Project assignment 4:

Putting together applets and servlets; Secure data transmission; Testing your web site.

Due Tuesday, April 30th at 8pm in Elena's office

See the submission instructions. On the first page of your report please include the URL for the entrance page of your web site (it can be an HTML document on puma or a servlet on birch).

This assignment has three parts: combining the applets for Project Assignment II with the servlets for Project Assignment III, implementing secure data transmission via SSL protocol, and finishing up and testing your web site. The second part is very easy to implement (you just use https instead of http), so you should allocate most time for the first part and for testing. In the end of this assignment your web site should be pretty much completed and ready for testing by others.

Part 1. Putting together applets and servlets

A brief overview

Recall that the shopping cart servlet keeps track of the products that the customer is about to buy (Project assignment 3), and the order form applet allows user to enter the address, credit card number, and other payment/shipping information (Project assignment 2). In the final part of the project we will put the two parts together.

Your applets will reside in your project account on puma (in public_html directory). Applets in a browser are invoked from an HTML page. There are two ways of using HTML pages: they can be non-changing pages stored on puma in the same directory as the applets, or they can be dynamically generated by servlets. The advantage of the second approach is that the HTML page can pass a parameter to the applet, and since the page is generated dynamically, the value of the parameter will be different for different applet invocations. The lecture notes give examples of both methods.

You most probably will need the second method to pass information from the shopping cart servlet to the order form applet, but you can use the first method to incorporate applets that don't require parameter passing (s.a. a feedback form).

How to make HTML pages and applets accessible for browser

To be able to access HTML documents and applets from a browser, you need to do the following:

Copy the HTML documents and applet .class files into the public_html directory (you may create subdirectories, if you wish, but if you do, make sure to add "r" and "x" permissions for everyone to each subdirectory).
If your applet accesses the database, copy the mckoidb.jar file into the same directory. Also copy other .class files that the applet uses.
Change permissions to make the HTML files publicly readable (this changes permissions for all HTML files):
```
chmod a+r *.html
```
Change permissions to make the .class files and the .jar file publicly readable and executable:
```
chmod a+rx *.class
chmod a+rx mckoidb.jar
```

You can now access your files at http://cs.wellesley.edu/~proj1/file1 (assuming that your project account name is proj1 and the file name is file1).

What you need to do

Order form: your goal is to achieve the following functionality:

when the user presses the "Checkout" button, the shopping cart servlet generates the order number and stores the list of products in the database (make sure that the order can be filled before storing it in the database, you may use a transaction and roll it back if the order can't be filled). You may store the user's name (or ID) in the Order table if the name is already known at this point.
invoke the order form applet and pass the order number to it as a parameter (see the example in class)
after the user fills in the order form and presses a button, the user's part of order information gets stored in the database. You might want to include the total price (calculated from the order data in the database) in one of the fields of the applet. The user should not be able to edit this field.
the user may need to press another button (on the servlet) to go to the next page (presumably, the "Thank you" page). Unfortunately, this cannot be done just using the applet buttons.

To implement this functionality, you need to include the <:EMBED> tag for the applet in the page generated by the servlet and pass the order number to the applet as a parameter. The page should also include the "Done" or "Continue" button or a link to bring the user to the next page. You may make this link to be a user's "signature" under some standard agreement form ("I agree to terms and conditions...").

Feedback and other forms. Incorporate into your web site all other applets that you have written for Project Assignment 2. If an applet requires a parameter, use the same mechanism as for the order form. If it doesn't, you may use a simpler mechanism in the first example in the lecture notes.

Part 2. Securing your web site

Implementing secure data transmission via SSL Start off by making a list of pages (servlet or HTML) for which the data should be transmitted securely.

Assessment of web site's security In addition to secure data transmission, please make sure that your web site doesn't allow a user to access another user's personal information. Please make a list of security mechanisms that you use: does personal data get displayed on the web site? If yes, can a user access it without a password? If order information is displayed, can a user access it by name, by user ID, or by order number? Are IDs and order numbers randomly generated to make them hard to guess?

If you discover a security flaw, even if you don't have time to fix it, please explain what it is and how it can be fixed.

Part 3. Testing your web site

The goal of the assignment is to have a complete commercial web site. Make sure that all your pages are connected through some path from the Welcome page of your site and have the right functionality. You may add more HTML pages or servlets as needed.

The structure of the web site. Make sure that every page clearly indicates what the user should do: the search buttons and links to other pages are self-explanatory, the link to the shopping cart and/or to checkout is visible on every page, forms clearly name all fields and show which fields are mandatory, the user knows which button(s) to click when she/he is done filling in the form, and so on.

You might need to rearrange the pages to make them more customer-friendly. If you need to make changes, make sure to discuss them with your project teammates first!

The functionality of the web site. Make sure that all the necessary information is stored in the database and is retrieved successfully when needed. Check what happens if you update prices or add another product, if the user decides in the middle of filling an order form that he/she doesn't want to buy the product, etc.

The appearance of the web site. Make sure that all the pages are in the same style, that fonts are visible on the background, etc. You might need to adjust appearance of the applets to fit your general style.

This page has been created and is maintained by Elena Machkasova
Comments and suggestions are welcome at emachkas@wellesley.edu

Spring Semester 2002