1

Chapter 10

Selected Topics

2

Beans

• A bean is a prebuilt software component that can be integrated with other components in building an application.

• As part of a potentially serializable application, a bean too should be serializable.– Serializability is the minimum condition for

being a bean.

3

Beans

• Beans can use the same programming constructs and standard classes as other program types.

• Beans leverage the basic event model for interbean communication.– Property change events are particularly useful

for bean communication.

4

Property change events

• Property change events conform to the underlying event delegation model:– An event source is an object whose property

changes have registered listeners.– If a property change event fires, listeners are

notified by having the appropriate callback method invoked automatically with a PropertyChangeEvent argument.

5

Property change events

• Properties are defined in the standard way, that is, through get/set method pairs.

• A bound property is a for which listeners can register interest in change events.– A constrained property can be changed only if

no registered listener vetoes the change.

6

Property sheets

• A well-implemented bean may have an accompanying property sheet, which is a GUI to support the visual editing of the bean’s properties.

• The beanbox utility (available as part of the Bean Development Kit from Sun) provides a test container for beans together with a property sheet for visual property editing.

7

Enterprise Java Beans

• EJB technology extends basic bean technology to support the development and especially the deployment of components across a large enterprise.– In particular, EJB technology provides

middleware infrastructure so that clients can request services from location-transparent components, which are the EJBs.

8

Summary of bean technology

• The strength of bean technology is that it extends basic Java to support components.

• Bean technology is not a radical departure from but rather an extension of Java technology.

• The bean type is flexible. Recall that every applet is also a bean.

9

Security

• Java has a hierarchy of security constructs, from basic information hiding through the bytecode verifier, class loader, security manager, and access controller.– The bytecode verifier performs run-time checks

on the bytecodes of all nonstandard classes. For instance, the verifier checks that method invocations are type safe.

10

Security manager

• The security manager determines at run time which operations a program can perform and prevents a program from performing proscribed operations.

• The security manager uses an access controller to implement a security policy in high-level terms such as permissions.

11

Security manager

• As an example, consider an applet under sandbox security that attempts to write to the local disk. The security manager detects the disallowed operation and throws an AccessControlException to prevent it.

12

Security manager

• In general, Java applications do not require a security manager but can be provided one. The basic approach is to– Extend the SecurityManager class and

override inherited methods such as checkWrite.

– An override throws a security exception to disallow an operation such as writing.

13

Security manager

• The System class has a static method setSecurityManager for setting a security manager.

• RMI clients and servers typically set a security manager to an RMISecurityManager.

• Once set, a security manager cannot be disabled.

14

Access controller

• The access controller provides high-level constructs such as permissions (e.g., FilePermissions and SocketPermissions) and policies for implementing the appropriate security for a program.

• The java.security and java.policy files allow security policy to be set at the text file level.

15

Authentication

• Cryptography, or the science of secret writing, is a broad field. This chapter focuses on the subfield of authentication.

• Authentication is particularly important in distributed applications in which a receiver needs to authenticate that a message has come from a particular sender.– A message consists of arbitrary bytes.

16

Authentication

• Digital signatures provide high-level support for authentication.

• A sender digitally signs a message.

• A receiver verifies that the received digital signature is the expected sender’s digital signature.

17

Digital signatures

• A digital signature is an encrypted message digest.

• As the name suggests, a message digest is a short or “digested” form of a message.

• In technical terms, a message digest is a secure one-way function that takes arbitrary size data as input and produces a fixed-length hash value as output.

18

Digital signatures

• A message digest is secure in that the original message cannot be reconstructed from the digest even if the underlying digest algorithm is known.

• Java supports various message digest algorithms such as MD5.

19

Digital signatures

• A digital signature for a message is constructed by– Generating a message digest from the message

data.– Encrypting the message digest using an

encryption key.

• For distributed applications, public encryption key systems are typically used.

20

Digital signatures

• In a public key encryption system, a key pair consisting of a public and a private key are generated.

• The sender’s private key is used to sign the message.

• The corresponding public key is used by receivers to verify the signature.

21

Digital signatures

• Java has library support for public/private key pairs, digital signatures, and signature verification.

• The code for generating key pairs, digitally signing messages, and verifying digital signatures is straightforward.

22

Digital signatures

• Given that kp refers to a KeyPair, the code segment

Signature ds =

Signature.getInstance( “DSA” );

ds.initSign( kp.getPrivate() );

ds.update( myMessageBytes );

byte[ ] sig = ds.sign();

shows the syntax for a signing a message.

23

Digital signatures

• Given that kp refers to a KeyPair, the code segment

Signature ds =

Signature.getInstance( “DSA” );

ds.initVerify( kp.getPublic() );

ds.update( byteArray );

boolean b = ds.verify( byteArray );

shows the syntax for a verifying signature.

24

Digital signatures

• Applets and other code or data that move from one machine to another often need to be digitally signed to assure the receiver that the code or data can be trusted.

• Java’s support for digital signatures is extensive, flexible, sophisticated, and high-level.

25

Reflection

• Reflection technology allows a program to obtain run-time type information about classes, interfaces, and objects.– For instance, reflection can be used to

determine an object’s class, the class’s scope, the class’s superclass, whether the class implements a particular interface, a list of class members, and so forth.

26

Reflection

• Every object obj encapsulates a getClass() method that returns a reference to a Class object, which in turn encapsulates information about obj’s class.

• The Class object then can be used to gather run-time information about obj such as its public instance methods and fields.

27

Reflection

• Suppose that ref refers to an Applet. After the statement Class c = ref.getClass();

executes, c refers to an object that has

information about the applet such as its

superclass: c.getSuperclass().

28

Reflection

• The java.reflect package has classes such as Member, Method, and Field to represent language constructs.

• The Class class and the reflection package classes together deliver state-of-the-art reflection technology in Java.

• Reflection is used extensively in utilities such as the beanbox.

29

Servlets

• Servlet technology supports server-side scripting under Java.

• Server-side scripting is a common technology is modern Web-based applications. In a typical scenario,– A client browser downloads an HTML

document such as an order form

30

Servlets

– The form is filled in and submitted to the server.

– A Web server program (e.g., Apache) receives and client submission known as a request and invokes a server-side program to process the request.

– The program may access a database, generate dynamic Web content to be sent back to the client, and so forth.

31

Servlets

• Alternative technologies include CGI scripting using C or Perl and Microsoft’s ASP (Active Server Pages) technology.

• Servlet technology is augmented by JSP (Java Server Pages), a scripting language that generates servlets on the fly.– JSP, at a technical level, is a servlet-generation

language.

32

Servlets

• Servlets have full access to standard class libraries and programming constructs.

• Servlets are highly flexible. For instance, a servlet could act as an RMI server, although this represents a nonstandard use of the technology.

33

Servlets

• Servlets, like applets, are typically launched from an HTML document.

• Servlets, unlike applets, are meant to execute on the server rather than on the client.

• The servlet package includes a Servlet interface and a concrete HttpServlet class.

34

Servlets

• A typical servlet is constructed as follows:– A public class extends HttpServlet. For

full customization, the class could directly implement the Servlet interface.

– The methods doGet and doPost are overridden to execute the same code (e.g., one method might simply invoke the other). These are the callbacks for client requests.

35

Servlets

– doGet and doPost each receive two arguments, an HttpServletRequest and an HttpServletResponse.

– The request argument encapsulates information sent from the client to the server. The getParameter method, also available in applets, can be used to get particular pieces of information.

36

Servlets

– The response argument has an associated PrintWriter suitable for writing HTML and plain text back to the client.

– In general, the request argument represents bytes sent from the client to the server, whereas the response argument enables bytes to sent from the server back to the client.

37

Servlets and database

• Although servlets can execute arbitrary code, they typically perform database operations as part of handling client requests.

• The java.sql package supports JDBC or Java database technology.

38

Database

• JDBC technology requires a knowledge of relational database technology in general and of SQL (Structure Query Language) in particular.

• JDBC support for databases is high-level and flexible.

39

Database

• The basic steps in a JDBC program are– The program loads the appropriate database

driver, software that enables the program to interact with a particular database product.

– The program uses the DriverManager to open a database connection.

– The program generates Statements such as a SQL queries that can be executed.

40

Database

– If the executed statement is a query, the statement returns a ResultSet or set of database table records. The program processes the records in an appropriate fashion.

– The program closes the database connection once the connection is no longer needed.