MCS 051

MCS-051 ASSIGNMENT SOLUTION (2019-20)
For more updates: Umesh

Solved Assignment…….
Contact me on
whatsapp:9507516410
/8789841106 If you have any
queries please
e-mail id: leave a message
here
umeshmahato75@gmail.com
website:-
srijanservices.com/c2c
Q1. a) What are the main objectives of session tracking? What are the two ways to handle session tracking ?
Explain with the help of an example.
Answer : - HTTP is a “stateless” protocol. Each time a client retrieves a Web page, the client opens a separate
connection to the Web server and the server does not keep any record of previous client request.
Session tracking enables you to track a user's progress over multiple servlets or HTML pages, which, by nature, are
stateless.
A session is defined as a series of related browser requests that come from the same client during a certain time
period.
When there is a need to maintain the conversational state, session tracking is needed. For example, in a shopping
cart application a client keeps on adding items into his cart using multiple requests. When every request is made, the
server should identify in which client’s cart the item is to be added. So in this scenario, there is a certain need for
session tracking.
Solution is, When a client makes a request it should introduce itself by providing unique identifier every time.
Cookies
A cookie is a small piece of data sent from a website and stored in a user’s web browser while the user is browsing
that website.
A cookie’s value can uniquely identify a client, so cookies are commonly used for session management. Browser
stores each message in a small file, called cookie.txt. When you request another page from the server, your browser
sends the cookie back to the server. Cookies have lifespan and are flushed by the client browser at the end of
lifespan.
Simple Example of Servlet Cookies

TestServlet.java
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class TestServlet extends HttpServlet
{
public void doGet(HttpServletRequest request, HttpServletResponse response)
{
try
{
response.setContentType("text/html");
PrintWriter out = response.getWriter();
out.print("<form action='http://localhost:9000/myApp/FirstServlet' method='post'>");
out.print("<p>Name : <input type='text' name='userName'/></p>");
out.print("<input type='submit' value='GO'/>");
out.print("</form>");
out.close();
}
catch(Exception e) { System.out.println(e); }
}
}
FirstServlet.java
import java.io.*;
public class FirstServlet extends HttpServlet
{
public void doPost(HttpServletRequest request, HttpServletResponse response)
{
try
{
String s = request.getParameter("userName");
out.print("Welcome " + s);
//Creating cookie object
Cookie c = new Cookie("uname", s);
//Adding cookie in the response
response.addCookie(c);
//Creating submit button
out.print("<form action='http://localhost:9000/myApp/SecondServlet'>");
out.print("<p><input type='submit' value='GO'></p>");
out.close();
}
}
}
SecondServlet.java
import java.io.*;
public class SecondServlet extends HttpServlet
{
{
try
{
Cookie c[] = request.getCookies();
out.print("Hello " + c[0].getValue());
out.close();
}
}
}
HttpSession Interface
In such case, container creates a session id for each user.The container uses this id to identify the particular user.An
object of HttpSession can be used to perform two tasks :
1. Bind objects
2. View and manipulate information about a session, such as the session identifier, creation time, and last
accessed time.
Example of using HttpSession
TestServlet.java
import java.io.*;
public class TestServlet extends HttpServlet
{
{
try
{
out.print("<form action='http://localhost:9000/myApp/FirstServlet' method='post'>");
out.print("<p>Name : <input type='text' name='userName'/></p>");
out.print("<input type='submit' value='GO'/>");
out.close();
}
}
}
FirstServlet.java
import java.io.*;
public class FirstServlet extends HttpServlet
{
public void doPost(HttpServletRequest request, HttpServletResponse response)
{
try
{
String s = request.getParameter("userName");
out.print("Welcome " + s);
HttpSession session = request.getSession();
session.setAttribute("uname", s);
out.print("<form action='http://localhost:9000/myApp/SecondServlet'>");
out.print("<p><input type='submit' value='GO'></p>");
out.close();
}
}
}
SecondServlet.java
import java.io.*;
public class SecondServlet extends HttpServlet
{
{
try
{
HttpSession session = request.getSession(false);
String s = (String)session.getAttribute("uname");
out.print("Hello " + s);
out.close();
}
}
}
Q1. b) What are the major differences between a session and a cookie ?
Answer : -
Session
A session creates a file in a temporary directory on the server where registered session variables and their values are
stored. This data will be available to all pages on the site during that visit.
A session ends when the user closes the browser or after leaving the site, the server will terminate the session after a
predetermined period of time, commonly 30 minutes duration.
Cookies
Cookies are text files stored on the client computer and they are kept of use tracking purpose. Server script sends a
set of cookies to the browser. For example name, age, or identification number etc. The browser stores this
information on a local machine for future use.
When next time browser sends any request to web server then it sends those cookies information to the server and
server uses that information to identify the user.
Q2. Assume there is a table named students which created is Oracle database having the following fields :
 E-number
 S-name
 Name - of school
 Programme
 Year of admission
 Date of birth
a) Enter at least 5 records and write a servlet code which will display all the fields of the above table and all
records entered in the table in a tabular form.
Answer : - CREATE TABLE students (enrolment_no INT, s_name VARCHAR2(50) NOT NULL, name_of_school
VARCHAR2(100) NOT NULL, programme VARCHAR2(100) NOT NULL, year_of_admission INT NOT NULL,
date_of_birth DATE NOT NULL, PRIMARY KEY(enrolment_no));
INSERT INTO students VALUES (105508015, 'Amit Das', 'School of Computer Sciences', 'Master of Computer
Application', 2010, TO_DATE('12-09-1980','DD-MM-YYYY'));
INSERT INTO students VALUES (105508045, 'Manirash Das', 'School of Computer Sciences', 'Bachelor of
Computer Application', 2010, TO_DATE('10-05-1993','DD-MM-YYYY'));
INSERT INTO students VALUES (105508022, 'Debabrata Panchadhyay', 'School of Computer Sciences', 'Master of
INSERT INTO students VALUES (140504028, 'Ankitaa Das', 'School of Computer Sciences', 'Master of Computer
Application', 2018, TO_DATE('18-07-1999','DD-MM-YYYY'));
INSERT INTO students VALUES (150508042, 'Prankrishna Banik', 'School of Computer Sciences', 'Bachelor of
DisplayRecord.java
import java.io.*;
import java.sql.*;
import oracle.jdbc.driver.*;
public class DisplayRecord extends HttpServlet
{
public void doGet(HttpServletRequest request, HttpServletResponse response)throws ServletException, IOException
{
String url="jdbc:oracle:thin:@localhost:1521:xe";
String user="system";
String password="9748516231";
try
{
Class.forName("oracle.jdbc.driver.OracleDriver");
Connection conn = DriverManager.getConnection(url, user, password);
Statement stmt = conn.createStatement();
ResultSet rs = stmt.executeQuery("SELECT * FROM students");
out.println("<center><p><table border='3' cellpadding='5'>");
out.println("<tr>");
out.println("<th>Enrolment No.</th>");
out.println("<th>Student Name</th>");
out.println("<th>Name of School</th>");
out.println("<th>Programme</th>");
out.println("<th>Year of Admission</th>");
out.println("<th>Date of Birth</th>");
out.println("</tr>");
while(rs.next())
{
out.println("<tr>");
out.println("<td>" + rs.getString("enrolment_no") + "</td>");
out.println("<td>" + rs.getString("s_name") + "</td>");
out.println("<td>" + rs.getString("name_of_school") + "</td>");
out.println("<td>" + rs.getString("programme") + "</td>");
out.println("<td>" + rs.getString("year_of_admission") + "</td>");
out.println("<td>" + rs.getString("date_of_birth") + "</td>");
out.println("</tr>");
}
conn.close();
out.println("</table></p></center>");
}
catch(Exception e) { e.printStackTrace(); }
}
}
Q2. b) Answer the following SQL queries related to the student table.
(i) List all the student enrolled in a school of computer sciences in the year 2016.
Answer : - SELECT * FROM students WHERE name_of_school='School of Computer Sciences' AND

year_of_admission=2016;
(ii) Count the number of students registered in BCA Programme.
Answer : - SELECT COUNT(enrolment_no) FROM students WHERE programme='Bachelor of Computer

Application';
(iii) List all the students below the age of 25 years.
Answer : - SELECT * FROM students WHERE date_of_birth > TO_DATE('16-10-1994','DD-MM-YYYY')
Q3. Differentiate between the two different types of servlets? What are the two interfaces in the servlet API.
Answer : -
Generic Servlet
 Generic Servlet is protocol independent, i.e it can handle all types of protocols like http, ftp, smtp etc.
 GenericServlet class is direct subclass of Servlet Interface.
 GenericServlet is an abstract class which
implements Servlet, ServletConfig and java.io.Serializable interfaces.
 GenericServlet belongs to javax.servlet package.
 Generic Servlet supports only service() method. Extending class must override public abstract void
service(ServletRequest request, ServletResponse response) method.
 GenericServlet implements ServletConfig interface and provides way to accept initialization parameter
passed to Servlet from web.xml e.g. by using getInitParamter().
GenericServlet Example
import java.io.*;
public class GenericServletExample extends GenericServlet
{
public void service(ServletRequest request, ServletResponse response)throws IOException,ServletException
{
PrintWriter out=response.getWriter();
out.print("<html><body><center><h2>GenericServlet Example</h2></center></body></html>");
}
}
HttpServlet Class
 HttpServlet is protocol dependent. It supports only http protocol.
 HttpServlet class is the direct subclass of Generic Servlet.
 HttpServlet is an abstract class which extends GenericServlet and implements java.io.Serializable interface.
 HttpServlet belongs to javax.servlet.http package.
 HttpServlet overrides service() method of Generic Servlet and provides callback
on doXXX(HttpServletRequest request, HttpServletResponse response) method whenever it receives
HTTP request. It supports doGet(), doPost(), doPut(), doDelete(), doHead(), doTrace(),
doOptions() methods.
 HttpServlet has two service methods public void service(ServletRequest request, ServletResponse
response) and protected void service(HttpServletRequest request, HttpServletResponse response). All the
request first goes to the public service() method, which wrap into Http Objects and calls protected
service() method.
HttpServlet Example
import java.io.*;
public class HttpServletExample extends HttpServlet
{
public void doGet(HttpServletRequest request, HttpServletResponse response)throws IOException
{
PrintWriter out=response.getWriter();
out.print("<html><body><center><h2>HttpServlet Example</h2></center></body></html>");
}
}
Q4. a) Explain the role of JSP in design of dynamic website.
Answer : - Solve it soon
Q4. b) Define custom tags in JSP and describe components that make up a tag library in JSP.
Answer : - A custom tag is a user-defined JSP language element. When a JSP page containing a custom tag is
translated into a servlet, the tag is converted to operations on an object called a tag handler. The Web container then
invokes those operations when the JSP page’s servlet is executed.
To write a custom tag, you can simply extend SimpleTagSupport class and override the doTag() method, where you
can place your code to generate content for the tag.
Create "Hello" Tag
Consider you want to define a custom tag named <ex:Hello> and you want to use it in the following fashion without
a body −
<ex:Hello />
To create a custom JSP tag, you must first create a Java class that acts as a tag handler. Let us now create the
HelloTag class as follows −
import javax.servlet.jsp.tagext.*;
import javax.servlet.jsp.*;
import java.io.*;
public class HelloTag extends SimpleTagSupport
{
public void doTag() throws JspException, IOException
{
JspWriter out = getJspContext().getOut();
out.println("Hello Custom Tag !");
}
}
The above code has simple coding where the doTag() method takes the current JspContext object using
the getJspContext() method and uses it to send "Hello Custom Tag !" to the current JspWriter object
Let us compile the above class and copy it in a directory available in the environment variable CLASSPATH.
Finally, create the following tag library file : <Tomcat-Installation-Directory>webapps\ROOT\WEB-
INF\custom.tld.
<taglib>
<tlib-version>1.0</tlib-version>
<jsp-version>2.0</jsp-version>
<short-name>Example TLD</short-name>
<tag>
<name>Hello</name>
<tag-class>HelloTag</tag-class>
<body-content>empty</body-content>
</tag>
</taglib>
Let us now use the above defined custom tag Hello in our JSP program as follows −
<%@ taglib prefix="ex" uri="WEB-INF/custom.tld"%>

<html>
<head><title>Sample Custom Tag</title></head>
<body>
<ex:Hello />
</body>
</html>
Call the above JSP and this should produce the following result −
Hello Custom Tag !
Q5. Assume there is product table in the company’s database created in Oracle with the following fields :
 Product - ID
 Product - name
 Year of manufacturing
 Product cost
Write a code connecting JSP to Oracle database through JDBC and perform the following operations :
Insert 10 records in the database.
Answer : -
InsertProduct.jsp
<html>
<head><title>Insert New Product</title></head>
<body>
<%@page import="java.sql.*"%>
<%@page import="oracle.jdbc.driver.*"%>
<%
String url = "jdbc:oracle:thin:@localhost:1521:xe";
String user = "system";
String password = "9748516231";
try
{
Connection con = DriverManager.getConnection(url, user, password);
Statement stmt = con.createStatement();
stmt.executeUpdate("CREATE TABLE product (product_id INT PRIMARY KEY, product_name VARCHAR2(50) NOT NULL,
year_of_manufacturing INT NOT NULL, product_cost NUMBER(10,2) NOT NULL)");
stmt.executeUpdate("INSERT INTO product VALUES(1, 'MSI B360 GAMING PLUS Motherboard',
2016, 10780.00)");
stmt.executeUpdate("INSERT INTO product VALUES(2, 'MSI Motherboard Z370-A PRO', 2017, 11500.00)");
stmt.executeUpdate("INSERT INTO product VALUES(3, 'ASUS ROG STRIX B365-G Gaming Motherboard',
2016, 12000.00)");
stmt.executeUpdate("INSERT INTO product VALUES(4, 'MSI MEG Z390 GODLIKE Gaming Motherboard',
2018, 65000.00)");
stmt.executeUpdate("INSERT INTO product VALUES(5, 'HyperX Fury 2400MHz 8GB DDR4 RAM', 2017, 4590.00)");
stmt.executeUpdate("INSERT INTO product VALUES(6, 'CORSAIR 3000MHz 16GB Vengeance LPX DDR4 RAM',
2017, 5800.00)");
stmt.executeUpdate("INSERT INTO product VALUES(7, 'G.SKILL TridentZ RGB Series 3000MHz 8GB DDR4 RAM',
2017, 4500.00)");
stmt.executeUpdate("INSERT INTO product VALUES(8, 'Intel Xeon E5-2650V4 2.2GHz 12-Core Processor',
2016, 152565.00)");
stmt.executeUpdate("INSERT INTO product VALUES(9, 'Intel 16-Core i9-9960X Processor', 2018,
160000.00)");
stmt.executeUpdate("INSERT INTO product VALUES(10, 'Intel Core i7-7820X Processor', 2017,
60999.00)");
con.close();
}
%>
<center><h2>10 Records are Inserted Successfully</h2></center>
</body>
</html>
Modify these records.
Answer : -
UpdateProduct.jsp
<html>
<head><title>Modify Product Records</title></head>
<body>
<%
try
{
stmt.executeUpdate("UPDATE product SET product_name='Intel 16-Core i9-9960X X-series Processor' WHERE product_id=9");
stmt.executeUpdate("UPDATE product SET product_cost=62590 WHERE product_id=10");
con.close();
}
%>
<center><h2>2 Records are Modified Successfully</h2></center>
</body>
</html>
Display the product name which was manufactured before 2017.
Answer : -
DisplayProductName.jsp
<html>
<head><title>Display Product Name</title></head>
<body>
<center><table border="3" cellpadding="10">
<tr><th>Product Name</th></tr>
<%
String SQL = "SELECT product_name FROM product WHERE year_of_manufacturing < 2017";
try
{
ResultSet rs = stmt.executeQuery(SQL);
while(rs.next())
{
%>
<tr><td><%= rs.getString("product_name") %></td></tr>
<%
}
con.close();
}
%>
</table></center>
</body>
</html>
Display the product ID which costs more than Rs. 50000 and manufactured after 2017.
Answer : -
DisplayProductId.jsp
<html>
<head><title>Display Product ID</title></head>
<body>
<center><table border="3" cellpadding="10">
<tr><th>Product ID</th></tr>
<%
String SQL = "SELECT product_id FROM product WHERE product_cost > 50000 AND year_of_manufacturing > 2017";
try
{
ResultSet rs = stmt.executeQuery(SQL);
while(rs.next())
{
%>
<tr><td><%= rs.getString("product_id") %></td></tr>
<%
}
con.close();
}
%>
</table></center>
</body>
</html>
Q6. What is the need of connecting servlet and JSP and explain the process through a programme template.
Answer : - In the early days, web servers deliver static contents that are indifferent to user’s requests. Java servlets
are server-side programs (running inside a web server) that handle client’s requests and return a customized or
dynamic response for each request. The dynamic response could be based on user’s input (e.g., search, online
shopping, online transaction) with data retrieved from databases or other applications, or time-sensitive data (such as
news and stock prices).
Q7. Describe the following HTTP authentication mechanism for authentication of a user to a web server :
(i) HTTP authentication
Answer : - Basic authentication is the default when you do not specify an authentication mechanism.
When basic authentication is used, the following actions occur :
1. A client requests access to a protected resource.

2. The web server returns a dialog box that requests the user name and password.
3. The client submits the user name and password to the server.
4. The server validates the credentials and, if successful, returns the requested resource.
(ii) HTTPS client authentication

Answer : - HTTPS Client Authentication is a more secure method of authentication than either basic or form-based
authentication. It uses HTTP over SSL (HTTPS), in which the server authenticates the client using the client’s
Public Key Certificate (PKC). Secure Sockets Layer (SSL) technology provides data encryption, server
authentication, message integrity, and optional client authentication for a TCP/IP connection.
Before using HTTP Client Authentication, you must make sure that the following actions have been completed :
 Make sure the client has a valid Public Key Certificate.

 Make sure that SSL support is configured for your server.
Certificate-Based Mutual Authentication

2. The web server presents its certificate to the client.
3. The client verifies the server’s certificate.
4. If successful, the client sends its certificate to the server.
5. The server verifies the client’s credentials.
6. If successful, the server grants access to the protected resource requested by the client.
Username and Password-Based Mutual Authentication

2. The web server presents its certificate to the client.
3. The client verifies the server’s certificate.
4. If successful, the client sends its user name and password to the server, which verifies the client’s
credentials.
5. If the verification is successful, the server grants access to the protected resource requested by the client.
Q8. Discuss advantage of using entity bean for database operations over directly using JDBC API. When
would one need to be used over the other?
Answer : -
Advantages of Entity beans over JDBC
 Separation of business logic from your database access logic makes Entity Beans a better choice than
session beans using JDBC.
 If you are using Entity beans you dont need to worry about database transaction handling, database
connection pooling etc. which are taken care by the ejb container. But in case of JDBC you have to
explicitly do transaction handling & connection pooling.
 The great thing about the entity beans is that beans are container managed, whenever the connection is
failed during the transaction processing, the database consistancy is mantained automatically. The
container writes the data stored at persistant storage of the entity beans to the database again to provide the
database consistancy. where as in jdbc api, developers has to do manually.
 Entity beans use better security management
Entity beans or JDBC which one to choose
Generally JDBC is preferred over entity beans due to performance considerations. Entity beans do add overhead
compared to JDBC. while retrieving huge amount of data from database performance is poor compared to JDBC
API calls. To get EJB architecture to some extent you can wrap JDBC with session beans. When it comes to
choosing between entity beans versus JDBC calls, you can decide depending on quantity of data. For example, if
you search data that retrieves 50000 records, JDBC is a better choice as compared to entity beans. Entity beans are
not a problem with small data and you can even increase performance by some techniques like pooling etc. JDBC is
use with session beans when you deal with huge data to improve performance. So, the choice among JDBC and
Entity beans should be made depending on Data Model
Q9. (i) Explain the difference between external entity and internal XML entities.
Answer : -
External Entity
If an entity is declared outside a DTD it is called as external entity. You can refer to an external Entity by
either using system identifiers or public identifiers.
Syntax
<!ENTITY entity_name SYSTEM "URI/URL">
In the above syntax −
 entity_name is the name of entity.

 SYSTEM is the keyword.
 URI/URL is the address of the external source enclosed within the double or single quotes.
Document.dtd
<!ELEMENT Employee (ID, Name, Salary)>

<!ELEMENT ID (#PCDATA)>
<!ELEMENT Name (#PCDATA)>
<!ELEMENT Salary (#PCDATA)>
Employee.xml
<?xml version="1.0" ?>

<!DOCTYPE Employee SYSTEM "Document.dtd">
<Employee>
<ID>E-00045</ID>
<Name>Amit Das</Name>
<Salary>45000</Salary>
</Employee>
Internal Entity
If an entity is declared within a DTD it is called as internal entity.
Syntax
<!ENTITY entity_name "entity_value">
In the above syntax −
 entity_name is the name of entity followed by its value within the double quotes or single quote.
 entity_value holds the value for the entity name.
The entity value of the Internal Entity is de-referenced by adding prefix & to the entity name
i.e. &entity_name.
Employee.xml

<!DOCTYPE Employee
[
<!ELEMENT Employee (#PCDATA)>
<!ENTITY ID "E-00045">
<!ENTITY Name "Amit Das">
<!ENTITY Salary "45000">
]>
<Employee>
&ID;
&Name;
&Salary;
</Employee>
Q9. (ii) How Java Beans and enterprise java beans are different?
Answer : -
Java Bean
JavaBeans are classes that encapsulate many objects into a single object (the bean). It is a java class that should
follow the following conventions :
1. It should have a zero-argument constructor

2. It should be Serializable.
3. It should provide methods to set and get the values of the properties, known as getter and setter methods.
It is a reusable software component written in Java that can be manipulated visually in an application builder tool.
Example
// Java Program of JavaBean class

public class BankInterest implements java.io.Serializable
{
private double interest;
public BankInterest() { }
public void setInterest(double number)
{
this.interest = number;
}
public double getInterest()
{
return interest;
}
}
public class AccessJavaBean
{
public static void main(String args[])
{
// Create a object of BankInterest
BankInterest ob1 = new BankInterest();
// Setting value to the object
ob1.setInterest(6.5);
// Getting value from the object
System.out.println(ob1.getInterest());
}
}
Enterprise Java Bean (EJB)
Enterprise JavaBeans (EJB) is one of several Java APIs for modular construction of enterprise software. EJB is a
server-side software component that encapsulates business logic of an application. An EJB web container provides a
runtime environment for web related software components, including computer security, Java servlet lifecycle
management, transaction processing, and other web services. The EJB specification is a subset of the Java EE
specification.
There are three types of enterprise bean in java :
1. Session Bean
Session bean contains business logic that can be invoked by local, remote or webservice client.
2. Message Driven Bean
Like Session Bean, it contains the business logic but it is invoked by passing message.
3. Entity Bean
It summarizes the state that can be remained in the database. It is deprecated. Now, it is replaced with JPA
(Java Persistent API).
Q10. (i) Design XML DTD for an organisation that contains employee information. An employee element has
fields: first name, last name, age, address and department. The address element has fields: cities, state and
pin code.
Answer : -
Document.dtd
<!DOCTYPE Employee
[
<!ELEMENT Employee (FirstName, LastName, Age, Address, Department)>
<!ELEMENT FirstName (#PCDATA)>
<!ELEMENT LastName (#PCDATA)>
<!ELEMENT Age (#PCDATA)>
<!ELEMENT Address (City, State, Pincode)>
<!ATTLIST Address AddressType (Permanent|Present) "Permanent">
<!ELEMENT City (#PCDATA)>
<!ELEMENT State (#PCDATA)>
<!ELEMENT Pincode (#PCDATA)>
<!ELEMENT Department (#PCDATA)>
]>
Employee.xml

<!DOCTYPE Employee SYSTEM "Document.dtd">
<Employee>
<FirstName>Debabrata</FirstName>
<LastName>Panchadhyay</LastName>
<Age>28</Age>
<Address AddressType="Present">
<City>Kolkata</City>
<State>West Bengal</State>
<Pincode>700047</Pincode>
</Address>
<Department>JAVA</Department>
</Employee>
Q10. (ii) How can we check whether the DTD is correct? How many elements should you have in a DTD?
Answer : - A DTD is a Document Type Definition.
A DTD defines the structure and the legal elements and attributes of an XML document.
The purpose of a DTD is to define the structure of an XML document. It defines the structure with a list of legal
elements :
<!DOCTYPE Person
[
<!ELEMENT Person (FirstName, MiddleName?, LastName)>
<!ELEMENT MiddleName (#PCDATA)>
]>
The DTD above is interpreted like this :
 !DOCTYPE Person defines that the root element of the document is Person
 !ELEMENT Person defines that the Student element must contain the elements : "FirstName,
MiddleName?, LastName"
 !ELEMENT FirstName defines the FirstName element to be of type "#PCDATA"
[ The child element "FirstName" must occur once, and only once inside the "Person" element ]
 !ELEMENT MiddleName defines the MiddleName element to be of type "#PCDATA"
[ The child element "MiddleName" can occur zero or one time inside the "Person" element ]
 !ELEMENT LastName defines the LastName element to be of type "#PCDATA"
[ The child element "LastName" must occur once, and only once inside the "Person" element ]
External DTD
If the DTD is declared in an external file, the definition must contain a reference to the DTD
file :
Document.dtd

Person.xml

<!DOCTYPE Person SYSTEM "Document.dtd">
<Person>
</Person>
<Person>
<FirstName>Kedar</FirstName>
<MiddleName>Nath</MiddleName>
</Person>
Internal DTD
If the DTD is declared inside the XML file, it must be wrapped inside the definition :
Person.xml

<!DOCTYPE Person
[
]>
<Person>
</Person>
<Person>
<FirstName>Kedar</FirstName>
<MiddleName>Nath</MiddleName>
</Person>
Q11. Define the basic security concepts.
Answer : - Application-Level Security and Transport-Level Security are two basic categories of security that can
be independently configured but are often interrelated.
Application-Level Security - Application-level security determines who can access an application or its data, and
what tasks they can perform. The following topics discuss key areas of functionality :
 About Authentication - Authentication deals with the question "Who is trying to access services?"
Authentication information, such as user names and passwords, is stored in a user repository, such as an
XML file, database, or directory service. When a subject attempts to access a J2EE application, such as by
logging in, it is the role of a security provider to look up the subject in the user repository and verify the
subject’s identity. A security provider is a module that provides an implementation of a specific security
service such as authentication or authorization.
Although each J2EE application determines which user can access it, it is the security provider that
authenticates the user’s identity through the user repository.
 About Authorization - Authorization regards the question "Who can perform tasks on which resources
offered by which components ?" In a J2EE application, resources are typically expressed in terms of URL
patterns for Web applications, and method permissions for EJBs. Authorization is on a per-role basis, with
appropriate permissions being assigned to each defined role in an application.
The following sections discuss types of authorization, or access control, and related topics :
Access Control Lists and the Capability Model of Access Control - The capability model is a method
for organizing authorization information. The Java 2 Security Model uses the capability model to control
access permissions. With this model, access control information is associated with a resource, and
authorization is associated with an entity such as a user named Amit.
An access control list (ACL) is associated with a protected target resource, such as a directory or file, and
contains information about which access rights each user has for the particular resource. Each file in a file
system may have an ACL.
When a user Amit logs in and is successfully authenticated, his permissions are retrieved and granted so
that he is free to execute the actions permitted by these permissions — for example, to read from a File1
and write to a File2.
The capability model and access control look at the same information from different perspectives. While a
capability is associated with a user attempting to access a resource, an access control list is associated with
the resource that the user is trying to access.
Above table shows the user Amit having permission to read File1 and write to File2, while a user Sohini
has permission to execute File1 and read File2. An access control list would come from the perspective of
File1 and File2, specifying for each file what users have access and what their specific permissions are.
The capability model comes from the perspective of Amit and Sohini, specifying for each user what files
they can access and what they have permission to do with respect to each file.
Role-Based Access Control - A role is essentially a job function or title that defines an authority level. A
role can have multiple users and multiple permissions. Roles are the identities that each application uses to
indicate access rights to its different objects and functions. A user assumes a role to gain access to an
appropriate set of these resources.
Role-based access control is a JAAS feature that simplifies the management problems created by direct
assignment of permissions to users. Assigning permissions directly to multiple users is potentially a major
management task. If multiple users no longer require access to a specific permission, you must
individually remove that permission from each user.
Instead of directly assigning permissions to users, permissions are assigned to a role, and users are granted
their permissions by being made members of that role. Multiple roles can be granted to a user. The
following figure provides an example of role-based access control.
When a user’s responsibilities change (for example, through a promotion), the user’s authorization
information is easily updated by assigning a different role to the user, instead of by updating all access
control lists containing entries for that individual user.
For example, if multiple users no longer require write permissions on a file named salaries in the
/home/employee directory, those privileges are removed from the HR role. All members of the HR role
then have their permissions and privileges automatically updated.
A role can also be granted to another role, thus forming a role hierarchy that provides administrators with a
tool to model enterprise security policies.
Transport-Level Security - Transport-Level Security ensure that data transmitted over a network or the Internet
cannot be intercepted and read or altered by a third party. OC4J (Oracle Containers for J2EE) supports secure
communications using the HTTP protocol over the Secure Sockets Layer. The Secure Sockets Layer (SSL) is the
industry-standard point-to-point protocol which provides confidentiality through encryption, authentication, and data
integrity.
Thanks ………………
For more updates ………………..
Umesh Solved Assignment 2019-20
Contact me on whatsapp:9507516410 /8789841106
e-mail id: umeshmahato75@gmail.com
website:- srijanservices.com/c2c

MCS 051

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

MCS 051

Transféré par

Droits d'auteur :

Formats disponibles

MCS-051 ASSIGNMENT SOLUTION (2019-20)

For more updates: Umesh

Simple Example of Servlet Cookies

Example of using HttpSession

Answer : - SELECT * FROM students WHERE name_of_school='School of Computer Sciences' AND

(ii) Count the number of students registered in BCA Programme.

Answer : - SELECT COUNT(enrolment_no) FROM students WHERE programme='Bachelor of Computer

(iii) List all the students below the age of 25 years.

Answer : - SELECT * FROM students WHERE date_of_birth > TO_DATE('16-10-1994','DD-MM-YYYY')

Q4. a) Explain the role of JSP in design of dynamic website.

Answer : - Solve it soon

Create "Hello" Tag

<%@ taglib prefix="ex" uri="WEB-INF/custom.tld"%>

Hello Custom Tag !

Insert 10 records in the database.

Display the product name which was manufactured before 2017.

(i) HTTP authentication

When basic authentication is used, the following actions occur :

1. A client requests access to a protected resource.

(ii) HTTPS client authentication

 Make sure the client has a valid Public Key Certificate.

Certificate-Based Mutual Authentication

1. A client requests access to a protected resource.

1. A client requests access to a protected resource.

Advantages of Entity beans over JDBC

Entity beans or JDBC which one to choose

<!ENTITY entity_name SYSTEM "URI/URL">

In the above syntax −

 entity_name is the name of entity.

<!ELEMENT Employee (ID, Name, Salary)>

<?xml version="1.0" ?>

If an entity is declared within a DTD it is called as internal entity.

<!ENTITY entity_name "entity_value">

In the above syntax −

<?xml version="1.0" ?>

1. It should have a zero-argument constructor

// Java Program of JavaBean class

Enterprise Java Bean (EJB)

<?xml version="1.0" ?>

Answer : - A DTD is a Document Type Definition.

<!ELEMENT Person (FirstName, MiddleName?, LastName)>

<?xml version="1.0" ?>

<?xml version="1.0" ?>

Q11. Define the basic security concepts.

Vous aimerez peut-être aussi