Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Web Applications Development (Approaches & Techniques) Dr. Awad Khalil Computer Science Department AUC Web Applications, Concepts&Tools, by Dr. Khalil 1 Content The Web as an Application Platform Development Approaches Client-side Approach Scripting languages such as JavaScript, Perl, and PHP Server-side Approach CGI (Common Gateway Interface) API (Application Programming Interface) Examples of APIs and development Platforms Netscape API (NSAPI). Microsoft’s Web Solution Platform with Active Server Pages (ASPs) and Active Data Objects (ADO) Java Solutions (SQLJ, Servlets, and JavaServer Pages, and JDBC. Database Connectivity APIs ODBC (Open Data Base Connectivity) JDBC (Java Data Base Connectivity) Web Applications, Concepts&Tools, by Dr. Khalil 2 The Web as an Application Platform Requirements An open-architecture approach to allow interoperability with a variety of systems and technologies; for example, support for: Different Web servers; Microsoft’s (Distributed) Common Object Model (DCOM/COM); CORBA/IIOP (Internet Inter-ORB protocol); Java/RMI (Remote Method Invocation). The ability to access valuable corporate data in a secure manner. Data and vendor independent connectivity to allow freedom of choice in the selection of the DBMS now and in the future The ability to interface to the database independent of any proprietary Web browser or Web server. A connectivity solution that takes advantage of all the features of an organization’s DBMS. A cost-effective solution that allows for scalability, growth, and changes in strategic directions. Support for transactions that span multiple HTTP requests. Support for session- and application-based authentication. Minimal administration overhead. Web Applications, Concepts&Tools, by Dr. Khalil 3 Web Application Advantages Simplicity Platform independence Graphical User Interface Standardization Cross-platform support Transparent network access Scalable deployment Innovation Disadavantages Reliability Security Cost Scalability Limited functionality of HTML Stateless Bandwidth Performance Immaturity of development tools Web Applications, Concepts&Tools, by Dr. Khalil 4 Web Application Architecture Web applications may be created using various approaches. However, there are a number of components that will form essential building blocks for such applications. Typically, the Web application architecture is a threetier architecture (at least) in which: A Web Browser acting as the “thin” client. A Web Server acting as the application server. A Database Server acting as the third tier. Web Applications, Concepts&Tools, by Dr. Khalil 5 Web Applications, Concepts&Tools, by Dr. Khalil 6 Browser Layer The browser is the client of a Web application, and it has two major functions: First, it handles the layout and display of HTML documents. Second, it executes the client-side extension functionality such as Java, JavaScript, and ActiveX (a method to extend a browser’s capabilities). The two most popular browsers at the present are Netscape Navigator (Netscape for short) and Microsoft Internet Explorer (IE). They have their own advantages and disadvantages with respect to Web applications. Web Applications, Concepts&Tools, by Dr. Khalil 7 IE versus Netscape Both browsers support Java, JavaScript, and IE also support ActiveX. Netscape is supported on numerous platforms, whereas IE runs only on Microsoft systems (e.g., Windows XP, 2000, 98 and NT). IE offers compatibility with other Microsoft products and can easily be integrated with existing tools such as Word, Excel and PowerPoint. The drawback is that IE heavily dependent on the Windows platforms and other Microsoft proprietary systems. ActiveX is designed to extend the functionality of IE, and works only on Windows platforms and Macintosh System 7+. Web Applications, Concepts&Tools, by Dr. Khalil 8 The Application Logic Layer The application logic layer is the part of a Web application with which a developer will spend the most time. It is responsible for: Implementing the business rules; collecting data for a query (e.g., an SQL statement); preparing and sending the query to the database via the database connection layer; retrieving the results from the connection layer; formatting the data for display. Web Applications, Concepts&Tools, by Dr. Khalil 9 Database Gateways for Database Connectivity A Web database gateway (middleware)is a bridge between the Web and a DBMS, and its objective is to provide a Web-based application the ability to manipulate data stored in the database. Web database gateways link stateful systems (i.e., databases) with a stateless, connectionless protocol (i.e., HTTP). HTTP is a stateless protocol in the sense that each connection is closed once the server provides a response. Thus, a Web server will not normally keep any record about previous requests. This results in an important difference between a Web-based client-server application and a traditional client-server application. In a Web-based application, only one transaction can occur on a connection. In other words, the connection is created for a specific request from the client. Once the request has been satisfied, the connection is closed. Thus, every request involving access to the database will have to incur the overhead of making the connection. In a traditional application, multiple transactions can occur on the same connection. The overhead of making the connection will only occur once at the beginning of each database session. Web Applications, Concepts&Tools, by Dr. Khalil 10 The Database Connection Layer This is the component which actually links a database to the Application layerr. Many current Web database building tools offer database connectivity solutions and they are used to simplify the connection process. The database connection layer provides a link between the application logic layer and the DBMS. Connection solutions come in many forms, such as DBMS net protocols, API (Application Programming Interface) or class libraries, and programs that are themselves database clients. Some of these solutions resulted in tools being specifically designed for developing Web database applications. In Oracle, for example, there are native API libraries for connection and a number of tools, such as Web Publishing Assistant, for developing Oracle applications on the Web. The connection layer within a Web database application must accomplish a number of goals. They have to provide access to the underlying database, and they also need to be easy to use, efficient, flexible, robust, reliable, and secure. Different tools and methods fulfill these goals to different extents. Web Applications, Concepts&Tools, by Dr. Khalil 11 The Database Layer This is the place where the underlying database resides within the Web database application. The database is responsible for storing, retrieving, and updating data based on user requirements, and the DBMS can provide efficiency and security measures. In many cases, when developing a Web application, the underlying database has already been in existence. A major task, therefore, is to link the database to the Web (the connection layer) and to develop the application logic layer. Web Applications, Concepts&Tools, by Dr. Khalil 12 Web Development Approaches There are a number of different ways for creating web applications. Generally, they can be grouped into two categories: Client-Side Solutions. Server-Side Solutions. Web Applications, Concepts&Tools, by Dr. Khalil 13 Client-side Solutions The client-side solutions include two types of approaches for web applications’ development: browser extensions external applications. Browser extensions are add-ons to the core Web browser that enhance and augment the browser’s original functionality. Specific methods include plugins for Netscape and IE, and ActiveX controls for IE. Also, both types of browsers (Netscape and IE) support Java and JavaScript languages (i.e., Java applets and JavaScript can be used to extend browsers’ capabilities). External applications are helper applications or viewers. They are typically existing database clients that reside on the client machine and are launched by the Web browser in a particular Web application. Using external applications is a quick and easy way to bring legacy database applications online, but the resulting system is neither open nor portable. Legacy database clients do not take advantages of the platform independence and language independence available through many Web solutions. Legacy clients are resistant to change, meaning that any modification to the client program must be propagated via costly manual installations throughout the user base. Web Applications, Concepts&Tools, by Dr. Khalil 14 Browser Extensions These types of gateways take advantage of the resources of the client machine to aid server-side applications. Remember, however, it is advantageous to have a thin client. Thus, the scope of such programming on the client-side should be limited. A very large part of the web application should be on the serverside. Browser extensions can be created by incorporating support for: Scripting Languages (JavaScript, Jscript, VBScript, Perl, and PHP) Java (Applets) ActiveX Plug-Ins Web Applications, Concepts&Tools, by Dr. Khalil 15 Scripting Languages JavaScript & JScript JavaScript and Jscript are virtually identical interpreted scripting languages from Netscape and MicroSoft, respectively. JavaScript is a scripting language that allows programmers to create and customize applications on the Internet and Intranets. On the client-side, it can be used to perform simple data manipulation such as mathematical calculations and form validation. JavaScript code is normally sent as a part of HTML document and is executed by the browser upon receipt (the browser must have the script language interpreter). On the server-side, LiveWire (an online development environment for server-side JavaScript) works with Netscape, providing gateway functionality such as access to databases. It should note that JavaScript has little to do with Java language. JavaScript was originally called LiveScript, but it was changed to benefit from the excitement surrounding Java. The only relationship between JavaScript and Java is a gateway between the former and Java applets (Web applications written in Java). JavaScript provides developers a simple way to access certain properties and methods of Java applets on the same page without having to understand or modify the Java source code of the applet. Web Applications, Concepts&Tools, by Dr. Khalil 16 Scripting Languages JavaScript & JScript As a development tool, JavaScript on the client-side does not offer much without the aid of a complementary tools such as Java, plug-ins, and CGI (Common Gateway Interface). For examples, If a Java applet on a page of HTML has access to a database, a programmer can write JavaScript code to manipulate the applet. If there is a form on the HTML document and if an action parameter for that form refers to a CGI program that has access to a database, a programmer can write JavaScript code to manipulate the data elements within the form and then submit it (i.e., submit a kind of request to a DBMS). JavaScript can improve the performance of a Web application if it is used for client-side state management. It can eliminate the need to transfer state data repeatedly between the browser and the Web server. Instead of sending an HTTP request each time it updates an application state, it sends the state only once as the final action. However, there are some side effects resulted from this gain in performance. For example, it may result in the application becoming less robust if state management is completely on the client-side. If the client accidentally or deliberately exits, the session state is lost. Web Applications, Concepts&Tools, by Dr. Khalil 17 Scripting Languages VBScript VBScript is a Microsoft proprietary interpreted scripting language whose goals and operations are virtually identical to those JavaScript/Jscript. VBScript, however, has syntax more like Visual Basic than Java. VBScript is a procedural language and so uses subroutines as the basic unit. Web Applications, Concepts&Tools, by Dr. Khalil 18 Scripting Languages Perl & PHP Perl (Practical Extraction and Report Language) is an interpreted programming language with extensive, easy-touse text processing capabilities. It is now one of the most widely used languages for server-side programming. Although Perl was originally developed on the Unix platform, it was always intended as a crossplatform language and there is now a version of Perl for the Windows platform (called ActivePerl) PHP (Hypertext Processor) is another popular open source HTMLembedded scripting language that is supported by many Web servers including Apache HTTP Server and Microsoft’s Internet Information Server (IIS), and is the preferred linux Web scripting language. The goal of the language is to allow Web developers to write dynamically-generated pages quickly. A popular choice nowadays is to use the open source combinations of Apache HTTP Server, PHP, and one of the database systems mySQL or PostgreSQL. Web Applications, Concepts&Tools, by Dr. Khalil 19 Java (Applets) As mentioned earlier, Java applets can be manipulated by JavaScript functions to perform several tasks (for example, accessing a databases). In general, Java applets can be downloaded into a browser and executed on the client-side (the browser should have the bytecode interpreter). The connection to the database is made through appropriate APIs (Application Programming Interface, such as JDBC and ODBC). Web Applications, Concepts&Tools, by Dr. Khalil 20 JavaScript Java (Applets) Interpreted (not compiled) by client Compiled on server before execution on client Object-based, Code uses built-in, extensible objects, but no classes or inheritance Object-oriented, Applets consist of object classes with inheritance Code integrated with, and embedded in HTML Applets distinct from HTML, but accessed from HTML pages Variable data types not declared (loose typing) Variables data types must be declared (strong typing) Dynamic binding. Object references checked at runtime Static binding. Object references must exist at compile-time Cannot automatically write to hard disk Cannot automatically write to hard disk Web Applications, Concepts&Tools, by Dr. Khalil 21 ActiveX ActiveX is a way to extend Microsoft IE’s (Internet Explorer) capabilities. An ActiveX control is a component on the browser that adds functionality which cannot be obtained in HTML, such as access to file on the client, other applications, complex user interfaces, and additional hardware devices. ActiveX is similar to Microsoft OLE (Object Linking and Embedding), and ActiveX controls can be developed by any organization and individual. At the present, there are more than one thousand ActiveX controls, including controls for database access, are available for developers to incorporate into Web applications. A number of commercial ActiveX controls offer several functionalities. Because ActiveX has abilities similar to OLE, it supports most or all the functionality available to any Windows program. Like JavaScript, ActiveX can aid in minimizing network traffic. In many cases, this technique results in improved performance. ActiveX can also offer rich GUIs. The more flexible interface, executed entirely on the client-side, make operations more efficient for users. Web Applications, Concepts&Tools, by Dr. Khalil 22 Plug-Ins Plug-ins are Dynamic Link Libraries (DLL) that allow data of new MIME (Multipurpose Internet Mail Extensions) to be viewed or heard. Plug-ins can be installed to run seamlessly inside the browser window, transparent to the user. They have full access to the client’s resources. To create a plug-in, the developer writes an application using the plug-in API and native calls. The code is then compiled as a DLL. Installing a plug-in is just a matter of copying the DLL into the directory where the browser looks for plug-ins. The next time that the browser is run, the MIME type(s) that the new plug-in supports will be opened with the plug-in. One plug-in may support multiple MIME types. There are a number of important issues concerning plug-ins: Plug-ins incur installation requirements. Because they are native code not packaged with the browser itself, plug-ins must be installed on the client machine. Plug-ins are platform-dependent. Whenever a change is made, it must be made on all supported platforms. The latest version of IE supports the same plug-in architecture as Netscape. Thus, a plug-in should work on both browsers provided they are running on the same platform. Web Applications, Concepts&Tools, by Dr. Khalil 23 Plug-Ins Connection to databases Plug-ins can operate like any stand-alone applications on the client-side. For example, they can be used to create direct socket connections to databases via the DBMS net protocols (such as SQL*Net for Oracle). Plug-ins can also use JDBC, ODBC, OLE, and any other methods to connect to databases. Performance Plug-ins are loaded on demand. When a user starts up a browser, the installed plug-ins are registered with the browser along with their supported MIME types, but the plug-in themselves are not loaded. When a plug-in for a particular MIME type is requested, the code is then loaded into memory. Because plug-ins use native code, their executions are fast. Web Applications, Concepts&Tools, by Dr. Khalil 24 External Applications External helper applications can be new or legacy database clients, or a terminal emulator. If there are existing traditional client-server database applications which reside on the same machine as the browser, then they can be launched by the browser and execute as usual. This approach may be an appropriate interim solution for migrating from an existing client-server application to a purely Web-based one. It is straightforward to configure the browser to launch existing applications. It just involves the registration of a new MIME type and the associated application name. Using the external applications approach, the existing database applications need not be changed. However, it means that all the maintenance burdens associated with traditional client-server applications will remain. Any change to the external application will require a very costly reinstallation on all client machines. Because this is not a pure Web-based solution, many advantages offered by Web-based applications cannot be realized. Traditional client-server database applications usually offer good performance. They do not incur the overhead of requiring repeated connections to the database. External database clients can make one connection to the remote database and use that connection for as many transactions as necessary for the session, closing it only when finished. Web Applications, Concepts&Tools, by Dr. Khalil 25 Server-side Web Programming Server-side solutions are more widely adopted than the client-side solutions. A main reason for this is that the Web application architecture requires the client to be as thin as possible. The Web server should not only host all the documents, but should also be responsible for dealing with all the requests from the client. Web Applications, Concepts&Tools, by Dr. Khalil 26 Server-side Solutions Client Side Server Side listening for HTTP requests. checking the validity of the request. finding the requested resource. requesting authentication if necessary. delivering requested resource. spawning programs if required. passing variables to programs. delivering output of programs to the requester. displaying error message if necessary. rendering HTML documents. allowing users to navigate HTML links. displaying image. sending HTML form data to a URL. interpreting Java applets. executing plug-ins. executing external helper applications. interpreting JavaScript and other scripting language programs. executing ActiveX controls in case of IE. Web Applications, Concepts&Tools, by Dr. Khalil 27 Server-side Solutions CGI (Common Gateway Interface) APIs (Application Programming Interface) Web Applications, Concepts&Tools, by Dr. Khalil 28 CGI (Common Gateway Interface) CGI is a protocol for allowing Web browsers to communicate with Web servers, such as sending data to the servers. Upon receiving the data, the Web server can then pass them to a specified external program (residing on the server host machine) via environment variables or standard input stream (STDIN). The external program is called a CGI program or CGI script. Because CGI is a protocol, not a library of functions written specifically for any particular Web server, CGI programs/scripts are language-independent. As long as the program/script conforms to the specification of the CGI protocol, it can be written in any language such as C, C++ or Java. In short, CGI is the protocol governing communications among browsers, servers, and CGI programs. In general, a Web server is only able to send documents and to tell a browser what kinds of documents it is sending. By using CGI, the server can also launch external programs (i.e., CGI programs). When the server recognizes that a URL points to a file, it returns the contents of that file. When the URL points to a CGI program, the server will execute it and then sends back the output of the program’s execution to the browser as if it were a file. Web Applications, Concepts&Tools, by Dr. Khalil 29 CGI (Common Gateway Interface) Before the server launches a CGI program, it prepares a number of environment variables representing the current state of the server, who is requesting the action, and so on. The program collects this information and reads STDIN. It then carries out the necessary processing and writes its output to STDOUT (the standard output stream). In particular, the program must send the MIME header information prior to the main body of the output. This header information specifies the type of the output. For example, the CGI approach enables access to databases from the browser. The Web client can invoke a CGI program/script via a browser, and then the program performs the required action and accesses the database via the gateway. The outcome of accessing the database is then returned to the client via the Web server. Web Applications, Concepts&Tools, by Dr. Khalil 30 The CGI Environment Web Applications, Concepts&Tools, by Dr. Khalil 31 CGI (Common Gateway Interface) Invoking and executing CGI programs from a Web browser is mostly transparent to the user. The following steps need to be taken in order for a CGI program to execute successfully: The user (Web client) calls the CGI program by clicking on a link or by pressing a button. The program can also be invoked when the browser loads an HTML document (hence being able to create a dynamic Web page). The browser contacts the Web server asking for permission to run the CGI program. The server checks the configuration and access files to ensure that the program exists and the client has access authorization to the program. The server prepares the environment variables and launches the program. The program executes and reads the environment variables and STDIN. The program sends the appropriate MIME headers to STDOUT followed by the remainder of the output and terminates. The server sends the data in STDOUT (i.e., the output from the program’s execution) to the browser and closes the connection. Web Applications, Concepts&Tools, by Dr. Khalil 32 CGI with HTTP Cookies One way to make CGI scripts more interactive is to use cookies. A cookie is a piece of information that the client stores on behalf of the server. The information that is stored in the cookie comes from the server as part of the server’s response to an HTTP request. A client may have many cookies stored at any given time, each one associated with a particular Web site or Web page. Each time the client visits that site/page, the browser packages the cookie with the HTTP request. The Web server can then use the information in the cookie to identify the user and, depending on the nature of the information collected, possibly personalize the appearance of the Web page. The Web server can also add or change the information within the cookie before returning it. Cookies can be used to store registration information or preferences. Example: $!/bin/sh echo “Content-type:text/html” echo “Set-cookie: UserID=conn-ci0; expires = Friday 30-Apr-02 12:00:00 GMT” eCHO “Set-cookie: Password=guest; expires = Friday 30-Apr-02 12:00:00 GMT” echo “” Web Applications, Concepts&Tools, by Dr. Khalil 33 CGI (Common Gateway Interface) Advantages CGI is the de facto standard for interfacing Web clients and servers with external applications, and is arguably the most commonly adopted approach for interfacing Web applications to data sources (such as databases). The main advantages of CGI are Simplicity, Language independence, Web server independence, Wide acceptance. Web Applications, Concepts&Tools, by Dr. Khalil 34 CGI (Common Gateway Interface) Disadvantages The first notable drawback of CGI is that the communication between a client (browser) and the database server must always go through the Web server in the middle, which may cause a bottleneck if there is a large number of users accessing the Web server simultaneously. For every request submitted by a Web client or every response delivered by the database server, the Web server has to convert data from or to an HTML document. This incurs a significant overhead to query processing. The second disadvantage of CGI is the lack of efficiency and transaction support in a CGI program. For every query submitted through CGI, the database server has to perform the same logon and logout procedure, even for subsequent queries submitted by the same user. The CGI program could handle queries in batch mode, but then support for online database transactions that contain multiple interactive queries would be difficult. The third major shortcoming of CGI is due to the fact that the server has to generate a new process or thread for each CGI program. For a popular site (like Yahoo), there can easily be hundreds or even thousands of processes competing for memory, disk, and processor time. This situation can incur significant overhead. Last but not least, extra measures have to be taken to ensure server security. CGI itself does not provide any security measures, and therefore, developers of CGI programs must be security conscious. Any request for unauthorized action must be spotted and stopped. Web Applications, Concepts&Tools, by Dr. Khalil 35 APIs (Application Programming Interface) HTTP server (Web server) APIs and modules are the server equivalent of browser extensions. The central theme of Web database sites created with HTTP server APIs or modules is that the database access programs coexist with the server. They share the address space and run-time process of the server. This approach is in direct contrast with the architecture of CGI, in which CGI programs run as separate processes and in separate memory spaces from the HTTP server. At the present, there are two main APIs: the Netscape Server API (NSAPI) and Microsoft Information Server API (ISAPI). Instead of creating a separate process for each CGI program, the API offers a way to create an interface between the server and the external programs using dynamic linking or shared objects. Programs are loaded as part of the server, giving them full access to all the I/O functions of the server. In addition, only one copy of the program is loaded and shared among multiple requests to the server. Web Applications, Concepts&Tools, by Dr. Khalil 36 APIs Server modules are just prefabricated applications written in some server APIs. Developers can often purchase commercial modules to aid or replace the development of an application feature. Sometimes, the functionality required in a Web database application can be found as an existing server module. Vendors of Web servers usually provide proprietary server modules to support their products. There are a very large number of server modules that are commercially available, and the number is still rising. For example, Oracle provides the “Oracle PL/SQL” module, which contains procedures to drive database-backed Web sites. The Oracle module supports both NSAPI and ISAPI. Web Applications, Concepts&Tools, by Dr. Khalil 37 APIs Advantages Having database access programs coexist with the HTTP server improves Web database access by improving speed, resource sharing, and the range of functionality. Speed Server API programs run as dynamically loaded libraries or modules. A server API program is usually loaded the first time the resource is requested, and therefore, only the first user who requests that program will incur the overhead of loading the dynamic libraries. Alternatively, the server can force this first instantiation so that no user will incur the loading overhead. This technique is called preloading. Either way, the API approach is more efficient than CGI. Resource sharing Unlike a CGI program, a server API program shares address space with other instances of itself and with the HTTP server. This means that any common data required by the different threads and instances need exist only in one place. This common storage area can be accessed by concurrent and separate instances of the server API program. The same principle applies to common functions and code. The same set of functions and code are loaded just once and can be shared by multiple server API programs. The above techniques save space and improve performance. Web Applications, Concepts&Tools, by Dr. Khalil 38 APIs Range of functionality CGI programs have access to a Web transaction only at certain limited points. It has no control over the HTTP authentication scheme. It has no contact with the inner workings of the HTTP server, because a CGI program is considered external to the server. In contrast, server API programs are closely linked to the server; they exist in conjunction with or as part of the server. They can customize the authentication method as well as transmission encryption methods. Server API programs can also customize the way access logging is performed, providing more detailed transaction logs than are available by default. Provide Web page or site security by inserting an authentication “layer” requiring an identifier and a password outside that of the Web browser’s own security methods. Log incoming and outgoing activity by tracking more information than the Web server does, and store it in a format not limited to those available with the Web server. Serve data out to browsing clients in a different way than the Web server would (or even could) by itself. Overall, server APIs provide a very flexible and powerful solutions in extending the capabilities of Web servers. However, the approach is much more complex than CGI, requiring specialized programmers with a deep understanding of the Web server and with sophisticated programming skills. Web Applications, Concepts&Tools, by Dr. Khalil 39 APIs Important issues Server architecture dependence Server APIs are closely tied to the server they work with. The only way to provide efficient cross-server support is for vendors to adhere to the same API standard. If a common API standard is used, programs written for one server will work just as well with another server. However, setting up standards involves compromises among competitors. In many cases, they are hard to come by. Platform dependence Server APIs and modules are also dependent on computing platforms. Netscape servers are supported on multiple platforms. Nevertheless, each supporting version is dependent on that platform. Similarly, Microsoft server is only available for Windows NT. Programming language Both Netscape servers and Microsoft Web servers can be extended using a variety of programming languages and facilities. In addition, Microsoft provides an application environment called Active Server Pages. Active Server Pages is an open, compile-free application environment in which developers can combine HTML, scripts and reusable ActiveX server components to create dynamic and powerful web-based business solutions. Web Applications, Concepts&Tools, by Dr. Khalil 40 Features CGI Language-independent Runs in different process from core Web server Open standard Web server architectureindependent APIs Supports distributed computing Multiple, extensible roles Memory sharing with other processes Does NOT create new process for each instance Easy to use Web Applications, Concepts&Tools, by Dr. Khalil 41 Examples of APIs Netscape API (NSAPI) and Microsoft Information Server API (ISAPI). Microsoft’s Web Solution Platform with Active Server Pages (ASPs) and Active Data Objects (ADO). Java solutions (SQLJ, Servlets, and JavaServer Pages, and JDBC). Web Applications, Concepts&Tools, by Dr. Khalil 42 Netscape API Netscape LiveWire Pro provides server-side JavaScript constructs for database connectivity using the Netscape API (NSAPI). JavaScript is compiled into bytecode and the interpreted by the LiveWire Pro server extension running in conjunction with the Netscape server. JavaScript can accomplish many of the tasks usually associated with retrieving and working with information from a database, including: Connecting to and disconnecting from the database; Beginning, , and rolling back an SQL query; Displaying the results of an SQL query; Creating updateable cursors for viewing, inserting, deleting, and modifying data. Accessing binary large objects (BLOBs) for multimedia content, such as images and sounds. Web Applications, Concepts&Tools, by Dr. Khalil 43 Netscape API – An Example //Connect to the database, and check connection successful database.connect(ORACLE, my_server, auser_name, auser_password, Company_db) If (!database.connected()) write(“Error connecting to database”) else { // Set up a cursor for query; second parameter indicates that updates will occur through cursor myCursor = database.cursor(“SELECT * FROM Employee”, TRUE) // Loop over all the records and update salary field while (myCursor.next()) { myCursor.salary = myCursor.salary * 1.05 myCursor.updateRow(Employee) } // Finally, disconnect from the database database.disconnect() } Web Applications, Concepts&Tools, by Dr. Khalil 44 Microsoft Web Solution Platform Object Linking and Embedding (OLE) OLE is an object-oriented technology that enables development of reusable software components. Instead of traditional procedural programming in which each component implements the functionality it requires, the OLE architecture allows applications to use shared objects that provide specific functionality. Objects like text documents, charts, spreadsheets, e-mail messages, graphics, and sound clips all appear as objects to the OLE application. When objects are embedded or linked, they appear within the client application. When the linked data needs to be edited, the user double-clicks the object, and the application that created it is started. Web Applications, Concepts&Tools, by Dr. Khalil 45 Microsoft Web Solution Platform Component Object Model Component objects are objects that provide services to other client applications. The Component Object Model (COM) is an object-based model consisting of both a specification that defines the interface between objects within a system and a concrete implementation, packaged as a Dynamic Link Library (DLL). COM is a service to establish a connection between a client application and an object and its associated services. COM provides a standard method of finding and instantiating objects, and for the communication between the client and the component. One of the major strengths of COM lies in the fact that it provides a binary interoperability standard; that is, the method for bringing the client and object together is independent of any programming language that created the client and object. Web Applications, Concepts&Tools, by Dr. Khalil 46 Microsoft Web Solution Platform Distributed Component Object (DCOM) Distributed Component Object Model (DCOM) extends the COM architecture to provide a distributed component-based computing environment, allowing components to look the same to clients on a remote machine as on a local machine. DCOM does this by replacing the interprocess communication between client and component with an appropriate network protocol. DCOM is very suited to the three-tier architecture. Web Applications, Concepts&Tools, by Dr. Khalil 47 Microsoft Web Solution Platform COM+ COM+ provides the basis for Microsoft’s new framework for unifying and integrating the PC and the Internet. The Web Solution Platform is “An architectural framework for building modern, scalable, multi-tier distributed computing solutions, that can be delivered over any network”, which defines a common set of services including components. There are several core components to this architecture: Active Server Pages (ASP) ActiveX Data Objects (ADO) Web Applications, Concepts&Tools, by Dr. Khalil 48 Microsoft Web Solution Platform Universal Data Access The Microsoft ODBC technology provides a common interface for accessing heterogeneous SQL databases. ODBC has many limitations when used as a programming interface. Microsoft packaged Access and Visual C++ with Data Access Objects (DAO). The object model of ADO consists of objects such as Databases, TableDefs, QueryDefs, Recordsets, fields, and properties. Next, Microsoft defined a set of data objects, collectively known as OLE DB (Object Linking Embedding for DataBases), that allows OLE-oriented applications to share and manipulate sets of data as objects. OLE DB provides low-level access to any data source, including relational and non-relational databases, e-mail and file systems, text and graphics, custom business objects, and more. OLE DB is an object-oriented specification based on a C++ API. Web Applications, Concepts&Tools, by Dr. Khalil 49 Microsoft Web Solution Platform Universal Data Access Web Applications, Concepts&Tools, by Dr. Khalil 50 Active Server Pages and ActiveX Data Objects Active Server Pages (ASP) is a programming model that allows dynamic, interactive Web pages to be created on the Web server, analogous to JavaServer Pages (JSP). The pages can be based on what browser type the user has, on what language the user’s machine supports, and on what personal preferences the user has chosen. ASP was introduced with the Microsoft Internet Information Server (IIS) and supports ActiveX scripting, allowing a large number of different scripting engines to be used, within a single ASP script if necessary. Native support is provided for VBScript (the default scripting language for ASP) and JScript. Web Applications, Concepts&Tools, by Dr. Khalil 51 ASP Architecture Web Applications, Concepts&Tools, by Dr. Khalil 52 ASP Architecture ASP provide the flexibility of CGI, without the performance overhead. Unlike CGI, ASP runs in-process with the server, and is multi-threaded and optimized to handle a large volume of users. ASP is built around files with the extension “.asp”, which can contain any combination of the following: Text; HTML tags, Script commands and output expressions. An ASP script starts to run when a browser requests an “.asp” file from the Web server. The Web server then calls ASP, which reads through the requested file from top to bottom, executes any commands, and sends the generated HTML page back to the browser. It is possible to generate client-side scripts within a server-side generated HTML file by simply including the script as text within the ASP script. Web Applications, Concepts&Tools, by Dr. Khalil 53 ActiveX Data Objects Active Data Objects (ADO) is a programming extension of ASP supported by the Microsoft Internet Information Server (IIS) for database connectivity. ADO is designed as an easy-to-use application level interface to OLE DB. ADO supports the following key features: Independent-created objects; Support for stored procedures, with input and output parameters and return parameters; Different cursor types, including the potential for the support of different back-end-specific cursors; Batch updating; Support for limits on the number of returned rows and other query goals; Support for multiple recordsets returned from stored procedures or batch statements. Web Applications, Concepts&Tools, by Dr. Khalil 54 Microsoft Access and Web Page Generation Microsoft Access 2000 provides three wizards for automatic generating HTML pages based on tables, queries, forms, or reports in the database: Static pages – the user can export data to HTML format. Dynamic pages, using Active Server Pages – with this approach, the user can export data to an .asp file on the Web server, by specifying the name of the current database, a username, and password to connect to the database, and the URL of the Web server that will store the ASP file. Dynamic pages, using data access pages – Data access pages are Web pages bound directly to the data in the database. Data access pages can be used like Access forms, except that these pages are stored as external files, rather than within the database or database project. Data access pages are written in dynamic HTML (DHTML), an extension of HTML that allows dynamic objects as part of the Web page. Unlike ASP files, a data access page is created within Access using a wizard or in design view employing many of the same tools that are used to create Access forms. Web Applications, Concepts&Tools, by Dr. Khalil 55 Microsoft .net Microsoft is launching a platform called .net – a vision for the next generation of Internet. This vision is motivated by a shift from individual Web sites to clusters of computers, devices, and mechanisms that collaborate to provide improved user services. The intention is to allow people to control how, when, and what information is delivered to them. Among the components in this new platform are ASP.net and ADO.net: ASP.net – is the next version of ASP that has been reengineered to improve performance and scalability. ADO.net – is the next version of ADO with new classes that expose data access services to programmer. Web Applications, Concepts&Tools, by Dr. Khalil 56 Java Solutions Java is a proprietary language developed by Sun Microsystems. Java is rapidly becoming the de facto standard programming language for Web computing. Java is a type-safe, objectoriented, distributed, interpreted, robust, secure, architecture neutral, portable, highperformance, multi-threaded, and dynamic programming language that is interesting because of its potential for building Web applications (applets) and server applications (servlets). Web Applications, Concepts&Tools, by Dr. Khalil 57 J2EE – Java 2 Enterprise Edition J2EE – Java 2 Enterprise Edition – aimed at robust, scalable, multi-user, and secure enterprise application. The cornerstone of J2EE is Enterprise JavaBeans (EJB), a standard for building server-side components in Java. We are particularly interested in two J2EE components: JDBC JavaServer Pages Enterprise JavaBeans (EJB) is a server-side component architecture for the business tier, encapsulating business and data logic. Web Applications, Concepts&Tools, by Dr. Khalil 58 SQLJ SQLJ is a specification for Java with static embedded SQL. SQLJ comprises a set of clauses that extend Java to include SQL constructs. An SQLJ translator transforms the SQLJ clauses into standard Java code that accesses the database through a call-level interface. SQLJ is based on static embedded SQL while JDBC is based on dynamic SQL (allows a calling program to compose SQL at runtime). Web Applications, Concepts&Tools, by Dr. Khalil 59 Java Servlets Servlets are programs that run on a Java-enabled Web server and build Web pages, analogous to CGI programming. Servlets have a number of advantages over CGI, such as: Improved performance – with servlets a lightweight thread inside JVM handles each request. Portability – Java servlets adhere to the “write once, run anywhere” philosophy of Java. Extensibility – Java servlets can utilize Java code from any source and can access the large set of APIs available for the Java platform. Simpler session management – A typical CGI program uses cookies on either the client or server (or both) to maintain some sense of state or session. On the other hand, servlets can maintain state and session identity because they are persistent and all client requests are processed until the servlet is shut down by the Web server. Improved security and reliability – servlets have the added advantages of benefiting from the in-built Jave security model and inherit Java type safety, making the servlets more reliable. Web Applications, Concepts&Tools, by Dr. Khalil 60 JSP (JavaServer Pages) JSP is a Java-based server-side scripting language that allows static HTML to be mixed with dynamically-generated HTML. The HTML developers can use their normal Web page building tools (for example, Microsoft’s FrontPage or Macromedia’s Dreamweaver) and then modify the HTML file and embed the dynamic content within special tags. JSP works with most Web servers including Apache HTTP Server and Microsoft Internet Information Server (with plug-ins from IBM’s WebSphere, LiveSoftware’s Jrun, or New Atlanta’s ServletExec). The JSP engine transforms JSP tags, Java code, and static HTML content into Java code, which is then automatically organized by the JSP engine into an underlying Java servlet, after which the servlet is then automatically compiled into Java bytecodes. Thus, when a client requests a JSP page, a generated precompiled servlet does all the work. JSP gives both efficient performance and the flexibility of rapid development with no need to manually compile code. Web Applications, Concepts&Tools, by Dr. Khalil 61 Comparison of ASP and JSP ASP and JSP are designed to enable developers to separate page design from programming logic through the use of callable components, and both provide an alternative to CGI programming that simplifies Web page development and deployment. Platform and Server Independence – JSP conforms to the “Write Once, Run Anywhere” philosophy of the Java environment. Thus, JSP can run on any Java-enabled Web server and is supported by a wide variety of vendor tools. In contrast, ASP is primarily restricted to Microsoft Windowa-based platforms. Extensibility – Although both technologies use a combination of scripting and tagging to create dynamic Web pages, JSP allows developers to extend the JSP tags available. Reusability – JSP components (JavaBeans, EJB, and custom tags) are reusable across platforms. For example, an EJB component can access distributed databases across a variety of platforms (e.g., UNIX, Windows). Security and reliability – JSP has the added advantages of benefiting from the in-built Java security model and the inherent Java type safety, making JSP potentially more reliable. Web Applications, Concepts&Tools, by Dr. Khalil 62 Connecting to the Database We have seen various approaches that enable browsers to communicate with Web servers, and in turn allow Web clients to have access to databases. For example, CGI and API programs can be invoked by the Web client to access the underlying database. In general, database connectivity solutions include the use of: Native database APIs. Database-independent APIs (such as ODBC). Template-driven database access packages. Third party class libraries. Web Applications, Concepts&Tools, by Dr. Khalil 63 ODBC (Open DataBase Connectivity) ODBC is an SQL-based product of Microsoft with the objective of providing a common interface for accessing heterogeneous SQL databases. This interface (built on the ‘C’ language) provides a high degree of interoperability: a single application can access different SQL DBMSs through a common set of code. This enables a developer to build and distribute a client-server application without targeting a specific DBMS. ODBC has emerged as a de facto industry standard for the following reasons: Applications are not tied to a proprietary vendor API; SQL statements can be explicitly included in source code or constructed dynamically at runtime; An application can ignore the underlying data communications protocols; Data can be sent and received in a format that is convenient to the application; ODBC is designed in conjunction with the X/Open and ISO Call-Level Interface (CLI) standards; There are ODBC drivers available today for many of the popular DBMSs; Web Applications, Concepts&Tools, by Dr. Khalil 64 ODBC Architecture The ODBC interface defines the following: A library of function calls that allow an application to connect to a DBMS, execute SQL statements, and retrieve results; A standard way to connect and log on to DBMSs; A standard representation of data types; A standard set of error codes; SQL syntax based on the X/Open and ISO Call-Level Interface (CLI) specifications. The ODBC architecture has four components: Application – which performs processing and calls ODBC functions to submit SQL statements to the DBMS and to retrieve results from DBMS. Driver Manager – which loads and unloads drivers on behalf of an application. Driver and Database Agent – which process ODBC function calls, submit SQL requests to a specific data source, and return results to the applications. Data source – which consists of the data the user wants to access and its associated DBMS, its host operating system, and network platform, if any. Web Applications, Concepts&Tools, by Dr. Khalil 65 ODBC Architecture Web Applications, Concepts&Tools, by Dr. Khalil 66 Windows Applications Use ODBC to Access Databases Web Applications, Concepts&Tools, by Dr. Khalil 67 JDBC Web Applications, Concepts&Tools, by Dr. Khalil 68 JDBC Modeled after the Open Database Connectivity (ODBC) specification, the JDBC package defines a database access API that supports basic SQL functionality and enables access to a wide range of relational DBMS products. With JDBC, higher-level APIs can be built. A number of higher-level APIs can be developed on top of JDBC: An embedded SQL for Java – with this approach, JDBC requires that SQL statements be passed as strings to Java methods. A direct mapping of relational database tables to Java classes – In this ‘object-relational’ mapping, each row of the table becomes an instance of that class, and each column value corresponds to an attribute of that instance. Applications can access database using ODBC drivers and existing database client libraries, or using the JDBC API with pure Java JDBC drivers. The options are as follows: The JDBC-ODBC bridge provides JDBC access using ODBC drivers. The partial JDBC driver converts JDBC calls into calls on the client API for the DBMS. The pure Java JDBC driver for database middleware translates JDBC calls into the middleware vendor’s protocol, which is subsequently translated to a DBMS protocol by a middleware server. The pure Java JDBC driver with a direct database connection converts JDBC calls into the network protocol used directly by the DBMS, allowing a direct call from the client machine to the DBMS server. Web Applications, Concepts&Tools, by Dr. Khalil 69 JDBC Connectivity Using ODBC drivers The Pure JDBC platform Web Applications, Concepts&Tools, by Dr. Khalil 70 Microsoft Web Solution Platform Microsoft Web Solution Platform has been created for building and deploying interoperable Web solutions. It is the precursor to Microsoft’s “.net” – a vision for the third generation of the Internet where “software is delivered as a service, accessible by any device, any time, any place, and is fully programmable and personalizable”. There are various tools, services, and technologies in the platform such as Windows 2000, Exchange Server, BizTalkServer, Visual Studio, HTML/XML, scripting (JScript, VBScript, …), and components (Java or ActiveX). Web Applications, Concepts&Tools, by Dr. Khalil 71 Oracle Internet Platform The Oracle Internet Platform, comprising Oracle Internet Application Server (iAS) and Oracle DBMS, is aimed particularly at providing extensibility for distributed environment. It is n-tier architecture based on industry standards such as: HTTP and HTML/XML for Web enablement. The Object Management Group’s CORBA technology for manipulating objects. Internet Inter-Object Protocol (IIOP) for object interoperability and Remote Method Invocation (RMI). Java, Enterprise JavaBeans (EJB), JDBC and SQLJ for database connectivity, Java servlets, and JSP. It also supports Java Messaging Service (JMS), Java Naming and Directory Interface (JNDI), and it allows stored procedures to be written in Java. Web Applications, Concepts&Tools, by Dr. Khalil 72 Oracle Internet Application Server (iAS) Web Applications, Concepts&Tools, by Dr. Khalil 73 Thank you Web Applications, Concepts&Tools, by Dr. Khalil 74