Download SSSS - Computer Science

Document related concepts
no text concepts found
Transcript
Web Applications
Development
(Approaches & Techniques)
Dr. Awad Khalil
Computer Science Department
AUC
Web Applications, Concepts&Tools,
by Dr. Khalil
1
Content






The Web as an Application Platform
Development Approaches
Client-side Approach
 Scripting languages such as JavaScript, Perl, and PHP
Server-side Approach
 CGI (Common Gateway Interface)
 API (Application Programming Interface)
Examples of APIs and development Platforms
 Netscape API (NSAPI).
 Microsoft’s Web Solution Platform with Active Server Pages (ASPs) and
Active Data Objects (ADO)
 Java Solutions (SQLJ, Servlets, and JavaServer Pages, and JDBC.
Database Connectivity APIs
 ODBC (Open Data Base Connectivity)
 JDBC (Java Data Base Connectivity)
Web Applications, Concepts&Tools,
by Dr. Khalil
2
The Web as an Application Platform
Requirements

An open-architecture approach to allow interoperability with a variety of
systems and technologies; for example, support for:












Different Web servers;
Microsoft’s (Distributed) Common Object Model (DCOM/COM);
CORBA/IIOP (Internet Inter-ORB protocol);
Java/RMI (Remote Method Invocation).
The ability to access valuable corporate data in a secure manner.
Data and vendor independent connectivity to allow freedom of choice in the
selection of the DBMS now and in the future
The ability to interface to the database independent of any proprietary Web
browser or Web server.
A connectivity solution that takes advantage of all the features of an
organization’s DBMS.
A cost-effective solution that allows for scalability, growth, and changes in
strategic directions.
Support for transactions that span multiple HTTP requests.
Support for session- and application-based authentication.
Minimal administration overhead.
Web Applications, Concepts&Tools,
by Dr. Khalil
3
Web Application








Advantages
Simplicity
Platform independence
Graphical User Interface
Standardization
Cross-platform support
Transparent network
access
Scalable deployment
Innovation









Disadavantages
Reliability
Security
Cost
Scalability
Limited functionality of
HTML
Stateless
Bandwidth
Performance
Immaturity of development
tools
Web Applications, Concepts&Tools,
by Dr. Khalil
4
Web Application Architecture

Web applications may be created
using
various
approaches.
However, there are a number of
components that will form
essential building blocks for such
applications. Typically, the Web
application architecture is a threetier architecture (at least) in
which:

A Web Browser acting as
the “thin” client.

A Web Server acting as
the application server.

A Database Server acting
as the third tier.
Web Applications, Concepts&Tools,
by Dr. Khalil
5
Web Applications, Concepts&Tools,
by Dr. Khalil
6
Browser Layer
 The
browser is the client of a Web application, and it
has two major functions:
 First, it handles the layout and display of HTML
documents.

Second, it executes the client-side extension
functionality such as Java, JavaScript, and ActiveX
(a method to extend a browser’s capabilities).
 The
two most popular browsers at the present are
Netscape Navigator (Netscape for short) and Microsoft
Internet Explorer (IE). They have their own advantages
and disadvantages with respect to Web applications.
Web Applications, Concepts&Tools,
by Dr. Khalil
7
IE versus Netscape
 Both browsers support Java, JavaScript, and IE also
support ActiveX.
 Netscape
is supported on numerous platforms, whereas
IE runs only on Microsoft systems (e.g., Windows XP,
2000, 98 and NT).
 IE
offers compatibility with other Microsoft products
and can easily be integrated with existing tools such as
Word, Excel and PowerPoint. The drawback is that IE
heavily dependent on the Windows platforms and other
Microsoft proprietary systems.
 ActiveX
is designed to extend the functionality of IE,
and works only on Windows platforms and Macintosh
System 7+.
Web Applications, Concepts&Tools,
by Dr. Khalil
8
The Application Logic Layer
 The application logic layer is the part of a Web
application with which a developer will spend the
most time. It is responsible for:

Implementing the business rules;

collecting data for a query (e.g., an SQL
statement);

preparing and sending the query to the
database via the database connection layer;

retrieving the results from the connection layer;

formatting the data for display.
Web Applications, Concepts&Tools,
by Dr. Khalil
9
Database Gateways for Database Connectivity

A Web database gateway (middleware)is a bridge between the Web and a
DBMS, and its objective is to provide a Web-based application the ability to
manipulate data stored in the database.

Web database gateways link stateful systems (i.e., databases) with a stateless,
connectionless protocol (i.e., HTTP).

HTTP is a stateless protocol in the sense that each connection is closed once the
server provides a response. Thus, a Web server will not normally keep any
record about previous requests. This results in an important difference between
a Web-based client-server application and a traditional client-server application.

In a Web-based application, only one transaction can occur on a connection. In
other words, the connection is created for a specific request from the client.
Once the request has been satisfied, the connection is closed. Thus, every
request involving access to the database will have to incur the overhead of
making the connection.

In a traditional application, multiple transactions can occur on the same
connection. The overhead of making the connection will only occur once at the
beginning of each database session.
Web Applications, Concepts&Tools,
by Dr. Khalil
10
The Database Connection Layer

This is the component which actually links a database to the Application layerr.

Many current Web database building tools offer database connectivity solutions
and they are used to simplify the connection process.

The database connection layer provides a link between the application logic
layer and the DBMS. Connection solutions come in many forms, such as
 DBMS net protocols,
 API (Application Programming Interface) or class libraries, and programs
that are themselves database clients. Some of these solutions resulted in
tools being specifically designed for developing Web database applications.

In Oracle, for example, there are native API libraries for connection and a
number of tools, such as Web Publishing Assistant, for developing Oracle
applications on the Web.

The connection layer within a Web database application must accomplish a number of
goals. They have to provide access to the underlying database, and they also need to be
easy to use, efficient, flexible, robust, reliable, and secure. Different tools and methods
fulfill these goals to different extents.
Web Applications, Concepts&Tools,
by Dr. Khalil
11
The Database Layer
 This
is the place where the underlying database resides
within the Web database application.
 The
database is responsible for storing, retrieving, and
updating data based on user requirements, and the
DBMS can provide efficiency and security measures.
 In
many cases, when developing a Web application, the
underlying database has already been in existence. A
major task, therefore, is to link the database to the Web
(the connection layer) and to develop the application
logic layer.
Web Applications, Concepts&Tools,
by Dr. Khalil
12
Web Development Approaches

There are a number of
different ways for creating
web
applications.
Generally, they can be
grouped
into
two
categories:


Client-Side Solutions.
Server-Side Solutions.
Web Applications, Concepts&Tools,
by Dr. Khalil
13
Client-side Solutions

The client-side solutions include two types of approaches for web applications’
development:
 browser extensions
 external applications.

Browser extensions are add-ons to the core Web browser that enhance and
augment the browser’s original functionality. Specific methods include plugins for Netscape and IE, and ActiveX controls for IE. Also, both types of
browsers (Netscape and IE) support Java and JavaScript languages (i.e., Java
applets and JavaScript can be used to extend browsers’ capabilities).

External applications are helper applications or viewers. They are typically
existing database clients that reside on the client machine and are launched by
the Web browser in a particular Web application. Using external applications is
a quick and easy way to bring legacy database applications online, but the
resulting system is neither open nor portable. Legacy database clients do not
take advantages of the platform independence and language independence
available through many Web solutions. Legacy clients are resistant to change,
meaning that any modification to the client program must be propagated via
costly manual installations throughout the user base.
Web Applications, Concepts&Tools,
by Dr. Khalil
14
Browser Extensions

These types of gateways take advantage of the resources of the
client machine to aid server-side applications.

Remember, however, it is advantageous to have a thin client.
Thus, the scope of such programming on the client-side should be
limited.
A very large part of the web application should be on the serverside.


Browser extensions can be created by incorporating support
for:
 Scripting Languages (JavaScript, Jscript, VBScript, Perl, and
PHP)
 Java (Applets)
 ActiveX
 Plug-Ins
Web Applications, Concepts&Tools,
by Dr. Khalil
15
Scripting Languages
JavaScript & JScript





JavaScript and Jscript are virtually identical interpreted scripting languages
from Netscape and MicroSoft, respectively.
JavaScript is a scripting language that allows programmers to create and
customize applications on the Internet and Intranets.
On the client-side, it can be used to perform simple data manipulation such as
mathematical calculations and form validation.
JavaScript code is normally sent as a part of HTML document and is executed
by the browser upon receipt (the browser must have the script language
interpreter). On the server-side, LiveWire (an online development environment
for server-side JavaScript) works with Netscape, providing gateway
functionality such as access to databases.
It should note that JavaScript has little to do with Java language. JavaScript
was originally called LiveScript, but it was changed to benefit from the
excitement surrounding Java. The only relationship between JavaScript and
Java is a gateway between the former and Java applets (Web applications
written in Java). JavaScript provides developers a simple way to access certain
properties and methods of Java applets on the same page without having to
understand or modify the Java source code of the applet.
Web Applications, Concepts&Tools,
by Dr. Khalil
16
Scripting Languages
JavaScript & JScript

As a development tool, JavaScript on the client-side does not offer much
without the aid of a complementary tools such as Java, plug-ins, and CGI
(Common Gateway Interface). For examples,
If a Java applet on a page of HTML has access to a database, a
programmer can write JavaScript code to manipulate the applet.
 If there is a form on the HTML document and if an action parameter for
that form refers to a CGI program that has access to a database, a
programmer can write JavaScript code to manipulate the data elements
within the form and then submit it (i.e., submit a kind of request to a
DBMS).
JavaScript can improve the performance of a Web application if it is used for
client-side state management. It can eliminate the need to transfer state data
repeatedly between the browser and the Web server. Instead of sending an
HTTP request each time it updates an application state, it sends the state only
once as the final action. However, there are some side effects resulted from
this gain in performance. For example, it may result in the application
becoming less robust if state management is completely on the client-side. If
the client accidentally or deliberately exits, the session state is lost.


Web Applications, Concepts&Tools,
by Dr. Khalil
17
Scripting Languages
VBScript
VBScript is a Microsoft proprietary interpreted
scripting language whose goals and operations
are virtually identical to those JavaScript/Jscript.
 VBScript, however, has syntax more like Visual
Basic than Java.
 VBScript is a procedural language and so uses
subroutines as the basic unit.

Web Applications, Concepts&Tools,
by Dr. Khalil
18
Scripting Languages
Perl & PHP



Perl (Practical Extraction and
Report Language) is an
interpreted programming
language with extensive, easy-touse text processing capabilities.
It is now one of the most widely
used languages for server-side
programming.
Although Perl was originally
developed on the Unix platform, it
was always intended as a crossplatform language and there is
now a version of Perl for the
Windows platform (called
ActivePerl)



PHP (Hypertext Processor) is
another popular open source HTMLembedded scripting language that is
supported by many Web servers
including Apache HTTP Server and
Microsoft’s Internet Information
Server (IIS), and is the preferred
linux Web scripting language.
The goal of the language is to allow
Web developers to write
dynamically-generated pages
quickly.
A popular choice nowadays is to use
the open source combinations of
Apache HTTP Server, PHP, and one
of the database systems mySQL or
PostgreSQL.

Web Applications, Concepts&Tools,
by Dr. Khalil
19
Java (Applets)

As mentioned earlier, Java applets can be manipulated by
JavaScript functions to perform several tasks (for example,
accessing a databases).

In general, Java applets can be downloaded into a browser and
executed on the client-side (the browser should have the bytecode
interpreter).

The connection to the database is made through appropriate APIs
(Application Programming Interface, such as JDBC and ODBC).
Web Applications, Concepts&Tools,
by Dr. Khalil
20
JavaScript
Java (Applets)
Interpreted (not compiled) by
client
Compiled on server before
execution on client
Object-based, Code uses built-in,
extensible objects, but no classes
or inheritance
Object-oriented, Applets consist
of object classes with inheritance
Code integrated with, and
embedded in HTML
Applets distinct from HTML, but
accessed from HTML pages
Variable data types not declared
(loose typing)
Variables data types must be
declared (strong typing)
Dynamic binding. Object
references checked at runtime
Static binding. Object references
must exist at compile-time
Cannot automatically write to
hard disk
Cannot automatically write to
hard disk
Web Applications, Concepts&Tools,
by Dr. Khalil
21
ActiveX

ActiveX is a way to extend Microsoft IE’s (Internet Explorer) capabilities.

An ActiveX control is a component on the browser that adds functionality
which cannot be obtained in HTML, such as access to file on the client, other
applications, complex user interfaces, and additional hardware devices.

ActiveX is similar to Microsoft OLE (Object Linking and Embedding), and
ActiveX controls can be developed by any organization and individual.

At the present, there are more than one thousand ActiveX controls, including
controls for database access, are available for developers to incorporate into
Web applications.

A number of commercial ActiveX controls offer several functionalities.
Because ActiveX has abilities similar to OLE, it supports most or all the
functionality available to any Windows program.

Like JavaScript, ActiveX can aid in minimizing network traffic. In many cases,
this technique results in improved performance. ActiveX can also offer rich
GUIs. The more flexible interface, executed entirely on the client-side, make
operations more efficient for users.
Web Applications, Concepts&Tools,
by Dr. Khalil
22
Plug-Ins



Plug-ins are Dynamic Link Libraries (DLL) that allow data of new MIME
(Multipurpose Internet Mail Extensions) to be viewed or heard.
Plug-ins can be installed to run seamlessly inside the browser window, transparent to
the user.
They have full access to the client’s resources.

To create a plug-in, the developer writes an application using the plug-in API and
native calls. The code is then compiled as a DLL. Installing a plug-in is just a matter
of copying the DLL into the directory where the browser looks for plug-ins. The next
time that the browser is run, the MIME type(s) that the new plug-in supports will be
opened with the plug-in. One plug-in may support multiple MIME types.

There are a number of important issues concerning plug-ins:
 Plug-ins incur installation requirements. Because they are native code not
packaged with the browser itself, plug-ins must be installed on the client machine.

Plug-ins are platform-dependent. Whenever a change is made, it must be made on
all supported platforms.
 The latest version of IE supports the same plug-in architecture as Netscape. Thus,
a plug-in should work on both browsers provided they are running on the same
platform.
Web Applications, Concepts&Tools,
by Dr. Khalil
23
Plug-Ins
Connection to databases
 Plug-ins can operate like any stand-alone applications on the
client-side. For example, they can be used to create direct socket
connections to databases via the DBMS net protocols (such as
SQL*Net for Oracle). Plug-ins can also use JDBC, ODBC, OLE,
and any other methods to connect to databases.
Performance
 Plug-ins are loaded on demand. When a user starts up a browser,
the installed plug-ins are registered with the browser along with
their supported MIME types, but the plug-in themselves are not
loaded. When a plug-in for a particular MIME type is requested,
the code is then loaded into memory. Because plug-ins use native
code, their executions are fast.
Web Applications, Concepts&Tools,
by Dr. Khalil
24
External Applications

External helper applications can be new or legacy database clients, or a terminal
emulator. If there are existing traditional client-server database applications which
reside on the same machine as the browser, then they can be launched by the browser
and execute as usual.

This approach may be an appropriate interim solution for migrating from an existing
client-server application to a purely Web-based one.

It is straightforward to configure the browser to launch existing applications. It just
involves the registration of a new MIME type and the associated application name.

Using the external applications approach, the existing database applications need not
be changed. However, it means that all the maintenance burdens associated with
traditional client-server applications will remain. Any change to the external
application will require a very costly reinstallation on all client machines. Because
this is not a pure Web-based solution, many advantages offered by Web-based
applications cannot be realized.

Traditional client-server database applications usually offer good performance. They
do not incur the overhead of requiring repeated connections to the database. External
database clients can make one connection to the remote database and use that
connection for as many transactions as necessary for the session, closing it only when
finished.
Web Applications, Concepts&Tools,
by Dr. Khalil
25
Server-side Web Programming
 Server-side
solutions are more widely adopted than the
client-side solutions.
A
main reason for this is that the Web application
architecture requires the client to be as thin as possible.
 The
Web server should not only host all the documents,
but should also be responsible for dealing with all the
requests from the client.
Web Applications, Concepts&Tools,
by Dr. Khalil
26
Server-side Solutions
Client Side
Server Side









listening for HTTP requests.
checking the validity of the
request.
finding the requested resource.
requesting
authentication
if
necessary.
delivering requested resource.
spawning programs if required.
passing variables to programs.
delivering output of programs to
the requester.
displaying error message if
necessary.









rendering HTML documents.
allowing users to navigate HTML
links.
displaying image.
sending HTML form data to a
URL.
interpreting Java applets.
executing plug-ins.
executing
external
helper
applications.
interpreting JavaScript and other
scripting language programs.
executing ActiveX controls in case
of IE.
Web Applications, Concepts&Tools,
by Dr. Khalil
27
Server-side Solutions


CGI (Common Gateway Interface)
APIs (Application Programming Interface)
Web Applications, Concepts&Tools,
by Dr. Khalil
28
CGI (Common Gateway Interface)





CGI is a protocol for allowing Web browsers to communicate with Web
servers, such as sending data to the servers. Upon receiving the data, the Web
server can then pass them to a specified external program (residing on the
server host machine) via environment variables or standard input stream
(STDIN).
The external program is called a CGI program or CGI script. Because CGI is a
protocol, not a library of functions written specifically for any particular Web
server, CGI programs/scripts are language-independent.
As long as the program/script conforms to the specification of the CGI
protocol, it can be written in any language such as C, C++ or Java.
In short, CGI is the protocol governing communications among browsers,
servers, and CGI programs.
In general, a Web server is only able to send documents and to tell a browser
what kinds of documents it is sending. By using CGI, the server can also
launch external programs (i.e., CGI programs). When the server recognizes
that a URL points to a file, it returns the contents of that file. When the URL
points to a CGI program, the server will execute it and then sends back the
output of the program’s execution to the browser as if it were a file.
Web Applications, Concepts&Tools,
by Dr. Khalil
29
CGI (Common Gateway Interface)




Before the server launches a CGI program, it prepares a number of
environment variables representing the current state of the server, who is
requesting the action, and so on.
The program collects this information and reads STDIN. It then carries out
the necessary processing and writes its output to STDOUT (the standard
output stream).
In particular, the program must send the MIME header information prior to
the main body of the output. This header information specifies the type of
the output.
For example, the CGI approach enables access to databases from the
browser. The Web client can invoke a CGI program/script via a browser, and
then the program performs the required action and accesses the database via
the gateway. The outcome of accessing the database is then returned to the
client via the Web server.
Web Applications, Concepts&Tools,
by Dr. Khalil
30
The CGI Environment
Web Applications, Concepts&Tools,
by Dr. Khalil
31
CGI (Common Gateway Interface)

Invoking and executing CGI programs from a Web browser is mostly
transparent to the user. The following steps need to be taken in order for a CGI
program to execute successfully:
 The user (Web client) calls the CGI program by clicking on a link or by
pressing a button. The program can also be invoked when the browser
loads an HTML document (hence being able to create a dynamic Web
page).
 The browser contacts the Web server asking for permission to run the CGI
program.
 The server checks the configuration and access files to ensure that the
program exists and the client has access authorization to the program.
 The server prepares the environment variables and launches the program.
 The program executes and reads the environment variables and STDIN.
 The program sends the appropriate MIME headers to STDOUT followed
by the remainder of the output and terminates.
 The server sends the data in STDOUT (i.e., the output from the program’s
execution) to the browser and closes the connection.
Web Applications, Concepts&Tools,
by Dr. Khalil
32
CGI with HTTP Cookies









One way to make CGI scripts more interactive is to use cookies.
A cookie is a piece of information that the client stores on behalf of the server.
The information that is stored in the cookie comes from the server as part of the server’s
response to an HTTP request.
A client may have many cookies stored at any given time, each one associated with a
particular Web site or Web page.
Each time the client visits that site/page, the browser packages the cookie with the HTTP
request.
The Web server can then use the information in the cookie to identify the user and,
depending on the nature of the information collected, possibly personalize the
appearance of the Web page.
The Web server can also add or change the information within the cookie before
returning it.
Cookies can be used to store registration information or preferences.
Example:
$!/bin/sh
echo “Content-type:text/html”
echo “Set-cookie: UserID=conn-ci0; expires = Friday 30-Apr-02 12:00:00 GMT”
eCHO “Set-cookie: Password=guest; expires = Friday 30-Apr-02 12:00:00 GMT”
echo “”
Web Applications, Concepts&Tools,
by Dr. Khalil
33
CGI (Common Gateway Interface)
Advantages

CGI is the de facto standard for interfacing Web clients and servers with
external applications, and is arguably the most commonly adopted
approach for interfacing Web applications to data sources (such as
databases).

The main advantages of CGI are
 Simplicity,
 Language independence,
 Web server independence,
 Wide acceptance.
Web Applications, Concepts&Tools,
by Dr. Khalil
34
CGI (Common Gateway Interface)
Disadvantages

The first notable drawback of CGI is that the communication between a client
(browser) and the database server must always go through the Web server in the
middle, which may cause a bottleneck if there is a large number of users accessing the
Web server simultaneously. For every request submitted by a Web client or every
response delivered by the database server, the Web server has to convert data from or
to an HTML document. This incurs a significant overhead to query processing.

The second disadvantage of CGI is the lack of efficiency and transaction support in a
CGI program. For every query submitted through CGI, the database server has to
perform the same logon and logout procedure, even for subsequent queries submitted
by the same user. The CGI program could handle queries in batch mode, but then
support for online database transactions that contain multiple interactive queries would
be difficult.

The third major shortcoming of CGI is due to the fact that the server has to generate a
new process or thread for each CGI program. For a popular site (like Yahoo), there can
easily be hundreds or even thousands of processes competing for memory, disk, and
processor time. This situation can incur significant overhead.

Last but not least, extra measures have to be taken to ensure server security. CGI itself
does not provide any security measures, and therefore, developers of CGI programs
must be security conscious. Any request for unauthorized action must be spotted and
stopped.
Web Applications, Concepts&Tools,
by Dr. Khalil
35
APIs (Application Programming Interface)







HTTP server (Web server) APIs and modules are the server equivalent of
browser extensions.
The central theme of Web database sites created with HTTP server APIs or
modules is that the database access programs coexist with the server. They
share the address space and run-time process of the server.
This approach is in direct contrast with the architecture of CGI, in which CGI
programs run as separate processes and in separate memory spaces from the
HTTP server.
At the present, there are two main APIs: the Netscape Server API (NSAPI) and
Microsoft Information Server API (ISAPI).
Instead of creating a separate process for each CGI program, the API offers a
way to create an interface between the server and the external programs using
dynamic linking or shared objects.
Programs are loaded as part of the server, giving them full access to all the I/O
functions of the server.
In addition, only one copy of the program is loaded and shared among multiple
requests to the server.
Web Applications, Concepts&Tools,
by Dr. Khalil
36
APIs







Server modules are just prefabricated applications written in
some server APIs.
Developers can often purchase commercial modules to aid or
replace the development of an application feature.
Sometimes, the functionality required in a Web database
application can be found as an existing server module.
Vendors of Web servers usually provide proprietary server
modules to support their products.
There are a very large number of server modules that are
commercially available, and the number is still rising.
For example, Oracle provides the “Oracle PL/SQL” module,
which contains procedures to drive database-backed Web sites.
The Oracle module supports both NSAPI and ISAPI.
Web Applications, Concepts&Tools,
by Dr. Khalil
37
APIs
Advantages

Having database access programs coexist with the HTTP server improves Web
database access by improving speed, resource sharing, and the range of functionality.

Speed
Server API programs run as dynamically loaded libraries or modules. A server API
program is usually loaded the first time the resource is requested, and therefore, only
the first user who requests that program will incur the overhead of loading the
dynamic libraries. Alternatively, the server can force this first instantiation so that no
user will incur the loading overhead. This technique is called preloading. Either way,
the API approach is more efficient than CGI.



Resource sharing
Unlike a CGI program, a server API program shares address space with other
instances of itself and with the HTTP server. This means that any common data
required by the different threads and instances need exist only in one place. This
common storage area can be accessed by concurrent and separate instances of the
server API program. The same principle applies to common functions and code. The
same set of functions and code are loaded just once and can be shared by multiple
server API programs. The above techniques save space and improve performance.

Web Applications, Concepts&Tools,
by Dr. Khalil
38
APIs

Range of functionality

CGI programs have access to a Web transaction only at certain limited points. It has no
control over the HTTP authentication scheme. It has no contact with the inner
workings of the HTTP server, because a CGI program is considered external to the
server.
In contrast, server API programs are closely linked to the server; they exist in
conjunction with or as part of the server. They can customize the authentication
method as well as transmission encryption methods. Server API programs can also
customize the way access logging is performed, providing more detailed transaction
logs than are available by default.
Provide Web page or site security by inserting an authentication “layer” requiring an
identifier and a password outside that of the Web browser’s own security methods.
Log incoming and outgoing activity by tracking more information than the Web server
does, and store it in a format not limited to those available with the Web server.
Serve data out to browsing clients in a different way than the Web server would (or
even could) by itself.
Overall, server APIs provide a very flexible and powerful solutions in extending the
capabilities of Web servers. However, the approach is much more complex than CGI,
requiring specialized programmers with a deep understanding of the Web server and
with sophisticated programming skills.





Web Applications, Concepts&Tools,
by Dr. Khalil
39
APIs
Important issues






Server architecture dependence
Server APIs are closely tied to the server they work with. The only way to provide
efficient cross-server support is for vendors to adhere to the same API standard. If a
common API standard is used, programs written for one server will work just as well
with another server. However, setting up standards involves compromises among
competitors. In many cases, they are hard to come by.
Platform dependence
Server APIs and modules are also dependent on computing platforms. Netscape servers
are supported on multiple platforms. Nevertheless, each supporting version is dependent
on that platform. Similarly, Microsoft server is only available for Windows NT.
Programming language
Both Netscape servers and Microsoft Web servers can be extended using a variety of
programming languages and facilities. In addition, Microsoft provides an application
environment called Active Server Pages. Active Server Pages is an open, compile-free
application environment in which developers can combine HTML, scripts and reusable
ActiveX server components to create dynamic and powerful web-based business
solutions.
Web Applications, Concepts&Tools,
by Dr. Khalil
40
Features
CGI
Language-independent

Runs in different
process from core Web server

Open standard

Web server architectureindependent

APIs
Supports distributed computing

Multiple, extensible roles


Memory sharing with other
processes

Does NOT create new process
for each instance
Easy to use

Web Applications, Concepts&Tools,
by Dr. Khalil
41
Examples of APIs
 Netscape API
(NSAPI) and Microsoft
Information Server API (ISAPI).
 Microsoft’s
Web Solution Platform with Active
Server Pages (ASPs) and Active Data Objects
(ADO).
 Java
solutions (SQLJ, Servlets, and JavaServer
Pages, and JDBC).
Web Applications, Concepts&Tools,
by Dr. Khalil
42
Netscape API



Netscape LiveWire Pro provides server-side JavaScript constructs
for database connectivity using the Netscape API (NSAPI).
JavaScript is compiled into bytecode and the interpreted by the
LiveWire Pro server extension running in conjunction with the
Netscape server.
JavaScript can accomplish many of the tasks usually associated
with retrieving and working with information from a database,
including:
 Connecting to and disconnecting from the database;
 Beginning, , and rolling back an SQL query;
 Displaying the results of an SQL query;
 Creating updateable cursors for viewing, inserting, deleting,
and modifying data.
 Accessing binary large objects (BLOBs) for multimedia
content, such as images and sounds.
Web Applications, Concepts&Tools,
by Dr. Khalil
43
Netscape API – An Example
//Connect to the database, and check connection successful
database.connect(ORACLE, my_server, auser_name, auser_password, Company_db)
If (!database.connected())
write(“Error connecting to database”)
else {
// Set up a cursor for query; second parameter indicates that updates will occur through cursor
myCursor = database.cursor(“SELECT * FROM Employee”, TRUE)
// Loop over all the records and update salary field
while (myCursor.next()) {
myCursor.salary = myCursor.salary * 1.05
myCursor.updateRow(Employee)
}
// Finally, disconnect from the database
database.disconnect()
}
Web Applications, Concepts&Tools,
by Dr. Khalil
44
Microsoft Web Solution Platform
Object Linking and Embedding (OLE)





OLE is an object-oriented technology that enables development of
reusable software components.
Instead of traditional procedural programming in which each
component implements the functionality it requires, the OLE
architecture allows applications to use shared objects that provide
specific functionality.
Objects like text documents, charts, spreadsheets, e-mail
messages, graphics, and sound clips all appear as objects to the
OLE application.
When objects are embedded or linked, they appear within the
client application.
When the linked data needs to be edited, the user double-clicks
the object, and the application that created it is started.
Web Applications, Concepts&Tools,
by Dr. Khalil
45
Microsoft Web Solution Platform





Component Object Model
Component objects are objects that provide services to other
client applications.
The Component Object Model (COM) is an object-based
model consisting of both a specification that defines the interface
between objects within a system and a concrete implementation,
packaged as a Dynamic Link Library (DLL).
COM is a service to establish a connection between a client
application and an object and its associated services.
COM provides a standard method of finding and instantiating
objects, and for the communication between the client and the
component.
One of the major strengths of COM lies in the fact that it
provides a binary interoperability standard; that is, the method
for bringing the client and object together is independent of any
programming language that created the client and object.
Web Applications, Concepts&Tools,
by Dr. Khalil
46
Microsoft Web Solution Platform
Distributed Component Object (DCOM)

Distributed Component Object Model (DCOM) extends the
COM architecture to provide a distributed component-based
computing environment, allowing components to look the same to
clients on a remote machine as on a local machine.

DCOM does this by replacing the interprocess communication
between client and component with an appropriate network
protocol.

DCOM is very suited to the three-tier architecture.
Web Applications, Concepts&Tools,
by Dr. Khalil
47
Microsoft Web Solution Platform
COM+

COM+ provides the basis for Microsoft’s new framework for
unifying and integrating the PC and the Internet.

The Web Solution Platform is “An architectural framework for
building modern, scalable, multi-tier distributed computing
solutions, that can be delivered over any network”, which defines
a common set of services including components.

There are several core components to this architecture:
 Active Server Pages (ASP)
 ActiveX Data Objects (ADO)
Web Applications, Concepts&Tools,
by Dr. Khalil
48
Microsoft Web Solution Platform
Universal Data Access







The Microsoft ODBC technology provides a common interface for accessing
heterogeneous SQL databases.
ODBC has many limitations when used as a programming interface.
Microsoft packaged Access and Visual C++ with Data Access Objects (DAO).
The object model of ADO consists of objects such as Databases, TableDefs,
QueryDefs, Recordsets, fields, and properties.
Next, Microsoft defined a set of data objects, collectively known as OLE DB
(Object Linking Embedding for DataBases), that allows OLE-oriented
applications to share and manipulate sets of data as objects.
OLE DB provides low-level access to any data source, including relational and
non-relational databases, e-mail and file systems, text and graphics, custom
business objects, and more.
OLE DB is an object-oriented specification based on a C++ API.
Web Applications, Concepts&Tools,
by Dr. Khalil
49
Microsoft Web Solution Platform
Universal Data Access
Web Applications, Concepts&Tools,
by Dr. Khalil
50
Active Server Pages and ActiveX Data Objects




Active Server Pages (ASP) is a programming model that
allows dynamic, interactive Web pages to be created on the Web
server, analogous to JavaServer Pages (JSP).
The pages can be based on what browser type the user has, on
what language the user’s machine supports, and on what personal
preferences the user has chosen.
ASP was introduced with the Microsoft Internet Information
Server (IIS) and supports ActiveX scripting, allowing a large
number of different scripting engines to be used, within a single
ASP script if necessary.
Native support is provided for VBScript (the default scripting
language for ASP) and JScript.
Web Applications, Concepts&Tools,
by Dr. Khalil
51
ASP Architecture
Web Applications, Concepts&Tools,
by Dr. Khalil
52
ASP Architecture






ASP provide the flexibility of CGI, without the performance overhead.
Unlike CGI, ASP runs in-process with the server, and is multi-threaded and
optimized to handle a large volume of users.
ASP is built around files with the extension “.asp”, which can contain any
combination of the following:
 Text;
 HTML tags,
 Script commands and output expressions.
An ASP script starts to run when a browser requests an “.asp” file from the Web
server.
The Web server then calls ASP, which reads through the requested file from top
to bottom, executes any commands, and sends the generated HTML page back
to the browser.
It is possible to generate client-side scripts within a server-side generated
HTML file by simply including the script as text within the ASP script.
Web Applications, Concepts&Tools,
by Dr. Khalil
53
ActiveX Data Objects



Active Data Objects (ADO) is a programming extension of ASP supported by
the Microsoft Internet Information Server (IIS) for database connectivity.
ADO is designed as an easy-to-use application level interface to OLE DB.
ADO supports the following key features:
 Independent-created objects;
 Support for stored procedures, with input and output parameters and return
parameters;
 Different cursor types, including the potential for the support of different
back-end-specific cursors;
 Batch updating;
 Support for limits on the number of returned rows and other query goals;
 Support for multiple recordsets returned from stored procedures or batch
statements.
Web Applications, Concepts&Tools,
by Dr. Khalil
54
Microsoft Access and Web Page Generation

Microsoft Access 2000 provides three wizards for automatic generating HTML
pages based on tables, queries, forms, or reports in the database:



Static pages – the user can export data to HTML format.
Dynamic pages, using Active Server Pages – with this approach, the user
can export data to an .asp file on the Web server, by specifying the name of
the current database, a username, and password to connect to the database,
and the URL of the Web server that will store the ASP file.
Dynamic pages, using data access pages – Data access pages are Web
pages bound directly to the data in the database. Data access pages can be
used like Access forms, except that these pages are stored as external files,
rather than within the database or database project. Data access pages are
written in dynamic HTML (DHTML), an extension of HTML that allows
dynamic objects as part of the Web page. Unlike ASP files, a data access
page is created within Access using a wizard or in design view employing
many of the same tools that are used to create Access forms.
Web Applications, Concepts&Tools,
by Dr. Khalil
55
Microsoft .net



Microsoft is launching a platform called .net – a vision for the
next generation of Internet.
This vision is motivated by a shift from individual Web sites to
clusters of computers, devices, and mechanisms that collaborate
to provide improved user services.
The intention is to allow people to control how, when, and what
information is delivered to them. Among the components in this
new platform are ASP.net and ADO.net:


ASP.net – is the next version of ASP that has been
reengineered to improve performance and scalability.
ADO.net – is the next version of ADO with new classes that
expose data access services to programmer.
Web Applications, Concepts&Tools,
by Dr. Khalil
56
Java Solutions



Java is a proprietary language
developed by Sun
Microsystems.
Java is rapidly becoming the de
facto standard programming
language for Web computing.
Java is a type-safe, objectoriented, distributed, interpreted,
robust, secure, architecture
neutral, portable, highperformance, multi-threaded,
and dynamic programming
language that is interesting
because of its potential for
building Web applications
(applets) and server applications
(servlets).
Web Applications, Concepts&Tools,
by Dr. Khalil
57
J2EE – Java 2 Enterprise Edition



J2EE – Java 2 Enterprise Edition –
aimed at robust, scalable, multi-user,
and secure enterprise application.
The cornerstone of J2EE is
Enterprise JavaBeans (EJB), a
standard for building server-side
components in Java.
We are particularly interested in two
J2EE components:
 JDBC
 JavaServer Pages
Enterprise JavaBeans (EJB) is a
server-side component architecture
for the business tier, encapsulating
business and data logic.
Web Applications, Concepts&Tools,
by Dr. Khalil
58
SQLJ
 SQLJ
is a specification for Java with static embedded
SQL.
 SQLJ comprises a set of clauses that extend Java to
include SQL constructs.
 An SQLJ translator transforms the SQLJ clauses into
standard Java code that accesses the database through a
call-level interface.
 SQLJ is based on static embedded SQL while JDBC is
based on dynamic SQL (allows a calling program to
compose SQL at runtime).
Web Applications, Concepts&Tools,
by Dr. Khalil
59
Java Servlets


Servlets are programs that run on a Java-enabled Web server and build Web
pages, analogous to CGI programming.
Servlets have a number of advantages over CGI, such as:
 Improved performance – with servlets a lightweight thread inside JVM
handles each request.
 Portability – Java servlets adhere to the “write once, run anywhere”
philosophy of Java.
 Extensibility – Java servlets can utilize Java code from any source and can
access the large set of APIs available for the Java platform.
 Simpler session management – A typical CGI program uses cookies on
either the client or server (or both) to maintain some sense of state or
session. On the other hand, servlets can maintain state and session identity
because they are persistent and all client requests are processed until the
servlet is shut down by the Web server.
 Improved security and reliability – servlets have the added advantages of
benefiting from the in-built Jave security model and inherit Java type
safety, making the servlets more reliable.
Web Applications, Concepts&Tools,
by Dr. Khalil
60
JSP (JavaServer Pages)






JSP is a Java-based server-side scripting language that allows static HTML to
be mixed with dynamically-generated HTML.
The HTML developers can use their normal Web page building tools (for
example, Microsoft’s FrontPage or Macromedia’s Dreamweaver) and then
modify the HTML file and embed the dynamic content within special tags.
JSP works with most Web servers including Apache HTTP Server and
Microsoft Internet Information Server (with plug-ins from IBM’s WebSphere,
LiveSoftware’s Jrun, or New Atlanta’s ServletExec).
The JSP engine transforms JSP tags, Java code, and static HTML content into
Java code, which is then automatically organized by the JSP engine into an
underlying Java servlet, after which the servlet is then automatically compiled
into Java bytecodes.
Thus, when a client requests a JSP page, a generated precompiled servlet does
all the work.
JSP gives both efficient performance and the flexibility of rapid development
with no need to manually compile code.
Web Applications, Concepts&Tools,
by Dr. Khalil
61
Comparison of ASP and JSP

ASP and JSP are designed to enable developers to separate page design from
programming logic through the use of callable components, and both provide an
alternative to CGI programming that simplifies Web page development and
deployment.
 Platform and Server Independence – JSP conforms to the “Write Once, Run
Anywhere” philosophy of the Java environment. Thus, JSP can run on any
Java-enabled Web server and is supported by a wide variety of vendor tools.
In contrast, ASP is primarily restricted to Microsoft Windowa-based
platforms.
 Extensibility – Although both technologies use a combination of scripting
and tagging to create dynamic Web pages, JSP allows developers to extend
the JSP tags available.
 Reusability – JSP components (JavaBeans, EJB, and custom tags) are
reusable across platforms. For example, an EJB component can access
distributed databases across a variety of platforms (e.g., UNIX, Windows).
 Security and reliability – JSP has the added advantages of benefiting from
the in-built Java security model and the inherent Java type safety, making
JSP potentially more reliable.
Web Applications, Concepts&Tools,
by Dr. Khalil
62
Connecting to the Database
 We
have seen various approaches that enable browsers
to communicate with Web servers, and in turn allow
Web clients to have access to databases.
 For example, CGI and API programs can be invoked by
the Web client to access the underlying database.
 In general, database connectivity solutions include the
use of:
 Native database APIs.
 Database-independent APIs (such as ODBC).
 Template-driven database access packages.
 Third party class libraries.
Web Applications, Concepts&Tools,
by Dr. Khalil
63
ODBC (Open DataBase Connectivity)




ODBC is an SQL-based product of Microsoft with the objective of providing a common
interface for accessing heterogeneous SQL databases.
This interface (built on the ‘C’ language) provides a high degree of interoperability: a
single application can access different SQL DBMSs through a common set of code.
This enables a developer to build and distribute a client-server application without
targeting a specific DBMS.
ODBC has emerged as a de facto industry standard for the following reasons:






Applications are not tied to a proprietary vendor API;
SQL statements can be explicitly included in source code or constructed
dynamically at runtime;
An application can ignore the underlying data communications protocols;
Data can be sent and received in a format that is convenient to the application;
ODBC is designed in conjunction with the X/Open and ISO Call-Level Interface
(CLI) standards;
There are ODBC drivers available today for many of the popular DBMSs;
Web Applications, Concepts&Tools,
by Dr. Khalil
64
ODBC Architecture


The ODBC interface defines the following:
 A library of function calls that allow an application to connect to a DBMS, execute
SQL statements, and retrieve results;
 A standard way to connect and log on to DBMSs;
 A standard representation of data types;
 A standard set of error codes;
 SQL syntax based on the X/Open and ISO Call-Level Interface (CLI)
specifications.
The ODBC architecture has four components:
 Application – which performs processing and calls ODBC functions to submit SQL
statements to the DBMS and to retrieve results from DBMS.
 Driver Manager – which loads and unloads drivers on behalf of an application.
 Driver and Database Agent – which process ODBC function calls, submit SQL
requests to a specific data source, and return results to the applications.
 Data source – which consists of the data the user wants to access and its associated
DBMS, its host operating system, and network platform, if any.
Web Applications, Concepts&Tools,
by Dr. Khalil
65
ODBC Architecture
Web Applications, Concepts&Tools,
by Dr. Khalil
66
Windows Applications Use ODBC to Access
Databases
Web Applications, Concepts&Tools,
by Dr. Khalil
67
JDBC
Web Applications, Concepts&Tools,
by Dr. Khalil
68
JDBC




Modeled after the Open Database Connectivity (ODBC) specification, the JDBC package
defines a database access API that supports basic SQL functionality and enables access to a
wide range of relational DBMS products.
With JDBC, higher-level APIs can be built.
A number of higher-level APIs can be developed on top of JDBC:
 An embedded SQL for Java – with this approach, JDBC requires that SQL statements be
passed as strings to Java methods.
 A direct mapping of relational database tables to Java classes – In this ‘object-relational’
mapping, each row of the table becomes an instance of that class, and each column value
corresponds to an attribute of that instance.
Applications can access database using ODBC drivers and existing database client libraries,
or using the JDBC API with pure Java JDBC drivers. The options are as follows:
 The JDBC-ODBC bridge provides JDBC access using ODBC drivers.
 The partial JDBC driver converts JDBC calls into calls on the client API for the DBMS.
 The pure Java JDBC driver for database middleware translates JDBC calls into the
middleware vendor’s protocol, which is subsequently translated to a DBMS protocol by a
middleware server.
 The pure Java JDBC driver with a direct database connection converts JDBC calls into
the network protocol used directly by the DBMS, allowing a direct call from the client
machine to the DBMS server.
Web Applications, Concepts&Tools,
by Dr. Khalil
69
JDBC Connectivity Using
ODBC drivers
The Pure JDBC platform
Web Applications, Concepts&Tools,
by Dr. Khalil
70
Microsoft Web Solution Platform

Microsoft Web Solution Platform has been created for building
and deploying interoperable Web solutions.

It is the precursor to Microsoft’s “.net” – a vision for the third
generation of the Internet where “software is delivered as a
service, accessible by any device, any time, any place, and
is fully programmable and personalizable”.

There are various tools, services, and technologies in the platform
such as Windows 2000, Exchange Server, BizTalkServer, Visual
Studio, HTML/XML, scripting (JScript, VBScript, …), and
components (Java or ActiveX).
Web Applications, Concepts&Tools,
by Dr. Khalil
71
Oracle Internet Platform


The Oracle Internet Platform, comprising Oracle Internet
Application Server (iAS) and Oracle DBMS, is aimed
particularly at providing extensibility for distributed
environment.
It is n-tier architecture based on industry standards such as:
 HTTP and HTML/XML for Web enablement.
 The Object Management Group’s CORBA technology for
manipulating objects.
 Internet Inter-Object Protocol (IIOP) for object
interoperability and Remote Method Invocation (RMI).
 Java, Enterprise JavaBeans (EJB), JDBC and SQLJ for
database connectivity, Java servlets, and JSP. It also supports
Java Messaging Service (JMS), Java Naming and Directory
Interface (JNDI), and it allows stored procedures to be
written in Java.
Web Applications, Concepts&Tools,
by Dr. Khalil
72
Oracle Internet Application Server (iAS)
Web Applications, Concepts&Tools,
by Dr. Khalil
73
Thank you
Web Applications, Concepts&Tools,
by Dr. Khalil
74