1Principles of Information and Database Management198:336Week 9 – Apr 4Matthew StoneData over the WebThree-tier architecturesIngredients of three-tier architectureInformation retrieval: text as data2Design of Network AppsClientApplication LogicDBMSClientPresentation layer– Allows users to make requests– Allows users to provide input– Allows users to see results3Application LogicLayer for control– What should happen with user input?– How does control execute across steps?– What data should be accessed, recorded, and presented?– How should interaction proceed?DBMSDatabase layer– The stuff we’ve been learning about!4Example of BreakdownUser “authentication”– User is challenged for login and password – System checks whether this is OK– Grants the user access or gives suitable errorClient LayerEntering information– Prompts the user for login and password– Gives the user places to specify them– Gives the user a place to hit OK5DBMSStores login information as a table– Valid login names– Encrypted passwordsApplication layerRequires login in client layerGets login information from client– Encrypts passwordChecks if login, encryped password in DBDecides what to do next6Splitting up the DesignClient– Runs on a web browser– Generic, lightweight interface mechanism– Gets (X)HTML description of interaction• Using HTTP(S) protocol– Carries out that interaction with userSplitting up the designApplication layer– Part of a web server • Accepts and responds to HTTP(S) requests– Implemented in generic language• Java servlets, Javascript, PHP, Perl– Connects to DBMS however it likes7Splitting up the designDBMS– Handles generic information functionality– Storage, backup, concurrency, scale, security…Example, idealizedStep 1:– User at machinehome.isp.netasks in web browser for pagehttp://buy.mystuff.com– Client sends HTTP request to server8Example, idealizedStep 2:– Application logic runs as part of web server running on the machine buy.mystuff.comThis happens by running a file for the root of this interaction– Application logic decides user needs to log in– Application logic sends login page back to machine at home.isp.netExample, idealizedData now comes back to home.isp.net<html><form action=“https://buy.mystuff.com/secret” method=“post”>Account: <input type=“text” name=“account” />Key:<input type=“password” name=“key” /><input type=“submit” /></form></html>9Example, idealizedHome.isp.netcreates the interaction described by this data in a browserThe user types, edits, clicks, etc.The result is a new request that goes back to buy.mystuff.comExample, idealizedNow the login logic runs at buy.mystuff.com– We get the values the user typed as parameters – call them A and K– We open a connection to the database, which is a server running at dbms.mystuff.com– We create a safe SQL query asking whether an entry of (A, encrypt(K)) exists in table authorized– We get an answer, yes or no.10Example, idealizedIf authorized, we send back one interaction– We construct a new SQL query using A to access secret information– We format it as HTMLIf unauthorized, we send back another– We construct a new HTML page– Explaining error– Offering another chance to log in?Example, idealizedFinally, the user’s browser at home.isp.netcarries out the last step of the interaction11Design of Network AppsClientApplication LogicDBMSDesign issuesUser experience– Latency– Richness– Adaptivity12Design issuesInfrastructure effectiveness–Trust– Data Integration– Scalability– ModularityMiddle Tier – Servlets Application ServerPool of servlets…13Java Servlets for TomcatOverview:– Define new class with either of two methods: doGet and doPost– Get parameters from request– Check they’re safe– Prepare an SQL query– Set the ? elements in the prepared query– Execute the query– Write out the results through responseJava Servlets for TomcatImplement class HttpServletpublic class ReadUserName extends HttpServlet {public void doGet(HttpServletRequest rq, HttpServletResponse rs) throws ServletException, IOException {…}public void doPost(…) { … }}14Useful methodsFinding stuff out from request rqString rq.getParameter(String)Eg.String account = rq.getParameter(“account”);JDBC StuffString query = “SELECT R.cash “ +“FROM Relationship R “ +“WHERE R.account = ?”;PreparedStatement ps =conn.prepareStatement(query);ps.setString(1, account);ResultSet r = ps.executeQuery();15FinallyWriting stuff out to a response rsPrintWriter out = rs.getWriter();out.println(String);Why not this?String query = “SELECT R.cash” +“ FROM Relationship R” +“ WHERE R.account = “ +account;Statement s = conn.createStatement();ResultSet r = s.executeQuery(query);16Get and URL EncodingWhen you type v1 as the value of n1 and v2 as the value of n2the browser makes a load request for:http://request.com?n1=v1&n2=v2this is a URL, and it requires us to “encode” n1,v1,n2 and v2Encodingimport java.net.URLEncoder;import java.net.URLDecoder;String s’ = URLDecoder.decode(s, “UTF-8”);String s = URLEncoder.encode(s’, “UTF-8”);17Same encoding happens with postBut you don’t construct a URLYou pass data “silently” as part of the http