Selected Topics

1
Chapter 10

• Selected Topics

2
Beans

• A bean is a prebuilt software component that can
  be integrated with other components in building
  an application.
• As part of a potentially serializable
  application, a bean too should be serializable.
• Serializability is the minimum condition for
  being a bean.

3
Beans

• Beans can use the same programming constructs and
  standard classes as other program types.
• Beans leverage the basic event model for
  interbean communication.
• Property change events are particularly useful
  for bean communication.

4
Property change events

• Property change events conform to the underlying
  event delegation model
• An event source is an object whose property
  changes have registered listeners.
• If a property change event fires, listeners are
  notified by having the appropriate callback
  method invoked automatically with a
  PropertyChangeEvent argument.

5
Property change events

• Properties are defined in the standard way, that
  is, through get/set method pairs.
• A bound property is a for which listeners can
  register interest in change events.
• A constrained property can be changed only if no
  registered listener vetoes the change.

6
Property sheets

• A well-implemented bean may have an accompanying
  property sheet, which is a GUI to support the
  visual editing of the beans properties.
• The beanbox utility (available as part of the
  Bean Development Kit from Sun) provides a test
  container for beans together with a property
  sheet for visual property editing.

7
Enterprise Java Beans

• EJB technology extends basic bean technology to
  support the development and especially the
  deployment of components across a large
  enterprise.
• In particular, EJB technology provides middleware
  infrastructure so that clients can request
  services from location-transparent components,
  which are the EJBs.

8
Summary of bean technology

• The strength of bean technology is that it
  extends basic Java to support components.
• Bean technology is not a radical departure from
  but rather an extension of Java technology.
• The bean type is flexible. Recall that every
  applet is also a bean.

9
Security

• Java has a hierarchy of security constructs, from
  basic information hiding through the bytecode
  verifier, class loader, security manager, and
  access controller.
• The bytecode verifier performs run-time checks on
  the bytecodes of all nonstandard classes. For
  instance, the verifier checks that method
  invocations are type safe.

10
Security manager

• The security manager determines at run time which
  operations a program can perform and prevents a
  program from performing proscribed operations.
• The security manager uses an access controller to
  implement a security policy in high-level terms
  such as permissions.

11
Security manager

• As an example, consider an applet under sandbox
  security that attempts to write to the local
  disk. The security manager detects the disallowed
  operation and throws an AccessControlException to
  prevent it.

12
Security manager

• In general, Java applications do not require a
  security manager but can be provided one. The
  basic approach is to
• Extend the SecurityManager class and override
  inherited methods such as checkWrite.
• An override throws a security exception to
  disallow an operation such as writing.

13
Security manager

• The System class has a static method
  setSecurityManager for setting a security
  manager.
• RMI clients and servers typically set a security
  manager to an RMISecurityManager.
• Once set, a security manager cannot be disabled.

14
Access controller

• The access controller provides high-level
  constructs such as permissions (e.g.,
  FilePermissions and SocketPermissions) and
  policies for implementing the appropriate
  security for a program.
• The java.security and java.policy files allow
  security policy to be set at the text file level.

15
Authentication

• Cryptography, or the science of secret writing,
  is a broad field. This chapter focuses on the
  subfield of authentication.
• Authentication is particularly important in
  distributed applications in which a receiver
  needs to authenticate that a message has come
  from a particular sender.
• A message consists of arbitrary bytes.

16
Authentication

• Digital signatures provide high-level support for
  authentication.
• A sender digitally signs a message.
• A receiver verifies that the received digital
  signature is the expected senders digital
  signature.

17
Digital signatures

• A digital signature is an encrypted message
  digest.
• As the name suggests, a message digest is a short
  or digested form of a message.
• In technical terms, a message digest is a secure
  one-way function that takes arbitrary size data
  as input and produces a fixed-length hash value
  as output.

18
Digital signatures

• A message digest is secure in that the original
  message cannot be reconstructed from the digest
  even if the underlying digest algorithm is known.
• Java supports various message digest algorithms
  such as MD5.

19
Digital signatures

• A digital signature for a message is constructed
  by
• Generating a message digest from the message
  data.
• Encrypting the message digest using an encryption
  key.
• For distributed applications, public encryption
  key systems are typically used.

20
Digital signatures

• In a public key encryption system, a key pair
  consisting of a public and a private key are
  generated.
• The senders private key is used to sign the
  message.
• The corresponding public key is used by receivers
  to verify the signature.

21
Digital signatures

• Java has library support for public/private key
  pairs, digital signatures, and signature
  verification.
• The code for generating key pairs, digitally
  signing messages, and verifying digital
  signatures is straightforward.

22
Digital signatures

• Given that kp refers to a KeyPair, the code
  segment
• Signature ds
• Signature.getInstance( DSA )
• ds.initSign( kp.getPrivate() )
• ds.update( myMessageBytes )
• byte sig ds.sign()
• shows the syntax for a signing a message.

23
Digital signatures

• Given that kp refers to a KeyPair, the code
  segment
• Signature ds
• Signature.getInstance( DSA )
• ds.initVerify( kp.getPublic() )
• ds.update( byteArray )
• boolean b ds.verify( byteArray )
• shows the syntax for a verifying signature.

24
Digital signatures

• Applets and other code or data that move from one
  machine to another often need to be digitally
  signed to assure the receiver that the code or
  data can be trusted.
• Javas support for digital signatures is
  extensive, flexible, sophisticated, and
  high-level.

25
Reflection

• Reflection technology allows a program to obtain
  run-time type information about classes,
  interfaces, and objects.
• For instance, reflection can be used to determine
  an objects class, the classs scope, the classs
  superclass, whether the class implements a
  particular interface, a list of class members,
  and so forth.

26
Reflection

• Every object obj encapsulates a getClass() method
  that returns a reference to a Class object, which
  in turn encapsulates information about objs
  class.
• The Class object then can be used to gather
  run-time information about obj such as its public
  instance methods and fields.

27
Reflection

• Suppose that ref refers to an Applet. After the
  statement
• Class c ref.getClass()
• executes, c refers to an object that has
• information about the applet such as its
• superclass c.getSuperclass().

28
Reflection

• The java.reflect package has classes such as
  Member, Method, and Field to represent language
  constructs.
• The Class class and the reflection package
  classes together deliver state-of-the-art
  reflection technology in Java.
• Reflection is used extensively in utilities such
  as the beanbox.

29
Servlets

• Servlet technology supports server-side scripting
  under Java.
• Server-side scripting is a common technology is
  modern Web-based applications. In a typical
  scenario,
• A client browser downloads an HTML document such
  as an order form

30
Servlets

• The form is filled in and submitted to the
  server.
• A Web server program (e.g., Apache) receives and
  client submission known as a request and invokes
  a server-side program to process the request.
• The program may access a database, generate
  dynamic Web content to be sent back to the
  client, and so forth.

31
Servlets

• Alternative technologies include CGI scripting
  using C or Perl and Microsofts ASP (Active
  Server Pages) technology.
• Servlet technology is augmented by JSP (Java
  Server Pages), a scripting language that
  generates servlets on the fly.
• JSP, at a technical level, is a
  servlet-generation language.

32
Servlets

• Servlets have full access to standard class
  libraries and programming constructs.
• Servlets are highly flexible. For instance, a
  servlet could act as an RMI server, although this
  represents a nonstandard use of the technology.

33
Servlets

• Servlets, like applets, are typically launched
  from an HTML document.
• Servlets, unlike applets, are meant to execute on
  the server rather than on the client.
• The servlet package includes a Servlet interface
  and a concrete HttpServlet class.

34
Servlets

• A typical servlet is constructed as follows
• A public class extends HttpServlet. For full
  customization, the class could directly implement
  the Servlet interface.
• The methods doGet and doPost are overridden to
  execute the same code (e.g., one method might
  simply invoke the other). These are the callbacks
  for client requests.

35
Servlets

• doGet and doPost each receive two arguments, an
  HttpServletRequest and an HttpServletResponse.
• The request argument encapsulates information
  sent from the client to the server. The
  getParameter method, also available in applets,
  can be used to get particular pieces of
  information.

36
Servlets

• The response argument has an associated
  PrintWriter suitable for writing HTML and plain
  text back to the client.
• In general, the request argument represents bytes
  sent from the client to the server, whereas the
  response argument enables bytes to sent from the
  server back to the client.

37
Servlets and database

• Although servlets can execute arbitrary code,
  they typically perform database operations as
  part of handling client requests.
• The java.sql package supports JDBC or Java
  database technology.

38
Database

• JDBC technology requires a knowledge of
  relational database technology in general and of
  SQL (Structure Query Language) in particular.
• JDBC support for databases is high-level and
  flexible.

39
Database

• The basic steps in a JDBC program are
• The program loads the appropriate database
  driver, software that enables the program to
  interact with a particular database product.
• The program uses the DriverManager to open a
  database connection.
• The program generates Statements such as a SQL
  queries that can be executed.

40
Database

• If the executed statement is a query, the
  statement returns a ResultSet or set of database
  table records. The program processes the records
  in an appropriate fashion.
• The program closes the database connection once
  the connection is no longer needed.