posted on by

Security In Jsp

Filed under Uncategorized
0

Introduce security as a major concern for data exchanged over the Internet by giving examples of hacking and misuse of data. Explain SSL to the students.

Shift focus to recent developments in the Internet domain and introduce XML as a revolutionary technology for data description, exchange, and storage. Explain XML in detail using ample examples. Refer to the Focus Areas section to explain XSL and XSLT.

Finally introduce basic EJB concepts to the students. Being an advanced topic, you could ask the students to refer to the following link for more information.

http://www.ejbtut.com/EntityCreate.jsp

The following section provides some extra inputs on the important topics covered in the SG:

Generating SSL Certificate

SSL certificates can be created using Java’s keytool application. This application is installed in JAVA_HOME/bin directory. For generating SSL certificate, perform the following steps. You can view the help and various options available with keytool by executing it without any parameter:

  1. Execute the following command at the command prompt:

%JAVA_HOME%\bin\keytool -genkey -alias alias_name -keyalg RSA \ -keystore keystore_path

where, alias_name is the name of the server and website URL for which this certificate will be used. Keystore path is the directory into which this certificate will be stored.

  1. Answer the following questions asked at the command prompt:

Enter keystore password:  123456

What is your first and last name?

[Unknown]:  na

What is the name of your organizational unit?

[Unknown]:  na

What is the name of your organization?

[Unknown]:  na

What is the name of your City or Locality?

[Unknown]:  na

What is the name of your State or Province?

[Unknown]:  na

What is the two-letter country code for this unit?

[Unknown]:  na

Is CN=na, OU=na, O=na, L=na, ST=na, C=na correct?

[no]:  y

Key password is too short – must be at least 6 characters

Enter key password for <alias_name>

(RETURN if same as keystore password):  123456

After successfully completing the above, SSL certificate will be generated by the name of file specified under keystore_path.

Installing SSL Certificate on Tomcat

The universally accepted SSL port is 443 but Tomcat uses port 8443 for SSL by default. Therefore, for accessing secure channel onto Tomcat use https://localhost:8443.

For installing the SSL certificate on Tomcat, edit server.xml file. This file can be located under CATALINA_HOME/conf directory. Uncomment the following connector element:

After that, edit the keystorefile and keystorepassword attribute for Factory element by navigating to class customizations within server.xml. Set keystorefile to the complete path directing to SSL certificate and set keystorepassword as same as the password used for generating the certificate using keytool.

Introducing XSL and XSLT

XSL is a very important concept in web programming. It is for XML what CSS is for HTML. XSL stands for eXtensible Stylesheet Language. Unlike CSS, XSL does not have any definitions for any particular tag.

XSL is more popularly known as XML Style Sheets. XSL is much more than a style sheet language. It adheres to an XML-like syntax and provides various parsing and selecting capabilities from an XML file using XSL Transformation (XSLT).

Following are some brief examples using XSL:

<?xml version=’1.0′?>

<xsl:stylesheet xmlns:xsl=”http://www.w3.org/1999/XSL/Transform”

version=”1.0″>

<xsl:template match=”speech”>

<p><xsl:apply-templates/></p>

</xsl:template>

<xsl:template match=”attenuated”>

<i><xsl:apply-templates/></i>

</xsl:template>

</xsl:stylesheet>

The following XML can be parsed with above XSL file:

<?xml version=’1.0′?>

<speech>Hello 123 <attenuated>testing</attenuated></speech>

On parsing it will generate the following output:

<?xml version=”1.0″ encoding=”utf-8″?>

<p>Hello 123 <i>testing</i></p>

Multiple XSL files can be used with a single XML file. For example, there can be separate XSLs for generating content for mobile devices. For linking an XSL with an XML, INSERT IGNORE the following element before root:

<?xml-stylesheet type=”text/xsl” href=”url_of_xsl”?>

XSLT is embedded inside the XSL file and has elements for conditions, looping, selection, and so on. Using it, an XML document can be filtered for content for any possible combination. Some of the important elements are of XSLT are:

xsl:for-each: It is used to select all child nodes of a particular node. <xsl:for-each select=”some_node”></xsl:for-each> will loop for all the first level children of some_node. If there are more than one type of children at the same level, output can be sorted by using <xsl:sort select=”sort_by”/>.

xsl:if: It is used with test attribute. When the comparison inside test returns true content, inside xsl:if is followed. It can be used with xsl:for-each to filter out some nodes. For example, <xsl:if test=”boolean”>…</xsl:if>.

xsl:choose: It works as switch-case as in high level programming languages. It is always used with an xsl:when element, which contains the test. xsl:otherwise works as a default case. For example:

<xsl:choose>

<xsl:when test=”one”></xsl:when> (should have at least one occurrence)

<xsl:otherwise></xsl:otherwise> (optional)

</xsl:choose>

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>