chapter 4: core web technologies. contents - chapter 1 o exchanging information over the internet...

Chapter 4:Core Web Technologies

Contents - Chapter 1 Exchanging information over the Internet

HTTP, HTML URI, URI Web server, web browser

Web services for supporting remote clients Applets Common Gateway Interface (CGI) Servlets

Application servers Middleware for Web applications J2EE

Web technologies for application integration Middleware extensions Firewalls and tunneling

Before and after the web Early protocols, applications

Telnet: to log in to a remote machine SMTP: Simple Mail Transfer Protocol FTP: File Transfer Protocol Archie: FTP to create a distributed file system Gopher: GUI for publishing and accessing text files over the Internet

Web technologies Web server Web browser HTTP: HyperText Transfer Protocol HTML: HyperText Markup Language URI: Uniform Resource Identifier URL: Uniform Resource Locator

Proxy

Acts as a server and client Caching Block undesired sites Log usage Bypass blocks Scan outgoing traffic

HTTPclient

wid

e a

rea n

etw

ork

(In

tern

et)

HTTPproxy

HTTPserver

HTTPgateway

fire

wall

fire

wall

HTTP tunnel

Gateway

Acts as an intermediary for a server Keeps machines anonymous Controls access to the network Performs load-balancing,

authentication, decryption

HTTPclient

wid

e a

rea n

etw

ork

(In

tern

et)

HTTPproxy

HTTPserver

HTTPgateway

fire

wall

fire

wall

HTTP tunnel

Firewall

Blocks unauthorized access, permits authorized communications

permit / deny / encrypt / decrypt / proxy all computer traffic between different security domains

HTTPclient

wid

e a

rea n

etw

ork

(In

tern

et)

HTTPproxy

HTTPserver

HTTPgateway

fire

wall

fire

wall

HTTP tunnel

Tunnel

Acts as a blind relay between two connections

Encapsulate protocols within HTTP or SSH (Secure Shell) to get through what the firewall would prevent

HTTPclient

wid

e a

rea n

etw

ork

(In

tern

et)

HTTPproxy

HTTPserver

HTTPgateway

fire

wall

fire

wall

HTTP tunnel

Secure Socket Layer (SSL)

Normally HTTP traffic is not encrypted, it can be “sniffed” SSL uses public key encryption HTTPS: HyperText Transfer Protocol over Secure sockets layer HTTP “cookies” are used to store data on the client machine

HTTPSclient

Secure Sockets Layer (SSL)

HTTPSserver

TCP/IP

network layer

application layer

client

client

server (resource manager)

middleware

wid

e a

rea n

etw

ork

(In

tern

et) HTTP

clientHTTPserver

Copyright Springer Verlag Berlin Heidelberg 2004

A 3-tier architecture on the web

“Let’s put an ATM” in every home”

Business-to-consumer (B2C) interaction

The web browser is a universal client

middleware

Web server

client

browser

java virtual machine

applet

wid

e a

rea n

etw

ork

(In

tern

et)

fire

wall



Applets

HTTP is a document exchange protocol, it’s static

Applets are downloadable programs

The server sends the appropriate program each time

The web browser becomes a universal client

Code must be small for rapid transfer

middleware

Web server

browser

wid

e a

rea n

etw

ork

(In

tern

et)

fire

wall

HTTP GET request

client

CGI program



Common Gateway Interface

The CGI program is on the server and it has a URL

When the URL is accessed, the CGI program is executed and its output is saved as an HTML document

This saved document is returned to the web browser which then displays it

It is possible to pass parameters to CGI programs

middleware

browser

wid

e a

rea n

etw

ork

(In

tern

et)

fire

wall

HTTP GET request

client

Web server

Java server process

Java thread



Servlets

Similar to CGI, but “lightweight”

Run as Java threads Saves the cost of

context switching Memory efficient Can be stateless

connection to resource mgmt layer

presentation layer

resource management layer

application logic layer

client

application server

Web server

wid

e a

rea n

etw

ork

(In

tern

et)

fire

wall HTTP

browser

other protocols

other servers (email,

SOAP,..)


Application servers

It’s a middleware platform that provides support for Web access

Covers both the application logic and the presentation layer

Prepares, dynamically generates, manages document

support for communication and presentation

Servlets JavaServer Pages (JSP)

Enterprise Java Beans (EJB)

Java DataBase Connectivity

(JDBC)

Java Naming and Directory Interface

(JNDI)

support for the application integration

Java 2 Connector Architecture (J2CA)

Java Message Service (JMS)

Java transaction API (JTA)

Java API for XML Processing (JAXP)

JavaMail

Java Authentication and Authorization Service (JAAS)

support for access to resource managers


J2EE – main components

Enterprise Java Beans (EJB) Implement the application logic Deliver application specific functionality Three types of beans

Session beans: handle session with a client (stateful/stateless) Entity beans: persistent beans stored in a database Message-driven beans: can create asynchronous interaction with clients

EJB container provides the environment in which the beans are run Web server Web browser HTTP: HyperText Transfer Protocol HTML: HyperText Markup Language URI: Uniform Resource Identifier URL: Uniform Resource Locator


presentation layerserv

ices

(load

bala

ncin

g,

poolin

g,

cach

ing

, tr

an

sacti

on

, p

ers

iste

nce,…

)

ad

min

istr

ati

on

(man

ag

em

en

t an

d

secu

rity

)

application

server

EJB EJB

JDBC

EJB

JNDI

J2CA resource adapter

J2CA resource adapter

other adapters

DBMS applications

enterprise system 1

enterprise system 2

enterprise system n

EJB container

JMS


Web server

E-mail serverservers for other connections (e.g.,

WAP)

presentation layer

Servlets JSPs

multidevice content delivery

personalization logic

connection to resource mgmt layer

resource management layer


serv

ices

(load

bala

ncin

g,

poolin

g,

cach

ing

,…

) XML support

Web services support

ad

min

istr

ati

on

(man

ag

em

en

t an

d

secu

rity

)

application server

client


Clients supported by an application server Web browsers requesting HTML pages with or without applets

Use HTTP or HTTPS. Applications similar to those in conventional middleware Devices such as cell phones or PDAs

Wireless application protocol (WAP), wireless markup language (WML) E-mail programs

Simple mail transport protocol (SMTP) Web services clients

Simple Object Access Protocol (SOAP)

client


middleware

client


middleware

wid

e a

rea n

etw

ork

(In

tern

et)


Possible ways to connect

client


middleware

client


middleware

wid

e a

rea n

etw

ork

(In

tern

et)

remote-middlewareprotocol

WAN communicationprotocol

remote-middlewareprotocol



Direct integration of middleware platforms

client

wid

e a

rea n

etw

ork

(In

tern

et)

Web server

clientWeb

server

fire

wall

fire

wall

HTTP tunnel



middlewareremote-middleware

protocol


middlewareremote-middleware

protocol



Using integrated platforms Firewalls and tunneling

Tunneling: protocols which would be blocked by the firewall are hidden under protocols that are accepted by the firewall

Mostly done through HTTP or SSH (Secure Shell) Results in a cumbersome architecture

EDIFACT (Electronic Data Interchange for Administration, Commerce, and Transport) Provides standard templates for messages and contents of messages Contains fields such as:

• Interchange header (ID, password, date/time)

• Message header (type of message)

• User data segments (the payload)

• Message Trailer (end message, check for completeness)

• Interchange trailer (end interchange, check for completeness)

Summary Decades of accumulated knowledge on multi-tier architectures Use the same technology over the Internet The client can be on

A Local Area Network (LAN) Over the Internet Architectural implications and design constraints from using the Web are

important

chapter 4: core web technologies. contents - chapter 1 o exchanging information over the internet...

Documents

server o

applets o http

network o

time o

connections o

http traffic

gateway o acts

proxy o acts