EMTM 553: Ecommerce Systems Lecture 3: Software

1
EMTM 553 E-commerce SystemsLecture 3 Software

• Insup Lee
• Department of Computer and Information Science
• University of Pennsylvania
• lee_at_cis.upenn.edu
• www.cis.upenn.edu/lee

2
Background

• Simple view of the original WWW
• Web servers stored pages coded in HTML in their
  file systems.
• Pages retrieved by browsers using HTTP.
• The URL of a page was the hostname of the server
  plus the filename of the document.
• Later, it was realized that
• HTML Web pages could be produced by programs as
  well as stored as files.
• URL specifies the hostname of the server, the
  name of the program to run, and arguments for
  that program.

3
Static content
Web server fetch the page
http request
This is a web page.
server response
This is a web page.
Browser interprets html page
4
Dynamic content
Web server fetch the page

http request
Interpret php code
Hello World.
server response
Hello World.
Browser interprets html page
5
Stateless vs. state

• Stateless server
• The user request a document, and then another
  document, and so on.
• Natural for large number of browsers and small
  number of servers.
• Why?
• If stateful, it can increase performance.
  However,
• On server crash, it looses all its volatile state
  information
• On client crash, the server needs to know to
  claim state space.

6
Session

• User Session
• A delimited set of user clicks across one or more
  Web servers (for multiple Web page requests)
• Server Session
• A collection of user clicks to a Web server
  during a user session
• Why sessions are important?
• Complex pages require many connections
• High overhead for establishing a connection due
  to privacy and authentication requirements
• E-commerce applications require a series of
  actions by the user and the server.

7
Where to keep state for client?

• How to identify sets of user requests as belong
  to the same session and for passing state
  information back and forth between client and
  server
• State is the application information itself
• A session id is a reference to state stored
  somewhere else.
• Server-side vs. client-side
• Database on server
• Applications on server
• Cookie on client
• What are tradeoffs?

8
Session and Client state mechanism

• Techniques
• Cookies
• Data sent by a Web server to a Web client, to be
  stored locally by the client and sent back to the
  server on subsequent requests
• Cookies are stored as small file in a client
  machine
• Date and time, user id, password, etc.
• Authentication mechanisms such as client
  certificate
• Used this to identify the user to the server on
  each request to use state stored in application
  database
• Forms state or session id can passed as hidden
  fields
• Applets client scripting can be used to store
  session id or state

9
Active Web Sites

• Allow the user to be sent customized pages
• Support dynamic browsing experience
• Built using with a combination of languages and
  technologies
• Client-side technologies
• Used for detecting browser features, responding
  to user actions, validating form data, displaying
  dialog boxes.
• Adv reduce network traffic, server load, almost
  instant response to user actions
• Server-side technologies

10
Client-side technologies

• ActiveX controls
• Self-contained program called components written
  in C or Visual Basic can be called
• tag can used for bar charts, graphics,
  timers, client authentication, database access
• Developed by Microsoft
• Client-side JavaScript and Dynamic HTML
• JavaScript supported by both IE and Netscape
  Navigator
• Dynamic HTML is like script plus abilities to
  animate pages and position graphics.
• Java Applets
• Advantage of Java stand alone, cross platform,
  safe.

11
Java

• An object-oriented language developed by Sun
  Microsystems
• Java programs are compiled into Java bytecode,
  which are executed by JVM (Java virtual machine)
• Write-once run-anyway
• Security of Java applets is based on a sandbox
  model

12
Java Applets
Web-Server
Web-Server
HTTP-Request
Load File
File-System
HTML-page
File
Load Applet...
13
Java Applets

• Advantages
• Platform independent works for every web-server
  and browser supporting Java
• Secure
• Disadvantages
• Standalone Character
• Entire session runs inside applet
• HTML forms are not used
• Slow loading can take a long time
• Resource intensive JVM
• Restrictive can only communicate with server
  from which applet was loaded
• Server-Process can be written in any language

14
Server-side technologies

• CGI
• Active Server Pages, Microsoft
• Server-side JavaScript, Netscape
• Java Servlets and JSP (Java Server Pages),
  SunMicro
• PHP, developed initially by Rasmus Lerdorf, 1994
  to track visitors to his online resume.

15
Benefits of server-side processing

• Minimizes network traffic by limiting the need
  for the browser and server to talk back and forth
  to each other
• Quickens loading time since, in the end, only the
  actual page is downloaded
• Avoids browser-compatibility problems
• Can provide the client with data that does not
  reside at the client
• Provides improved security measures, since one
  can code things that cannot be viewed from the
  browser

16
Web Server Software Feature Sets

• Core Capabilities
• Process and respond to Web client requests using
  the HTTP protocol
• Security
• Validation of username and password
• Processing certificates and key pairs
• FTP
• Transferring of files to or from the server
• Searching
• Searches the existing site or entire Web for
  documents
• Indexing provides full-text indexes for files
  stored on the server
• Data Analysis
• Capture visitor information
• Who, how long, date time, what pages were
  visited.

17
The Common Gateway Interface (CGI)

• CGI defines an interface between a Web server and
  an independent application program.
• CGI are used to create gateways between the Web
  and an existing application.
• CGI also serve as the interface for new
  applications designed for the Web, not integrated
  directly into a Web server (as in plug-ins).

18
CGI (Common Gateway Interface)
Web Server
CGI
Program
Program
Environment Vars
Environment Vars
Runtime Environment
Runtime Environment
19
Server API for CGI

• Starting and stopping application
• Passing data from the client to the application
• Passing data from the application to the client
• Status and error reporting
• Passing configuration information to the
  application
• Passing client and environment information to the
  application

20
CGI Example
Favorite Pet!
Favorite
Pet What is your favorite pet? METHOD"GET" ACTION"cgi-bin/pet.pl"
Name NAME"name" Email
R Favorite Pet TYPE"TEXT" NAME"pet" PUT TYPE"SUBMIT VALUESubmit Query TYPE"RESET"
21
CGI Example (GET)
!/usr/bin/perl -w use CGI qw(standard) print
"Content-type text/html", "\n\n" _at_pairs
split('', ENV'QUERY_STRING') foreach pair
(_at_pairs) (name, value) split('',
pair) value tr// / value
s/(a-fA-F0-9a-fA-F0-9)/ pack("C".
hex(1))/eg infoname value print
"","\n" print "Thank
you","\n" print "Name",infoname,"

","\n" print "Email",
infoemail,"
","\n" print "Favorite
Pet",infopet,"
","\n" print
""
22
CGI Example (POST)
!/usr/bin/perl -w use CGI qw(standard) print
"Content-type text/html", "\n\n" read(STDIN,
buffer, ENV'CONTENT_LENGTH') _at_pairs
split('', buffer) foreach pair (_at_pairs)
(name, value) split('', pair) value
tr// / value s/(a-fA-F0-9a-fA-F0-
9)/ pack("C".
hex(1))/eg infoname value print
"","\n" print "Thank
you","\n" print "Name
",infoname,"
","\n" print "Email
",infoemail,"
","\n" print "Favorite
Pet ",infopet,"
","\n" print
""
23
CGI Environment Variables
24
Evaluation of CGI

• Advantages of CGI
• General the application is completely decoupled
  from the Web server
• Standard works with every sever and browser
• Flexible any language (C, Perl, Java, ) can
  be used
• Disadvantages of CGI
• Inefficient the application must be
  launched/forked independently for each request
• Stateless the application exits after a request,
  there is no place to remember state between Web
  requests
• Security CGI programmer is responsible for
  security. No automatic system or language
  support.

25
Server-side Scripting

• A middle ground between static content kept in
  the file system and pages of dynamic content
  created by a complete application
• Server-side scripting
• Embed a language interpreter in the Web server.
• Web pages stored in the file system contains
  scripts that are interpreted on the fly.

26
Server Extensions The Basic Idea
Web-Server
Web-Server
HTTP-Request
File-System
Load File
HTML
HTML?
File
HTML-File
27
Server Extensions

• API depends on Server vendor
• Apache Foundation Apache Server Apache API
• Microsoft Internet Information Server ISAPI
• Netscape Enterprise Server NSAPI
• One can define its own server extension, e.g.,
• Authentication module
• Counter module

28
Active Server Pages

• Active Server Pages (ASPs)
• Available in Microsoft web servers (IIS and
  Personal Web Server)
• Based on VBScript, Jscript
• Modular Object Model
• Active Server Components
• Active Data Objects (ADO) for Databaseaccess

29
ColdFusion
Web-Server
Web-Server
File-System
HTTP-Request
Load File
HTML
HTML?
HTML-File
File
HTML
CF Script?
Cold Fusion Server Extension
30
PHP

• How does PHP differ from ASP and CF?
• Free, open source
• Many client libraries integrated
• Runs on any web server supporting CGIs (MS
  Windows or Unix)
• Module version for Apache

Web-Server
Web-Server
File-System
HTTP-Request
Load File
HTML
HTML-File
PHP-File
PHP-Script
Output
PHP Module
Database APIs, other APIs SNMP, IMAP, POP3,
LDAP, ...
31
Object Technology

• Advantages
• Encapsulation, polymorphism, heterogeneous
  languages
• Rapid application development
• Distributed applications
• Flexibility of deployment
• Technologies
• CORBA
• COM
• Java Beans/RMI

32
Enterprise JavaBeans (EJB)

• Server-side component architecture
• Enable and simplify the building of distributed
  object in Java
• Allow rapid application development
• Support portability and reusability across
  vendors, I.e., platform and implementation
  independent
• EJB supports CTM (Component Transaction
  Monitoring)
• hybrid of traditional transaction processing and
  distributed object request broker (ORB) services
• TP Monitor is an OS for business systems and
  manages the entire environment that a business
  system runs, including transactions, resource
  management,and fault tolerance.
• Distributed objects allow unique objects that
  have state and identity to be distributed
  accrossa network so that they can be accesses by
  other systems.

33
Server-side component Architecture

• EJB server is responsible for
• Making a component a distributed object
• Managing services such as transactions,
  persistence, concurrency, security
• Component Advantage
• Divides software into manageable, discrete chunk
  of logic
• Implements well-defined interfaces
• Enables reuse
• Components can be pieced together to solve larger
  problems

34
Example

• Pricing Component
• Functions
• Base price
• Quantity Discount
• Bundle Discount
• Preferred customer Discount
• Overhead costs
• Etc.
• Note This pricing engine can be used by
  different businesses

35
Example Cont.Post Office
Pricing object
Dumb Terminal
Legacy System
36
Example Cont.Car Quotes Web Site
Network
Pricing object
Web Server
Client Browser
37
Example Cont.E-tailer Site
Pricing Object
Workflow logic
Billing Object
Fulfillment Object
Web Server
38
N-Tier ArchitectureUsing EJB
Presentation Layer
Presentation Logic
Tier Boundary
EJB object
EJB object
EJB object
Business Logic Layer (Application Server)
EJB object
JDBC
Tier Boundary
Database
Data Layer
39
Classes and Interfaces

• Remote interface
• The business methods that a bean present to the
  outside world to do its work
• Home interface
• The beans life cycle methods for creating,
  removing and finding beans
• Bean class
• Actual implementation of the beans business
  methods
• Primary key
• A pointer into the database.

40
Acquiring a Bean
3 Create New EJB object
Home Interface
Client
Home Object
5 Return EJB Object Reference
4 Create EJB Object
6 Invoke Business method
Remote Interface
EJB Object
Enterprise Beans
1 retrieve Home Object Reference
2 Return Home Reference
7 Delegate request to object
JNDI
EJB Server
Naming Service
41
Enterprise Bean Objects

• Session Bean
• Represents business logic
• 1 to 1 relationship to client
• Stateless / Stateful
• Short-lived
• Entity Bean
• Represents permanent business data
• 1 to many relationship to client
• Stateful / Transactional
• Long-lived

42
The EJB Contract

• Allows for the collaboration of SIX different
  parties
• Bean provider
• Component writer, provide reusable business logic
• Container provider
• Supplier of low-level runtime execution
  environment
• Server provider
• Supplier of Application server logic to manage
  the EJBs
• WebSphere (IBM ), WebLogic (BEA), Oracle8i
• Application assembler
• Application architect for a specific deployment
• Deployer
• Installs Bean components and Application servers
• System Administrator
• Oversees the deployed system

43
Other features

• Search engines
• Crawl, index, search
• Push technologies
• Web channels
• Intelligent agents
• Locate sites, identify the best vendor, negotiate
  terms of buying and selling, etc.

44
QA