Check Grammarthroughout Doc. + Other Info Below

1

CHECK GRAMMARTHROUGHOUT DOC. + OTHER INFO BELOW.

Reliable, secure, on-line bookstore implementation via java rmi and tomcat

Wenping Peng

PROJECT

Submitted in Partial satisfaction of

the requirements for the degree of

MASTER OF SCIENCE

in

COMPUTER SCIENCE

at

CALIFORNIA STATE UNIVERSITY, SACRAMENTO

FALL

2003

1

Reliable, secure, on-line bookstore implementation via java rmi and tomcat

A Project

by

Wenping Peng

Approved by:

______, Professor

Dr. Isaac Ghansah

Date: ______

______, Second Reader

Dr. Richard Smith

Date: ______

1

Student: Wenping Peng

I certify that this student has met the requirements for format contained in the University format manual, and that this Project is suitable for shelving in the Library and credit is to be awarded for the Project.

______

Dr. Cui Zhang, Graduate Coordinator Date

Department of Computer Science

1

Abstract

Of

Reliable, secure on-line bookstore implementation via java rmi and tomcat

by

Wenping Peng

During the recent e-commerce and e-business boom, building web-based applications has become more and more demanding in the marketplace. Many companies and individuals spend tremendous time and effort in building efficient Internet applications and implementing many e-commerce features such as search engines, on-line ordering, secure transactions, and password protection to be more competitive.

The goal of this project is to simulate a real on-line bookstore and build a reliable, secure web application of an on-line book ordering system, using Tomcat as the web server. Tomcat provides support for Java Servlet and JSP technologies. It has become the most popular web server of Internet services with many advantages such as open source, efficiency, security, and multi-platform. This project was written in Java and JavaScript. Java was chosen in this project as the programming language because it’s object-oriented nature is perfect for server-side programming. Java also provides a huge number of built-in network capabilities that make it easy to develop Internet-based and web-based applications. Java RMI (Remote Method Invocation) technology was implemented in this project for multiple server and client communication. All the application servers: Primary name server, Replication name server, Authentication Server, Book Server, Credit Card server, and Book Administrator Server can be located on different machines, they will work as a whole to provide services to the clients through the Internet.

______, Committee Chair

______, Date

ACKNOWLEDGMENTS

I would like to thank my project advisers Dr Ghansah, and my project second reader: Dr. Dick Smith for their genuine advice and help.

I would also like to thank all the professors in CSUS in computer science. Their dedicated work and knowledge made it possible for me to get my degree in computer science.

Table of contents

List Of Figures...... 9

Chapter 1: introduction and background

1.1 Motivation and Background...... 10

1.2 Purpose...... 11

1.3 Brief application Description...... 11

1.4 Document Organization...... 12

Chapter 2: Technology Implementation

2.1 Java RMI ...... 14

2.2 Java Servlet...... 17

Chapter 3: Project architectural design

3.1 The Top-Level Schema....... 20

3.2 Client Server Communication....... 22

3.3 Reliability Consideration: Replicate name servers....... 24

3.4 Security Consideration: Password Encryption....... 25

3.5 Implementation environment and languages...... 26

Chapter 4: Project function design

4.1 Logical flow for user login...... 30

4.2 Logical flow of book searching services...... 31

4.3 Logical flow for purchase book...... 33

4.4 Logical flow for book Administrator...... 36

Chapter 5: System configuration

5.1 Install Java JDK Package...... 40

5.2 Install and Configure Tomcat...... 40

5.3 Install Servlet...... 42

5.4 Create Application Directory....... 42

Chapter 6: Results and Conclusion

6.1 Summary and Results ...... 46

6.2 Problems encountered and solutions...... 46

6.3 Other Chanlleges...... 47

6.4 Future Enhancements...... 49

BIBLIOGRAPHY...... 50

appendix Auser manual...... 51

appendix B list of javaPrograms...... 59

appendix c list of JSP PROGRAMS...... 107

LIST OF FIGURES

Figure 1 Connections made when client uses RMI...... 14

Figure 2: Client to servlet process flow...... 18

Figure 3 Application Structure Chart...... 20

Figure 4 Client server model diagram...... 23

Figure 5 JSP page work flow...... 29

Figure 6 Logical View of User login...... 30

Figure 7 User login interface...... 31

Figure 8 Logical View of book searching...... 32

Figure 9 Book searching interface...... 33

Figure 10 Logical View of credit card services...... 34

Figure 11 Interface of book purchasingservices...... 35

Figure 12 Interface of book purchasing confirmation...... 35

Figure 13 Logical View of Book Administration...... 36

Figure 14 Interface of book Administration...... 37

Figure 15 User interface of entering edit information...... 38

Figure 16 User interface of book edited confirmation...... 39

Figure 17 Tomcat web application directory structure...... 42

Chapter 1: introduction

1.1Motivation and Background

The recent e-commerce and e-business boom has created a great demand for on-line applications. This has led to the development of many very sophisticated web-based applications, providing many e-commerce features such as: Search engines, On-line ordering, secure transactions, and Password protection. The effectiveness and efficiency of the web-based application is dependent on the development and implementation of these features, which will provide the competitive edge in the current market place.

E-Commerce has provided an opportunity for many companies to find more cost effective ways of conducting their existing business and attracting new business. The companies are now able to conduct real-time secure transactions on-line, generating more income with lower costs, and promoting their products on-line to attract new customers.

E-Commerce also provides new and exciting opportunities to reach the global market on a real-time basis 24 hours a day and is available to millions of potential customers across the globe. Business analysts across the world are now predicting that by 2005, nearly one billion people worldwide will be shopping on-line, spending more than $5 trillion. The increasing needs for efficient web based applications and the challenges involved in building a powerful web application, was the motivation for this project.

1.2 Purpose

The purpose of the project is to design and build a web-based on-line application for a bookstore with multiple server and client communication, implementing new web technologies such as Tomcat, Java RMI and Java Servlet, which are very popular in network application development.

This application simulates a real on-line bookstore, like a minor version of Amazon.com. The main development tools used in this project are the following:

The web server in this project is Tomcat.

The programming language is Java. The multiple server and client communication feature will be implemented via Java RMI and Java servlet.

The web interface will be written in JSP.

The on-line bookstore is built to be a secure, reliable and flexible web application. It applies replications to improve the application’s reliability and applies encryption to enhance network security.

1.3 Brief Application Introduction

On-line bookstore is a web-based application that handles users’ general requests on line and provides services ranging from book searching, book purchasing to book inventory updating on line through different servers. The servers can be located on different computers.

The on-line bookstore’s functionalities include the following:
1) Verify the user/administrator’s login by the Authentication server.
2) Allow users to search for books on line by book id, book name, or book author through Bookshop Server.
3) Allow users to purchase books on-line by using their credit card information through Credit Card Server.
4) Allow book administrators to edit book inventory information on line through Book Admin Server.
5) Name server is replicated to increase the reliability and availability of this application.

1.4 Document Organization

The rest of this document is organized as follows:

Chapter 2 - Discusses the technologies: Java RMI and Java Servlet implemented in this project for network communication.

 Chapter 3 - Describes the high-level architectural design of this project, explains the structure and functionalities of this application and the reasons for choosing these software and development tools.

Chapter 4 - Discusses the functional design and describes all the possible data flows with page interface design in this project.

Chapters 5 - Introduces the system setup, software installation and configurations.

Chapter 6 - Summarizes the results, conclusion, challenges and future enhancement work of this project.

APPENDIX A – User Manual, Program lists and Test cases.

APPENDIX B – List of Java Programs.

APPENDIX C – List of JSP Programs

Chapter 2: Technologies Implementation

Java RMI and Java Servlet are the main technologies implemented in this application for network communication. This chapter talks about these two implementations in detail.

2.1 Java RMI

Introduction

Java RMI technology was implemented in this project for client-server communication. RMI (Remote method invocation) allows applications call object methods located remotely, sharing resources and processing load across systems. RMI allows any Java object type to be used as parameter. Remote Method Invocation (RMI) facilitates object function calls between Java Virtual Machines (JVMs) which can be located on separate computers.

Figure 1: Connections made when client uses RMI

Figure 1 shows the connections made by the client when using Java RMI, The client must contact to RMI registry, and request the name of the service. This part must come before figure. Do it for all figures.

1. The client calls the RMI service and processes the response.
2. The client calls the RMI service and processes the response.
3. The Client sends the response to web server and displays the response.

Steps for creating Java RMI

1) Define the remote interface.

The interface must extend the java.rmi.Remote and all methods must be declared to throw java.rmi.RemoteException . It specifies the characteristics of the methods provided by the server that are visible to its clients.

For example, in this project, the nameServer.java is the interface of name server.

2). Define the remote object implementation.

Remove all periods after close parenthesis in entire doc.

Write the implementation of the interface services. The class must be a subclass of (extend) java.rmi.server.UnicastRemoteObject and must implement the remote interface. The class is also required to define the constructor for the remote object and implement the methods that can be invoked remotely. For example, nameServerImpl.java should implement nameServer.java. This implementation will include a static main method to make this class a complete application. It creates a single instance of remote objects and registers the remote objects with the RMI registry.

3). Compile the interface and remote object implementation.

javac nameServer.java

javac nameServerImpl.java

4). Generate the skeletons and stubs.

rmic nameServerImpl

The stubs and skeletons are generated by the RMI’s rmic compiler, In this case, it will generate nameServerImpl_Skel.class and nameServerImpl_Stub.class

The stubs and skeletons are interface between the application layer and the rest of the system. It transmits data to the remote reference layer.

They communicate with each other through the transport layer by marshalling and unmarshalling parameters between client and the remote objects.

5). Write client

Developing a client that uses the remote interface that calls the services defined in the implementation. In this project, a helper class ConnectNS.java was created to connect to the name server on behalf of other application servers. All the other application server or servlet need to be a client when it registers to name server or get server name. For example, AuthenServerImpl.java will be the client when it register to name server.

6). Start Rmiregistry
Before start any server, rmiregistry need to be started in a new shell command window and left running... (UNIX and Windows)

rmiregistry <port-number>

On UNIX, a port number can be ranging from 5000 and 32767; On Windows, the default port is 1099.

7). Start the server and client application
In a new shell command window, run the server application:

java nameServerImpl

and in anther new shell command window, run the client application:

java AuthenServerImpl 4998

The messages will be displayed in the shell screen and indicated that the name server and client is running successfully.

2.2 Java Servlet

Introduction

Java Servlet technology provides web developers with a simple, consistent mechanism for extending the functionality of a web server and for accessing existing business systems. Servlets are precompiled Java programs that are executed on the server side. Servlets are the Java platform technology of choice for extending and enhancing web servers. Java servlet have made many web applications possible. It provides a component-based, platform-independent method for building web-based applications, without the performance limitations of CGI programs. And unlike proprietary server extension mechanisms (such as the Netscape Server API or Apache modules), servlets are server and platform independent.

Servlets have access to the entire Java family, including the JDBC API to access enterprise databases. Servlets can also access a library of HTTP-specific calls and receive all the benefits of the mature Java language, including portability, performance, reusability, and crash protection. In recent web development, servlets are a popular choice for building interactive web applications.

Figure 2: client to servlet process flow

Client to servlet process

Figure 2 shows the process flow when servlet handles requests from client. Servlet can user client input passed by an HTML form and return response. It dynamically builds a HTML document based on the client’s request. Servlet is written in Java, hence it has all the advantages of java programming language: platform independent, object oriented, network communication and multithreaded features etc.

Servlets/JSP require a Container, and Apache Tomcat is the reference implementation of the Servlet/JSP Specs. That’s one reason why Tomcat was chosen to be the JSP and servlet container in this application. When properly installed and configured, Tomcat will handle servlet requests at port 8080. Servlet can be accessed at

Servlet Methods

Servlet interacts between client and server. It has some basic methods such as:

doGet, if the servlet supports HTTP GET requests

doPost, for HTTP POST requests

doPut, for HTTP PUT requests

doDelete, for HTTP DELETE requests

init and destroy, to manage resources that are held for

When Servlet building a dynamic web page according to the response??, it will get a PrintWriter associated with the webserver’s

output stream and

write response data via this PrintWriter with all necessary the HTML formats.

Chapter 3 Application architectural design

LOGIN PASSWORD GOES TO jsp IN THE CLEAR. IT MUST BE ENCRYPTED TO PROVIDE PROPER SECURITY.

This chapter discusses the high-level architectural design of this application, address the design logic and functionalities of each server, and explain the client-server model which is the fundamental of network communication.

3.1 The Top-Level Schema.

login

Get Service Register

Get server name

User

Register

Get Service

Get Server Name

Payment

Register

Get Service

Get Server Name

Register

Get Service

Get Server Name

Figure 3 Application Structure Chart

Figure 3 above demonstrates the architectural design of the bookstore application. This Application is composed of six servers. The purpose and the data flow of each server is described as follows:

1). Name Server: primary name server and replicated name server
All the application servers (Authentication Server, Book Server, Credit Card Server, Book Administrator Server) should register themselves to the name server before they can be up and running and provide services. The name server stores all the physical addresses of other running servers and provides the server’s name when requested. Name server was replicated to increase the availability to the clients. (for detailed explanation of replication, please refer to section 3.3 “Reliability Consideration”).

2). Authentication Server

The purpose of Authentication server is to verify user/administrator login information. Authentication servlet forwards the login request from JSP page and connects to name server to find out the Authentication server’s address and then connects to the Authentication server to get the login verification.

3). Book Server

The purpose of Book Server is to provide the user ability to search for books by different criteria. Bookshop servlet first captures the search criteria and then connects to name server to find the Bookshop server’s address and then connects to the Bookshop server to get the search result.

4). Credit Card Server

The purpose of Credit Card Server is to facilitate the application to process the payment for user’s on-line book purchases. Creditcard servlet first captures all the purchase information and then connects to name server to find the credit card server name and then connects to the Credit card Server to put charges into customer’s credit card balance.