Securing Clientserver Transactions

.. are signed with the Protocol role, and instrument cassettes are signed with the Instrument role so they can register themselves in the JCC framework cassette registry. A ticket is a use-once token of the capabilities authorized by a given role. An operation cassette depends on one or more specific protocol cassettes. Protocol cassettes implement the functionality to carry out online commerce protocols.

Gates are authentication methods. All communication with a cassette takes place through its gate. For example, the protocol cassette gives the ticket it received from the operation cassette to the JCC Role Manager, which checks that the ticket has not been altered since it was first loaded. If the security check passes, the cassette is given a permit. Permits are objects returned by the gate. For example, if the ticket has not been altered, the JCC framework stamps the ticket and passes it back to the protocol cassette’s gate.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

To summarize, a cassette is signed with a role, which gets it a ticket, which gives the cassette a permit to do something. The JCC framework manages the interoperations between the operation, protocol, and instrument cassettes with tickets, gates, and permits. Four Steps to Writing a Cassette The short example for this series describes how to create the operation, protocol, and instrument cassettes for a simple purchase transaction. A purchase transaction might be initiated when a web store shopper chooses an item and selects the Pay button on a merchant server. The Java Commerce Message (JCM) contains information on valid instruments for that shopper. The JCC framework finds the intersection of valid instruments for the shopper and instruments recognized by the merchant server and displays those instruments on the merchant server so the shopper can choose the mode of payment. The JCC framework sends the JCM, which contains other information about the transaction, to the client machine where the correct cassettes are loaded (or installed and loaded) to execute the transaction. The four steps to writing a cassette are as follows: 1.

Implement a CassetteControl class and create a Java Commerce Message (JCM) file. This step is covered below. 2. Implement the operation, protocol, or instrument commerce Bean to go with the CassetteControl class. 3.

Implement gates and permits. 4. Sign the JAR file with roles. The JAR file bundles the compiled CassetteControl class, commerce Bean class, and other related files into a cassette. teControl Class Every cassette must have exactly one CassetteControl class that extends java.commerce.cassette.Cassette.

This class is the first class loaded by the CassetteClassLoader. The installer uses this class to install the registry database for registering operations, protocols, and instruments. The cassette runtime uses this class to update the cassette with new software versions. The code below implements a CassetteControl class for a cassette that handles a purchasing operation. The operation cassette works with one or more protocol cassettes, which in turn work with one or more instrument cassettes.

The CassetteControl methods are called by the JCC framework during cassette installation based on information provided in the installed Java Commerce Message (JCM), which is created in the second part of Step 1 below. Note that cassettes can only interoperate with cassettes upon which they have a designated dependency as specified in the JCM for the operation. This dependency information is returned by the get*Identifier methods. import java.net.URL; import.java.util.Date; import javax.commerce.*; import javax.com.sun.commerce.*; public final class CassetteControl extends Cassette { private static final CassetteIdentifier myCassetteIdentifier = new CassetteIdentifier(purchase, 1, 1); private static final CassetteIdentifier[] dependencyIdentifiers = null; public CassetteControl() {} /* Cassete abstract method redefinitions */ protected CassetteIdentifier getCurrentVersionIdentifier() { return myCassetteIdentifier; } protected CassetteIdentifier[] getDependencyIdentifiers() { return dependencyIdentifiers; } protected void install() { registerOperation( PurchaseOperation.OPERATION NAME, com.sun.commerce.purchase.PurchaseOperation); } /* These methods are not implemented yet. */ protected void init() { } protected void shutdown() { } protected URL[] getJCMForLatestVersion() { return null; } protected Date getExpirationDate() { return null; } protected boolean doUpdate(Date lastUpdate) { return false;} protected void uninstall() { } } Create the Java Commerce Message for the Purchase Operation Every operation requires an associated Java Commerce Message (JCM).

A JCM is an electronic message sent from the web server to the client JCC framework. There are many ways to structure a JCM transaction. One scenario for a purchase transaction initiated in an applet could be as follows: A shopper makes a selection that triggers the electronic purchase operation. The web server applet then queries the shopper for payment and other relevant information, plugs that information into a JCM template, and sends the JCM to the JCC framework installed on the initiating client’s system. The JCM contains a body of name=value pairs that describe the transaction. When the JCC framework finds the operation=purchase line in the JCM, it searches for the purchase operation cassette specified in the CassetteIdentifier method in the CassetteControl class.

In this example, the purchase cassette is purchase 1.1. The JCC framework then passes the JCM to that operation Bean, which in turn parses the JCM. Here is the JCM for the Purchase operation. The purchase operation cassette uses MasterCard and VISA as instruments, and the Secure Electronic Transfer (SET) and Secure Socket Layer (SSL) protocols. The JCM for the purchase operation also includes product and price information.

#Specify the Operation Operation=Purchase #Specify the valid instruments and protocols ValidInstruments=Visa, MasterCard ValidProtocols=SSL, SET #Parameters for the purchase operation purchase.item=widget purchase.price=2.24 USD #Parameters for the SSL and SET protocols SSL.Submit=http://somecgi SET.MerchantServer=http://setserver Create the Java Commerce Message for the Install Operation Here is the JCM for the install operation. If the correct purchase cassette is not found on the local system, the correct purchase cassette is downloaded from the web server and automatically installed. The purchase and installation operations are separate operations each requiring their own JCM. The install JCM is usually a flat file because it does not normally contain any dynamic information. #Install the cassette Operation=Install CassetteIdentifier=purchase 1.1 CassetteLocators.1=http://www.sun.com/purchase.jar DependencyCassetteLocators.1.1= http://www.sun.com/set.jcm The CassetteIdentifier parameter is the unique identifier passed to myCassetteIdentifier method in the CassetteControl class implementation.

The CassetteLocators parameter is the location of the JAR file that contains the cassette, and the DependencyCassetteLocators parameter points to the insall JCMs for the cassettes on which this cassette depends. References Article: Jackson, Richard. Running Down the Up-escalator: Regional Inequality I n Papua New Guinea. Australian Geographer 14 (May 1979): 175-84. Pitts, David and Ball, Bill Red Hat 6 Unleashed.

Sams, 1999. Stapleton, Lisa and Pawlan, Monica. Electronic Commerce, Part One: Getting into the Game *http://developer.java.sun.com/developer/index.htm l *. May 1992. Bibliography References Article: Jackson, Richard. Running Down the Up-escalator: Regional Inequality I n Papua New Guinea. Australian Geographer 14 (May 1979): 175-84. Pitts, David and Ball, Bill Red Hat 6 Unleashed. Sams, 1999.

Stapleton, Lisa and Pawlan, Monica. Electronic Commerce, Part One: Getting into the Game . May 1992. Computers Essays.