PRIFYSGOL ABERYSTWYTH – ABERYSTWYTH UNIVERSITY
DEGREE EXAMINATIONS 2008-2009 SEMESTER 1
FACULTY OF SCIENCE
Computer Science CHM5820: DEVELOPING INTERNET-BASED APPLICATIONS
Time allowed: 2 hours
The use of calculators is not permitted in this examination.
Answer THREE from FIVE questions
All questions carry equal marks
1. This question is concerned with Java EE web technologies.
a) Provide a description of each of the Servlet lifecycle events shown in Figure 1. 
Step 1: HTTP request
Step 2: Load servlet
Step 3: Call init()
Step 4: Call service() servlet
Step 6: HTTP response Step 5: Return response
Browser Web server/
Figure 1. The servlet lifecycle.
b) Explain why using instance variables in a Servlet class can lead to erroneous behaviour.
c) The web.xml configuration file enables developers to specify web application security
constraints using XML.
(i) With the aid of a simple example briefly explain how such security constraints are
utilised by the Servlet container when undertaking authentication and
(ii) Why is it preferable for developers to use this built-in mechanism rather than
develop their own security checking code? 
Page 1 of 3 Turn over
a) Study the UML class diagram in Figure 2. This example was presented during lectures
and used within worksheets. Most of the operations have been omitted.
Figure 2. UML class diagram for the bookshop web application.
(i) The design includes two design patterns. Explain how each of these patterns is
being used within the overall design shown. What advantages and disadvantages
do these patterns bring to the design? 
(ii) How would you alter this design in order to include JavaServer Pages as part of a
Model-View-Controller design? Redraw the diagram to illustrate your answer. 
b) This part of the question concerns the testing of distributed applications.
(i) Explain why it is inherently harder to test distributed applications than standalone
(ii) Explain what is meant by conformance testing and why such testing on its own is
not sufficient. 
(iii) Explain what is meant by interoperability testing and why such testing on its own
is not sufficient. 
3. This question is about Java Network Programming and Java Remote Method Invocation.
a) Java supports both connection-oriented network communication and connectionless
communication. Give an example of an application that would use connection-oriented
communication and an example of an application that would use connectionless
communication. In each case, briefly indicate why your example is suited to the type
of communication. 
(i) Why might if be preferable to use Remote Method Invocation (RMI) instead of
basic socket communication in a Java-based system? 
(ii) What is the purpose of the RMI registry? 
(iii) In a large RMI-based distributed system, outline how parts of the system could
locate other parts of the system without using the RMI registry. 
Page 2 of 3 Turn over
4. This question concerns security issues in Java programs.
a) Briefly outline the role of the Classloader in Java security. 
b) (i) Why is it inadvisable to grant AllPermission to a piece of Java code during
(ii) What approach can be taken to avoid granting AllPermission to a piece of code
during debugging? 
(iii) In what circumstances is it acceptable to grant AllPermission? 
c) What steps would you take to use a commercially available cryptographic algorithm
that was not available in the standard Java distribution? 
5. This question concerns the transport of time-based media over networks and programming
Application Programming Interfaces (APIs) that help us to develop programs to process
a) This part of the questions concerns protocols.
(i) Briefly explain the role of the pair of protocols known as Real Time Transport
Protocol (RTP) and RTP Control Protocol (RTCP). 
(ii) What information is provided in RTCP sender and receiver reports that can be
used to monitor or control the success of transmissions of time-based media? 
(iii) What is the role of the protocol known as Real Time Streaming Protocol (RTSP)
and identify two methods that it contains and their purpose. 
b) This part of the question concerns the Java API known as the Java Media Framework
(i) Imagine you have been asked to develop a new program that converts time-based
media from one form to another. Explain which of a JMF player or processor you
would choose to use and why you would make that choice. 
(ii) The JMF is often described as being “extensible”. Explain why this is true and in
what ways a user can choose to extend the capabilities of the JMF. 
(iii) Briefly explain the role of the JMF CaptureDeviceManager and when it would be
Page 3 of 3