UTS Advanced Internet Programming
Assignment 2
Lecturer: Ryan Heise
Tutor: Kevin Lee
Due date: 1/11/2012
Submission date: 1/11/2012
Group members
Fei Nan (student ID 11312042)
Rui Chen (student ID 11177589)
Yushi Zhou (student ID 11361666)
1|Page
UTS 2012 AIP assignment2
Table of Contents
Team members and their roles ....................................................................................................... 3
An overview of your application ..................................................................................................... 3
The database design ........................................................................................................................ 5
Database definitions........................................................................................................................ 5
Installation/setup instructions ...................................................................................................... 11
The web site map .......................................................................................................................... 12
The system design ......................................................................................................................... 12
Technologies and tools .................................................................................................................. 13
A brief discussion of relevant issues such as security, transaction processing. ............................ 13
Security ...................................................................................................................................... 13
Transaction ................................................................................................................................ 14
Reference. ..................................................................................................................................... 16
2|Page
UTS 2012 AIP assignment2
Team members and their roles
Name
Rui Chen
Yushi Zhou
Roles
Fei Nan
An overview of your application
The web application is a fully featured ecommerce web site. There are three sections inside the
web site, including the customer section, the administrator section and the supplier section.
The customer section allows the user to view a list of products, to enter product orders and to
view an order. It includes the product stock feature and the AJAX is used so that the customer
does not have to refresh the page in order to see the latest web page. It assumes there are
limited product stock levels. The administrator section allows an administrator to list orders and
to update orders. Finally, the supplier section allows a supplier to list and update orders via web
services.
The assignment 2 project contains an application xml and it contains the information of the
whole web project. There are several parts including the display-name used in the glassfish
console page, contains the context-root, the assignment2-ejb.jar file name and the
assignment2-war.war (presentation).
The glassfish-resources.xml contains all the database configuration details and the Postgresql is
used in the project. The Database server name, port Number, database Name, user, password,
URL, driver class and the JNDI name are all specified here.
The persistence.xml contains all the details of the JPA such as the jta-data-source name, the
persistence unit name, persistence provider and the data source name. The web.xml inside the
assignment2-war contains the configuration details of session-timeout, The Richfaces skin used,
and the face servlet class name, and java servlet mapping. Next, The EJB XML contains all the jar
files and all the compiled EJBs descriptions. Finally, the war XML contains web.xml.
The MVC architecture is used in the assignment project, containing the model, view and
controller tires.
There are assignment2-ejb.jar and assignment2.war inside the assignment2.ear file.
The View/Presentation layer
The assignment2.war is the presentation layer and JSF is used.
3|Page
UTS 2012 AIP assignment2
Programmers had to mix the java code and html code in the JSP in the past. It makes the
maintenance hard since programmers are not good at designing the page visually and the
graphic designers are not good at java code. With the introduction of JPA, both programmer and
graphic designers can perform their parts properly with little concerning about each other’s
aspects since JPA separates the html from the java bean code.
XHTML are used instead of JSP pages in JSF since JSP pages are replaced by XHTML pages and
managed beans. Facets are used inside the XHTML to define UI component and it is bound to
the managed bean and managed beans provide the code of events handling. The UI
components are similar to desktop visual components, but it is for the Web developer instead.
In conclusion, JSF separates the XHTML and the Java class called “managed bean”.
All the pages contain header, footer and the content. The Facelets are used to provide a
standard web interface layout easily. Template and snippets are used in the project and three
files are involved. Firstly, a template xhtml file defines all the common elements section among
different pages such as header, footer and content. Secondly, the web view XHTML pages define
pages using the template defined in the first step. Finally, the contents of header, footer and
contents are specified using the JSF UI components. The JSF is designed to accept extensions.
Therefore, Richfaces technology is also used in the application.
Richfaces is a rich JSF component library. There are three parts inside it. Namely; JSF-AJAS
components enabling developers worry nothing about JavaScript, skins changing the look of the
Web application in terms of colors and component development kit (CDK) enabling users to
build and test new components. It works with any servlet container and application server and
fits in Portals such as JBoss and WebLogic. Richfaces works with any JSF implementation.
The assignment2-ejb.jar consists two layers including the model layer and the controller
(business) layer. The following paragraphs outline the details implementations of the two layers.
The model layer
JPA is used for the model layer. In the past, the EJB entity beans used to play the role of the DAO.
However; it is replaced by JPA technology from Oracle now. SQL is heavily used in the past by
vast programmers and they have to write a lot of similar or repetitive SQL code. That was so
tedious and time consuming that it was possible for the programmers to make careless SQL
related mistake. JPA releases the programmer from writing heavily SQL code and programmers
use ORM. They can focus on the class and objects instead of SQL, which is a big improvement.
There are entity and DAO classes inside the layer.
The controller layer
The controller is configured inside a faces-config.xml file under the configuration files directory
of the assignment2-war folder. The rules of navigations of all the pages are defined there
including either redirect or forward from one page to the other page.
4|Page
UTS 2012 AIP assignment2
The database design
Database definitions
/*
Navicat PGSQL Data Transfer
5|Page
UTS 2012 AIP assignment2
Source Server
: localhost_5432
Source Server Version : 90201
Source Host
: localhost:5432
Source Database
: aip_assignment2
Source Schema
: public
Target Server Type : PGSQL
Target Server Version : 90201
File Encoding
: 65001
Date: 2012-10-18 00:03:10
*/
-- ----------------------------- Table structure for "public"."account"
CREATE TABLE "public"."account" (
"id" int4 DEFAULT nextval('account_id_seq'::regclass) NOT NULL,
"name" varchar(100) NOT NULL,
"password" varchar(100) NOT NULL,
"role" varchar(50) NOT NULL,
"created_on" timestamp(6) DEFAULT now() NOT NULL
)
-- Table structure for "public"."address"
CREATE TABLE "public"."address" (
"id" int4 DEFAULT nextval('address_id_seq'::regclass) NOT NULL,
6|Page
UTS 2012 AIP assignment2
"number" varchar(20) NOT NULL,
"street" varchar(50) NOT NULL,
"suburb" varchar(50) NOT NULL,
"state" varchar(50) NOT NULL,
"postcode" varchar(20) NOT NULL,
"country" int4 NOT NULL
)
-- Table structure for "public"."country"
CREATE TABLE "public"."country" (
"id" int4 DEFAULT nextval('country_id_seq'::regclass) NOT NULL,
"name" varchar(50) NOT NULL
)
-- Table structure for "public"."credit_card"
CREATE TABLE "public"."credit_card" (
"id" int4 DEFAULT nextval('credit_card_id_seq'::regclass) NOT NULL,
"type" int4 NOT NULL,
"number" varchar(50),
"security_code" varchar(10),
"expiry_month" int4,
"expiry_year" int4
)
-- Table structure for "public"."credit_card_type"
CREATE TABLE "public"."credit_card_type" (
"id" int4 DEFAULT nextval('credit_card_type_id_seq'::regclass) NOT NULL,
"name" varchar(50) NOT NULL
7|Page
UTS 2012 AIP assignment2
)
-- Table structure for "public"."customer"
CREATE TABLE "public"."customer" (
"id" int4 DEFAULT nextval('customer_id_seq'::regclass) NOT NULL,
"name" int4 NOT NULL,
"email" varchar(200) NOT NULL,
"address" int4 NOT NULL,
"credit_card" int4 NOT NULL
)
-- Table structure for "public"."person_name"
CREATE TABLE "public"."person_name" (
"id" int4 DEFAULT nextval('person_name_id_seq'::regclass) NOT NULL,
"title" int4 NOT NULL,
"surname" varchar(100) NOT NULL,
"given_name" varchar(100) NOT NULL
)
-- Table structure for "public"."person_title"
CREATE TABLE "public"."person_title" (
"id" int4 DEFAULT nextval('person_title_id_seq'::regclass) NOT NULL,
"name" varchar(20) NOT NULL
)
-- Table structure for "public"."product"
CREATE TABLE "public"."product" (
"id" int4 DEFAULT nextval('product_id_seq'::regclass) NOT NULL,
"name" varchar(100) NOT NULL,
8|Page
UTS 2012 AIP assignment2
"category" int4 NOT NULL,
"price" numeric NOT NULL,
"stock" int4 DEFAULT 0 NOT NULL,
"description" varchar(4000) DEFAULT ''::character varying NOT NULL,
"created_on" timestamp(6) DEFAULT now() NOT NULL
)
-- Table structure for "public"."product_category"
CREATE TABLE "public"."product_category" (
"id" int4 DEFAULT nextval('product_category_id_seq'::regclass) NOT NULL,
"name" varchar(100) NOT NULL,
"description" varchar(4000) DEFAULT ''::character varying NOT NULL
)
-- Table structure for "public"."purchase"
CREATE TABLE "public"."purchase" (
"id" int4 DEFAULT nextval('purchase_id_seq'::regclass) NOT NULL,
"number" varchar(100) NOT NULL,
"customer" int4 NOT NULL,
"status" varchar(7) DEFAULT 'ORDERED'::character varying NOT NULL,
"created_on" timestamp(6) DEFAULT now() NOT NULL
)
-- Table structure for "public"."purchase_product"
CREATE TABLE "public"."purchase_product" (
"id" int4 DEFAULT nextval('purchase_product_id_seq'::regclass) NOT NULL,
"purchase" int4 NOT NULL,
"product" int4 NOT NULL,
9|Page
UTS 2012 AIP assignment2
"quantity" int4 NOT NULL
)
ALTER TABLE "public"."account" ADD PRIMARY KEY ("id");
ALTER TABLE "public"."address" ADD PRIMARY KEY ("id");
ALTER TABLE "public"."country" ADD PRIMARY KEY ("id");
ALTER TABLE "public"."credit_card" ADD PRIMARY KEY ("id");
ALTER TABLE "public"."credit_card_type" ADD PRIMARY KEY ("id");
ALTER TABLE "public"."customer" ADD PRIMARY KEY ("id");
ALTER TABLE "public"."person_name" ADD PRIMARY KEY ("id");
ALTER TABLE "public"."person_title" ADD PRIMARY KEY ("id");
ALTER TABLE "public"."product" ADD PRIMARY KEY ("id");
ALTER TABLE "public"."product_category" ADD PRIMARY KEY ("id");
ALTER TABLE "public"."purchase" ADD UNIQUE ("number");
ALTER TABLE "public"."purchase" ADD PRIMARY KEY ("id");
ALTER TABLE "public"."purchase_product" ADD PRIMARY KEY ("id");
ALTER TABLE "public"."address" ADD FOREIGN KEY ("country") REFERENCES "public"."country"
("id") ON DELETE RESTRICT ON UPDATE CASCADE;
ALTER TABLE "public"."credit_card" ADD FOREIGN KEY ("type") REFERENCES
"public"."credit_card_type" ("id") ON DELETE RESTRICT ON UPDATE CASCADE;
ALTER TABLE "public"."customer" ADD FOREIGN KEY ("address") REFERENCES "public"."address"
("id") ON DELETE RESTRICT ON UPDATE CASCADE;
ALTER TABLE "public"."customer" ADD FOREIGN KEY ("credit_card") REFERENCES
"public"."credit_card" ("id") ON DELETE RESTRICT ON UPDATE CASCADE;
ALTER TABLE "public"."customer" ADD FOREIGN KEY ("name") REFERENCES
"public"."person_name" ("id") ON DELETE RESTRICT ON UPDATE CASCADE;
ALTER TABLE "public"."person_name" ADD FOREIGN KEY ("title") REFERENCES
"public"."person_title" ("id") ON DELETE RESTRICT ON UPDATE CASCADE;
10 | P a g e
UTS 2012 AIP assignment2
ALTER TABLE "public"."product" ADD FOREIGN KEY ("category") REFERENCES
"public"."product_category" ("id") ON DELETE RESTRICT ON UPDATE CASCADE;
ALTER TABLE "public"."purchase" ADD FOREIGN KEY ("customer") REFERENCES
ALTER TABLE "public"."purchase_product" ADD FOREIGN KEY ("purchase") REFERENCES
"public"."purchase" ("id") ON DELETE RESTRICT ON UPDATE CASCADE;
ALTER TABLE "public"."purchase_product" ADD FOREIGN KEY ("product") REFERENCES
"public"."product" ("id") ON DELETE RESTRICT ON UPDATE CASCADE;
Installation/setup instructions
1.
2.
3.
4.
5.
6.
7.
Install GlassFish v3.1.2.2
Install PostgreSQL 9.1
Install Richfaces
Create a database named "aip_assignment2"
Execute the SQL file "public.sql" in the sub folder "others".
Deploy the WAR file
Setup the Datasource named "jdbc/32549/assignment1/local" with
linked pool.
8. Create the admin user "orders" with password "orderspw" in the
domain "file".
11 | P a g e
UTS 2012 AIP assignment2
The web site map
The system design
UML
12 | P a g e
UTS 2012 AIP assignment2
A customer can search a product of a particular category and add the product to a shopping cart.
Next, they can either check out or continue their shopping online.
Technologies and tools
Various tools or technologies are used in this assignment including Netbeans, the glassfish
server, postgres, JSF and Richfaces.
A brief discussion of relevant issues such as security, transaction
processing.
EJB is used in the application so that programmer can focus developing their business logic
instead of considering security, transaction and etc. The Java Enterprise container provides
security, transaction processing for programmers.
Security
13 | P a g e
UTS 2012 AIP assignment2
Security protects an application from attacks and keeps the application from hose external to
the application. Furthermore, it also stops those application users who try to exceed their
authority (UTS lecture AIP slides 2012). The basic principles include confidentiality, integrity and
availability. The classes of techniques in authentication includes password, token, biometric and
certificate.
One of the reasons for Java Enterprise Edition so successful is good enterprise security features
inside its J2EE web container. In fact, security is an important feature when it is invented. When
a class is loaded into the JVM, it does to the class loader, byte code verifier and the security
manager. The security manage is defined declaratively in a policy file.
The JAVA Enterprise application security relies on the Containers provide access to security
services. These include the web containers provide access to HTTP security services and the EJB
containers provide access to EJB security services. The security may be implemented using
either declaratively or programmatically. In other words, developers let the container do most
of the work or they write code to do the work.
There are advantages and disadvantages of J2EE security implementations. Declarative security
is better for the following situations including let the container manage the security, changing
security doesn't require changing compiled code. However; it is coarse-grained since granularity
is on a per-file (servlet, JSP or HTML/GIF/JPG) level. In contrast, the programmatic security gives
you more control, but it may introduce business logic into presentation tier and it is a bad
practice.
The HTTP basic authentication is used for our application and user will be prompted to enter
their log in and password when accessing either the admin related web pages or the supplier
related web pages. Declarative web security is configured in an XML file. The login-config,
security-role and security-constraint are specified in the XML configuration file.
Transaction
A transaction means a group of activities and it might include either accesses one or more
shared resources or a set of one or more related activities. All those activities must be
completed together or not at all. Begin transaction, commit transaction and abort transaction
are the main operations.
All transactions have the following “ACID” properties
•
Atomicity
–
•
"all or nothing" happens
Consistency
14 | P a g e
UTS 2012 AIP assignment2
•
–
Different objects accessing data see a consistent view
–
System is always in a "consistent" state
Isolation
–
•
Cannot view intermediate results of other transactions
Durability
–
Ensure that committed data remains committed, and uncommitted data is
rolled back, in the event of failure
Declarative web transactions are impossible and it must be accomplished programmatically.
One of the J2EE goals is to manage transactions by the EJB container and the servlets or JSPs
should only have presentation logic. In other words, they should only be formatting the data,
not carrying out any business logic, therefore should not need transactions.
Our Web application leaves it to the container / transaction manager with all the possible things
that could go wrong during a transaction. In other words, the container manages all the
potential issues or problems during the transactions.
15 | P a g e
UTS 2012 AIP assignment2
Reference.
UTS AIP LECTURE slides, 2012, http://online.uts.edu.au
16 | P a g e
UTS 2012 AIP assignment2