RMIT University

School of Computer Science and Information Technology

eCommerce and Enterprise Systems - COSC1136
Topic 1 – Tute/Lab Exercises
NOTE: Advanced questions are optional and will not be marked but should be
attempted if time permits. They should be done following and IN ADDITION to
the standard questions.
TUTORIAL TASK:
Slide 13 shows the overall container architecture of Java 2 Enterprise Edition.
1. What is the purpose of the container architecture and how is it implemented? How
does this relate to products supplied by different vendors? (5 minutes discussion)
Implement specs. Provide services to different components. E.g.: life cycle, transactional,
persistence, session, routing etc. Sun releases API together with each spec which must be
implemented by vendor.

2. The client tier shows clients in front of and behind a firewall. What are the
implications of this in practice and under what circumstances might each approach be
appropriate? (5 minutes discussion)
Firewall is a software or hardware device which is used to control inbound and outbound access
to and from a network.
- Package from certain apps can be taken as always safe
- Connection to/from certain IP/port can be taken as always safe
- Only package matching certain security rules (only SMPT mail gets to SMPT port, not of
a known virus, not of a known phishing site etc.) will be allowed to pass by.

Client in front of firewall (no firewall): freely connect to Servlet/EJB but vulnerable to attacks
like phishing (thinking you’re shopping at Amazon but instead of a fake provider) or even fake
EJBs

Client behind firewall: must be configured to work across a bunch of port to work with EJB, or
- Use servlet (deployed after host’s firewall) as proxy
- Use RMI-HTTP tunneling
- Use web services

3. The two core components of the middle tier are the Web Container and EJB
container. What are the benefits of separating these concerns and how does this differ
from something like ASP or PhP? (5 minutes discussion)
An old question of benefit of 3-tier instead of client-server. By introducing an application server
component:
- Isolation of security (firewalled independently)
- Reusability of code of business tier
- Maintainability & deployability by specialization of roles
- More WODA (separate products for web & EJB)

4. Discuss the other aspects of the middle tier that were not addressed in the previous
question.

You don’t need the web container to access to the EJB container

5. Many ‘EIS’ systems are relational databases but this is not always the case. Describe
some different types of EIS systems, or if you are not familiar with any try to guess
what sort of systems (other than relational databases) could have been used in the past
or might be used in the future. (1 minute discussion)
An Enterprise Information System is generally any kind of computing system that is of "enterprise
class". This means typically offering high quality of service, dealing with large volumes of data and
capable of supporting some large organization ("an enterprise").

Examples: ERP (SAP, Oracle), CRM (MS Dynamics), document management (Documentum, SharePoint,
Alfresco), accounting (quickbook), database

LAB TASK: (45 minutes)

Find and bookmark in appropriate subfolders (so that you can demonstrate them later) 2 sites
each for ANY SIX of the business models discussed in lecture one. Note that you should
choose models other than the portal model (since you will need Google etc. to find the sites)
and should try to find links that are not listed in the notes.
Once you have found the sites, evaluate each of them and compare each PAIR in terms of:
• How effective they were in terms of user experience?
• How good is their potential ability to generate revenue?\

Search for yourself 3 sites for any of the business models

Explore these 3 sites: yup.vn, facebook.com, twitter.com

Facebook: applications, advertising sharing (from application vendors), application

subscription, user information (hobbies, friends), company existence as friends

Twitter: companies pay to be a twitter, targeting advertising with Google Adsense, personal info
(hobbies, connections, activities, personal info) to companies