standard for database access. 43 Without JDBC, only proprietary database access solutions exist. These solutions effectively force the developer to “invent” their own layer of abstraction on top of them in order to create database-independent code. While the ODBC solution provides this layer of abstraction, it is not platform independent since it is restricted to the Microsoft Windows platform. [Raj, 2002]. Using a pure ODBC solution for R.U.M. would have forced the author to write reams of code, just to make simple updates to the database. Milrud (2002) points out that SQLJ was developed to complement the dynamic JDBC SQL model with a static SQL model. The static model provides strong type checking at application translation time. With SQLJ, the static SQL code is embedded in the Java code. An example of SQLJ is shown below: String vName; int vSalary; String vJob; Java.sql.Timestamp vDate; ... #sql { SELECT Ename, Sal INTO :vName, :vSalary FROM Emp WHERE Job = :vJob and HireDate = :vDate }; Listing 5-4 : SQLJ Example SQLJ could be regarded as a vehicle for better performance, because all of the SQL code is compiled once. It is also less complex to code, according to Campbell (2002). However SQLJ is limited to embedding only static SQL code. The author did not use SQLJ because R.U.M. makes use of mostly dynamic SQL statements. 44 Chapter 6 : R.U.M. Implementation Now that the tiers within the system have been described, the author will now demonstrate the practical considerations and implementation issues of the R.U.M. system. The screen flow diagram in Figure 6-1 shows R.U.M.‟s website structure and implementation methodologies. The diagram shows the routes which a typical user is likely to take when shopping. This chapter will highlight how the author made use of JavaBeans in the middle-tier. The implementation of the Microsoft Access tables will also be discussed. index.jsp Existing User New User login.jsp register.jsp lostpasswd.jsp update.jsp Shop - Search Search OR Categories logout.jsp Search mycart.jsp details.jsp delivery.jsp payment.jsp confirmation.jsp Figure 6-1 : Screen flow diagram 45 Please note that a detailed description of front-end components in RUM is given in the team member’s thesis (Uma Rudraraju). 6.1 The Middle-Tier – An Overview of the JavaBeans used in RUM This section briefly provides information about the JavaBean components, which have been used in R.U.M. They form the core of the business logic within the system. 6.1.1 ConnectionBean As the name suggests, this bean is responsible for connecting to the database. An instance of this object is created, each time a user accesses R.U.M., and remains active for the duration of the user‟s session. 6.1.2 CountryBean This bean holds an array of all the possible countries, which can be selected, when the user needs to enter his/her details. This array was used to dynamically generate the pull-down menus in the relevant forms. It was also used to enable the forms to “remember” which pull-down option was selected, when the forms are redisplayed in the event of an error. 6.1.3 CustomerBean The CustomerBean maintains all the details of the customer who is currently logged onto the system. Like the ConnectionBean, an instance is also created each time a customer accesses the system. The bean also performs additional functions being:    Validating customer logins, Adding new customers to the database, and Updating customer details in the database 46 6.1.4 EmailBean The EmailBean handles all the confirmation e-mails, which need to be sent. The bean dynamically constructs the e-mail messages and then sends them using the local e-mail server. The bean sends:     A Welcome e-mail for new customers, Order confirmation e-mails to customers who have just ordered, Order details to the Alumni Department, and Customer login details to customers who have lost them 6.1.5 OrderBean The OrderBean holds the details of the order currently being placed. It also validates the credit card information using a mathematical formula. 6.1.6 ShoppingCart The ShoppingCart bean holds the contents of the customer‟s shopping cart in the Vector data type. The Vector holds elements of type ProductBean (which is explained below). It basically allows products to be added, updated and removed from the cart. 6.1.7 ProductBean The ProductBean merely describes the details of a product. It is used in the ShoppingCart bean described above. 6.1.8 ProductDisplay This bean is responsible for retrieving the products from the database so that they can be dynamically displayed in each of the product pages. 47 6.1.9 SearchBean The SearchBean forms the core of R.U.M.‟s product search engine. It receives input from the search form and performs a sequential search through the database for the required product(s). The results are returned in an array of Result objects (described below), which are then used by the search.jsp page. 6.1.10 Result Result is a Java class, which describes details of a single product that has been found in a product search. 6.1.11 ValidationBean The ValidationBean is the most complex bean in the entire system. Its responsibility is the validation of each of the HTML form elements in RUM. The forms that this bean validates include:     Customer registration form, Profile Update form, and Shipping details form Date in the Payment details form Now that the author has given an overview of the JavaBeans used in the system, the actual usage of the beans in the JSP pages will now be described in detail. 6.1.12 The Property Sheet A property sheet for the each JavaBean was provided by the team member to the author, providing a listing of properties that are made available to the JSP page by the particular bean, and the desired property may simply be plugged into the JSP getProperty action via the markup tag in order to obtain the attribute value. The convention and format used in the property sheet were agreed upon by the author and his team member, thus providing a clear separation of work between the logical components of the system. 48 JavaBean Name: OrderBean.java Properties: SName saCost sAdd1 neighbourCost sAdd2 otherCost cardName sPostcode cardNumberRight cardType sCountry expiryDate payment cardNumber ordered delivery cardNumberLeft Recommended Scope: Session Template code to include in JSP code: Example Usage: Table 6.1 : Example of a Property Sheet, OrderBean in RUM In the example above, the property sheet allowed the author to create the OrderBean so that it could meet the designers needs. 6.2 Implementing the JavaBeans 6.2.1 The Welcome page The screen that appears when a user first accesses R.U.M. is index.jsp. Here, users can look at an overview of R.U.M., and can also register as a new user using the Register Here link. The CustomerBean is used in this page to check whether the user is already logged into the system using the getloggedin() accessor function. If the customer is logged in, then an alternative 49 welcome message is displayed. This message includes the user‟s name which is also obtained via the getfstname() accessor in the CustomerBean. 6.2.2 Logging Into R.U.M. When a user clicks on the Log In link in R.U.M. they are presented with a Log In page. This page allows a user to:    Register as a new user. Log in if they are registered. Request for an email containing their username and password details, in the case of a lost password 6.2.3 Registering as a new User In order to register as a new user with R.U.M., the user must complete the registration form provided in the register.jsp page. This process uses four JavaBeans, being the and the EmailBean. CustomerBean, ConnectionBean, ValidationBean Again, the CustomerBean was used to determine whether the user was logged in. This was used to determine whether the Log Out or Log In links were displayed on the navigation menu and was done in all the pages in R.U.M. 6.2.3.1 Connecting to the Database The ConnectionBean was used to maintain a connection between the middle tier and the back end. The following code, shown in Listing 6-1, was used to create the connection to the database: private static final String driver = "sun.jdbc.odbc.JdbcOdbcDriver"; private static final String dbURL = "jdbc:odbc:Products"; ... try { Class.forName(driver); connection=DriverManager.getConnection(dbURL, login, password); statement=connection.createStatement(); } catch (ClassNotFoundException e) { System.err.println("ConnectionBean: driver unavaliable"); connection = null; } 50 Listing 6-1 : Connecting to the database This code was explained in detail in Section 5.2.3 6.2.3.2 Validating the Form The ValidationBean was one of the most complex beans within the system. It was used to validation every form element in the register.jsp page. These validation checks ensure that: 1. All the mandatory fields were completed. An example of this check for the “City” field is shown in Listing 6-2: public boolean isCityPresent() { return (city.length() > 0); } Listing 6-2 : Example of a mandatory field check 2. All the fields, which had been completed, had the correct data. An example of the date validation function is shown in Listing 6-3. public boolean isDateValid() { if (dob.length() != 10) { return false; } if ((dob.charAt(4) != '/') && (dob.charAt(7) != '/')) { return false; } int year = Integer.valueOf(dob.substring(0,4)).intValue(); int month = Integer.valueOf(dob.substring(5,7)).intValue(); int day = Integer.valueOf(dob.substring(8,10)).intValue(); int arr[] = {0,31,28,31,30,31,30,31,31,30,31,30,31}; if ((year % 4) == 0) { arr[2] = 29; } if ((month < 1) || (month > 12)) { return false; } if ((day < 1) || (day > arr[month])) { return false; } return true; } Listing 6-3 : Date Validation 3. The user entered a valid email address. A valid email address in this case contains a "@" following the preceding character(s), and does not already exist in the database. The code snippet shown in Listing 6-4 demonstrates email validation for the register.jsp page. 51 public boolean isEmailPresent() { if (email.length() == 0) { return false; } if (!oldemail.equals(email)) { StringBuffer check = new StringBuffer("SELECT * FROM CUSTOMER WHERE [Email Address] = '"); check.append(email); check.append("'"); try { ResultSet rs = conn.executeQuery(check.toString()); int numRows = 0; while(rs.next()) { numRows++; } if (numRows != 0) { errors.add("The e-mail address you typed already exists"); return true; } } catch (SQLException e) {} } return (email.indexOf("@") > 0); } Figure 6-4 : Validating the e-mail address The code shown above loops through the customer table in the database and checks whether the email address already exists. If it does, an error message is appended to an errors vector, which contains all the errors that have been have been caught in the registration process. These errors are then shown when the registration page is re-displayed. If registration is successful, the customer‟s details are stored in the CustomerBean via the addCustomer() function, as well as the database. Listing 6-5 demonstrates this public void addCustomer(ConnectionBean con) { String query = new String(); boolean ship = shipping.equals("true"); Connection conn = con.getConnection(); try { query = "INSERT INTO CUSTOMER VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)"; PreparedStatement statement = conn.prepareStatement(query); statement.setString(1,fstname); ... statement.setString(20,passwd); statement.executeUpdate(); oldemail = email; loggedin = true; } catch (SQLException e) {} 52 } Listing 6-5 : Adding a customer An e-mail containing the user‟s log in details is also sent to the user‟s e-mail address using the EmailBean. 6.2.3.3 Sending the E-mails The sending and receiving of e-mails was implemented using the JavaMail API. This was discussed in detail in section 4.7. For the registration process the EmailBean was used to send a personalised „Welcome to R.U.M.‟ e-mail to the user. To achieve this, the EmailBean made use of the following two functions: public void sendEmail(String mailServer, String subject, String to, String from, String messageText) throws AddressException, MessagingException { Properties mailProps = new Properties(); mailProps.put("mail.smtp.host", mailServer); Session mailSession = Session.getDefaultInstance(mailProps, null); InternetAddress[] toAddrs = new InternetAddress[1]; toAddrs[0] = new InternetAddress(to); InternetAddress fromAddr = new InternetAddress(from); Message message = new MimeMessage(mailSession); message.setFrom(fromAddr); message.setRecipients(Message.RecipientType.TO, toAddrs); message.setSubject(subject); message.setContent(messageText.toString(), "text/plain"); Transport.send(message); } Listing 6-6 : Function for sending an e-mail This function was used to all of the e-mails in the system. However, the `Welcome‟ message being sent was customized in the manner shown below: 53 public void sendWelcome(String name, String passwd) { try { String subject = "Welcome to Rhodes University Memorabilia!"; StringBuffer message = new StringBuffer(); message.append("Dear "); message.append(name); message.append(",\n\nRhodes University Memorabilia welcomes you. We hope that you have a pleasant shopping experience with us. "); message.append("Should you have any queries, please do not hesitate to contact us on alumni@ru.ac.za\n\n"); message.append("Here are your login details for RUM :\n\n"); message.append("Login name : "); message.append(email); message.append("\nPassword : "); message.append(passwd); message.append("\n\nPlease keep these details safe, as you will need them to access our world of online shopping."); message.append("\n\nThank you\n\nRhodes University Alumni Department"); sendEmail(mailServer, subject, email, from, message.toString()); } catch (AddressException e) {} catch (MessagingException e) {} } Listing 6-7 : Constructing the message to be sent The bean was configured to use the Rhodes SMTP server, which is mail.ru.ac.za. testing purposes, the return e-mail address was set as frokwon@rucus.ru.ac.za. process is complete, the customer is now ready to shop with R.U.M. 6.2.4 Existing user logging into R.U.M. For After this The CustomerBean was used to validate the log in details that were entered into the login form. The form allows the user to enter their e-mail address and their password. The function which validates these details is now described: 54 public void validateLogin(ConnectionBean conn) { //Validate the email address StringBuffer check = new StringBuffer("SELECT * FROM CUSTOMER WHERE [Email Address] = '"); check.append(email); check.append("'"); ResultSet rs; try { rs = conn.executeQuery(check.toString()); int numRows = 0; while(rs.next()) { numRows++; } if (numRows == 0) { //add validation errors to the error vector } } catch (SQLException e) {} try { rs = conn.executeQuery(check.toString()); boolean matched = false; while(rs.next()) { String compare = rs.getString("Password"); if (compare.equals(passwd)) { matched = true; break; } } if (!matched) { errors.add("Your password is incorrect. (If you have forgotten your password then please use the e-mail function below)"); erroroccurred = true; } else { rs = conn.executeQuery(check.toString()); rs.next(); //set the CustomerBean attributes to the ones stored in the db oldemail = email; loggedin = true; erroroccurred = false; } } catch (SQLException e) {System.out.println(e);} } Listing 6-8 : Validating the Login details The validation performed here is similar in functionality to that of the validation process in the ValidationBean and so will not be discussed further. 6.2.5 Forgotten Password 55 A user can request for their log in details to be e-mailed to them. This process is undertaken using the sendpassword() function within EmailBean. Before sending the e-mail, the bean checks whether the e-mail address exists in the database using the checkemail() function. As an example, the text of the e-mail is shown in Figure 6-2. Figure 6-2 : An example of a `Welcome’ e-mail 6.2 The Products Pages In RUM, a user can browse through a categorized list of products available for sale by clicking on any of the category tabs in the navigation bar. They can also use the search engine provided in each page of the system. The beans used for these methods will now be discussed: 6.2.6 The Product Category Pages The ProductDisplay bean retrieves and displays each of the products for the selected categories. 56 public Vector getProducts(ConnectionBean conn, String type) { prod.removeAllElements(); size = 0; StringBuffer query = new StringBuffer("SELECT * FROM PRODUCTS WHERE [Category] = '"); query.append(type); query.append("'"); try { ResultSet rs = conn.executeQuery(query.toString()); while(rs.next()) { String name = rs.getString("Name"); ... String picture = rs.getString("PhotoL"); ProductBean product = new ProductBean(); product.setprodID(prodID); ... product.setpicture(picture); prod.add(product); size++; } } catch (SQLException e) {System.out.print(e);} return prod; } Listing 6-9 : Getting the products to be displayed The above function retrieves the attributes of each of the products from the products table in the database and places them in a Vector called prod which is then used to display the products in the .jsp page. All the elements in the Vector are of type ProductBean, which describes the characteristics of each product. The ProductBean merely has accessor (getXxxx) and setter (setXxxx) functions to manipulate the product‟s characteristics. When a user adds, changes or removes items from their shopping cart, these changes are recorded in the ShoppingCart bean. The ShoppingCart bean maintains a list of products in a Vector called products. Examples of functions which manipulate the products Vector are shown below: //Adds items to the products Vector public void addToCart(ProductBean prod) { if (isInCart(prod) == -1) { products.add(prod); 57 } } 58 //removes items from the products Vector public void removeFromCart(ProductBean prod) { int index = isInCart(prod); if (index >= 0) { \ products.removeElementAt(index); } } //Updates items in the products Vector public void updateCartItem(ProductBean prod) { int index = isInCart(prod); if (index >= 0) { products.setElementAt(prod, index); } } Listing 6-10 : Manipulating the shopping cart The shopping cart is the first step of the checkout process. The mycart.jsp page displays the user‟s shopping cart. Any changes to the cart using this page are also recorded in exactly the same way. However, there is an additional removeAll() function in this page, which is used to remove all the items from the cart: public void removeAllItems() { products.removeAllElements(); } Listing 6-11 : Clearing the shopping cart The other method of locating products is via the search engine provided in R.U.M. The process of searching for a product is performed using the SearchBean. The search() function is a very complex function, so only the important code sections have been shown. 59 public void search(ConnectionBean conn) { StringBuffer check = new StringBuffer("SELECT * FROM PRODUCTS"); StringBuffer[] keywords = split(); ... try { rs = conn.executeQuery(check.toString()); while (rs.next()) { long prodid = rs.getLong("Product ID"); ... String description = rs.getString("Description"); for (int i = 0; i < numofwords; i++) { boolean duplicate = false; name = name.toUpperCase(); keywords[i] = new StringBuffer(keywords[i].toString().toUpperCase()); if (name.indexOf(keywords[i].toString()) >= 0) { for (int j = 0; j < index; j++) { if (prodid == searchResults[j].prodid) { duplicate = true; break; } } if (duplicate == false) { searchResults[index].prodid = prodid; ... searchResults[index].link = category.toLowerCase() + ".jsp#" + prodid; index++; } } } } } catch (SQLException e) {System.out.print(e);} numofresults = index; } Listing 6-12 : The R.U.M. Search engine The query that has been entered into the search field is split into individual words using the split() function in the bean, and converted into upper case for comparison. Any whitespace within the keywords is removed and words such as „and‟, „or‟ and certain punctuation symbols, are removed. The resultant keywords are then compared with the products in the database. The 60 results of the search are returned as an array of Result objects. Duplicate results are removed. The array of results is then displayed on the search.jsp page as shown in Figure 6-3. Figure 6-3 : The Search Screen 6.2.7 Checkout Process – Shipping Details The second stage of the checkout process is the shipping details page, handled by details.jsp. The page consists of a form where the customer can enter the address where they want their goods delivered. CustomerBean The customer‟s shipping details are dynamically retrieved from the and displayed in the form. The form is also validated using the ValidationBean, in the same way as was done in the registration form. When the user is satisfied with their details, they can then move to the third step of the checkout process - the delivery costs page. The shipping details are saved to the OrderBean for further use within the checkout process. 6.2.8 Checkout Process - Delivery Costs According to the country selected by the customer in the shipping details page, the delivery cost associated with that country is retrieved from the delivery table within the database and displayed 61 on the delivery.jsp page. This is performed using the calcdelivery() function in the OrderBean: 62 public void calcdelivery(ConnectionBean conn) { StringBuffer check = new StringBuffer("SELECT * FROM DELIVERY"); try { ResultSet rs = conn.executeQuery(check.toString()); rs.next(); SACost = rs.getDouble("Cost"); rs.next(); NeighbourCost = rs.getDouble("Cost"); rs.next(); OtherCost = rs.getDouble("Cost"); if (scountry.equals("South Africa")) { delivery = SACost; } else if (scountry.equals("Namibia")||scountry.equals("Zimbabwe")) { delivery = NeighbourCost; } else { delivery = OtherCost; } } catch (SQLException e) { } Listing 6-13 : Calculating the delivery cost 6.2.9 Checkout Process - Payment Details The second last stage of the checkout process is the payment details page, handled by payment.jsp. The customer can either pay for their order by means of cheque/postal order or credit card. If the customer chooses credit card option, the OrderBean validates the data present in this form. The credit card number is validated using the CCValidationSolution() function. This function ensures that     credit card numbers are keyed in correctly, the length is correct, the first four digits are within accepted ranges, and the number passes the Mod 10 Checksum algorithm 6.2.10 Checkout Process - Confirmation 63 The final stage of the checkout process, the confirmation of the user‟s order, is done using the confirmation.jsp page. In this stage two e-mails are sent using the EmailBean:   An e-mail is sent to the Alumni Department using the sendAlumni() function An e-mail is sent to the user using the sendCustomer() function Both of these methods are similar in functionality to the sendPassword() function illustrated earlier. 6.3 Database Implementation The R.U.M. database consisted of three tables, named Product, Customer and Delivery. purposes of the tables will now be discussed:  The Product. This table is responsible for holding the details of all the products that are being made available for sale. It is used by the product category pages, as well as the search engine.  Customer. The Customer table contains information about the users who have registered with R.U.M.  Delivery. It has been decided to put the delivery costs three regions in the database, the regions being South Africa, Neighbouring countries, and Other countries. The chief reason for placing the costs here was to simplify maintenance; the Alumni department does not have to edit the JSP and JavaBean code, when the delivery costs change. Figures 6.4, 6.5 and 6.6 describe each table‟s relevant field names, corresponding data type and description. 64 Figure 6-4 : The Product Table Figure 6-5 : The Customer Table Figure 6-6 : The Delivery Table All the fields were assigned meaningful names to simplify the JavaBean development. The data types were all kept as mostly text because the author found that the other data types were causing serious type conversion issues with the tag when used with the “*” wildcard character. 6.4 Implementation Problems No system can be completed without the developers encountering problems, and R.U.M. was no exception. The developers chose to use as many free and open source products as possible to keep the costs of the system low. Unfortunately most free software products are poorly documented, and unfortunately Apache Tomcat suffers this flaw. The author had numerous problems configuring Tomcat to run on the machine used for development. Issues that appear trivial, such as the Tomcat folder structure, were ignored in the documentation. These problems 65 were resolved by finding documentation from alternative sources on the Internet, and by referring to the instructions in Fields & Kolb. In addition, although Tomcat is supposed to operate perfectly under the latest version of JDK, being version 1.4, the author was unable to get the web server to start. Tomcat would crash with a plethora of errors and the cause of these errors is still unknown today. The author was forced to run Tomcat with JDK 1.3, and Tomcat ran solidly under this environment. The back-end of the system also had its share of problems - the Microsoft Access database exhibited some flaws. It was found that SQL queries to access the database were not case sensitive. For example, in the login page, the author experienced problems when using SQL to compare the password entered in the form to the one stored in the database. The SQL query would return a positive result even if the case of the password entered in the form was different. This issue was solved by doing the comparisons using Java code, rather than using SQL queries. 66 Chapter 7 : Conclusion 7.1 Overview The author believes that the project has achieved all of its objectives. A complete e-commerce website has been built in the form of Rhodes University Memorabilia. In addition, the successful construction of the system has proved that Java technologies are well suited to creating practical web based technologies. The three-tiered architecture has helped simplify the architecture and has helped tremendously to divide the work between the author and his team member. Most importantly of all, the project as a whole has helped to broaden the developers‟ knowledge of the Java technologies and web-based programming. Much of the software used is free and this means that the Alumni department can implement this system almost immediately. All they will have to do is enter the memorabilia details into the Products database. The system has been designed so that it can be maintained by non-technical individuals with minimal hassles. It is therefore safe to conclude that the project has been a successful endeavour. 7.2 The Future While R.U.M. may appear to be a complete system, but as with any system, there are always additions, which could be made. The author suggests that the following extensions could be made: 7.2.1 Automatic Stock Control At present the system does not take into account the stock levels of the available products. This means that if items are out of stock, the customer will only be informed of this after they have already placed their order. To solve this issue, the system could maintain the stock levels in the database, and would automatically update stock levels whenever purchases were made. Automatic stock control will also help the Alumni department keep track of their stock levels without having to rely on manual records. 67 7.2.2 Connection Pooling At present, each time a user accesses the R.U.M. website for the first time, a new connection is created to the database. This incurs overhead, as it requires resources to create the connection, maintain it, and then release it when it is no longer required. To improve the performance of the system, connection pooling could be used. In this situation a number of connections to the database are kept active and every time a database access needs to be made, a free connection is selected. 7.2.3 Improved Credit Card Validation Currently the only form of credit card validation is the verification of the credit card number. There is no way of checking that the customer has stayed within his or her credit limit, for example. This can only be done if the web server can communicate with the bank and thus, the Alumni department would have to make the necessary negotiations with banks, if they wished to implement this. 7.2.4 Dynamic recommendations This involves analysing customers‟ shopping habits and marketing products that it is thought that they might like. This would require some sort of artificial intelligence to enable the system to market the correct products to the customer. The dynamic recommendation system would be a complex feature to add, but would certainly help to improve the Alumni department‟s advertising and marketing strategies. 68 References [Apache, 2002] Apache., SSL Configuration HOW-TO, http://jakarta.apache.org/tomcat/tomcat-4.0-doc/ssl-howto.html, 2002 [Bluefoot Software, 2001] Bluefoot Software, Frequently Asked Questions, http://www.bluefootsoftware.com/Services/FAQ.asp#The%20product%20was% 20developed%20in%20Microsoft%20Access.%20Why?%20Aren't%20there%20 any%20better%20or%20faster%20tools?, 2001 Bollinger, G and Natarajan, b, JSP: A Beginner‟s Guide, Osborne/ McGraw-Hill, United States of America, 2001 [Bollinger and Natarajan, 2001] [Booth] Booth, J., The N-tier Model, http://www.jamesbooth.com/n-tier.htm [Campbell, 2002] Campbell, J, Java Performance for DB2 Applications, http://www7b.software.ibm.com/dmdd/library/techarticle/0202campbell/0202ca mpbell.html, 2002 [Coggeshall, 2001] Coggeshall, J, Secure Variable Transmissions, http://www.zend.com/zend/spotlight/securevariablepart1.php, 2001 [Chaffee, 2000] Chaffee, A., One, two, three, or n tiers?, http://www.javaworld.com/javaworld/jw-01-2000/jw-01-ssj-tiers_p.html, JavaWorld, 2000. [Crawford and Farley, 2002] Crawford, W and Farley ,J, An Introduction to JDBC, http://www.onjava.com/pub/a/onjava/excerpt/javaentnut_2/index3.html, 2002 [Farley, 2002] Farley, J, Microsoft .NET vs. J2EE: How Do They Stack Up?, http://java.oreilly.com/news/farley_0800.html, 2002 [Fields and Kolb, 2000] Fields. D. K and Kolb. M. A., Web Development with JavaServer Pages, Manning Publications Co., United States of America, 2000. [Hall, 1999a] Hall, M., Session Tracking, http://www.apl.jhu.edu/~hall/java/Servlet-Tutorial/Servlet-Tutorial-SessionTracking.html, 1999 69 [Hall, 1999b] Hall, M., Java Server Pages, http://www.apl.jhu.edu/~hall/java/Servlet-Tutorial/Servlet-Tutorial-JSP.html, 1999 [Her Ecommerce, 2001] Her Ecommerce., A friendly guide to doing business online, http://www.her-ecommerce.com/explained.html, 2001 [Hwang, 2001] Hwang, Y, JDBC API Interface in a Nutshell, http://misdb.bpa.arizona.edu/~mis696g/Reports/Yousub/BASICTUT.html, 2001 [Infobus Technology, 2002] Infobus Technology., JavaBeans Technology Zone, http://www.java-shop.com/javabeans.htm, 2002 [Joseph, 2000] Joseph, D., Guide to e-commerce http://www.ilr.cornell.edu/library/reference/guides/ecommerce/default.html?page =intro&cat_id=0, 2000 [Karkala, 2000] Karkala, A K, JDBC on MPE/iX, http://www.interex.org/pubcontent/enterprise/mar01/01kerk.html, 2000 [Marston, 2002] Marston, T., The 3-Tier Architecture - some criticisms of Compuware's approach, http://www.marston-home.demon.co.uk/Tony/3tiercriticisms.html, 2002 [Mayer-Schronberger, 2002] Mayer-Schronberger, V, The Internet and Privacy Legislation: Cookies for a Treat?, http://www.wvu.edu/~wvjolt/Arch/Mayer/Mayer.htm, 2002 [Milrud, 2002] Milrud, B, Database Development in SQLJ, http://www.devx.com/dbzone/article/9653, 2002 [Nayzak Communications, 2002] Nayzak Communications, E-Commerce Solutions http://home.nayzak.com/home/ecommerce.asp, 2002 [Oberg, 2001] Oberg, R J, What is Microsoft .NET?, http://www.objectinnovations.com/Articles/DotNet-Oberg-1.htm, 2001 [Naude, 2001] Naude. R, R.E.X., Rhodes E-commerce Exchange, Honours Thesis, Rhodes University, 2001. 70 [Naughton and Schildt, 1999] Naughton. P and Schildt. H, The Complete Reference Java2, Tata McGraw-Hill, India, 1999 (Third Edition). [Patzer, 1999] Patzer, A., Introduction to the JavaMail API, http://www.weberdev.com/Specials/Books/1861004044/40441303.htm, 1999 [Poulton, 2002] Poulton, A, Enterprise Java Notes, 2002 [Raj, 2002] Raj, P., Java Database Connectivity, http://www.peterindia.com/JDBCOverview.html, 2002 [Schulz, 2001] Schulz, C., The advantages and disadvantages between Tomcat, JRun, and JServ for Apache Web Server, http://www.jguru.com/faq/view.jsp?EID=497500, 2001 [Sintes, 2002] Sintes, T., App server, Web server: What's the difference?, http://www.javaworld.com/javaqa/2002-08/01-qa-0823-appvswebserver.html, 2002 [Sun Microsystems, 2001] Sun Microsystems., J2EE Blueprints : Questions and Answers, http://java.sun.com/blueprints/guidelines/designing_enterprise_applications/clien t_tier/qanda/session_state.html, 2001 [Sun Microsystems, 2002a] Sun Microsystems., The J2EE Tutorial, http://java.sun.com/j2ee/tutorial/1_3-fcs/doc/Overview2.html#64857, 2002 [Sun Microsystems, 2002b] Sun Microsystems., JDBC Technology, http://java.sun.com/products/jdbc/, 2002 [Thornett, 2001c] Unknown, JDBC API Interface in a Nutshell, http://www.cs.unc.edu/Courses/wwwp-s98/members/thornett/jdbc/183.html, 2001 [Unknown, 2001b] Unknown, 2-tier Architecture, http://www-personal.umd.umich.edu/~cjallan/2tarch.htm, 2001 71 [w3.org] w3.org, Introduction to HTML 4, http://www.w3.org/TR/html401/intro/intro.html#h-2.2 [Weblicon Technologies] Weblicon Technologies, Application architecture, http://www.weblicon.net/html/arch_messg_architecture.html Webopedia™., The only online dictionary and search engine you need for computer and Internet technology, http://www.webopedia.com/, 2002 [Webopedia, 2002] [Zeichick, 2002] Zeichick, T., Java Developers Prefer Apache, IBM, Borland?, http://www.sdtimes.com/news/063/story2.htm, 2002 72 Appendix A: R.U.M.’S File Hierarchy ROOT index.jsp products All the image files of the memorabilia for sale images All the image files used in the R.U.M. Website templates http.jsp, https.jsp, bottom.jsp steph.html, aboutush.html, carth.html, changeh.html, confirmationh.html, contacth.html, deliveryh.jsp, detailsh.html, help help.html, loginh.html, menuh.html, mycarth.html, navigateh.html, orderh.html, paymenth.html, privacyh.html,, registerh.html, returnh.html, searchh.html, abouth.html, customer termsh.html, updateh.html, welcomeh.html, help.js changepass.jsp, login.jsp, logout.jsp, lostpasswd.jsp, processlog.jsp, processreg.jsp register.jsp, update.jsp shopping glassware.jsp, clothing.jsp, search.jsp stationery.jsp, accessories.jsp checkout confirmation.jsp, delivery.jsp, details.jsp mycart.jsp, payment.jsp, processcart.jsp errors error.jsp, error2.jsp database Products.mdb WEB-INF web.xml classes ValidationBean.class, ConnectionBean.class CustomerBean.class, Result.class, EmailBean.class, CountryBean.class ShoppingCart.class, ProductBean.class ProductDisplay.class, SearchBean.class OrderBean.class 73 Appendix B: Installing and Configuring R.U.M. under Windows This Appendix provides instructions on how to install and configure R.U.M. under all flavours of the Microsoft Windows Operating System. Individuals are free to modify the code and/or configuration if they so wish. It is assumed that the user has some intermediate knowledge about their version of the Windows Operating system, as well as a little programming knowledge. 1. Copying the Files The author has included a batch file on the CD that will automatically copy the required files to the user‟s hard drive. The batch file installs:     JDK 1.3 JavaMail 1.3 Apache Tomcat 4.0 Java Secure Socket Extensions 1.0.3 Before installation, the user must ensure that there is at least 100Mb of free space on the destination drive. To install the system, the user must open a DOS Window and type the following command: D:\install C: Where D is the drive letter of the user‟s CD-ROM drive and C is the drive letter of the hard drive that the user wishes to install RUM The user will also need to install a licensed version of the Microsoft Access 2000 Database. He or she should then consult the documentation, which came with Access 2000 for more details. 74 2. Setting up the Environment Variables After the files have been copied, the user must create and modify the following environment variables as follows: CLASSPATH = C:\jdk1.3\bin;.;C:\jdk1.3\jre\lib;C:\jdk1.3\lib;C:\javamail-1.3\mail.jar CATALINA_HOME = C:\jakarta-tomcat-4.0 JAVA_HOME = C:\jdk1.3 JSSE_HOME = C:\jsse1.0.3 PATH = %PATH%; C:\jdk1.3\bin Where C is the drive where RUM is installed, and %PATH% is the existing path. 3. Configuring RUM All of the coding in RUM was done using the UltraEdit text editor. The user is free to use any other text editor such as Notepad. RUM is currently configured to run under the machine that was used to develop it. Users wanting to implement RUM will need to edit some of the JavaBean files (with a .java extension) in order to run it on their machines. The following changes will need to be made: EmailBean.java   The e-mail address frokwon@rucus.ru.ac.za needs to be changed to the address of the user The SMTP server address, for sending e-mails, (mail.ru.ac.za) needs to be changed to the address of the user‟s SMTP server ConnectionBean.java The database is currently configured without a username and password. If the user sets up a username and password for the DBMS, then the corresponding variables in the JavaBean must be set. 75 Once the above-mentioned changes have been made, the JavaBeans must be compiled again before they can be used. In order for the JavaBeans to access the database, the ODBC drivers need to be set up. The following steps briefly outline the process: 1. Open the ODBC Data Source Administrator in the Windows Control Panel 2. Select „MS Access Database‟ under User Data Sources, and click Configure 3. Click the Select button to choose the database 4. The database must then be selected. It should be located in the C:\jakarta-tomcat4.0\webapps\ROOT\database folder RUM is now ready to be accessed via a web browser! To start the web server, the user should type C:\jakarta-tomcat-4.0\bin\startup. The user may want to create a shortcut to this batch file for convenience. The web server may be shut down at any time by pressing Ctrl-C while the Tomcat window is in focus. 76 Appendix C: Glossary . NET “A Microsoft operating system platform that incorporates applications, a suite of tools and services, and a change in the infrastructure of the company's Web strategy.” [Webopedia, 2002] “A specification for a dynamically created Web page with a .ASP extension that utilizes ActiveX scripting - usually VB Script or Jscript code. When a browser requests an ASP page, the Web server generates a page with HTML code and sends it back to the browser.” [Webopedia, 2002] See Application Program Interface. “A program designed to be executed from within another application. Unlike an application, applets cannot be executed directly from the operating system. A well-designed applet can be invoked from many different applications. Web browsers, which are often equipped with Java virtual machines, can interpret applets from Web servers.” [Webopedia, 2002] PROGRAM “A set of routines, protocols, and tools for building software applications. A good API makes it easier to develop a program by providing all the building blocks. A programmer puts the blocks together.” [Webopedia, 2002] “A program that handles all application operations between users and an organization's backend business applications or databases. Application servers are typically used for complex transaction-based applications.” [Webopedia, 2002] See Active Server Pages. See Web Browser. This is a “new feature being added to HTML that gives both Web site developers and users more control over how pages are displayed.” [Webopedia, 2002] See Common Gateway Interface. A term used to refer to a computer architecture or system in which a client program or machine request a service from another machine or program known as a server. For example, a user with a web browser requesting a particular page from a web server. GATEWAY “Abbreviation of Common Gateway Interface, a specification for transferring information between a World Wide Web server and a CGI program. A CGI program is any program designed to accept and return data that conforms to the CGI specification. The program could be written in any programming language, including C, Perl, Java, or Visual Basic.” [Webopedia, 2002] ACTIVE SERVER PAGES API APPLET APPLICATION INTERFACE APPLICATION SERVER ASP BROWSER CASCADING SYTLE SHEETS CGI CLIENT-SERVER COMMON INTERFACE 77 COOKIE This is “message given to a Web browser by a Web server. The browser stores the message in a text file. The message is then sent back to the server each time the browser requests a page from the server. The main purpose of cookies is to identify users and possibly prepare customized Web pages for them.” [Webopedia, 2002] See Cascading Style Sheets. This type of server houses one or more databases and enables users to connect to and interact with databases it houses. See Dynamic Hypertext Mark-up Language. “Refers to Web content that changes each time it is viewed. There are many technologies for producing dynamic HTML, including CGI scripts, Serverside Includes (SSI), cookies, Java, JavaScript, and ActiveX.” [Webopedia, 2002] See electronic business. CSS DATABASE SERVER DHTML DYNAMIC HYPERTEXT MARKUP LANGUAGE E-BUSINESS E-COMMERCE See electronic commerce. ELECTRONIC BUSINESS “The process of using electronic technology to do business.” [Allamaraju et al, 2001] “Conducting business on-line [on the Internet]. This includes, for example, buying and selling products with digital cash and via Electronic Data Interchange (EDI) [e.g. using credit cards].” [Webopedia, 2002] A W3C specification developed particularly for web documents. It allows developers to create custom tag libraries “enabling the definition, transmission, validation, and interpretation of data between applications and between organizations.” [Webopedia, 2002] “Pronounce goo-ee: A program interface that takes advantage of the computer's graphics capabilities to make the program easier to use.” [Webopedia, 2002] ELECTRONIC COMMERCE EXTENSIBLE MARKUP LANGUAGE GRAPHICAL USER INTERFACE GUI HIDDEN FORM FIELDS See Graphical User Interface. These are used as a way to support session tracking. Because Hidden fields are 'hidden' they can contain useful information which as web page developers we can use to hide information from the visitor. When a form is submitted, the value of the hidden field is passed along with the other form values. See Hypertext Mark-up Language. HTML HTTP See Hypertext Transfer Protocol. 78 HTTPS HYPERTEXT MARK-UP LANGUAGE HYPERTEXT TRANSFER PROTOCOL See Hypertext Transfer Protocol Secure. Handles the formatting and display of web pages. [Webopedia, 2002] “The underlying protocol used by the World Wide Web. HTTP defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. For example, when you enter a URL in your browser, this actually sends an HTTP command to the Web server directing it to fetch and transmit the requested Web page.” [Webopedia, 2002] “The secure version of HTTP using certificates that can uniquely identify the server and client, and encrypt all communication between them.” [ASPStreet.com, 2002] See Internet Message Access Protocol. HYPERTEXT TRANSFER PROTOCOL SECURE IMAP INTERNET An enormous, global network linking of millions of computers. [Webopedia, 2002] “A protocol for retrieving e-mail messages. The latest version, IMAP4, [and supports features such as allowing] you [to] search through your email messages for keywords while the messages are still on mail server. You can then choose which messages to download to your machine. IMAP was developed at Stanford University in 1986.” [Webopedia, 2002] See Java 2 platform enterprise edition. INTERNET MESSAGE ACCESS PROTOCOL J2EE JAVA 2 PLATFORM ENTERPRISE EDITION “Is a platform-independent, Java-centric environment from Sun for developing, building and deploying Web-based enterprise applications online. The J2EE platform consists of a set of services, APIs, and protocols that provide the functionality for developing multi-tiered, Web-based applications.” [Webopedia, 2002] The Java Database Connectivity, JDBC, API enables Java programs to execute SQL statements. In this way Java applications and programs can interact with SQL-accommodating databases. [Webopedia, 2002] JAVA DATABASE CONNECTIVITY JAVA DEVELOPMENT KIT “This is a software development kit (SDK) for producing Java programs.” [Webopedia, 2002] The technology provided by JSPs enables the developer to combine “regular, static HTML with dynamically generated content from servlets.” [Hall, 2000] This is “an abstract computing machine, or virtual machine, JVM is a platform-independent execution environment that converts Java bytecode into machine language and executes it.” [Webopedia, 2002] “Type of object…used to encapsulate a program‟s methods and variables, and provide a public interface that is accessible from …JSPs.” [Allamaraju et al, 2001] JAVA SERVER PAGES JAVA VIRTUAL MACHINE JAVABEAN 79 JAVAMAIL “The JavaMailTM API is an optional package (standard extension) for reading, composing, and sending electronic messages.” [jGuru-JavaMail, 2001] See Java Database Connectivity. A JDBC driver allows a Java application to communicate with a SQL database. See Java Development Kit. See Java Server Pages. JDBC JDBC DRIVER JDK JSP JVM LOAD BALANCING See Java Virtual Machine. Making use of multiple web servers to minimise the performancehampering bottleneck experienced by a single web server serving too many clients. “Software that connects two otherwise separate applications.” [Webopedia, 2002] See Open database connectivity. ODBC “is a standard database access method developed by Microsoft Corporation. The goal of ODBC is to make it possible to access any data from any application, regardless of which database management system (DBMS) is handling the data.” [Webopedia, 2002] Applications implementing this approach have a series of interrelated JSP pages where the user proceeds from one page to another. In this approach, client requests are serviced by JSPs or servlets, which directly access resources such as a database. The JSP page is where the request is received and processed, and the response sent back to the client. See PHP Hypertext Pre-processor. MIDDLEWARE ODBC OPEN DATABASE CONNECTIVITY PAGE CENTRIC APPROACH PHP PHP HYPERTEXT PREPROCESSOR “PHP Hypertext Pre-processor is a server-side, HTML embedded scripting language used to create dynamic Web pages. In an HTML document, PHP script (similar syntax to that of PERL or C) is enclosed within special PHP tags.” [Webopedia, 2002] Synonymous with client-server architectures. This term refers to the request made by a client for a service and the response to that request given by the server upon completion or attempted completion of that request. This is “a protocol developed by Netscape for transmitting private documents via the Internet. SSL works by using a public key to encrypt data that's transferred over the SSL connection. Both Netscape Navigator and Internet Explorer support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that require an SSL connection start with https: instead of http.” [Webopedia, 2002] REQUEST-RESPONSE SECURE SOCKET LAYER 80 SERVLET A servlet is a program that runs on a server and acts as a middle layer between a request from a web browser and databases or other applications/drivers residing on the server. A servlet can generate HTML programmatically and return it to the client via the response object. [Allamaraju et al, 2001] This model is roughly based on the Model-View-Controller (MVC) programming construct. The Controller controls the flow of data, and determines where to direct requests both into and out of the system. The Model is the processing and data layer. The View is the layout of the program and what the user actually sees - the user interface. HTTP is a stateless protocol, that is, state is not maintained from one request to the next. In many applications, particularly e-commerce ones, it is crucial that state information be maintained. The time in which a particular state must be maintained may be referred to as a session. For example a shopping cart between requests has to know which items it has in it, and to who the items belong. The process of maintaining state when appropriate is known as session tracking. SERVLET CENTRIC APPROACH SESSION TRACKING SIMPLE MAIL TRANSFER PROTOCOL “Protocol for sending e-mail messages between servers.” [Webopedia, 2002] See Simple Mail Transfer Protocol. SMTP SQL See Structured Query Language. SSI SSL STRUCTURED QUERY LANGUAGE See Server Side Includes. See Secure Socket Layer. “Standardized query language for requesting information from [and maintaining information in] a database.” [Webopedia, 2002] THICK CLIENT “In a client/server architecture, a thick client is a client that performs the bulk of the data processing operations.” [Webopedia, 2002] A thin client is a small client-side from which most, or all, of the data processing work has been removed and allocated to the server-side of the system. [Webopedia, 2002] A client-server architecture in which three functionally distinct layers are maintained. These layers are logically separated and can be housed on physically different machines. The three functions include a client-side (presentation layer), a server-side (business-logic processing) and a database server (persistent data layer). “A row or layer in a series of similarly arranged objects. In computer programming, the parts of a program can be distributed among several tiers, each located in a different computer in a network. Such a program is said to be tiered, multi-tier, or multi-tiered.” [whatis?com, 2001] THIN CLIENT THREE-TIER CLIENTSERVER ARCHITECTURE TIER 81 UNIFORM RESOURCE LOCATOR “The global address of documents and other resources on the World Wide Web.” [Webopedia, 2002] URL See Uniform Resource Locator. URL REWRITING This is the term used to refer to the process of modifying (or rewriting) a URL within Web content such that the resulting URL points to a different location than the original URL. This can be used as a way to support session tracking. This is a “software application used to locate and display Web pages. The two most popular browsers are Netscape Navigator and Microsoft Internet Explorer.” [Webopedia, 2002] Traditionally “a computer that delivers (serves up) Web pages.” [Webopedia, 2002] A global heterogeneous collection of connected networks and computers. WEB BROWSER WEB SERVER WORLD WIDE WEB WWW See World Wide Web. XML See Extensible Mark-up Language.. 82 Appendix D : Project Poster The next page of this report is a foldout A3 version of the developers‟ project poster. This poster visually summarises the investigation, report and the R.U.M. system. 83