ja 6051. mobile based authentication protcol using rfid next generation applications

8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS

1/103

MOBILE BASED AUTHENTICATION PROTCOL USING

RFID NEXT GENERATION APPLICATIONS

Abstract

Ever-growing popularity of mobile devices, such as smart phones and netbooks, coupled

with anytime and anyplace availability of high-speed network access is changing the

ways how we compute and communicate. Mobile devices play an increasingly important

role in our lives and tend to become representations of our digital selves when we trust

these devices with sensitive information. Consequently, the problem of securing mobile

devices against unauthorized access has never been more important. We present an

RFID-based Authentication Middleware (RFID-AM) that combines point of entry and

continuous authentication with transparent on-demand encryption of user files. This

paper details the architecture of RFID-AM, discusses its fully functional prototype, and

presents experimental results demonstrating its performance in various conditions. This

paper also surveys different methods and technologies that have been proposed and

implemented on mobile devices.

INTRODUCTION

RFID (radio-frequency identification) technology is widely used for supply chain

management and inventory control. Furthermore, RFID has been recognized as a tool torealize a ubiquitous environment. The typical architecture of RFID applications

comprises RFID tags, which are embedded in or attached to an object, an RFID reader,

and IS (information services) server. The RFID reader reads the code in the RFID tag and

interprets it by communicating with the IS server via a proper communication network.

This is the typical architecture defined by PC global. The RFID reader can be stationary

or mobile. A mobile RFID reader affords more applications than the stationary one. In

this paper, we describe the core components for realizing a mobile RFID application,

such as a mobile RFID reader, platform architecture, and the corresponding network

architecture. Although there are several types of mobile RFID readers in the market, we

propose a specially designed mobile RFID technology that has several positive features

including security, network architecture, operation scenario, and code resolution

mechanism. Furthermore, we analyze the characteristics of the proposed technologies.


2/103

The information in the database was retrieved by communication device like

PDA. The request from the PDA was given to the data base system and the requested

data is given base to the PDA as response from the database system. While performing

this transaction, it is not possible to find whether the requested user is authorized or not.

So there is a possibility of hacking up of data by unauthorized persons. So the data is not

at all secure and reliable. In order to avoid this drawback an authentication protocol is

used. Using RFID this authentication is done. The request is given by the RFID tag using

a communication device like mobile phone. This request is got by an authentication

server and the server validates whether the requested user is authorized or not. Only if the

user is authorized it is allowed to access the data base. With the help of this process the

data in the data base were maintained fully protected.

Existing System

In the existing system, the communication devices are directly allowed to access

the data base system. As a result unauthorized users are also allowed to access the data

base and hack the important data. So this process is not at all secure and reliable.

Proposed System

In the proposed system, RFID tags are used with communication device like

mobile phone. From the tag the request is given to a authentication server through mobile

phone. This authentication server checks whether the requested tag is authorized or not.

Only if the tag is authorized the server permits to access the database system. Hence data

in the data base system is protected securely and reliably.

System Architecture


3/103


4/103

Module Description

Mobile Reader

Mobile reader sends request to tag and wait for reply message from the tag.

Mobile reader then transfers the message as received, to AS (Authentication Server) for

confirming if the tag is legal.

Only if its legality confirmed, further information can be retrieved.


5/103

Authentication Server

Authentication server enquires ONS (Object Name Server) the URL (Uniform

Resource Location) of the detailed information of corresponding tag.

After getting URL, it obtains the tags detailed information from OIS (Object

Information Server).

AS then transfers tags detailed information to the mobile reader.

Object Name Server

ONS transfers tags URL to AS

Object Information Server

OIS transfers the tags detailed information to AS

Use Case


6/103

Cl i en t m ob i l eR e a d t a g v a lu e

Q ue ry

V a l i d Re s po ns e

Da ta B as e

O bje c t N am e

S e rver

A u then t i c a t i on

S e rver

A u th ent ic a t io n

O b je ct N am e

In fo rm a t i o n

O b jec t nam e Re q u e s t i n f o rm a t i o n

Sequence Diagram


7/103

Clien t m ob ile A u then t ic at ion

ServerObject nam e

ServerDa ta Base

Read Tag value

Authen t ica t ion

Re sp o n se

Objec t n am e

Object nam e

Ob ject inform ation

Request Request in formation

Collaboration Diagram


8/103

C l i e n t

m o b i l e

A u t h e n t i c a t io

n S e r v e r

O b je c t n a m e

S e r ve r

D a t a

B a s e

1 : R e a d T a g v a l u e3 : R e q u e s t

2 : A u t h e n t i c a t i o n8 : R e s p o n s e

4 : R e q u e s t in fo rm a t io n5 : O b j e c t n a m e

6 : O b j e c t n a m e

7 : O b je c t i n fo r m a t i o n

Activity Diagram


9/103

User Login

Swipe card

using mobile

Request

information

Retrive

Information

Software & Hardware Requirements

Software Requirements

Java1.5 or More

J2ME

MS-SqlServer


10/103

Hardware Requirements

Hard disk : 40 GB

RAM : 128mb

Processor : Pentium

RFID Tag & Reader

RFID

RFID (radio frequency identification) is a technology that incorporates the use ofelectromagnetic or electrostatic coupling in the radio frequency (RF) portion of the

electromagnetic spectrum to uniquely identify an object, animal, or person. RFID is

coming into increasing use in industry as an alternative to thebar code. Many otherpotential applications such as improving supply chain efficiency and reducing crime are

being investigated. The advantage of RFID is that it does not require direct contact or

line-of-sight scanning.
http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci214263,00.htmlhttp://searchcio.techtarget.com/sDefinition/0,,sid182_gci213536,00.htmlhttp://searchcio.techtarget.com/sDefinition/0,,sid182_gci213536,00.htmlhttp://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci214263,00.htmlhttp://searchcio.techtarget.com/sDefinition/0,,sid182_gci213536,00.html


11/103

RFID tagging is a form of Automatic Identification and Data Capture (AIDC)

technology where data stored on a tag is transferred via a radio frequency link. A RFID

reader communicates with the tag to infer the identity of the object to which the tag isattached. The principle is similar to the more familiar bar code, where data are transferred

optically. However, RFID has advantages over bar codes, such as the ability to store large

amounts of data and to read many tags simultaneously.

Components

A basic RFID system consists of three components:

An antenna or coil

A transceiver (with decoder)

A transponder (RF tag) electronically programmed with unique information

The antenna emits radio signals to activate the tag and to read and write data to it.The reader emits radio waves in ranges of anywhere from one inch to 100 feet or more,

depending upon its power output and the radio frequency used. When anRFID tag passes

through the electromagnetic zone, it detects the reader's activation signal.The reader decodes the data encoded in the tag's integrated circuit (silicon chip) and the

data is passed to the host computer for processing.

Low-frequency RFID systems (30 KHz to 500 KHz) have short transmissionranges (generally less than six feet). High-frequency RFID systems (850 MHz to 950

MHz and 2.4 GHz to 2.5 GHz) offer longer transmission ranges (more than 90 feet). In

general, the higher the frequency, the more expensive the system.RFID is sometimes called dedicated short range communication (DSRC).

RFID technology

RFID technology emerged in the 1940s as a way of remotely identifying aircraft for

military purposes, and has since been used widely in civil aviation. However, recent

technological advances have reduced the cost and the size of RFID tags, opening up awider range of uses. The tags themselves consist of an electronic circuit, which stores

data, and an antenna which communicates the data via radio waves. A RFID reader

interrogates the tags to obtain the information stored. When the readerbroadcasts radio waves, all the tags within range will communicate. Software is required

to control the reader and to collect and filter the information. Box 1 Automatic

Identification and Data Capture(AIDC) technologies There are three main types of AIDC technologies:
http://void%28-1%29/http://void%28-1%29/http://void%28-1%29/http://void%28-1%29/http://void%28-1%29/http://void%28-1%29/http://void%28-1%29/http://void%28-1%29/http://void%28-1%29/


12/103

Optical bar codes etc.

Magnetic magnetic stripe travel cards etc.

Electronic RFID tags, smart cards, sim cards etc.

RFID tags are often considered to be the next generation of bar codes.

Advantages:

Ease of use information from the RFID tag is transferred via radio waves andtherefore, unlike bar codes, a line-of-sight between the tag and reader is not required.

Many RFID tags can be read in a very short time and without handling the product.

Information stored tags that store 96 bits of data can store a manufacturers name, a

product name and a unique product code. Higher and lower capacity tags are available.RFID tags can be used to identify

uniquely a specific item, whereas bar codes can only identify the type of product.

Security unlike bar codes, it is extremely difficult to copy RFID tags. As no line-of-

sight is required they could be made to trigger security alarms, and help reduce theft,especially if incorporated into products. Bar codes are very cheap to print and to attach to

products, whereas RFID tags cost at least 20 pence each. However, this cost will fall asproduction rises and as novel ways of producing chips and antennae are developed. There

is a range of different types of RFID system available, for example, tags can be either

active or passive. Active tags contain an onboard battery to drive

the internal circuitry and to generate radio waves. They can broadcast even in the absenceof a RFID reader. Passive tags are powered using the energy of the radio wave

transmitted by the reader and do not have their

own power supply. Also, tags can be read-only or readwrite. Read-only tags are muchcheaper to produce and postnote July 2004 Number 225 Radio Frequency Identification

(RFID) Page 2 are used in most current applications. Read-write tags are useful when

information needs to be updated. Properties of RFID systems The properties of a givenRFID system depend on several key parameters such as frequency (box 2) and power:

The range of a RFID system depends on the frequency, power of the reader, and the

material between the tag and the reader. The presence of metal and liquids reduces therange of the ultra high frequency RFID systems. The range can be up to a few metres for

passive systems but in excess of 100 m for active systems due to the onboard battery that

facilitates increased radio transmitter power.

The tag size increases at lower frequencies (LF), since the tag incorporates the antenna,and larger antennae are needed to transmit lower frequencies. The chip can be as small as

1 mm2, but the antenna is much

larger (of the order of centimetres). The antennae for LF tags are metal wire coils, but forhigher frequencies they can be printed onto paper using conductive inks.

As the frequency increases, the read rate, and thus the amount of data that can be

transferred in a given time, increases. This is important when many tagged goods need tobe read in a short time.

The cost of tags tends to decrease as the frequency increases, although active tags cost

much more than passive tags, irrespective of frequency. Also, the longer the range

required and the more information stored,


13/103

then the more costly the tag. Box 2 Frequencies Radio frequency waves are

electromagnetic (em) waves ranging from ~ 30 kHz to 300 GHz. Only certain frequency

bands within this range (listed below) are available for licence-free RFID systems.Certain frequencies are more suitable for specific applications:

125-134 kHz Low frequency (LF) tags are used in animal tracking, car immobilisers

etc. LF tags are commonly used where there are liquids or metals present and when a fastread rate is not required.

13.56 MHz High frequency (HF) tags are the most commonly used, due mainly to the

relatively wide adoption of smart cards based on RFID technology. 860-960 MHz Ultra high frequency (UHF) tags are anticipated as being the most

practical for item-level tracking as they offer a good balance between range (typically

less than a few metres) and the ability to read

multiple tags at speed. 2.45 GHz Microwave frequency tags are used for electronic toll collection. This band

is also used by many other systems e.g. Bluetooth and WiFi systems.

Current uses

RFID technology is already well established in a number of areas such as electronicpayment, supply chain management and livestock tracking, as well as previously

unforeseen areas, such as data conveying.

Related Work PIN-test Set proposed by Juels[1] of tag authentication does not require

transaction of updating tag that the legality of tag can be verified directly. Thus, the

calculation of tag can be reduced and the data of tag as will be stored at the databasecan be minimized. Figure 1 is the process in using PIN-test Set as tag verification, where

we shall define parameter set of any one of the tag x as follows:

Where j x Q represents the j(th) test code of tag x,which is generated by reader inchallenging if tag can reply the correct test code with right answer. Only one test code in

PINSetx is correct which is located at random position L, while the rest test codes are

incorrect.

Where jx A represents jth answer replied by tag x.The tag will reply 1 when the test code position j=L

is found in comparison, and rest will be replied in 0,

i.e. if L

x Q is a correct test code, the Lx A is 1.


14/103

Tag x will send out its EPC after receiving the

request, then the reader will verify if EPC exists inthe database. The transaction will cease if it is not.

If yes, the test code (Kill-PIN) of tag x will beaccessed and generate randomly the PINSetx

including N-1 numbers of test code and one correct

test code locates at position L(1 L N) .Afterwards, start to send out j

x Q per tag in

sequence, the tag will proceed comparing to each

jx Q , and only when j

x Q is a correct test code, thetag will reply the reader by 1. Or else it will reply0, while the reader will verify one by one. Only

when the Lth reply is 1 and the rest replies are 0,

the tag is considered legal. Reversely, no matter theLth reply is 0 or one of the other replies is 1, the

tag is considered illegal.

The PIN-test-Set proposed by Juels whose

PINSetx as provided by the trusted reader; however,in the mobile RFID environment, a reader may

possibly be compromised by the malicious attacker

among them in obtaining the test code. If there is anattacker eavesdropping in between the reader and the

tags, he can obtain EPCx as well as the replied 1 to

find the correct test code, hence to trace the tag orforge the tag. Therefore, we are going to change the

method to provide PINSetx from back-end database,

and encrypt all messages in transmission process.


15/103

4. LANGUAGE SPECIFICATION

4.1 About the Java TechnologyJava technology is both a programming language and a platform. The Java Programming

Language The Java programming language is a high-level language that can be

characterized by all of the following buzzwords:

SimpleArchitecture

neutral

Object

orientedPortable

Distributed

High performance

Multithreaded Robust

Dynamic Secure

Simple

Java was designed to be easy for the professional programmer to learn and use

effectively. Assuming that you have some programming experience, you have some

programming experience; you will not find java hard to master. If you already

understand the basic concepts of object-oriented programming, learning java will be

even easier. Best of all, if you are an experienced C++ programmer, moving to java

will require very little effort. Because java inherits the C/C++ syntax and many of the

object-oriented features of C++, most programmers have little trouble learning java.

Also, some of the more confusing concepts from C++ are either left out of java or

implemented in a cleaner, more approachable manner.

Object-Oriented

Although influenced by its predecessors, java was not designed to be source-code

compatible with any other language. This allowed the java team the freedom to design

with a blank slate. One outcome of this was a clean, usable, pragmatic approach to

objects. Borrowing liberally from many seminal object-software environments of the

last few decades, java manages to strike a balance between the purists everything is


16/103

an object paradigm and the pragmatists stay out of my way model. The object

model in java is simple and easy to extend, while simple types, such as integers, are

kept as high-performance non-objects.

Robust

The multi plat formed environment of the Web places extraordinary demands

on a program, because the program must execute reliably in a variety of systems.

Thus, the ability to create robust programs was given a high priority in the design of

java. To gain reliability, java restricts you in a few key areas, to force you to find

your mistakes early in program development. At the same time, java frees you from

having to worry about many of the most common causes of programming errors.Because java is a strictly typed language, it checks your code at compile time.

However, it also checks your code at run time. In fact, many hard-to-track-down

bugs that often turn up in hard-to-reproduce run-time situations are simply

impossible to create in Java. Knowing that what you have written will behave in a

predictable way under diverse conditions is key feature of java.

Secure

Java is intended for use in networked/distributed environments. Toward that end,

a lot of emphasis has been placed on security. Java enables the construction of virus-free,

tamper-free systems. The authentication techniques are based on public-key encryption.

There is a strong interplay between "robust" and "secure." For example, the

changes to the semantics of pointers make it impossible for applications to forge access to

data structures or to access private data in objects that they do not have access to. This

closes the door on most activities of viruses.

Someone wrote an interesting "patch" to the PC version of the Archimedes

system. They posted this patch to one of the major bulletin boards. Since it was easily

available and added some interesting features to the system, lots of people downloaded it.

It hadn't been checked out by the folks at Archimedes, but it seemed to work. Needless to


17/103

say, even though they were in no way responsible for the incident, the folks at

Archimedes still had a lot of damage to control.

Architecture Neutral

Java was designed to support applications on networks. In general, networks are

composed of a variety of systems with a variety of CPU and operating system

architectures. To enable a Java application to execute anywhere on the network, the

compiler generates an architecture-neutral object file format--the compiled code is

executable on many processors, given the presence of the Java runtime system.

This is useful not only for networks but also for single system software

distribution. In the present personal computer market, application writers have to produce

versions of their application that are compatible with the IBM PC and with the Apple

Macintosh. With the PC market (through Windows/NT) diversifying into many CPU

architectures, and Apple moving off the 680x0 toward the PowerPC, production of

software that runs on all platforms becomes nearly impossible. With Java, the same

version of the application runs on all platforms.

The Java compiler does this by generating byte code instructions which have

nothing to do with a particular computer architecture. Rather, they are designed to be

both easy to interpret on any machine and easily translated into native machine code on

the fly.

Archimedes is a small company. They started out producing their software for the

PC since that was the largest market. After a while, they were a large enough company

that they could afford to do a port to the Macintosh, but it was a pretty big effort and

didn't really pay off. They couldn't afford to port to the PowerPC Macintosh or MIPS NT

machine. They couldn't "catch the new wave" as it was happening, and a competitor

jumped in...


18/103

Portable

Being architecture neutral is a big chunk of being portable, but there's more to it

than that. Unlike C and C++, there are no "implementation dependent" aspects of the

specification. The sizes of the primitive data types are specified, as is the behavior of

arithmetic on them. For example, "int" always means a signed two's complement 32 bit

integer, and "float" always means a 32-bit IEEE 754 floating point number. Making these

choices is feasible in this day and age because essentially all interesting CPUs share these

characteristics.

The libraries that are a part of the system define portable interfaces. For example,

there is an abstract Window class and implementations of it for Unix, Windows NT/95,

and the Macintosh.

The Java system itself is quite portable. The compiler is written in Java and the

runtime is written in ANSI C with a clean portability boundary. The portability boundary

is essentially a POSIX subset.

Interpreted

Java byte codes are translated on the fly to native machine instructions

(interpreted) and not stored anywhere and since linking is a more incremental and

lightweight process, the development process can be much more rapid and exploratory.

As a part of the byte code stream, more compile-time information is carried over

and available at runtime. This is what the linker's type checks are based on. It also makes

programs more amenable to debugging.

The programmers at Archimedes spent a lot of time waiting for programs to

compile and link. They also spent a lot of time tracking down senseless bugs because

some changed source files didn't get compiled (despite using a fancy "make" facility),

which caused version mismatches; and they had to track down procedures that were


19/103

declared inconsistently in various parts of their programs. Another couple of months lost

in the schedule.

High Performance

While the performance of interpreted bytecodes is usually more than adequate,

there are situations where higher performance is required. The bytecodes can be

translated on the fly (at runtime) into machine code for the particular CPU the application

is running on. For those accustomed to the normal design of a compiler and dynamic

loader, this is somewhat like putting the final machine code generator in the dynamic

loader.

The bytecode format was designed with generating machine codes in mind, so the

actual process of generating machine code is generally simple. Efficient code is

produced: the compiler does automatic register allocation and some optimization when it

produces the bytecodes.

In interpreted code we're getting about 300,000 method calls per second on an

Sun Microsystems SPARCStation 10. The performance of bytecodes converted to

machine code is almost indistinguishable from native C or C++.

When Archimedes was starting up, they did a prototype in Smalltalk. This

impressed the investors enough that they got funded, but it didn't really help them

produce their product: in order to make their simulations fast enough and the system

small enough, it had to be rewritten in C.

Multithreaded

There are many things going on at the same time in the world around us.

Multithreading is a way of building applications with multiple threads, Unfortunately,

writing programs that deal with many things happening at once can be much more

difficult than writing in the conventional single-threaded C and C++ style.


20/103

Java has a sophisticated set of synchronization primitives that are based on the

widely used monitor and condition variable paradigm introduced by C.A.R.Hoare. By

integrating these concepts into the language (rather than only in classes) they become

much easier to use and are more robust. Much of the style of this integration came from

Xerox's Cedar/Mesa system.

Other benefits of multithreading is better interactive responsiveness and real-time

behavior. This is limited, however, by the underlying platform: stand-alone Java runtime

environments have good real-time behavior. Running on top of other systems like Unix,

Windows, the Macintosh, or Windows NT limits the real-time responsiveness to that of

the underlying system.

Lots of things were going on at once in their simulations. Ropes were being

pulled, wheels were turning, levers were rocking, and input from the user was being

tracked because they had to write all this in a single threaded form, all the things that

happen at the same time, even though they had nothing to do with each other, had to be

manually intermixed. Using an "event loop" made things a little cleaner, but it was still a

mess. The system became fragile and hard to understand. They were pulling in data from

all over the net. But originally they were doing it one chunk at a time. This serialized

network communication was very slow. When they converted to a multithreaded style, it

was trivial to overlap all of their network communication.

Dynamic

In a number of ways, Java is a more dynamic language than C or C++. It was

designed to adapt to an evolving environment.

For example, one major problem with C++ in a production environment is a side-

effect of the way that code is implemented. If company A produces a class library (a

library of plug and play components) and company B buys it and uses it in their product,

then if A changes its library and distributes a new release, B will almost certainly have to

recompile and redistribute their own software. In an environment where the end user gets


21/103

A and B's software independently (say A is an OS vendor and B is an application vendor)

problems can result.

For example, if A distributes an upgrade to its libraries, then all of the software

from B will break. It is possible to avoid this problem in C++, but it is extraordinarily

difficult and it effectively means not using any of the language's OO features directly.

Archimedes built their product using the object-oriented graphics library from

3DPC Inc. 3DPC released a new version of the graphics library which several computer

manufacturers bundled with their new machines. Customers of Archimedes that bought

these new machines discovered to their dismay that their old software no longer worked.

(In real life, backwards compatibility isn't always a high priority in the Unix world. In the

PC world, 3DPC would never have released such a library: their ability to change their

product and use C++'s object oriented features is severely hindered because they can't

expect their customers to recompile.)

By making these interconnections between modules later, Java completely avoids

these problems and makes the use of the object-oriented paradigm much more

straightforward. Libraries can freely add new methods and instance variables without any

effect on their clients.

An interface specifies a set of methods that an object can perform but leaves open

how the object should implement those methods. A class implements an interface by

implementing all the methods contained in the interface. In contrast, inheritance by

subclassing passes both a set of methods and their implementations from superclass to

subclass. A Java class can implement multiple interfaces but can only inherit from a

single superclass. Interfaces promote flexibility and reusability in code by connecting

objects in terms of what they can do rather than how they do it.

Classes have a runtime representation: there is a class named Class, instances of

which contain runtime class definitions. If, in a C or C++ program, you have a pointer to

an object but you don't know what type of object it is, there is no way to find out.

However, in Java, finding out based on the runtime type information is straightforward.


22/103

Because casts are checked at both compile-time and runtime, you can trust a cast in Java.

On the other hand, in C and C++, the compiler just trusts that you're doing the right thing.

It is also possible to look up the definition of a class given a string containing its

name. This means that you can compute a data type name and have it easily dynamically-

linked into the running system

In the Java programming language, all source code is first written in plain text

files ending with the .java extension. Those source files are then compiled into .class

files by the javac compiler. A .class file does not contain code that is native to your

processor; it instead contains bytecodes the machine language of the Java Virtual

Machine1 (Java VM). The java launcher tool then runs your application with an instance

of the Java Virtual Machine.

An overview of the software development process

Because the Java VM is available on many different operating systems, the same

.class files are capable of running on Microsoft Windows, the Solaris TM Operating

System (Solaris OS), Linux, or Mac OS. Some virtual machines, such as the Java

HotSpot virtual machine, perform additional steps at runtime to give your application a

performance boost. This include various tasks such as finding performance bottlenecks

and recompiling (to native code) frequently used sections of code.
http://java.sun.com/docs/books/tutorial/getStarted/intro/definition.html#FOOT%23FOOThttp://java.sun.com/products/hotspot/http://java.sun.com/products/hotspot/http://java.sun.com/docs/books/tutorial/getStarted/intro/definition.html#FOOT%23FOOThttp://java.sun.com/products/hotspot/http://java.sun.com/products/hotspot/


23/103

Through the Java VM, the same application is capable of running on multiple

platforms.

The Java Platform

A platform is the hardware or software environment in which a program runs.

We've already mentioned some of the most popular platforms like Microsoft Windows,

Linux, Solaris OS, and Mac OS. Most platforms can be described as a combination of the

operating system and underlying hardware. The Java platform differs from most other

platforms in that it's a software-only platform that runs on top of other hardware-based

platforms.

The Java platform has two components:

The Java Virtual Machine

The Java Application Programming Interface (API)

You've already been introduced to the Java Virtual Machine; it's the base for the

Java platform and is ported onto various hardware-based platforms.

The API is a large collection of ready-made software components that provide

many useful capabilities. It is grouped into libraries of related classes and interfaces;


24/103

these libraries are known as packages. The next section, What Can Java Technology Do?

highlights some of the functionality provided by the API.

The API and Java Virtual Machine insulate the program from the underlying

hardware.

As a platform-independent environment, the Java platform can be a bit slower

than native code. However, advances in compiler and virtual machine technologies are

bringing performance close to that of native code without threatening portability.

What Can Java Technology Do?

The general-purpose, high-level Java programming language is a powerful

software platform. Every full implementation of the Java platform gives you the

following features:

Development Tools: The development tools provide everything you'll need for

compiling, running, monitoring, debugging, and documenting your applications. As a

new developer, the main tools you'll be using are thejavac

compiler, thejava

launcher,and the javadoc documentation tool.

Application Programming Interface (API): The API provides the core

functionality of the Java programming language. It offers a wide array of useful classes

ready for use in your own applications. It spans everything from basic objects, to

networking and security, to XML generation and database access, and more. The core

API is very large; to get an overview of what it contains, consult the Java SE

Development Kit 6 (JDK TM 6) documentation .

Deployment Technologies: The JDK software provides standard mechanisms

such as the Java Web Start software and Java Plug-In software for deploying your

applications to end users.

User Interface Toolkits: The Swing and Java 2D toolkits make it possible to

create sophisticated Graphical User Interfaces (GUIs).
http://java.sun.com/docs/books/tutorial/getStarted/intro/cando.htmlhttp://java.sun.com/javase/6/docs/index.htmlhttp://java.sun.com/javase/6/docs/index.htmlhttp://java.sun.com/javase/6/docs/index.htmlhttp://java.sun.com/javase/6/docs/index.htmlhttp://java.sun.com/javase/6/docs/index.htmlhttp://java.sun.com/javase/6/docs/index.htmlhttp://java.sun.com/docs/books/tutorial/getStarted/intro/cando.htmlhttp://java.sun.com/javase/6/docs/index.htmlhttp://java.sun.com/javase/6/docs/index.html


25/103

Integration Libraries: Integration libraries such as the Java IDL API, JDBCTM

API, Java Naming and Directory InterfaceTM ("J.N.D.I.") API, Java RMI, and Java

Remote Method Invocation over Internet Inter-ORB Protocol Technology (Java RMI-

IIOP Technology) enable database access and manipulation of remote objects.

ADDITIONAL FEATURES OF JAVA

Accessibility from any location in the world: Java is an internet programming

language The web provides accessibility to a computer from anywhere in the world Virus

free System:

1.)Java is secure

2.)That is any changes made to the computer are tagged as errors and the program

will not execute

Platform Independent Language:

1.)java compiler compiles java code to an intermediate byte code that is

understood by JVM(java virtual machine)

2.) To execute the byte codes the system should have java interpreter or java

enabled internet browser

Speed:

1.) Java is a High performance language

2.) Faster than programs written in other interpreter languages, such as BASIC

3.) Faster than C, C++.

Development time:

1.) Java is simple

2.) In java programmers do not need to manipulate memory

GARBAGE COLLECTION

Its the process that automatically frees the memory of objects that are no

more in use. There is no specification of a technique for garbage collection


26/103

How Will Java Technology Change My Life?

We can't promise you fame, fortune, or even a job if you learn the Java

programming language. Still, it is likely to make your programs better and requires less

effort than other languages. We believe that Java technology will help you do the

following:

Get started quickly: Although the Java programming language is a powerful

object-oriented language, it's easy to learn, especially for programmers already familiar

with C or C++.

Write less code: Comparisons of program metrics (class counts, method counts,

and so on) suggest that a program written in the Java programming language can be four

times smaller than the same program written in C++.

Write better code: The Java programming language encourages good coding

practices, and automatic garbage collection helps you avoid memory leaks. Its object

orientation, its JavaBeansTM component architecture, and its wide-ranging, easily

extendible API let you reuse existing, tested code and introduce fewer bugs.

Develop programs more quickly: The Java programming language is simpler than

C++, and as such, your development time could be up to twice as fast when writing in it.

Your programs will also require fewer lines of code.

Avoid platform dependencies: You can keep your program portable by avoiding

the use of libraries written in other languages.

Write once, run anywhere: Because applications written in the Java programming

language are compiled into machine-independent bytecodes, they run consistently on any

Java platform.

Distribute software more easily: With Java Web Start software, users will be able

to launch your applications with a single click of the mouse. An automatic version check

at startup ensures that users are always up to date with the latest version of your software.

If an update is available, the Java Web Start software will automatically update their

installation.

JAVA Programming:


27/103

Java is an object oriented programming language developed by Sun Microsystems

by chief programmer James Gosling

JAVA PROGRAMS It falls falls in two categories Applications & Applets

Application

An application is a program that we can execute from any operating system

windows applications have a graphical user interface console applications are character

based

Networked applications can use resources that are available over a network

Distributed applications can access objects that execute across many computers over a

network

Applications can also establish network connections, access resources across a

network and launch applications over a network

APPLETS

Applets are java programs that execute inside a Webpage. Therefore unlike

applications, applets require a java enabled browser like Microsoft internet Explorer 4.0

or above, Netscape navigator 4.0 or above, or Hot java.

An applet is loaded and executed when a user loads a Web page through a Web

Browser

Applets have Graphical user interface Applets have less security privileges than

applications

RUN TIME ENVIRONMENT IN JAVA

Java run time environment has to access the main( ) method to execute a program

therefore the main( ) method should be declared public. It should be declared static

because it has to exist before any object of the class is created The command line

parameter is a string type variable main(String args[]) The number of arguments is

determined by the String class object

EXECUTING A JAVA PROGRAM


28/103

A program called JVM(java virtual machine) executes java programs The JVM

contains run time environment and the class loader When we compile a .java file , a

.class file is created.To compile a file use javac utility. To execute a .class file , you use

the java utility

Encapsulation

A class is a blueprint or prototype from which objects are created. Objects are key

to understanding object-oriented technology.

Objects consist of state and related behavior.

An object stores its state in fields (variables in some programming languages) and

exposes its behavior through methods (functions in some programming languages).

Methods operate on an object's internal state and serve as the primary mechanism

for object-to-object communication. Hiding internal state and requiring all interaction to

be performed through an object's methods is known as data encapsulation a

fundamental principle of object-oriented programming.

Inheritance

Object-oriented programming allows classes to inherit commonly used state and

behavior from other classes.

In the Java programming language, each class is allowed to have one direct

superclass, and each superclass has the potential for an unlimited number of subclasses.

Syntax: At the beginning of your class declaration, use the extends keyword,

followed by the name of the class to inherit from

Interface

An interface is a contract between a class and the outside world, and this contract

is enforced at build time by the compiler.

When a class implements an interface, it promises to provide the behavior

published by that interface.

Implementing an interface allows a class to become more formal about the

behavior it promises to provide
http://java.sun.com/docs/books/tutorial/java/concepts/interface.htmlhttp://java.sun.com/docs/books/tutorial/java/concepts/interface.html


29/103

PACKAGES

Using import statement we can use java packages in a program (its similar to

include statement in C++).Package contains only classes, whereas a header file can

contain independent methods. They have hierarchical structure If the package name is not

specified class becomes the member of the default package

Exceptions

The Java programming language uses exceptions to handle errors and other

exceptional events. An exception is an event that occurs during the execution of a

program that disrupts the normal flow of instructions. The discussion includes the try,

catch, and finally blocks, as well as chained exceptions and logging.

Searching the call stack for the exception handler.

The code that might throw certain exceptions must be enclosed by either of the

following:

A try is the statement that catches exception. The try must provide a handler for

the exception

A method that specifies that it can throw the exception. The method must provide

a throws clause that lists the exception,

The Three Kinds of Exceptions

Checked exception, are exceptional conditions that a well-written application

should anticipate and recover from.


30/103

Errors are an exceptional condition that are external to the application, and that

the application usually cannot anticipate or recover from.

Runtime exceptions are exceptional conditions that are internal to the application,

and that the application usually cannot anticipate or recover from.

The finally block always executes when the try block exits.

COMPONENTS:

Visual controls such as textboxes, checkboxes, listboxes, buttons & combo boxes

are called components. Each component inherits the properties of its parent container

such as font & color

CONTAINERS:

Top level windows that hold these components are called

containers. he container also controls the position of components placed in it

FRAME WINDOW:

Containers are contained within the frame window, which is

another type of a container The frame window is the top level window & as such it

does not have a parent container.

AWT (abstract window toolkit):

In java 1.0 user interfaces are created using AWT. The front end

applications created using AWT is different on different platforms

The Abstract Windowing Toolkit (AWT) provides basic facilities for creating

graphical user interfaces (GUIs), and also for drawing graphics, as we'll discuss in a later

chapter. AWT has been a core part of Java since Java 1.0. The GUI features of AWT are

layered on top of the native GUI system of the underlying platform. In other words, when

you create a graphical push button with AWT, AWT creates a Windows push button, or a

Macintosh push button, or a Motif push button, or whatever, depending on the platform

on which the application is running. In Java 1.1, AWT was extended to allow the creation


31/103

of "lightweight" GUI components that do not have corresponding native GUI

components behind them.

Swing is a new GUI toolkit that is available as a core part of the Java 2 platform

and also as an extension to Java 1.1. Swing is an extension of the AWT toolkit, not an

entirely new toolkit. All of the GUI components provided by Swing are lightweight

components, so they do not rely on the underlying native GUIs. The result is that Swing

is more portable, making it much easier to write graphical applications that behave the

same on all platforms. Swing is also larger and more comprehensive than AWT. In

addition to a complete and powerful set of GUI components, Swing provides a number of

utilities that make it easier to write graphical applications.

Swing offers a great step forward when compared to AWT. You should use

Swing in all your Java 2 applications. You should also seriously consider using it as an

extension for Java 1.1 applications. Unfortunately, at the time of this writing, common

web browsers do not yet support Swing, so if you are writing applets, you should either

run those applets under the Java Plug-in, or you should avoid the use of Swing and rely

exclusively on the features of AWT. for more information on applets.

Java Foundation Classes (JFC):JFC is an extension of the original AWT. JFC is an extension of

AWT.

JFC is first delivered as a part of the java platform It has a rich set of components

that are completely cross platform independent & offer improved performance We

can create large scale internet & intranet applications using JFC.

The Java Foundation Classes (JFC or "Swing") are a complete set of light-weight

user interface components that enhance, extend and to a large degree replace the AWT

components. In addition to the buttons, lists, tables and trees in the JFC, you will also

find a pluggable look-and-feel that allows the components to take on the appearance of

several popular windowing systems, as well as its own look and feel. The JFC actually

uses a few common design patterns, and we will be using the JFC for most of the


32/103


33/103

If you do not explicitly add a GUI component to a container, the

GUI component will not be displayed when the container appears

on the screen.

Swing, which is an extension library to the AWT, includes new and

improved components that enhance the look and functionality of GUIs. Swing can

be used to build Standalone swing gui Apps as well as Servlets and Applets. It

employs a model/view design architecture. Swing is more portable and more

flexible than AW

Drag and Drop feature:

Drag and Drop is used for transferring data from a source to target. GUI

elements are used for Drag and Drop operations. Its also possible to transfer data to or

from the clipboard

The java.awt.dnd & java.awt.datatransfer packages are used for drag & drop

operations

Swing is built on top of AWT and is entirely written in Java, using AWTs

lightweight component support. In particular, unlike AWT, t he architecture of Swing

components makes it easy to customize both their appearance and behavior. Componentsfrom AWT and Swing can be mixed, allowing you to add Swing support to existing

AWT-based programs. For example, swing components such as JSlider, JButton and

JCheckbox could be used in the same program with standard AWT labels, textfields and

scrollbars. You could subclass the existing Swing UI, model, or change listener classes

without having to reinvent the entire implementation. Swing also has the ability to

replace these objects on-the-fly.

100% Java implementation of components

Pluggable Look & Feel

Lightweight components

Uses MVC Architecture

Model represents the data


34/103

View as a visual representation of the data

Controller takes input and translates it to changes in data

Three parts

Component set (subclasses of JComponent)

Support classes

Interfaces

In Swing, classes that represent GUI components have names beginning with the

letter J. Some examples are JButton, JLabel, and JSlider. Altogether there are more than

250 new classes and 75 interfaces in Swing twice as many as in AWT.

Java Swing class hierarchy

The class JComponent, descended directly from Container, is the root class for

most of Swings user interface components.

Swing contains components that youll use to build a GUI. I am listing you some

of the commonly used Swing components. To learn and understand these swing

programs, AWT Programming knowledge is not required.


35/103

AWT vs. Swing

This package provides an integrated set of classes to manage user interface

components such as windows, dialog boxes, buttons, checkboxes lists, menus, scrollbars

& textboxes the JComponent class which implements this common functionality is the

superclass for all graphical interface elements.

AWT and Swing are both part of a group of Java class libraries called the Java

Foundation Classes (JFC). The Abstract Windowing Toolkit (AWT) is the original

GUI toolkit shipped with the Java Development Kit (JDK). The AWT provides a basic

set of graphical interface components similar to those available with HTML forms.

Swing is the latest GUI toolkit, and provides a richer set of interface components thanthe AWT. In addition, Swing components offer the following advantages over AWT

components:

The behavior and appearance of Swing components is consistent

across platforms, whereas AWT components will differ from platform to

platform

Swing components can be given their own "look and feel"

Swing uses a more efficient event model than AWT; therefore,

Swing components can run more quickly than their AWT counterparts. On the

other hand, Swing components can take longer to load than AWT components.

Which Swing Packages Should I Use?

The Swing API is powerful, flexible--and immense. In release 1.4 of the Java

platform, the Swing API has 17 public packages:

javax.accessibili

ty

javax.swing.plaf javax.swing.text.htm

l

javax.swing javax.swing.plaf.basic javax.swing.text.par

ser


36/103

javax.swing.border javax.swing.plaf.metal javax.swing.text.rtf

javax.swing.colorchooser javax.swing.plaf.multi javax.swing.tree

javax.swing.event javax.swing.table javax.swing.undo

javax.swing.filechooser javax.swing.text

Fortunately, most programs use only a small subset of the API. This trail sorts out

the API for you, giving you examples of common code and pointing you to methods and

classes you're likely to need. Most of the code in this trail uses only one or two Swing

packages:

javax.swing

javax.swing.event (not always required)

Compiling and Running Swing Programs

This section explains how to compile and run a Swing application. The

compilation instructions work for all Swing programs applets, as well as applications.

Here are the steps you need to follow:

1. Install the latest release of the Java SE platform, if you haven't already done so.

2. Create a program that uses Swing components.

3. Compile the program.

4. Run the program.

Install the Latest Release of the Java SE Platform

You can download the latest release of the JDK for free from

http://java.sun.com/javase/downloads.

Create a Program That Uses Swing Components

You can use a simple program we provide, called HelloWorldSwing, that brings

up the GUI shown in the figure below. The program is in a single file,

HelloWorldSwing.java. When you save this file, you must match the spelling and

capitalization of its name exactly.
http://java.sun.com/docs/books/tutorial/uiswing/learn/examples/HelloWorldSwing.javahttp://java.sun.com/docs/books/tutorial/uiswing/learn/examples/HelloWorldSwing.java


37/103

Compile the Program

Your next step is to compile the program. Here's an example of compiling

HelloWorldSwing.java:

javac HelloWorldSwing.java

If you can't compile, make sure you're using the compiler in a recent release of the

Java platform. Once you've updated your JDK, you should be able to use the programs in

this trail without changes. Another common mistake is installing the Java Runtime

Environment (JRE) and not the full Java Development Kit (JDK) needed to compile these

programs. Refer to the Getting Started trail to help you solve any compiling problems

you encounter. Another installation troubleshooting guide for the Java SE platform is

available online under the "Sun Resources" tab at http://java.sun.com/javase/.

Run the Program

After you compile the program successfully, you can run it. Assuming that your

program uses a standard look and feel such as the Java, Windows, or GTK+ look and

feel you can use the interpreter to run the program without adding anything to your

class path. For example:

java HelloWorldSwing

For programs that use a nonstandard look and feel or any other nonstandard code

package, you must make sure that the necessary classes are in the class path. For

example:

Solaris/Linux

java -classpath.:/home/me/lnfdir/newlnf.jar HelloWorldSwing

Microsoft Windows

java -classpath .;C:\java\lnfdir\newlnf.jar HelloWorldSwing

Alternatively, you can launch your program from a Web browser using Java Web

Start.
http://java.sun.com/docs/books/tutorial/uiswing/start/examples/HelloWorldSwing.javahttp://java.sun.com/docs/books/tutorial/getStarted/index.htmlhttp://java.sun.com/javase/http://java.sun.com/docs/books/tutorial/uiswing/start/examples/HelloWorldSwing.javahttp://java.sun.com/docs/books/tutorial/getStarted/index.htmlhttp://java.sun.com/javase/


38/103

Servlet

What is a Servlet?

Servlets are modules of Java code that run in a server application (hence the name

"Servlets", similar to "Applets" on the client side) to answer client requests. Servlets are

not tied to a specific client-server protocol but they are most commonly used with HTTP

and the word "Servlet" is often used in the meaning of "HTTP Servlet".

Servlets make use of the Java standard extension classes in the

packages javax.servlet (the basic Servlet framework)

andjavax.servlet.http (extensions of the Servlet framework for Servlets that answer

HTTP requests). Since Servlets are written in the highly portable Java language and

follow a standard framework, they provide a means to create sophisticated server

extensions in a server and operating system independent way.

Typical uses for HTTP Servlets include:

Processing and/or storing data submitted by an HTML form.

Providing dynamic content, e.g. returning the results of a database query to the

client.

Managing state information on top of the stateless HTTP, e.g. for an online

shopping cart system which manages shopping carts for many concurrent

customers and maps every request to the right customer.

Servlets vs CGI

The traditional way of adding functionality to a Web Server is the Common GatewayInterface (CGI), a language-independent interface that allows a server to start an external

process which gets information about a request through environment variables, the

command line and its standard input stream and writes response data to its standard

output stream. Each request is answered in a separate process by a separate instance of
http://hoohoo.ncsa.uiuc.edu/cgi/overview.htmlhttp://hoohoo.ncsa.uiuc.edu/cgi/overview.htmlhttp://hoohoo.ncsa.uiuc.edu/cgi/overview.htmlhttp://hoohoo.ncsa.uiuc.edu/cgi/overview.html


39/103

the CGI program, or CGI script (as it is often called because CGI programs are usually

written in interpreted languages like Perl).

Servlets have several advantages over CGI:

A Servlet does not run in a separate process. This removes the overhead of

creating a new process for each request.

A Servlet stays in memory between requests. A CGI program (and

probably also an extensive runtime system or interpreter) needs to be

loaded and started for each CGI request.

There is only a single instance which answers all requests concurrently.

This saves memory and allows a Servlet to easily manage persistent data.

A Servlet can be run by a Servlet Engine in a restrictive Sandbox (just like

an Applet runs in a Web Browser's Sandbox) which allows secure use of

untrusted and potentially harmful Servlets.

The Basic Servlet Architecture

A Servlet, in its most general form, is an instance of a class which implements

the javax.servlet.Servlet interface. Most Servlets, however, extend one of the

standard implementations of that interface,

namely javax.servlet.GenericServlet andjavax.servlet.http.HttpServlet .

Here we'll be discussing only HTTP Servlets which extend the

javax.servlet.http.HttpServlet class.

In order to initialize a Servlet, a server application loads the Servlet class (and probably

other classes which are referenced by the Servlet) and creates an instance by calling the

no-args constructor. Then it calls the Servlet's init(ServletConfig config) method.

The Servlet should performe one-time setup procedures in this method and store the

ServletConfig object so that it can be retrieved later by calling the

Servlet's getServletConfig() method. This is handled by GenericServlet. Servlets

which extend GenericServlet (or its subclass HttpServlet) should
http://www.novocode.com/doc/servlet-essentials/appendix.html#a_d_Sandboxhttp://www.novocode.com/doc/servlet-essentials/appendix.html#a_d_Sandbox


40/103

call super.init(config) at the beginning of the init method to make use of this

feature. The ServletConfig object contains Servlet parameters and a reference to the

Servlet's ServletContext. The init method is guaranteed to be called only once during

the Servlet's lifecycle. It does not need to be thread-safe because the service method

will not be called until the call to init returns.

When the Servlet is initialized, its service(ServletRequest req, ServletResponse

res) method is called for every request to the Servlet. The method is called concurrently

(i.e. multiple threads may call this method at the same time) so it should be implemented

in a thread-safe manner. Techniques for ensuring that the service method is not called

concurrently, for the cases where this is not possible

When the Servlet needs to be unloaded (e.g. because a new version should be loaded or

the server is shutting down) the destroy() method is called. There may still be threads

that execute the service method when destroy is called, so destroy has to be thread-

safe. All resources which were allocated in init should be released in destroy. This

method is guaranteed to be called only once during the Servlet's lifecycle.

A typical Servlet lifecycle

The Servlet Life Cycle


41/103

Init

Executed once when servlet is first loaded

Not called for each request

Service

Called in a new thread by server for each request

Dispatches to doGet , doPost etc.

Do not override this method

doGet, doPost doXxx methods

To handle Get, Post and etc request

Override these method to provides desired behavior.

Destroy

Called when server delete servlet instance

Not called after each request

HTTP

Before we can start writing the first Servlet, we need to know some basics of HTTP

("HyperText Transfer Protocol"), the protocol which is used by a WWW client (e.g. a

browser) to send a request to a Web Server.

HTTP is a request-response oriented protocol. An HTTP request consists of a request

method, a URI, header fields and a body (which can be empty). An HTTP response

contains a result code and again header fields and a body.

The service method ofHttpServlet dispatches a request to different Java methods for

different HTTP request methods. It recognizes the standard HTTP/1.1 methods and

should not be overridden in subclasses unless you need to implement additional methods.

The recognized methods are GET, HEAD, PUT, POST, DELETE, OPTIONS and

TRACE. Other methods are answered with a Bad Request HTTP error. An HTTP

method XXX is dispatched to a Java method doXxx, e.g. GET -> doGet. All these

methods expect the parameters "(HttpServletRequest req, HttpServletResponse


42/103

res)". The methods doOptions and doTrace have suitable default implementations and

are usually not overridden. The HEAD method (which is supposed to return the same

header lines that a GET method would return, but doesn't include a body) is performed by

calling doGet and ignoring any output that is written by this method. That leaves us with

the methods doGet, doPut,doPost and doDelete whose default implementations

in HttpServlet return a Bad Request HTTP error. A subclass ofHttpServletoverrides

one or more of these methods to provide a meaningful implementation.

The request data is passed to all methods through the first argument of

type HttpServletRequest (which is a subclass of the more

generalServletRequest class). The response can be created with methods of the second

argument of type HttpServletResponse (a subclass ofServletResponse).

When you request a URL in a Web Browser, the GET method is used for the request. A

GET request does not have a body (i.e. the body is empty). The response should contain a

body with the response data and header fields which describe the body

(especially Content-Type andContent-Encoding). When you send an HTML form,

either GET or POST can be used. With a GET request the parameters are encoded in the

URL, with a POST request they are transmited in the body. HTML editors and upload

tools use PUT requests to upload resources to a Web Server and DELETE requests to

delete resources.

Servlets Step by Step

This chapter acts as a Servlet tutorial. You will learn how to use important techniques for

Servlet development by writing some typical Servlets, ranging from very simple to rather

complex. All examples in this chapter are fully functional and complete Servlets which

have been successfully compiled and run.

Hello World!

This section shows how to


43/103

use the framework that makes up a simple Servlet

write a Servlet that provides static content (i.e. it produces the same output every

time it is called by a client)

We start our venture into Servlet programming with the well-known "Hello World"

example, this time named more suitably "Hello Client":

HelloClientServlet.java

1: import java.io.*;

2: import javax.servlet.*;

3: import javax.servlet.http.*;

4:

5: public class HelloClientServlet extends HttpServlet

6: {

7: protected void doGet(HttpServletRequest req,

8: HttpServletResponse res)

9: throws ServletException, IOException

10: {

11: res.setContentType("text/html");

12: PrintWriter out = res.getWriter();

13: out.println("Hello Client!"+

14: "Hello Client!");

15: out.close();

16: }

17:

18: public String getServletInfo()

19: {

20: return "HelloClientServlet 1.0 by Stefan Zeiger";

21: }

22: }
http://www.novocode.com/doc/servlet-essentials/HelloClientServlet.javahttp://www.novocode.com/doc/servlet-essentials/HelloClientServlet.java


44/103

When you compile this Servlet and run it by requesting a URL which is assigned to it in a

Web Browser it produces the following output:

Let's have a look at how the Servlet works.

Lines 1 to 3 import some packages which contain many classes which are

used by the Servlet (almost every Servlet needs classes from thesepackages).

The Servlet class is declared in line 5. Our Servlet

extends javax.servlet.http.HttpServlet, the standard base class for

HTTP Servlets.

In lines 7 through 16 HttpServlet's doGet method is getting overridden.

In line 11 we use a method of the HttpServletResponse object to set the

content type of the response that we are going to send. All response

headers must be set before a PrintWriter orServletOutputStream is

requested to write body data to the response.

In line 12 we request a PrintWriter object to write text to the response

message.

ServletResponse.getWriter() is a new feature of JSDK version 2.0. If your Servlet

engine does not support JSDK 2.0 you can replace the above line by

"ServletOutputStream out = res.getOutputStream();". This change can be made

in most of the example Servlets. The advantages of

using ServletResponse.getWriter() are discussed in section 4.4.

In lines 13 and 14 we use the PrintWriter to write the text of

type text/html (as specified through the content type)
http://www.novocode.com/doc/servlet-essentials/appendix.html#a_ahttp://www.novocode.com/doc/servlet-essentials/appendix.html#a_bhttp://www.novocode.com/doc/servlet-essentials/chapter4b.htmlhttp://www.novocode.com/doc/servlet-essentials/appendix.html#a_ahttp://www.novocode.com/doc/servlet-essentials/appendix.html#a_bhttp://www.novocode.com/doc/servlet-essentials/chapter4b.html


45/103


46/103

Servlet can have data which persists between requests we load the address list only once,

when the Servlet is initialized, and save it every time it has been changed by a request.

An alternative approach would be keeping the list in memory while the Servlet is active

and writing it to disk in the destroy method. This would avoid the overhead of saving

the address list after every change but is less fail-safe. If for some reason the address file

can't be written to disk or the server crashes and cannot destroy the Servlet, all changes to

the list will be lost even though the users who submitted the requests to change the list

received positive responses.

Here is the full source code of the ListManagerServlet:

ListManagerServlet.java

1: import java.util.Vector;

2: import java.io.*;



5:

6: public class ListManagerServlet extends HttpServlet

7: {

8: private Vector addresses;

9: private String filename;

11: public void init(ServletConfig config) throws ServletException

12: {

13: super.init(config);

14: filename = config.getInitParameter("addressfile");

15: if(filename == null)

16: throw new UnavailableException(this,17: "The \"addressfile\" property "+

18: "must be set to a file name");

19: try

20: {

21: ObjectInputStream in =
http://www.novocode.com/doc/servlet-essentials/ListManagerServlet.javahttp://www.novocode.com/doc/servlet-essentials/ListManagerServlet.java


47/103

22: new ObjectInputStream(new FileInputStream(filename));

23: addresses = (Vector)in.readObject();

24: in.close();

25: }

26: catch (FileNotFoundException e) { addresses = new Vector(); }

27: catch(Exception e)

28: {

29: throw new UnavailableException(this,

30: "Error reading address file: "+e);

31: }

32: }

34: protected void doGet(HttpServletRequest req,



37: {


39: res.setHeader("pragma", "no-cache");


41: out.print("List Manager");

42: out.print("Members:");

43: for(int i=0; i


48/103



56: {

57: String email = req.getParameter("email");

58: String msg;

59: if(email == null)

60: {

61: res.sendError(res.SC_BAD_REQUEST,

62: "No email address specified.");

63: return;

64: }

65: if(req.getParameter("action").equals("subscribe"))

66: {

67: if(subscribe(email))

68: msg = "Address " + email + " has been subscribed.";

69: else

70: {


72: "Address " + email + " was already subscribed.");

73: return;

74: }

75: }

76: else

77: {

78: if(unsubscribe(email))

79: msg = "Address " + email + " has been removed.";

80: else

81: {


83: "Address " + email + " was not subscribed.");

84: return;


49/103

85: }

86: }


89: res.setHeader("pragma", "no-cache");


91: out.print("List

Manager");

92: out.print(msg);

93: out.print("Show the list");

96: out.close();

97: }

99: public String getServletInfo()

100: {

101: return "ListManagerServlet 1.0 by Stefan Zeiger";

102: }

103:

104: private synchronized boolean subscribe(String email) throws IOException

105: {

106: if(addresses.contains(email)) return false;

107: addresses.addElement(email);

108: save();

109: return true;

110: }

112: private synchronized boolean unsubscribe(String email) throws IOException

113: {

114: if(!addresses.removeElement(email)) return false;

115: save();

116: return true;

117: }


50/103

119: private void save() throws IOException

120: {

121: ObjectOutputStream out =

122: new ObjectOutputStream(new FileOutputStream(filename));

123: out.writeObject(addresses);

124: out.close();

125: }

126: }

The parts of the Servlet related to data management are discussed below:

In init we first call super.init(config) to leave the ServletConfig management to

the superclass (HttpServlet), then we get the name of the address file from an init

parameter (which is set up in the Web Server configuration). If the parameter is not

available the Servlet throws a javax.servlet.UnavailableException (a subclass

ofjavax.servlet.ServletException) which indicates that a Servlet is temporarily (if

a duration is specified) or permanently (as in this case) unavailable. Finally,

the init method deserializes the address file or creates an empty Vector if the addressfile does not exist yet. All exceptions that occur during the deserialization are

transformed intoUnavailableExceptions.

Version 2.1 of the Servlet API offers a no-args init method which is called

by GenericServlet's init(ServletConfig) method. By using this new method you

don't have to worry about passing the ServletConfig object to the superclass your self

Note that even though code that uses the no-args init method can be compiled without

problems using the JSDK 1.0 or 2.0 interface classes and run in a 1.0 or 2.0 compliant

web server, the initialization code will never be executed in such an environment

The methods subscribe and unsubscribe are used to (un-)subscribe an address. They

save the address list if it was modified by callingsave() and return a boolean success


51/103

value. Note that these methods are both synchronized (on the Servlet object) to ensure the

integrity of the address list, both, in memory and on disk.

The save method serializes the address list to the address file on disk which can be read

in again by init when the Servlet is restarted.

Client interaction

The client interaction is handled by two of the

standard HttpServlet methods, doGet and doPost.

The doGet method replies to GET requests by sending an HTML page which

contains the list of the currently subscribed addresses and the form that is used to

subscribe or unsubscribe an address:

The response content type is again set to text/html and the response is marked as

not cacheable to proxy servers and clients (because it is dynamically created) by

setting an HTTP header "pragma: no-cache". The form asks the client to use the

POST method for submitting form data.

Here is a typical output by this method:


52/103

The doPost method receives the submitted form data, updates the address list andsends back a confirmation page:

First the form parameters "email" and "action" are retrieved with

the getParameter method of HttpServletRequest. getParameter(and

also getParameters and getParameterValues) can be used to retrieve form data

from both, POST and GET requests. As an alternative you can

use getQueryString for a GET request and getInputStream for a POST request

and parse the application/x-www-urlencoded data on your own. Note that

you cannot use both ways of getting the request data together in one request.

Then subscribe orunsubscribe is called. When a user error occurs (i.e. no

address or an already subscribed address was entered for subscribe, or a not

subscribed address was entered for unsubscribe) res.sendError is used to send

back an error response with aBad Request response code.

Finally a confirmation page is sent with the usual

method. req.getRequestURI() is used to get the URI of the Servlet for a link

back to the main page (which is created by doGet).

Session Tracking


53/103

This section shows how to

use Session Tracking capabilities

Session Tracking allows a Servlet to associate a request with a user. A session can extendacross requests and connections of thestateless HTTP . Sessions can be maintained in two

ways:

1. By using Cookies. A Cookie is a string (in this case that string is the session ID)

which is sent to a client to start a session. If the client wants to continue the

session it sends back the Cookie with subsequent requests. This is the most

common way to implement session tracking.

2. By rewriting URLs. All links and redirections which are created by a Servlet have

to be encoded to include the session ID. This is a less elegant solution (both, for

Servlet implementors and users) because the session cannot be maintained by

requesting a well-known URL oder selecting a URL which was created in a

different (or no) session. It also does not allow the use of static pages. All HTML

pages which are sent within a session have to be created dynamically.

Our next Servlet manages a virtual shopping cart. Users can add various items to their

shopping cart via HTML forms. The shopping cart contents are stored on the server and

each user gets his own shopping cart which is selected automatically whenever he makes

a request to the Servlet.

In the simplified version that we implement in class ShoppingCartServlet there are

only two kinds of items, named FOO and BAR. By pressing a button in an HTML form a

single FOO or BAR item can be put into the shopping cart. There's another button to see

the current contents of the shopping cart and a button to order the selected items, thusclearing the shopping cart.

The first version of the Servlet, called ShoppingCartServlet, which works with

Cookie-style sessions only, consists of the two standard methods, doGet and doPost:
http://www.novocode.com/doc/servlet-essentials/appendix.html#a_d_Statehttp://www.novocode.com/doc/servlet-essentials/appendix.html#a_d_Statehttp://www.novocode.com/doc/servlet-essentials/appendix.html#a_d_Statehttp://www.novocode.com/doc/servlet-essentials/appendix.html#a_d_HTTPhttp://www.novocode.com/doc/servlet-essentials/appendix.html#a_d_HTTPhttp://www.novocode.com/doc/servlet-essentials/appendix.html#a_d_Statehttp://www.novocode.com/doc/servlet-essentials/appendix.html#a_d_HTTP


54/103

A form with the buttons is created by the Servlet's doGet method.

Here is the full source code of the ShoppingCartServlet:

ShoppingCartServlet.java1: import java.io.*;



4:

5: public class ShoppingCartServlet extends HttpServlet

6: {

7: protected void doGet(HttpServletRequest req, HttpServletResponse res)


9: {



12: out.print("Online Shop"+

13: ""+

14: ""+

16: ""+

18: ""+

20: ""+

22: "");23: out.close();

24: }

25:

26: protected void doPost(HttpServletRequest req, HttpServletResponse res)

http://www.novocode.com/doc/servlet-essentials/ShoppingCartServlet.javahttp://www.novocode.com/doc/servlet-essentials/ShoppingCartServlet.java


55/103

28: {

29: String msg;

30:

31: HttpSession session = req.getSession(true);

32: if(session.isNew())

33: {

34: session.putValue("foo", new int[] { 0 });

35: session.putValue("bar", new int[] { 0 });

36: }

38: int[] foo = (int[])session.getValue("foo");

39: int[] bar = (int[])session.getValue("bar");

41: if(req.getParameter("foo") != null)

42: {

43: foo[0]++;

44: msg = "Bought a FOO. You now have "+foo[0]+".";

45: }

46: else if(req.getParameter("bar") != null)

47: {

48: bar[0]++;

49: msg = "Bought a BAR. You now have "+bar[0]+".";

50: }

51: else if(req.getParameter("buy") != null)

52: {

53: session.invalidate();

54: msg = "Your order for "+foo[0]+" FOOs and "+bar[0]+

55: " BARs has been accepted. Your shopping cart is empty now.";

56: }

57: else

58: {

59: msg = "You have "+foo[0]+" FOOs and "+bar[0]+

60: " BARs in your shopping cart.";


56/103


57/103

If the session is indeed new (determined by

calling HttpSession's isNew() method) we add some custom data to the session:

Two counters, one for the FOOs and one for the BARs in the shopping cart. The

session object can be used like a Dictionary. That means we can only

add Objects, not instances of primitive types like int. We could use an instance

ofjava.lang.Integer for each counter, but these objects are immutable which

makes incrementing inefficient and difficult to implement. Instead we use

an array of int(int[]) with only one element as a mutable wrapper object. The

element is initialized to 0.

Next we retrieve the values for "foo" and "bar" from the session, no matter if they

were just added or carried over from a previous request.

In the ListManagerServlet both buttons had the same name but different values

so we could use getParameter to retrieve the value from the request and then do

a string compare to the possible values. This time we use a different approach

which can be implemented more efficiently. All buttons have different names and

we can find out which button was used to submit the form by checking which

name has a non-null value.

A new FOO or BAR item can be put into the shopping cart by simply

incrementing the counter in the array. Note that the array does not need to be

ja 6051. mobile based authentication protcol using rfid next generation applications

Documents