ja 6051. mobile based authentication protcol using rfid next generation applications
TRANSCRIPT
-
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
1/103
MOBILE BASED AUTHENTICATION PROTCOL USING
RFID NEXT GENERATION APPLICATIONS
Abstract
Ever-growing popularity of mobile devices, such as smart phones and netbooks, coupled
with anytime and anyplace availability of high-speed network access is changing the
ways how we compute and communicate. Mobile devices play an increasingly important
role in our lives and tend to become representations of our digital selves when we trust
these devices with sensitive information. Consequently, the problem of securing mobile
devices against unauthorized access has never been more important. We present an
RFID-based Authentication Middleware (RFID-AM) that combines point of entry and
continuous authentication with transparent on-demand encryption of user files. This
paper details the architecture of RFID-AM, discusses its fully functional prototype, and
presents experimental results demonstrating its performance in various conditions. This
paper also surveys different methods and technologies that have been proposed and
implemented on mobile devices.
INTRODUCTION
RFID (radio-frequency identification) technology is widely used for supply chain
management and inventory control. Furthermore, RFID has been recognized as a tool torealize a ubiquitous environment. The typical architecture of RFID applications
comprises RFID tags, which are embedded in or attached to an object, an RFID reader,
and IS (information services) server. The RFID reader reads the code in the RFID tag and
interprets it by communicating with the IS server via a proper communication network.
This is the typical architecture defined by PC global. The RFID reader can be stationary
or mobile. A mobile RFID reader affords more applications than the stationary one. In
this paper, we describe the core components for realizing a mobile RFID application,
such as a mobile RFID reader, platform architecture, and the corresponding network
architecture. Although there are several types of mobile RFID readers in the market, we
propose a specially designed mobile RFID technology that has several positive features
including security, network architecture, operation scenario, and code resolution
mechanism. Furthermore, we analyze the characteristics of the proposed technologies.
-
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
2/103
The information in the database was retrieved by communication device like
PDA. The request from the PDA was given to the data base system and the requested
data is given base to the PDA as response from the database system. While performing
this transaction, it is not possible to find whether the requested user is authorized or not.
So there is a possibility of hacking up of data by unauthorized persons. So the data is not
at all secure and reliable. In order to avoid this drawback an authentication protocol is
used. Using RFID this authentication is done. The request is given by the RFID tag using
a communication device like mobile phone. This request is got by an authentication
server and the server validates whether the requested user is authorized or not. Only if the
user is authorized it is allowed to access the data base. With the help of this process the
data in the data base were maintained fully protected.
Existing System
In the existing system, the communication devices are directly allowed to access
the data base system. As a result unauthorized users are also allowed to access the data
base and hack the important data. So this process is not at all secure and reliable.
Proposed System
In the proposed system, RFID tags are used with communication device like
mobile phone. From the tag the request is given to a authentication server through mobile
phone. This authentication server checks whether the requested tag is authorized or not.
Only if the tag is authorized the server permits to access the database system. Hence data
in the data base system is protected securely and reliably.
System Architecture
-
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
3/103
-
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
4/103
Module Description
Mobile Reader
Mobile reader sends request to tag and wait for reply message from the tag.
Mobile reader then transfers the message as received, to AS (Authentication Server) for
confirming if the tag is legal.
Only if its legality confirmed, further information can be retrieved.
-
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
5/103
Authentication Server
Authentication server enquires ONS (Object Name Server) the URL (Uniform
Resource Location) of the detailed information of corresponding tag.
After getting URL, it obtains the tags detailed information from OIS (Object
Information Server).
AS then transfers tags detailed information to the mobile reader.
Object Name Server
ONS transfers tags URL to AS
Object Information Server
OIS transfers the tags detailed information to AS
Use Case
-
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
6/103
Cl i en t m ob i l eR e a d t a g v a lu e
Q ue ry
V a l i d Re s po ns e
Da ta B as e
O bje c t N am e
S e rver
A u then t i c a t i on
S e rver
A u th ent ic a t io n
O b je ct N am e
In fo rm a t i o n
O b jec t nam e Re q u e s t i n f o rm a t i o n
Sequence Diagram
-
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
7/103
Clien t m ob ile A u then t ic at ion
ServerObject nam e
ServerDa ta Base
Read Tag value
Authen t ica t ion
Re sp o n se
Objec t n am e
Object nam e
Ob ject inform ation
Request Request in formation
Collaboration Diagram
-
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
8/103
C l i e n t
m o b i l e
A u t h e n t i c a t io
n S e r v e r
O b je c t n a m e
S e r ve r
D a t a
B a s e
1 : R e a d T a g v a l u e3 : R e q u e s t
2 : A u t h e n t i c a t i o n8 : R e s p o n s e
4 : R e q u e s t in fo rm a t io n5 : O b j e c t n a m e
6 : O b j e c t n a m e
7 : O b je c t i n fo r m a t i o n
Activity Diagram
-
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
9/103
User Login
Swipe card
using mobile
Request
information
Retrive
Information
Software & Hardware Requirements
Software Requirements
Java1.5 or More
J2ME
MS-SqlServer
-
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
10/103
Hardware Requirements
Hard disk : 40 GB
RAM : 128mb
Processor : Pentium
RFID Tag & Reader
RFID
RFID (radio frequency identification) is a technology that incorporates the use ofelectromagnetic or electrostatic coupling in the radio frequency (RF) portion of the
electromagnetic spectrum to uniquely identify an object, animal, or person. RFID is
coming into increasing use in industry as an alternative to thebar code. Many otherpotential applications such as improving supply chain efficiency and reducing crime are
being investigated. The advantage of RFID is that it does not require direct contact or
line-of-sight scanning.
http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci214263,00.htmlhttp://searchcio.techtarget.com/sDefinition/0,,sid182_gci213536,00.htmlhttp://searchcio.techtarget.com/sDefinition/0,,sid182_gci213536,00.htmlhttp://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci214263,00.htmlhttp://searchcio.techtarget.com/sDefinition/0,,sid182_gci213536,00.html -
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
11/103
RFID tagging is a form of Automatic Identification and Data Capture (AIDC)
technology where data stored on a tag is transferred via a radio frequency link. A RFID
reader communicates with the tag to infer the identity of the object to which the tag isattached. The principle is similar to the more familiar bar code, where data are transferred
optically. However, RFID has advantages over bar codes, such as the ability to store large
amounts of data and to read many tags simultaneously.
Components
A basic RFID system consists of three components:
An antenna or coil
A transceiver (with decoder)
A transponder (RF tag) electronically programmed with unique information
The antenna emits radio signals to activate the tag and to read and write data to it.The reader emits radio waves in ranges of anywhere from one inch to 100 feet or more,
depending upon its power output and the radio frequency used. When anRFID tag passes
through the electromagnetic zone, it detects the reader's activation signal.The reader decodes the data encoded in the tag's integrated circuit (silicon chip) and the
data is passed to the host computer for processing.
Low-frequency RFID systems (30 KHz to 500 KHz) have short transmissionranges (generally less than six feet). High-frequency RFID systems (850 MHz to 950
MHz and 2.4 GHz to 2.5 GHz) offer longer transmission ranges (more than 90 feet). In
general, the higher the frequency, the more expensive the system.RFID is sometimes called dedicated short range communication (DSRC).
RFID technology
RFID technology emerged in the 1940s as a way of remotely identifying aircraft for
military purposes, and has since been used widely in civil aviation. However, recent
technological advances have reduced the cost and the size of RFID tags, opening up awider range of uses. The tags themselves consist of an electronic circuit, which stores
data, and an antenna which communicates the data via radio waves. A RFID reader
interrogates the tags to obtain the information stored. When the readerbroadcasts radio waves, all the tags within range will communicate. Software is required
to control the reader and to collect and filter the information. Box 1 Automatic
Identification and Data Capture(AIDC) technologies There are three main types of AIDC technologies:
http://void%28-1%29/http://void%28-1%29/http://void%28-1%29/http://void%28-1%29/http://void%28-1%29/http://void%28-1%29/http://void%28-1%29/http://void%28-1%29/http://void%28-1%29/ -
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
12/103
Optical bar codes etc.
Magnetic magnetic stripe travel cards etc.
Electronic RFID tags, smart cards, sim cards etc.
RFID tags are often considered to be the next generation of bar codes.
Advantages:
Ease of use information from the RFID tag is transferred via radio waves andtherefore, unlike bar codes, a line-of-sight between the tag and reader is not required.
Many RFID tags can be read in a very short time and without handling the product.
Information stored tags that store 96 bits of data can store a manufacturers name, a
product name and a unique product code. Higher and lower capacity tags are available.RFID tags can be used to identify
uniquely a specific item, whereas bar codes can only identify the type of product.
Security unlike bar codes, it is extremely difficult to copy RFID tags. As no line-of-
sight is required they could be made to trigger security alarms, and help reduce theft,especially if incorporated into products. Bar codes are very cheap to print and to attach to
products, whereas RFID tags cost at least 20 pence each. However, this cost will fall asproduction rises and as novel ways of producing chips and antennae are developed. There
is a range of different types of RFID system available, for example, tags can be either
active or passive. Active tags contain an onboard battery to drive
the internal circuitry and to generate radio waves. They can broadcast even in the absenceof a RFID reader. Passive tags are powered using the energy of the radio wave
transmitted by the reader and do not have their
own power supply. Also, tags can be read-only or readwrite. Read-only tags are muchcheaper to produce and postnote July 2004 Number 225 Radio Frequency Identification
(RFID) Page 2 are used in most current applications. Read-write tags are useful when
information needs to be updated. Properties of RFID systems The properties of a givenRFID system depend on several key parameters such as frequency (box 2) and power:
The range of a RFID system depends on the frequency, power of the reader, and the
material between the tag and the reader. The presence of metal and liquids reduces therange of the ultra high frequency RFID systems. The range can be up to a few metres for
passive systems but in excess of 100 m for active systems due to the onboard battery that
facilitates increased radio transmitter power.
The tag size increases at lower frequencies (LF), since the tag incorporates the antenna,and larger antennae are needed to transmit lower frequencies. The chip can be as small as
1 mm2, but the antenna is much
larger (of the order of centimetres). The antennae for LF tags are metal wire coils, but forhigher frequencies they can be printed onto paper using conductive inks.
As the frequency increases, the read rate, and thus the amount of data that can be
transferred in a given time, increases. This is important when many tagged goods need tobe read in a short time.
The cost of tags tends to decrease as the frequency increases, although active tags cost
much more than passive tags, irrespective of frequency. Also, the longer the range
required and the more information stored,
-
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
13/103
then the more costly the tag. Box 2 Frequencies Radio frequency waves are
electromagnetic (em) waves ranging from ~ 30 kHz to 300 GHz. Only certain frequency
bands within this range (listed below) are available for licence-free RFID systems.Certain frequencies are more suitable for specific applications:
125-134 kHz Low frequency (LF) tags are used in animal tracking, car immobilisers
etc. LF tags are commonly used where there are liquids or metals present and when a fastread rate is not required.
13.56 MHz High frequency (HF) tags are the most commonly used, due mainly to the
relatively wide adoption of smart cards based on RFID technology. 860-960 MHz Ultra high frequency (UHF) tags are anticipated as being the most
practical for item-level tracking as they offer a good balance between range (typically
less than a few metres) and the ability to read
multiple tags at speed. 2.45 GHz Microwave frequency tags are used for electronic toll collection. This band
is also used by many other systems e.g. Bluetooth and WiFi systems.
Current uses
RFID technology is already well established in a number of areas such as electronicpayment, supply chain management and livestock tracking, as well as previously
unforeseen areas, such as data conveying.
Related Work PIN-test Set proposed by Juels[1] of tag authentication does not require
transaction of updating tag that the legality of tag can be verified directly. Thus, the
calculation of tag can be reduced and the data of tag as will be stored at the databasecan be minimized. Figure 1 is the process in using PIN-test Set as tag verification, where
we shall define parameter set of any one of the tag x as follows:
Where j x Q represents the j(th) test code of tag x,which is generated by reader inchallenging if tag can reply the correct test code with right answer. Only one test code in
PINSetx is correct which is located at random position L, while the rest test codes are
incorrect.
Where jx A represents jth answer replied by tag x.The tag will reply 1 when the test code position j=L
is found in comparison, and rest will be replied in 0,
i.e. if L
x Q is a correct test code, the Lx A is 1.
-
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
14/103
Tag x will send out its EPC after receiving the
request, then the reader will verify if EPC exists inthe database. The transaction will cease if it is not.
If yes, the test code (Kill-PIN) of tag x will beaccessed and generate randomly the PINSetx
including N-1 numbers of test code and one correct
test code locates at position L(1 L N) .Afterwards, start to send out j
x Q per tag in
sequence, the tag will proceed comparing to each
jx Q , and only when j
x Q is a correct test code, thetag will reply the reader by 1. Or else it will reply0, while the reader will verify one by one. Only
when the Lth reply is 1 and the rest replies are 0,
the tag is considered legal. Reversely, no matter theLth reply is 0 or one of the other replies is 1, the
tag is considered illegal.
The PIN-test-Set proposed by Juels whose
PINSetx as provided by the trusted reader; however,in the mobile RFID environment, a reader may
possibly be compromised by the malicious attacker
among them in obtaining the test code. If there is anattacker eavesdropping in between the reader and the
tags, he can obtain EPCx as well as the replied 1 to
find the correct test code, hence to trace the tag orforge the tag. Therefore, we are going to change the
method to provide PINSetx from back-end database,
and encrypt all messages in transmission process.
-
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
15/103
4. LANGUAGE SPECIFICATION
4.1 About the Java TechnologyJava technology is both a programming language and a platform. The Java Programming
Language The Java programming language is a high-level language that can be
characterized by all of the following buzzwords:
SimpleArchitecture
neutral
Object
orientedPortable
Distributed
High performance
Multithreaded Robust
Dynamic Secure
Simple
Java was designed to be easy for the professional programmer to learn and use
effectively. Assuming that you have some programming experience, you have some
programming experience; you will not find java hard to master. If you already
understand the basic concepts of object-oriented programming, learning java will be
even easier. Best of all, if you are an experienced C++ programmer, moving to java
will require very little effort. Because java inherits the C/C++ syntax and many of the
object-oriented features of C++, most programmers have little trouble learning java.
Also, some of the more confusing concepts from C++ are either left out of java or
implemented in a cleaner, more approachable manner.
Object-Oriented
Although influenced by its predecessors, java was not designed to be source-code
compatible with any other language. This allowed the java team the freedom to design
with a blank slate. One outcome of this was a clean, usable, pragmatic approach to
objects. Borrowing liberally from many seminal object-software environments of the
last few decades, java manages to strike a balance between the purists everything is
-
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
16/103
an object paradigm and the pragmatists stay out of my way model. The object
model in java is simple and easy to extend, while simple types, such as integers, are
kept as high-performance non-objects.
Robust
The multi plat formed environment of the Web places extraordinary demands
on a program, because the program must execute reliably in a variety of systems.
Thus, the ability to create robust programs was given a high priority in the design of
java. To gain reliability, java restricts you in a few key areas, to force you to find
your mistakes early in program development. At the same time, java frees you from
having to worry about many of the most common causes of programming errors.Because java is a strictly typed language, it checks your code at compile time.
However, it also checks your code at run time. In fact, many hard-to-track-down
bugs that often turn up in hard-to-reproduce run-time situations are simply
impossible to create in Java. Knowing that what you have written will behave in a
predictable way under diverse conditions is key feature of java.
Secure
Java is intended for use in networked/distributed environments. Toward that end,
a lot of emphasis has been placed on security. Java enables the construction of virus-free,
tamper-free systems. The authentication techniques are based on public-key encryption.
There is a strong interplay between "robust" and "secure." For example, the
changes to the semantics of pointers make it impossible for applications to forge access to
data structures or to access private data in objects that they do not have access to. This
closes the door on most activities of viruses.
Someone wrote an interesting "patch" to the PC version of the Archimedes
system. They posted this patch to one of the major bulletin boards. Since it was easily
available and added some interesting features to the system, lots of people downloaded it.
It hadn't been checked out by the folks at Archimedes, but it seemed to work. Needless to
-
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
17/103
say, even though they were in no way responsible for the incident, the folks at
Archimedes still had a lot of damage to control.
Architecture Neutral
Java was designed to support applications on networks. In general, networks are
composed of a variety of systems with a variety of CPU and operating system
architectures. To enable a Java application to execute anywhere on the network, the
compiler generates an architecture-neutral object file format--the compiled code is
executable on many processors, given the presence of the Java runtime system.
This is useful not only for networks but also for single system software
distribution. In the present personal computer market, application writers have to produce
versions of their application that are compatible with the IBM PC and with the Apple
Macintosh. With the PC market (through Windows/NT) diversifying into many CPU
architectures, and Apple moving off the 680x0 toward the PowerPC, production of
software that runs on all platforms becomes nearly impossible. With Java, the same
version of the application runs on all platforms.
The Java compiler does this by generating byte code instructions which have
nothing to do with a particular computer architecture. Rather, they are designed to be
both easy to interpret on any machine and easily translated into native machine code on
the fly.
Archimedes is a small company. They started out producing their software for the
PC since that was the largest market. After a while, they were a large enough company
that they could afford to do a port to the Macintosh, but it was a pretty big effort and
didn't really pay off. They couldn't afford to port to the PowerPC Macintosh or MIPS NT
machine. They couldn't "catch the new wave" as it was happening, and a competitor
jumped in...
-
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
18/103
Portable
Being architecture neutral is a big chunk of being portable, but there's more to it
than that. Unlike C and C++, there are no "implementation dependent" aspects of the
specification. The sizes of the primitive data types are specified, as is the behavior of
arithmetic on them. For example, "int" always means a signed two's complement 32 bit
integer, and "float" always means a 32-bit IEEE 754 floating point number. Making these
choices is feasible in this day and age because essentially all interesting CPUs share these
characteristics.
The libraries that are a part of the system define portable interfaces. For example,
there is an abstract Window class and implementations of it for Unix, Windows NT/95,
and the Macintosh.
The Java system itself is quite portable. The compiler is written in Java and the
runtime is written in ANSI C with a clean portability boundary. The portability boundary
is essentially a POSIX subset.
Interpreted
Java byte codes are translated on the fly to native machine instructions
(interpreted) and not stored anywhere and since linking is a more incremental and
lightweight process, the development process can be much more rapid and exploratory.
As a part of the byte code stream, more compile-time information is carried over
and available at runtime. This is what the linker's type checks are based on. It also makes
programs more amenable to debugging.
The programmers at Archimedes spent a lot of time waiting for programs to
compile and link. They also spent a lot of time tracking down senseless bugs because
some changed source files didn't get compiled (despite using a fancy "make" facility),
which caused version mismatches; and they had to track down procedures that were
-
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
19/103
declared inconsistently in various parts of their programs. Another couple of months lost
in the schedule.
High Performance
While the performance of interpreted bytecodes is usually more than adequate,
there are situations where higher performance is required. The bytecodes can be
translated on the fly (at runtime) into machine code for the particular CPU the application
is running on. For those accustomed to the normal design of a compiler and dynamic
loader, this is somewhat like putting the final machine code generator in the dynamic
loader.
The bytecode format was designed with generating machine codes in mind, so the
actual process of generating machine code is generally simple. Efficient code is
produced: the compiler does automatic register allocation and some optimization when it
produces the bytecodes.
In interpreted code we're getting about 300,000 method calls per second on an
Sun Microsystems SPARCStation 10. The performance of bytecodes converted to
machine code is almost indistinguishable from native C or C++.
When Archimedes was starting up, they did a prototype in Smalltalk. This
impressed the investors enough that they got funded, but it didn't really help them
produce their product: in order to make their simulations fast enough and the system
small enough, it had to be rewritten in C.
Multithreaded
There are many things going on at the same time in the world around us.
Multithreading is a way of building applications with multiple threads, Unfortunately,
writing programs that deal with many things happening at once can be much more
difficult than writing in the conventional single-threaded C and C++ style.
-
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
20/103
Java has a sophisticated set of synchronization primitives that are based on the
widely used monitor and condition variable paradigm introduced by C.A.R.Hoare. By
integrating these concepts into the language (rather than only in classes) they become
much easier to use and are more robust. Much of the style of this integration came from
Xerox's Cedar/Mesa system.
Other benefits of multithreading is better interactive responsiveness and real-time
behavior. This is limited, however, by the underlying platform: stand-alone Java runtime
environments have good real-time behavior. Running on top of other systems like Unix,
Windows, the Macintosh, or Windows NT limits the real-time responsiveness to that of
the underlying system.
Lots of things were going on at once in their simulations. Ropes were being
pulled, wheels were turning, levers were rocking, and input from the user was being
tracked because they had to write all this in a single threaded form, all the things that
happen at the same time, even though they had nothing to do with each other, had to be
manually intermixed. Using an "event loop" made things a little cleaner, but it was still a
mess. The system became fragile and hard to understand. They were pulling in data from
all over the net. But originally they were doing it one chunk at a time. This serialized
network communication was very slow. When they converted to a multithreaded style, it
was trivial to overlap all of their network communication.
Dynamic
In a number of ways, Java is a more dynamic language than C or C++. It was
designed to adapt to an evolving environment.
For example, one major problem with C++ in a production environment is a side-
effect of the way that code is implemented. If company A produces a class library (a
library of plug and play components) and company B buys it and uses it in their product,
then if A changes its library and distributes a new release, B will almost certainly have to
recompile and redistribute their own software. In an environment where the end user gets
-
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
21/103
A and B's software independently (say A is an OS vendor and B is an application vendor)
problems can result.
For example, if A distributes an upgrade to its libraries, then all of the software
from B will break. It is possible to avoid this problem in C++, but it is extraordinarily
difficult and it effectively means not using any of the language's OO features directly.
Archimedes built their product using the object-oriented graphics library from
3DPC Inc. 3DPC released a new version of the graphics library which several computer
manufacturers bundled with their new machines. Customers of Archimedes that bought
these new machines discovered to their dismay that their old software no longer worked.
(In real life, backwards compatibility isn't always a high priority in the Unix world. In the
PC world, 3DPC would never have released such a library: their ability to change their
product and use C++'s object oriented features is severely hindered because they can't
expect their customers to recompile.)
By making these interconnections between modules later, Java completely avoids
these problems and makes the use of the object-oriented paradigm much more
straightforward. Libraries can freely add new methods and instance variables without any
effect on their clients.
An interface specifies a set of methods that an object can perform but leaves open
how the object should implement those methods. A class implements an interface by
implementing all the methods contained in the interface. In contrast, inheritance by
subclassing passes both a set of methods and their implementations from superclass to
subclass. A Java class can implement multiple interfaces but can only inherit from a
single superclass. Interfaces promote flexibility and reusability in code by connecting
objects in terms of what they can do rather than how they do it.
Classes have a runtime representation: there is a class named Class, instances of
which contain runtime class definitions. If, in a C or C++ program, you have a pointer to
an object but you don't know what type of object it is, there is no way to find out.
However, in Java, finding out based on the runtime type information is straightforward.
-
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
22/103
Because casts are checked at both compile-time and runtime, you can trust a cast in Java.
On the other hand, in C and C++, the compiler just trusts that you're doing the right thing.
It is also possible to look up the definition of a class given a string containing its
name. This means that you can compute a data type name and have it easily dynamically-
linked into the running system
In the Java programming language, all source code is first written in plain text
files ending with the .java extension. Those source files are then compiled into .class
files by the javac compiler. A .class file does not contain code that is native to your
processor; it instead contains bytecodes the machine language of the Java Virtual
Machine1 (Java VM). The java launcher tool then runs your application with an instance
of the Java Virtual Machine.
An overview of the software development process
Because the Java VM is available on many different operating systems, the same
.class files are capable of running on Microsoft Windows, the Solaris TM Operating
System (Solaris OS), Linux, or Mac OS. Some virtual machines, such as the Java
HotSpot virtual machine, perform additional steps at runtime to give your application a
performance boost. This include various tasks such as finding performance bottlenecks
and recompiling (to native code) frequently used sections of code.
http://java.sun.com/docs/books/tutorial/getStarted/intro/definition.html#FOOT%23FOOThttp://java.sun.com/products/hotspot/http://java.sun.com/products/hotspot/http://java.sun.com/docs/books/tutorial/getStarted/intro/definition.html#FOOT%23FOOThttp://java.sun.com/products/hotspot/http://java.sun.com/products/hotspot/ -
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
23/103
Through the Java VM, the same application is capable of running on multiple
platforms.
The Java Platform
A platform is the hardware or software environment in which a program runs.
We've already mentioned some of the most popular platforms like Microsoft Windows,
Linux, Solaris OS, and Mac OS. Most platforms can be described as a combination of the
operating system and underlying hardware. The Java platform differs from most other
platforms in that it's a software-only platform that runs on top of other hardware-based
platforms.
The Java platform has two components:
The Java Virtual Machine
The Java Application Programming Interface (API)
You've already been introduced to the Java Virtual Machine; it's the base for the
Java platform and is ported onto various hardware-based platforms.
The API is a large collection of ready-made software components that provide
many useful capabilities. It is grouped into libraries of related classes and interfaces;
-
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
24/103
these libraries are known as packages. The next section, What Can Java Technology Do?
highlights some of the functionality provided by the API.
The API and Java Virtual Machine insulate the program from the underlying
hardware.
As a platform-independent environment, the Java platform can be a bit slower
than native code. However, advances in compiler and virtual machine technologies are
bringing performance close to that of native code without threatening portability.
What Can Java Technology Do?
The general-purpose, high-level Java programming language is a powerful
software platform. Every full implementation of the Java platform gives you the
following features:
Development Tools: The development tools provide everything you'll need for
compiling, running, monitoring, debugging, and documenting your applications. As a
new developer, the main tools you'll be using are thejavac
compiler, thejava
launcher,and the javadoc documentation tool.
Application Programming Interface (API): The API provides the core
functionality of the Java programming language. It offers a wide array of useful classes
ready for use in your own applications. It spans everything from basic objects, to
networking and security, to XML generation and database access, and more. The core
API is very large; to get an overview of what it contains, consult the Java SE
Development Kit 6 (JDK TM 6) documentation .
Deployment Technologies: The JDK software provides standard mechanisms
such as the Java Web Start software and Java Plug-In software for deploying your
applications to end users.
User Interface Toolkits: The Swing and Java 2D toolkits make it possible to
create sophisticated Graphical User Interfaces (GUIs).
http://java.sun.com/docs/books/tutorial/getStarted/intro/cando.htmlhttp://java.sun.com/javase/6/docs/index.htmlhttp://java.sun.com/javase/6/docs/index.htmlhttp://java.sun.com/javase/6/docs/index.htmlhttp://java.sun.com/javase/6/docs/index.htmlhttp://java.sun.com/javase/6/docs/index.htmlhttp://java.sun.com/javase/6/docs/index.htmlhttp://java.sun.com/docs/books/tutorial/getStarted/intro/cando.htmlhttp://java.sun.com/javase/6/docs/index.htmlhttp://java.sun.com/javase/6/docs/index.html -
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
25/103
Integration Libraries: Integration libraries such as the Java IDL API, JDBCTM
API, Java Naming and Directory InterfaceTM ("J.N.D.I.") API, Java RMI, and Java
Remote Method Invocation over Internet Inter-ORB Protocol Technology (Java RMI-
IIOP Technology) enable database access and manipulation of remote objects.
ADDITIONAL FEATURES OF JAVA
Accessibility from any location in the world: Java is an internet programming
language The web provides accessibility to a computer from anywhere in the world Virus
free System:
1.)Java is secure
2.)That is any changes made to the computer are tagged as errors and the program
will not execute
Platform Independent Language:
1.)java compiler compiles java code to an intermediate byte code that is
understood by JVM(java virtual machine)
2.) To execute the byte codes the system should have java interpreter or java
enabled internet browser
Speed:
1.) Java is a High performance language
2.) Faster than programs written in other interpreter languages, such as BASIC
3.) Faster than C, C++.
Development time:
1.) Java is simple
2.) In java programmers do not need to manipulate memory
GARBAGE COLLECTION
Its the process that automatically frees the memory of objects that are no
more in use. There is no specification of a technique for garbage collection
-
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
26/103
How Will Java Technology Change My Life?
We can't promise you fame, fortune, or even a job if you learn the Java
programming language. Still, it is likely to make your programs better and requires less
effort than other languages. We believe that Java technology will help you do the
following:
Get started quickly: Although the Java programming language is a powerful
object-oriented language, it's easy to learn, especially for programmers already familiar
with C or C++.
Write less code: Comparisons of program metrics (class counts, method counts,
and so on) suggest that a program written in the Java programming language can be four
times smaller than the same program written in C++.
Write better code: The Java programming language encourages good coding
practices, and automatic garbage collection helps you avoid memory leaks. Its object
orientation, its JavaBeansTM component architecture, and its wide-ranging, easily
extendible API let you reuse existing, tested code and introduce fewer bugs.
Develop programs more quickly: The Java programming language is simpler than
C++, and as such, your development time could be up to twice as fast when writing in it.
Your programs will also require fewer lines of code.
Avoid platform dependencies: You can keep your program portable by avoiding
the use of libraries written in other languages.
Write once, run anywhere: Because applications written in the Java programming
language are compiled into machine-independent bytecodes, they run consistently on any
Java platform.
Distribute software more easily: With Java Web Start software, users will be able
to launch your applications with a single click of the mouse. An automatic version check
at startup ensures that users are always up to date with the latest version of your software.
If an update is available, the Java Web Start software will automatically update their
installation.
JAVA Programming:
-
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
27/103
Java is an object oriented programming language developed by Sun Microsystems
by chief programmer James Gosling
JAVA PROGRAMS It falls falls in two categories Applications & Applets
Application
An application is a program that we can execute from any operating system
windows applications have a graphical user interface console applications are character
based
Networked applications can use resources that are available over a network
Distributed applications can access objects that execute across many computers over a
network
Applications can also establish network connections, access resources across a
network and launch applications over a network
APPLETS
Applets are java programs that execute inside a Webpage. Therefore unlike
applications, applets require a java enabled browser like Microsoft internet Explorer 4.0
or above, Netscape navigator 4.0 or above, or Hot java.
An applet is loaded and executed when a user loads a Web page through a Web
Browser
Applets have Graphical user interface Applets have less security privileges than
applications
RUN TIME ENVIRONMENT IN JAVA
Java run time environment has to access the main( ) method to execute a program
therefore the main( ) method should be declared public. It should be declared static
because it has to exist before any object of the class is created The command line
parameter is a string type variable main(String args[]) The number of arguments is
determined by the String class object
EXECUTING A JAVA PROGRAM
-
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
28/103
A program called JVM(java virtual machine) executes java programs The JVM
contains run time environment and the class loader When we compile a .java file , a
.class file is created.To compile a file use javac utility. To execute a .class file , you use
the java utility
Encapsulation
A class is a blueprint or prototype from which objects are created. Objects are key
to understanding object-oriented technology.
Objects consist of state and related behavior.
An object stores its state in fields (variables in some programming languages) and
exposes its behavior through methods (functions in some programming languages).
Methods operate on an object's internal state and serve as the primary mechanism
for object-to-object communication. Hiding internal state and requiring all interaction to
be performed through an object's methods is known as data encapsulation a
fundamental principle of object-oriented programming.
Inheritance
Object-oriented programming allows classes to inherit commonly used state and
behavior from other classes.
In the Java programming language, each class is allowed to have one direct
superclass, and each superclass has the potential for an unlimited number of subclasses.
Syntax: At the beginning of your class declaration, use the extends keyword,
followed by the name of the class to inherit from
Interface
An interface is a contract between a class and the outside world, and this contract
is enforced at build time by the compiler.
When a class implements an interface, it promises to provide the behavior
published by that interface.
Implementing an interface allows a class to become more formal about the
behavior it promises to provide
http://java.sun.com/docs/books/tutorial/java/concepts/interface.htmlhttp://java.sun.com/docs/books/tutorial/java/concepts/interface.html -
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
29/103
PACKAGES
Using import statement we can use java packages in a program (its similar to
include statement in C++).Package contains only classes, whereas a header file can
contain independent methods. They have hierarchical structure If the package name is not
specified class becomes the member of the default package
Exceptions
The Java programming language uses exceptions to handle errors and other
exceptional events. An exception is an event that occurs during the execution of a
program that disrupts the normal flow of instructions. The discussion includes the try,
catch, and finally blocks, as well as chained exceptions and logging.
Searching the call stack for the exception handler.
The code that might throw certain exceptions must be enclosed by either of the
following:
A try is the statement that catches exception. The try must provide a handler for
the exception
A method that specifies that it can throw the exception. The method must provide
a throws clause that lists the exception,
The Three Kinds of Exceptions
Checked exception, are exceptional conditions that a well-written application
should anticipate and recover from.
-
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
30/103
Errors are an exceptional condition that are external to the application, and that
the application usually cannot anticipate or recover from.
Runtime exceptions are exceptional conditions that are internal to the application,
and that the application usually cannot anticipate or recover from.
The finally block always executes when the try block exits.
COMPONENTS:
Visual controls such as textboxes, checkboxes, listboxes, buttons & combo boxes
are called components. Each component inherits the properties of its parent container
such as font & color
CONTAINERS:
Top level windows that hold these components are called
containers. he container also controls the position of components placed in it
FRAME WINDOW:
Containers are contained within the frame window, which is
another type of a container The frame window is the top level window & as such it
does not have a parent container.
AWT (abstract window toolkit):
In java 1.0 user interfaces are created using AWT. The front end
applications created using AWT is different on different platforms
The Abstract Windowing Toolkit (AWT) provides basic facilities for creating
graphical user interfaces (GUIs), and also for drawing graphics, as we'll discuss in a later
chapter. AWT has been a core part of Java since Java 1.0. The GUI features of AWT are
layered on top of the native GUI system of the underlying platform. In other words, when
you create a graphical push button with AWT, AWT creates a Windows push button, or a
Macintosh push button, or a Motif push button, or whatever, depending on the platform
on which the application is running. In Java 1.1, AWT was extended to allow the creation
-
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
31/103
of "lightweight" GUI components that do not have corresponding native GUI
components behind them.
Swing is a new GUI toolkit that is available as a core part of the Java 2 platform
and also as an extension to Java 1.1. Swing is an extension of the AWT toolkit, not an
entirely new toolkit. All of the GUI components provided by Swing are lightweight
components, so they do not rely on the underlying native GUIs. The result is that Swing
is more portable, making it much easier to write graphical applications that behave the
same on all platforms. Swing is also larger and more comprehensive than AWT. In
addition to a complete and powerful set of GUI components, Swing provides a number of
utilities that make it easier to write graphical applications.
Swing offers a great step forward when compared to AWT. You should use
Swing in all your Java 2 applications. You should also seriously consider using it as an
extension for Java 1.1 applications. Unfortunately, at the time of this writing, common
web browsers do not yet support Swing, so if you are writing applets, you should either
run those applets under the Java Plug-in, or you should avoid the use of Swing and rely
exclusively on the features of AWT. for more information on applets.
Java Foundation Classes (JFC):JFC is an extension of the original AWT. JFC is an extension of
AWT.
JFC is first delivered as a part of the java platform It has a rich set of components
that are completely cross platform independent & offer improved performance We
can create large scale internet & intranet applications using JFC.
The Java Foundation Classes (JFC or "Swing") are a complete set of light-weight
user interface components that enhance, extend and to a large degree replace the AWT
components. In addition to the buttons, lists, tables and trees in the JFC, you will also
find a pluggable look-and-feel that allows the components to take on the appearance of
several popular windowing systems, as well as its own look and feel. The JFC actually
uses a few common design patterns, and we will be using the JFC for most of the
-
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
32/103
-
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
33/103
If you do not explicitly add a GUI component to a container, the
GUI component will not be displayed when the container appears
on the screen.
Swing, which is an extension library to the AWT, includes new and
improved components that enhance the look and functionality of GUIs. Swing can
be used to build Standalone swing gui Apps as well as Servlets and Applets. It
employs a model/view design architecture. Swing is more portable and more
flexible than AW
Drag and Drop feature:
Drag and Drop is used for transferring data from a source to target. GUI
elements are used for Drag and Drop operations. Its also possible to transfer data to or
from the clipboard
The java.awt.dnd & java.awt.datatransfer packages are used for drag & drop
operations
Swing is built on top of AWT and is entirely written in Java, using AWTs
lightweight component support. In particular, unlike AWT, t he architecture of Swing
components makes it easy to customize both their appearance and behavior. Componentsfrom AWT and Swing can be mixed, allowing you to add Swing support to existing
AWT-based programs. For example, swing components such as JSlider, JButton and
JCheckbox could be used in the same program with standard AWT labels, textfields and
scrollbars. You could subclass the existing Swing UI, model, or change listener classes
without having to reinvent the entire implementation. Swing also has the ability to
replace these objects on-the-fly.
100% Java implementation of components
Pluggable Look & Feel
Lightweight components
Uses MVC Architecture
Model represents the data
-
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
34/103
View as a visual representation of the data
Controller takes input and translates it to changes in data
Three parts
Component set (subclasses of JComponent)
Support classes
Interfaces
In Swing, classes that represent GUI components have names beginning with the
letter J. Some examples are JButton, JLabel, and JSlider. Altogether there are more than
250 new classes and 75 interfaces in Swing twice as many as in AWT.
Java Swing class hierarchy
The class JComponent, descended directly from Container, is the root class for
most of Swings user interface components.
Swing contains components that youll use to build a GUI. I am listing you some
of the commonly used Swing components. To learn and understand these swing
programs, AWT Programming knowledge is not required.
-
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
35/103
AWT vs. Swing
This package provides an integrated set of classes to manage user interface
components such as windows, dialog boxes, buttons, checkboxes lists, menus, scrollbars
& textboxes the JComponent class which implements this common functionality is the
superclass for all graphical interface elements.
AWT and Swing are both part of a group of Java class libraries called the Java
Foundation Classes (JFC). The Abstract Windowing Toolkit (AWT) is the original
GUI toolkit shipped with the Java Development Kit (JDK). The AWT provides a basic
set of graphical interface components similar to those available with HTML forms.
Swing is the latest GUI toolkit, and provides a richer set of interface components thanthe AWT. In addition, Swing components offer the following advantages over AWT
components:
The behavior and appearance of Swing components is consistent
across platforms, whereas AWT components will differ from platform to
platform
Swing components can be given their own "look and feel"
Swing uses a more efficient event model than AWT; therefore,
Swing components can run more quickly than their AWT counterparts. On the
other hand, Swing components can take longer to load than AWT components.
Which Swing Packages Should I Use?
The Swing API is powerful, flexible--and immense. In release 1.4 of the Java
platform, the Swing API has 17 public packages:
javax.accessibili
ty
javax.swing.plaf javax.swing.text.htm
l
javax.swing javax.swing.plaf.basic javax.swing.text.par
ser
-
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
36/103
javax.swing.border javax.swing.plaf.metal javax.swing.text.rtf
javax.swing.colorchooser javax.swing.plaf.multi javax.swing.tree
javax.swing.event javax.swing.table javax.swing.undo
javax.swing.filechooser javax.swing.text
Fortunately, most programs use only a small subset of the API. This trail sorts out
the API for you, giving you examples of common code and pointing you to methods and
classes you're likely to need. Most of the code in this trail uses only one or two Swing
packages:
javax.swing
javax.swing.event (not always required)
Compiling and Running Swing Programs
This section explains how to compile and run a Swing application. The
compilation instructions work for all Swing programs applets, as well as applications.
Here are the steps you need to follow:
1. Install the latest release of the Java SE platform, if you haven't already done so.
2. Create a program that uses Swing components.
3. Compile the program.
4. Run the program.
Install the Latest Release of the Java SE Platform
You can download the latest release of the JDK for free from
http://java.sun.com/javase/downloads.
Create a Program That Uses Swing Components
You can use a simple program we provide, called HelloWorldSwing, that brings
up the GUI shown in the figure below. The program is in a single file,
HelloWorldSwing.java. When you save this file, you must match the spelling and
capitalization of its name exactly.
http://java.sun.com/docs/books/tutorial/uiswing/learn/examples/HelloWorldSwing.javahttp://java.sun.com/docs/books/tutorial/uiswing/learn/examples/HelloWorldSwing.java -
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
37/103
Compile the Program
Your next step is to compile the program. Here's an example of compiling
HelloWorldSwing.java:
javac HelloWorldSwing.java
If you can't compile, make sure you're using the compiler in a recent release of the
Java platform. Once you've updated your JDK, you should be able to use the programs in
this trail without changes. Another common mistake is installing the Java Runtime
Environment (JRE) and not the full Java Development Kit (JDK) needed to compile these
programs. Refer to the Getting Started trail to help you solve any compiling problems
you encounter. Another installation troubleshooting guide for the Java SE platform is
available online under the "Sun Resources" tab at http://java.sun.com/javase/.
Run the Program
After you compile the program successfully, you can run it. Assuming that your
program uses a standard look and feel such as the Java, Windows, or GTK+ look and
feel you can use the interpreter to run the program without adding anything to your
class path. For example:
java HelloWorldSwing
For programs that use a nonstandard look and feel or any other nonstandard code
package, you must make sure that the necessary classes are in the class path. For
example:
Solaris/Linux
java -classpath.:/home/me/lnfdir/newlnf.jar HelloWorldSwing
Microsoft Windows
java -classpath .;C:\java\lnfdir\newlnf.jar HelloWorldSwing
Alternatively, you can launch your program from a Web browser using Java Web
Start.
http://java.sun.com/docs/books/tutorial/uiswing/start/examples/HelloWorldSwing.javahttp://java.sun.com/docs/books/tutorial/getStarted/index.htmlhttp://java.sun.com/javase/http://java.sun.com/docs/books/tutorial/uiswing/start/examples/HelloWorldSwing.javahttp://java.sun.com/docs/books/tutorial/getStarted/index.htmlhttp://java.sun.com/javase/ -
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
38/103
Servlet
What is a Servlet?
Servlets are modules of Java code that run in a server application (hence the name
"Servlets", similar to "Applets" on the client side) to answer client requests. Servlets are
not tied to a specific client-server protocol but they are most commonly used with HTTP
and the word "Servlet" is often used in the meaning of "HTTP Servlet".
Servlets make use of the Java standard extension classes in the
packages javax.servlet (the basic Servlet framework)
andjavax.servlet.http (extensions of the Servlet framework for Servlets that answer
HTTP requests). Since Servlets are written in the highly portable Java language and
follow a standard framework, they provide a means to create sophisticated server
extensions in a server and operating system independent way.
Typical uses for HTTP Servlets include:
Processing and/or storing data submitted by an HTML form.
Providing dynamic content, e.g. returning the results of a database query to the
client.
Managing state information on top of the stateless HTTP, e.g. for an online
shopping cart system which manages shopping carts for many concurrent
customers and maps every request to the right customer.
Servlets vs CGI
The traditional way of adding functionality to a Web Server is the Common GatewayInterface (CGI), a language-independent interface that allows a server to start an external
process which gets information about a request through environment variables, the
command line and its standard input stream and writes response data to its standard
output stream. Each request is answered in a separate process by a separate instance of
http://hoohoo.ncsa.uiuc.edu/cgi/overview.htmlhttp://hoohoo.ncsa.uiuc.edu/cgi/overview.htmlhttp://hoohoo.ncsa.uiuc.edu/cgi/overview.htmlhttp://hoohoo.ncsa.uiuc.edu/cgi/overview.html -
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
39/103
the CGI program, or CGI script (as it is often called because CGI programs are usually
written in interpreted languages like Perl).
Servlets have several advantages over CGI:
A Servlet does not run in a separate process. This removes the overhead of
creating a new process for each request.
A Servlet stays in memory between requests. A CGI program (and
probably also an extensive runtime system or interpreter) needs to be
loaded and started for each CGI request.
There is only a single instance which answers all requests concurrently.
This saves memory and allows a Servlet to easily manage persistent data.
A Servlet can be run by a Servlet Engine in a restrictive Sandbox (just like
an Applet runs in a Web Browser's Sandbox) which allows secure use of
untrusted and potentially harmful Servlets.
The Basic Servlet Architecture
A Servlet, in its most general form, is an instance of a class which implements
the javax.servlet.Servlet interface. Most Servlets, however, extend one of the
standard implementations of that interface,
namely javax.servlet.GenericServlet andjavax.servlet.http.HttpServlet .
Here we'll be discussing only HTTP Servlets which extend the
javax.servlet.http.HttpServlet class.
In order to initialize a Servlet, a server application loads the Servlet class (and probably
other classes which are referenced by the Servlet) and creates an instance by calling the
no-args constructor. Then it calls the Servlet's init(ServletConfig config) method.
The Servlet should performe one-time setup procedures in this method and store the
ServletConfig object so that it can be retrieved later by calling the
Servlet's getServletConfig() method. This is handled by GenericServlet. Servlets
which extend GenericServlet (or its subclass HttpServlet) should
http://www.novocode.com/doc/servlet-essentials/appendix.html#a_d_Sandboxhttp://www.novocode.com/doc/servlet-essentials/appendix.html#a_d_Sandbox -
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
40/103
call super.init(config) at the beginning of the init method to make use of this
feature. The ServletConfig object contains Servlet parameters and a reference to the
Servlet's ServletContext. The init method is guaranteed to be called only once during
the Servlet's lifecycle. It does not need to be thread-safe because the service method
will not be called until the call to init returns.
When the Servlet is initialized, its service(ServletRequest req, ServletResponse
res) method is called for every request to the Servlet. The method is called concurrently
(i.e. multiple threads may call this method at the same time) so it should be implemented
in a thread-safe manner. Techniques for ensuring that the service method is not called
concurrently, for the cases where this is not possible
When the Servlet needs to be unloaded (e.g. because a new version should be loaded or
the server is shutting down) the destroy() method is called. There may still be threads
that execute the service method when destroy is called, so destroy has to be thread-
safe. All resources which were allocated in init should be released in destroy. This
method is guaranteed to be called only once during the Servlet's lifecycle.
A typical Servlet lifecycle
The Servlet Life Cycle
-
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
41/103
Init
Executed once when servlet is first loaded
Not called for each request
Service
Called in a new thread by server for each request
Dispatches to doGet , doPost etc.
Do not override this method
doGet, doPost doXxx methods
To handle Get, Post and etc request
Override these method to provides desired behavior.
Destroy
Called when server delete servlet instance
Not called after each request
HTTP
Before we can start writing the first Servlet, we need to know some basics of HTTP
("HyperText Transfer Protocol"), the protocol which is used by a WWW client (e.g. a
browser) to send a request to a Web Server.
HTTP is a request-response oriented protocol. An HTTP request consists of a request
method, a URI, header fields and a body (which can be empty). An HTTP response
contains a result code and again header fields and a body.
The service method ofHttpServlet dispatches a request to different Java methods for
different HTTP request methods. It recognizes the standard HTTP/1.1 methods and
should not be overridden in subclasses unless you need to implement additional methods.
The recognized methods are GET, HEAD, PUT, POST, DELETE, OPTIONS and
TRACE. Other methods are answered with a Bad Request HTTP error. An HTTP
method XXX is dispatched to a Java method doXxx, e.g. GET -> doGet. All these
methods expect the parameters "(HttpServletRequest req, HttpServletResponse
-
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
42/103
res)". The methods doOptions and doTrace have suitable default implementations and
are usually not overridden. The HEAD method (which is supposed to return the same
header lines that a GET method would return, but doesn't include a body) is performed by
calling doGet and ignoring any output that is written by this method. That leaves us with
the methods doGet, doPut,doPost and doDelete whose default implementations
in HttpServlet return a Bad Request HTTP error. A subclass ofHttpServletoverrides
one or more of these methods to provide a meaningful implementation.
The request data is passed to all methods through the first argument of
type HttpServletRequest (which is a subclass of the more
generalServletRequest class). The response can be created with methods of the second
argument of type HttpServletResponse (a subclass ofServletResponse).
When you request a URL in a Web Browser, the GET method is used for the request. A
GET request does not have a body (i.e. the body is empty). The response should contain a
body with the response data and header fields which describe the body
(especially Content-Type andContent-Encoding). When you send an HTML form,
either GET or POST can be used. With a GET request the parameters are encoded in the
URL, with a POST request they are transmited in the body. HTML editors and upload
tools use PUT requests to upload resources to a Web Server and DELETE requests to
delete resources.
Servlets Step by Step
This chapter acts as a Servlet tutorial. You will learn how to use important techniques for
Servlet development by writing some typical Servlets, ranging from very simple to rather
complex. All examples in this chapter are fully functional and complete Servlets which
have been successfully compiled and run.
Hello World!
This section shows how to
-
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
43/103
use the framework that makes up a simple Servlet
write a Servlet that provides static content (i.e. it produces the same output every
time it is called by a client)
We start our venture into Servlet programming with the well-known "Hello World"
example, this time named more suitably "Hello Client":
HelloClientServlet.java
1: import java.io.*;
2: import javax.servlet.*;
3: import javax.servlet.http.*;
4:
5: public class HelloClientServlet extends HttpServlet
6: {
7: protected void doGet(HttpServletRequest req,
8: HttpServletResponse res)
9: throws ServletException, IOException
10: {
11: res.setContentType("text/html");
12: PrintWriter out = res.getWriter();
13: out.println("Hello Client!"+
14: "Hello Client!");
15: out.close();
16: }
17:
18: public String getServletInfo()
19: {
20: return "HelloClientServlet 1.0 by Stefan Zeiger";
21: }
22: }
http://www.novocode.com/doc/servlet-essentials/HelloClientServlet.javahttp://www.novocode.com/doc/servlet-essentials/HelloClientServlet.java -
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
44/103
When you compile this Servlet and run it by requesting a URL which is assigned to it in a
Web Browser it produces the following output:
Let's have a look at how the Servlet works.
Lines 1 to 3 import some packages which contain many classes which are
used by the Servlet (almost every Servlet needs classes from thesepackages).
The Servlet class is declared in line 5. Our Servlet
extends javax.servlet.http.HttpServlet, the standard base class for
HTTP Servlets.
In lines 7 through 16 HttpServlet's doGet method is getting overridden.
In line 11 we use a method of the HttpServletResponse object to set the
content type of the response that we are going to send. All response
headers must be set before a PrintWriter orServletOutputStream is
requested to write body data to the response.
In line 12 we request a PrintWriter object to write text to the response
message.
ServletResponse.getWriter() is a new feature of JSDK version 2.0. If your Servlet
engine does not support JSDK 2.0 you can replace the above line by
"ServletOutputStream out = res.getOutputStream();". This change can be made
in most of the example Servlets. The advantages of
using ServletResponse.getWriter() are discussed in section 4.4.
In lines 13 and 14 we use the PrintWriter to write the text of
type text/html (as specified through the content type)
http://www.novocode.com/doc/servlet-essentials/appendix.html#a_ahttp://www.novocode.com/doc/servlet-essentials/appendix.html#a_bhttp://www.novocode.com/doc/servlet-essentials/chapter4b.htmlhttp://www.novocode.com/doc/servlet-essentials/appendix.html#a_ahttp://www.novocode.com/doc/servlet-essentials/appendix.html#a_bhttp://www.novocode.com/doc/servlet-essentials/chapter4b.html -
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
45/103
-
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
46/103
Servlet can have data which persists between requests we load the address list only once,
when the Servlet is initialized, and save it every time it has been changed by a request.
An alternative approach would be keeping the list in memory while the Servlet is active
and writing it to disk in the destroy method. This would avoid the overhead of saving
the address list after every change but is less fail-safe. If for some reason the address file
can't be written to disk or the server crashes and cannot destroy the Servlet, all changes to
the list will be lost even though the users who submitted the requests to change the list
received positive responses.
Here is the full source code of the ListManagerServlet:
ListManagerServlet.java
1: import java.util.Vector;
2: import java.io.*;
3: import javax.servlet.*;
4: import javax.servlet.http.*;
5:
6: public class ListManagerServlet extends HttpServlet
7: {
8: private Vector addresses;
9: private String filename;
11: public void init(ServletConfig config) throws ServletException
12: {
13: super.init(config);
14: filename = config.getInitParameter("addressfile");
15: if(filename == null)
16: throw new UnavailableException(this,17: "The \"addressfile\" property "+
18: "must be set to a file name");
19: try
20: {
21: ObjectInputStream in =
http://www.novocode.com/doc/servlet-essentials/ListManagerServlet.javahttp://www.novocode.com/doc/servlet-essentials/ListManagerServlet.java -
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
47/103
22: new ObjectInputStream(new FileInputStream(filename));
23: addresses = (Vector)in.readObject();
24: in.close();
25: }
26: catch (FileNotFoundException e) { addresses = new Vector(); }
27: catch(Exception e)
28: {
29: throw new UnavailableException(this,
30: "Error reading address file: "+e);
31: }
32: }
34: protected void doGet(HttpServletRequest req,
35: HttpServletResponse res)
36: throws ServletException, IOException
37: {
38: res.setContentType("text/html");
39: res.setHeader("pragma", "no-cache");
40: PrintWriter out = res.getWriter();
41: out.print("List Manager");
42: out.print("Members:");
43: for(int i=0; i
-
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
48/103
54: HttpServletResponse res)
55: throws ServletException, IOException
56: {
57: String email = req.getParameter("email");
58: String msg;
59: if(email == null)
60: {
61: res.sendError(res.SC_BAD_REQUEST,
62: "No email address specified.");
63: return;
64: }
65: if(req.getParameter("action").equals("subscribe"))
66: {
67: if(subscribe(email))
68: msg = "Address " + email + " has been subscribed.";
69: else
70: {
71: res.sendError(res.SC_BAD_REQUEST,
72: "Address " + email + " was already subscribed.");
73: return;
74: }
75: }
76: else
77: {
78: if(unsubscribe(email))
79: msg = "Address " + email + " has been removed.";
80: else
81: {
82: res.sendError(res.SC_BAD_REQUEST,
83: "Address " + email + " was not subscribed.");
84: return;
-
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
49/103
85: }
86: }
88: res.setContentType("text/html");
89: res.setHeader("pragma", "no-cache");
90: PrintWriter out = res.getWriter();
91: out.print("List
Manager");
92: out.print(msg);
93: out.print("Show the list");
96: out.close();
97: }
99: public String getServletInfo()
100: {
101: return "ListManagerServlet 1.0 by Stefan Zeiger";
102: }
103:
104: private synchronized boolean subscribe(String email) throws IOException
105: {
106: if(addresses.contains(email)) return false;
107: addresses.addElement(email);
108: save();
109: return true;
110: }
112: private synchronized boolean unsubscribe(String email) throws IOException
113: {
114: if(!addresses.removeElement(email)) return false;
115: save();
116: return true;
117: }
-
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
50/103
119: private void save() throws IOException
120: {
121: ObjectOutputStream out =
122: new ObjectOutputStream(new FileOutputStream(filename));
123: out.writeObject(addresses);
124: out.close();
125: }
126: }
The parts of the Servlet related to data management are discussed below:
In init we first call super.init(config) to leave the ServletConfig management to
the superclass (HttpServlet), then we get the name of the address file from an init
parameter (which is set up in the Web Server configuration). If the parameter is not
available the Servlet throws a javax.servlet.UnavailableException (a subclass
ofjavax.servlet.ServletException) which indicates that a Servlet is temporarily (if
a duration is specified) or permanently (as in this case) unavailable. Finally,
the init method deserializes the address file or creates an empty Vector if the addressfile does not exist yet. All exceptions that occur during the deserialization are
transformed intoUnavailableExceptions.
Version 2.1 of the Servlet API offers a no-args init method which is called
by GenericServlet's init(ServletConfig) method. By using this new method you
don't have to worry about passing the ServletConfig object to the superclass your self
Note that even though code that uses the no-args init method can be compiled without
problems using the JSDK 1.0 or 2.0 interface classes and run in a 1.0 or 2.0 compliant
web server, the initialization code will never be executed in such an environment
The methods subscribe and unsubscribe are used to (un-)subscribe an address. They
save the address list if it was modified by callingsave() and return a boolean success
-
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
51/103
value. Note that these methods are both synchronized (on the Servlet object) to ensure the
integrity of the address list, both, in memory and on disk.
The save method serializes the address list to the address file on disk which can be read
in again by init when the Servlet is restarted.
Client interaction
The client interaction is handled by two of the
standard HttpServlet methods, doGet and doPost.
The doGet method replies to GET requests by sending an HTML page which
contains the list of the currently subscribed addresses and the form that is used to
subscribe or unsubscribe an address:
The response content type is again set to text/html and the response is marked as
not cacheable to proxy servers and clients (because it is dynamically created) by
setting an HTTP header "pragma: no-cache". The form asks the client to use the
POST method for submitting form data.
Here is a typical output by this method:
-
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
52/103
The doPost method receives the submitted form data, updates the address list andsends back a confirmation page:
First the form parameters "email" and "action" are retrieved with
the getParameter method of HttpServletRequest. getParameter(and
also getParameters and getParameterValues) can be used to retrieve form data
from both, POST and GET requests. As an alternative you can
use getQueryString for a GET request and getInputStream for a POST request
and parse the application/x-www-urlencoded data on your own. Note that
you cannot use both ways of getting the request data together in one request.
Then subscribe orunsubscribe is called. When a user error occurs (i.e. no
address or an already subscribed address was entered for subscribe, or a not
subscribed address was entered for unsubscribe) res.sendError is used to send
back an error response with aBad Request response code.
Finally a confirmation page is sent with the usual
method. req.getRequestURI() is used to get the URI of the Servlet for a link
back to the main page (which is created by doGet).
Session Tracking
-
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
53/103
This section shows how to
use Session Tracking capabilities
Session Tracking allows a Servlet to associate a request with a user. A session can extendacross requests and connections of thestateless HTTP . Sessions can be maintained in two
ways:
1. By using Cookies. A Cookie is a string (in this case that string is the session ID)
which is sent to a client to start a session. If the client wants to continue the
session it sends back the Cookie with subsequent requests. This is the most
common way to implement session tracking.
2. By rewriting URLs. All links and redirections which are created by a Servlet have
to be encoded to include the session ID. This is a less elegant solution (both, for
Servlet implementors and users) because the session cannot be maintained by
requesting a well-known URL oder selecting a URL which was created in a
different (or no) session. It also does not allow the use of static pages. All HTML
pages which are sent within a session have to be created dynamically.
Our next Servlet manages a virtual shopping cart. Users can add various items to their
shopping cart via HTML forms. The shopping cart contents are stored on the server and
each user gets his own shopping cart which is selected automatically whenever he makes
a request to the Servlet.
In the simplified version that we implement in class ShoppingCartServlet there are
only two kinds of items, named FOO and BAR. By pressing a button in an HTML form a
single FOO or BAR item can be put into the shopping cart. There's another button to see
the current contents of the shopping cart and a button to order the selected items, thusclearing the shopping cart.
The first version of the Servlet, called ShoppingCartServlet, which works with
Cookie-style sessions only, consists of the two standard methods, doGet and doPost:
http://www.novocode.com/doc/servlet-essentials/appendix.html#a_d_Statehttp://www.novocode.com/doc/servlet-essentials/appendix.html#a_d_Statehttp://www.novocode.com/doc/servlet-essentials/appendix.html#a_d_Statehttp://www.novocode.com/doc/servlet-essentials/appendix.html#a_d_HTTPhttp://www.novocode.com/doc/servlet-essentials/appendix.html#a_d_HTTPhttp://www.novocode.com/doc/servlet-essentials/appendix.html#a_d_Statehttp://www.novocode.com/doc/servlet-essentials/appendix.html#a_d_HTTP -
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
54/103
A form with the buttons is created by the Servlet's doGet method.
Here is the full source code of the ShoppingCartServlet:
ShoppingCartServlet.java1: import java.io.*;
2: import javax.servlet.*;
3: import javax.servlet.http.*;
4:
5: public class ShoppingCartServlet extends HttpServlet
6: {
7: protected void doGet(HttpServletRequest req, HttpServletResponse res)
8: throws ServletException, IOException
9: {
10: res.setContentType("text/html");
11: PrintWriter out = res.getWriter();
12: out.print("Online Shop"+
13: ""+
14: ""+
16: ""+
18: ""+
20: ""+
22: "");23: out.close();
24: }
25:
26: protected void doPost(HttpServletRequest req, HttpServletResponse res)
27: throws ServletException, IOException
http://www.novocode.com/doc/servlet-essentials/ShoppingCartServlet.javahttp://www.novocode.com/doc/servlet-essentials/ShoppingCartServlet.java -
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
55/103
28: {
29: String msg;
30:
31: HttpSession session = req.getSession(true);
32: if(session.isNew())
33: {
34: session.putValue("foo", new int[] { 0 });
35: session.putValue("bar", new int[] { 0 });
36: }
38: int[] foo = (int[])session.getValue("foo");
39: int[] bar = (int[])session.getValue("bar");
41: if(req.getParameter("foo") != null)
42: {
43: foo[0]++;
44: msg = "Bought a FOO. You now have "+foo[0]+".";
45: }
46: else if(req.getParameter("bar") != null)
47: {
48: bar[0]++;
49: msg = "Bought a BAR. You now have "+bar[0]+".";
50: }
51: else if(req.getParameter("buy") != null)
52: {
53: session.invalidate();
54: msg = "Your order for "+foo[0]+" FOOs and "+bar[0]+
55: " BARs has been accepted. Your shopping cart is empty now.";
56: }
57: else
58: {
59: msg = "You have "+foo[0]+" FOOs and "+bar[0]+
60: " BARs in your shopping cart.";
-
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
56/103
-
8/7/2019 JA 6051. MOBILE BASED AUTHENTICATION PROTCOL USING RFID NEXT GENERATION APPLICATIONS
57/103
If the session is indeed new (determined by
calling HttpSession's isNew() method) we add some custom data to the session:
Two counters, one for the FOOs and one for the BARs in the shopping cart. The
session object can be used like a Dictionary. That means we can only
add Objects, not instances of primitive types like int. We could use an instance
ofjava.lang.Integer for each counter, but these objects are immutable which
makes incrementing inefficient and difficult to implement. Instead we use
an array of int(int[]) with only one element as a mutable wrapper object. The
element is initialized to 0.
Next we retrieve the values for "foo" and "bar" from the session, no matter if they
were just added or carried over from a previous request.
In the ListManagerServlet both buttons had the same name but different values
so we could use getParameter to retrieve the value from the request and then do
a string compare to the possible values. This time we use a different approach
which can be implemented more efficiently. All buttons have different names and
we can find out which button was used to submit the form by checking which
name has a non-null value.
A new FOO or BAR item can be put into the shopping cart by simply
incrementing the counter in the array. Note that the array does not need to be