You no longer need the resources of a small country to be a player in the
electronic commerce game now that the JavaSoft commerce team has introduced
the Java Commerce Client (JCC) framework.
Today, large and small enterprises alike can share the playing field.
The JCC provides a secure, robust, and reliable platform that enables software vendors of any size to write electronic commerce applications. With a framework, you focus on the application-specific business logic and let the framework handle the low-level programming details.
Application-specific code is organized into modules called cassettes. A cassette represents one part (or module) of a transaction. Cassettes are mixed and matched to lay the foundation for an electronic transaction. A cassette designed by one vendor can interact with one or more cassettes by that same vendor or by agreement with a cassette from another vendor. The JCC framework orchestrates cassette interoperations and enforces the high level of security required for reliable transactions between clients and merchant servers.
The framework and cassette innovation supports a full range of large and small money-based applications such as personal finance software, tax calculation programs, and retail sales applications--all of which can run on any Java-enabled platform with the JCC framework installed.
This article is the first in a three-part series on writing cassettes. It introduces the JCC framework, summarizes the four steps to writing a cassette, and provides instructions for the first step. Step 2 is covered in Part Two of this series, and Steps 3 and 4 are covered in Part Three.
The JCC framework consists of commerce-related classes, interfaces, and cassettes for you to implement your own application-specific electronic commerce code, and an environment within which the application code runs. Clients with an installed and configured JCC framework can initiate transactions on a commerce server that execute on the client machine.
The JCC framework enables the cassette interoperations that form a transaction. A cassette is a signed Java ARchive (JAR) file containing the compiled classes that implement one part of an electronic commerce transaction on the client side. One transaction typically involves several interoperating cassettes. Cassette functionality is defined primarily by the code in a commerce Bean. There are several types of commerce Beans, but this series focuses on the following three types that provide the basic functionality for a purchase transaction:
An electronic purchase transaction requires a purchase operation cassette, one or more protocol cassettes, and one or more instrument cassettes.
Note that a commerce Bean is similar to but not exactly like a standard JavaBean. Commerce Beans are not currently written to the same specifications as JavaBeans, and support additional security and other functions required by the JCC framework.
To create the cassettes for a transaction, you can write your own cassette(s), and use or modify any of the following types of cassettes that come with the JCC framework:
The JCC framework uses roles, tickets, gates, and permits to ensure that only authorized cassettes have limited access to information and resources in other cassettes and the JCC framework. This model is called the Gateway Security model because access to sensitive data within a cassette is permitted through specific controlled gateways only.
Roles define what a cassette can do. A cassette is signed for a role or set of roles. For example, every cassette is signed for the Cassette role because this role is required to install the cassette. If a cassette is not installed, the cassette cannot work with the JCC framework. Operation cassettes are signed with the Operation role, protocol cassettes are signed with the Protocol role, and instrument cassettes are signed with the Instrument role so they can register themselves in the JCC framework cassette registry.
>A ticket is a use-once token of the capabilities authorized by a given role. An operation cassette depends on one or more specific protocol cassettes. Protocol cassettes implement the functionality to carry out online commerce protocols.
Gates are authentication methods. All communication with a cassette takes place through its gate. For example, the protocol cassette gives the ticket it received from the operation cassette to the JCC Role Manager, which checks that the ticket has not been altered since it was first loaded. If the security check passes, the cassette is given a permit.
Permits are objects returned by the gate. For example, if the ticket has not been altered, the JCC framework stamps the ticket and passes it back to the protocol cassette's gate.
To summarize, a cassette is signed with a role, which gets it a ticket, which gives the cassette a permit to do something. The JCC framework manages the interoperations between the operation, protocol, and instrument cassettes with tickets, gates, and permits.
The short example for this series describes how to create the operation, protocol, and instrument cassettes for a simple purchase transaction. A purchase transaction might be initiated when a web store shopper chooses an item and selects the Pay button on a merchant server. The Java Commerce Message (JCM) contains information on valid instruments for that shopper. The JCC framework finds the intersection of valid instruments for the shopper and instruments recognized by the merchant server and displays those instruments on the merchant server so the shopper can choose the mode of payment. The JCC framework sends the JCM, which contains other information about the transaction, to the client machine where the correct cassettes are loaded (or installed and loaded) to execute the transaction.
The four steps to writing a cassette are as follows:
CassetteControl class and create a Java Commerce
Message (JCM) file. This step is covered below.CassetteControl class.CassetteControl class, commerce Bean class, and other related
files into a cassette.
Every cassette must have exactly one CassetteControl class that
extends java.commerce.cassette.Cassette.
This class is the first class loaded by the CassetteClassLoader.
The installer uses this class to install the registry database for
registering operations, protocols, and instruments. The cassette
runtime uses this class to update the cassette with new software versions.
The code below implements a CassetteControl class for a cassette that
handles a purchasing operation. The operation cassette works with one or more
protocol
cassettes, which in turn work with one or more instrument cassettes.
The CassetteControl methods are called by the JCC framework during
cassette installation
based on information provided in the installed Java Commerce Message (JCM), which is
created in the second part of Step 1 below.
Note that cassettes can only interoperate with cassettes upon which they have a
designated dependency as specified in the JCM for the operation. This dependency
information is returned by the get*Identifier methods.
import java.net.URL;
import.java.util.Date;
import javax.commerce.*;
import javax.com.sun.commerce.*;
public final class CassetteControl extends Cassette {
private static final CassetteIdentifier
myCassetteIdentifier =
new CassetteIdentifier("purchase", 1, 1);
private static final CassetteIdentifier[]
dependencyIdentifiers = null;
public CassetteControl() {}
/* Cassette abstract method redefinitions */
protected CassetteIdentifier
getCurrentVersionIdentifier() {
return myCassetteIdentifier;
}
protected CassetteIdentifier[]
getDependencyIdentifiers() {
return dependencyIdentifiers;
}
protected void install() {
registerOperation(
PurchaseOperation.OPERATION_NAME,
"com.sun.commerce.purchase.PurchaseOperation");
}
/* These methods are not implemented yet. */
protected void init() { }
protected void shutdown() { }
protected URL[] getJCMForLatestVersion() {
return null; }
protected Date getExpirationDate() {
return null; }
protected boolean doUpdate(Date lastUpdate) {
return false;}
protected void uninstall() { }
}
Every operation requires an associated Java Commerce Message (JCM). A JCM is an electronic message sent from the web server to the client JCC framework. There are many ways to structure a JCM transaction. One scenario for a purchase transaction initiated in an applet could be as follows:
A shopper makes a selection that triggers
the electronic purchase operation. The web server applet then
queries the shopper for payment and other relevant information,
plugs that information into a JCM template, and
sends the JCM to the JCC framework installed on the initiating
client's system. The JCM contains a body of
name=value pairs that describe the transaction.
When the JCC framework finds the operation=purchase line
in the JCM, it searches
for the purchase operation cassette specified in the CassetteIdentifier
method in the CassetteControl class. In this example, the
purchase cassette is purchase_1.1. The JCC framework then
passes the JCM to that operation Bean, which in turn parses the JCM.
Here is the JCM for the Purchase operation. The purchase operation cassette uses MasterCard and VISA as instruments, and the Secure Electronic Transfer (SET) and Secure Socket Layer (SSL) protocols. The JCM for the purchase operation also includes product and price information.
#Specify the Operation Operation=Purchase #Specify the valid instruments and protocols ValidInstruments=Visa, MasterCard ValidProtocols=SSL, SET #Parameters for the purchase operation purchase.item=widget purchase.price=2.24 USD #Parameters for the SSL and SET protocols SSL.Submit=http://somecgi SET.MerchantServer=http://setserver
Here is the JCM for the install operation. If the correct purchase cassette is not found on the local system, the correct purchase cassette is downloaded from the web server and automatically installed. The purchase and installation operations are separate operations each requiring their own JCM. The install JCM is usually a flat file because it does not normally contain any dynamic information.
#Install the cassette Operation=Install CassetteIdentifier=purchase_1.1 CassetteLocators.1=http://www.sun.com/purchase.jar DependencyCassetteLocators.1.1= http://www.sun.com/set.jcm
The CassetteIdentifier parameter is the unique identifier passed to
myCassetteIdentifier method in the CassetteControl
class implementation.
The CassetteLocators parameter is the location of the
JAR file that contains the cassette, and the
DependencyCassetteLocators
parameter points to the install JCMs for the cassettes on which this
cassette depends.
The CassetteControl class, and related JCMs define the specifications
for an operation cassette, which in our example, is a purchase cassette.
The purchase operation consists of several classes, and in particular,
needs an operation Bean to define the protocol and instrument cassettes
it uses.
Part Two describes the operation, protocol,
and instrument cassettes and how to implement commerce Beans.
The JCC framework includes APIs for working with smart cards. JavaWorld is running a series that explains how to use them:
Java Card 2.0 is a framework and set of application programming interfaces (APIs) for designing and writing applets that implement smart card logic.
© 1994-2005 Sun Microsystems, Inc.