Highly confidential

Security System
 Table of Contents

1). Introduction

1.1 Purpose of this Project

1.2 Scope of this Project

1.3 Intended Audience and Reading Suggestions and

Document Overview

2). Overall description

2.1 Present Working System

2.2 To be Praposed

2.3 Feasability Report

2.4 Operating Environment

2.5 Design and Implementation Constraints

2.6 Project Planning

3). External Interface Requirements

3.1 User Interfaces

3.2 Hardware Interfaces

3.3 Software Interfaces

4). Functional Requirement Specifications (FRS)

4.1 Modules of the System

4.2 Functional Requirements

 4.2.1 Front end (Store front) Requirements

4.2.2 Back end (Administrative Role) Requirements

5). Non Funtional Requirements

5.1 Usability Requirements

5.2 Performance Requirements

5.3 Compatibility Requirements

6. System Design

6.1 Data Flow Diagrams

6.2 UML Diagrams

6.3 Data Integrity and Constraints
6.4 Data Base Design
6.5 ER Diagram

6.6 Data Dictionary

7. Coding

7.1 Complete Project Coding

7.2 Comments and Description
7.3 Standardization of the coding (or) code Efficiency
7.4 Error handling

7.5 Parameters calling/passing

7.6 Validation Checks

7.7 Testing
7.8 Testing techniques and strategies
 7.9 Debugging and code improvement
8. System Security measures

8.1 Database (or) Data Security

8.2 Creating user profiles and access rights

9. Cost Estimation of the project

10. Reports

11. Future Enhancement

12. Bibliography
 INTRODUCTION

Purpose of this Project:

The purpose of these guidelines is to assist some highly

confidential data means personal, Departments, Offices and
Agencies for this implementing systems that will ensure, as
much as possible, that personal data.

-obtain and process personal data fairly;

- Process it only in ways compatible with the purposes for
which it was given initially
- keep personal data safe and secure;
- keep data accurate, complete and up-to-date;
- provide a copy of his/her personal data to any individual,
on request.

Scope of this Project:

This Project gives security on how personal data is to be
stored, handled and
Protected under the following Personal Confidential data:-
All mailids, passwords
All bank account no
Insurance policy No
PAN NO
Driving License No
All education certificate Numbers
Some highly value scan copy
Some confidential photo and music, videos

Intended Audience and Reading Suggestions and Document

Overview
 The information contained in this document is intended
for general distribution. However, it is especially important that
Personal data like mails, policies, bank details, education details,
and license details some other important documents, images,
videos etc. The document as the responsibility rests with them to
ensure that the guidelines contained in it are followed. The
guidelines should also be brought to the attention of all staff
whose work involves the handling of personal data.

Present Working System :

No present System for this Project

all confidential data Due to busy life style we can’t

remember data like All maid Id, Password, All bank account no,
Insurance policy No, PAN NO, Driving License No, Password
PortNo,All education certificate Numbers, Some highly value scan
copy, some confidential photo and music ,videos.

To Be Proposed :

So we can develop highly security web application (Elliptic

Curve Cryptography security algorithm). So we can store all
confidential data in single credentials.

The development of this new system contains the following

activities, which try to automate the entire process keeping in the
view of database integration approach with highly confidential
security.

 This system maintains user data in encryption description

format using algorithms.

 This system maintains user’s personal, address, and

contact details.
 User friendliness is provided in the application with various
controls provided by system rich user interface.

 This system makes the overall project management much

easier and flexible.

 Various classes have been used for maintain the details of

all the users and catalog.

 Authentication is provided for this application only

registered users can access.

 Report generation features is provided using to generate

different kind of reports.

 The system provides facilities to maintain bank account

information.

 The system provides facilities to maintain Mails, password

account information.

 The system provides facilities to maintain all education

information marks memo, scaned copies information.

 The system provides facilities to maintain License, passport,

insurances account information.

 The system provides facilities to maintain personal Files

Information videos, images account information.

 System provides facility to online user registration.

 This system is providing more memory for the users to

maintain data.

 This system is providing accessibility control to data with

respect to users.
FEASIBILITY REPORT
TECHNICAL FEASIBILITY:
Evaluating the technical feasibility is the trickiest part of a
feasibility study. This is because, at this point in time, not too
many detailed design of the system, making it difficult to access
issues like performance, costs on (on account of the kind of
technology to be deployed) etc. A number of issues have to be
considered while doing a technical analysis.

i) Understand the different technologies involved in the

proposed system:
Before commencing the project, we have to be very clear
about what are the technologies that are to be required for
the development of the new system.

ii) Find out whether the organization currently possesses

the required technologies:

o Is the required technology available with the

organization?

o If so is the capacity sufficient?

For instance –
“Will the current printer be able to handle the new reports
and forms required for the new system?”
OPERATIONAL FEASIBILITY:
Proposed projects are beneficial only if they can be turned into
information systems that will meet the organizations operating
requirements. Simply stated, this test of feasibility asks if the
system will work when it is developed and installed. Are there
major barriers to Implementation? Here are questions that will
help test the operational feasibility of a project:

 Is there sufficient support for the project from management

from users? If the current system is well liked and used to
the extent that persons will not be able to see reasons for
change, there may be resistance.

 Are the current business methods acceptable to the user? If

they are not, Users may welcome a change that will bring
about a more operational and useful systems.

 Have the user been involved in the planning and

development of the project?

 Early involvement reduces the chances of resistance to the

system and in

 General and increases the likelihood of successful project.

Since the proposed system was to help reduce the hardships

encountered. In the existing manual system, the new system was
considered to be operational feasible.

ECONOMIC FEASIBILITY:

Economic feasibility attempts 2 weigh the costs of developing and

implementing a new system, against the benefits that would
accrue from having the new system in place. This feasibility
study gives the top management the economic justification for
the new system.

A simple economic analysis which gives the actual comparison of

costs and benefits are much more meaningful in this case. In
addition, this proves to be a useful point of reference to compare
actual costs as the project progresses. There could be various
types of intangible benefits on account of automation. These
could include increased customer satisfaction, improvement in
product quality better decision making timeliness of information,
expediting activities, improved accuracy of operations, better
documentation and record keeping, faster retrieval of
information, better employee morale.

Operating Environment :

SOFTWARE REQUIREMENTS

Operating System : Windows XP/2007 or Linux

User Interface : HTML, CSS
Client-side Scripting : JavaScript
Programming Language : Java
Framework : struts 1.x, Hibernate 3.0
IDE/Workbench : My Eclipse 8.6
Database : Oracle 10g
Server Deployment : Tomcat 6.0/7.0

HARDWARE REQUIREMENTS

Processor : CORE 2 DUO

Hard Disk : 160GB

RAM : 1GB or more
Design and Implementation Constraints :
The system is designed using the Spiral model, with constant
interaction with the clients. The implementations design is done
thru Frame works Struts1.xand Hibernate 3.0 with HTML, CSS,
and JAVASCRIPT.

The software will be required to be maintained by the TOMCAT

6.0. The website administrator is sole responsible for the
maintenance of the site all Users authentication restricted.
Sufficient security through firewalls and proxy to be
implemented. It also requires the Oracle 10g database to store
and retrieve data.

Project Planning:

SDLC METHODOLOGIES

This document play a vital role in the development of life cycle

(SDLC) as it describes the complete requirement of the system.
It means for use by developers and will be the basic during
testing phase. Any changes made to the requirements in the
future will have to go through formal change approval process.
SPIRAL MODEL was defined by Barry Boehm in his 1988
article, “A spiral Model of Software Development and
Enhancement. This model was not the first model to discuss
iterative development, but it was the first model to explain why
the iteration models.
As originally envisioned, the iterations were typically 6
months to 2 years long. Each phase starts with a design goal
and ends with a client reviewing the progress thus far.
Analysis and engineering efforts are applied at each phase of
the project, with an eye toward the end goal of the project.
The steps for Spiral Model can be generalized as follows:
 The new system requirements are defined in as much
details as possible. This usually involves interviewing a
number of users representing all the external or internal
users and other aspects of the existing system.

 A preliminary design is created for the new system.

 A first prototype of the new system is constructed from

the preliminary design. This is usually a scaled-down
system, and represents an approximation of the
characteristics of the final product.

 A second prototype is evolved by a fourfold procedure:

1. Evaluating the first prototype in terms of its

strengths, weakness, and risks.

2. Defining the requirements of the second prototype.

3. Planning an designing the second prototype.

4. Constructing and testing the second prototype.

 At the customer option, the entire project can be aborted

if the risk is deemed too great. Risk factors might
involved development cost overruns, operating-cost
miscalculation, or any other factor that could, in the
customer’s judgment, result in a less-than-satisfactory
final product.

 The existing prototype is evaluated in the same manner

as was the previous prototype, and if necessary, another
prototype is developed from it according to the fourfold
procedure outlined above.

 The preceding steps are iterated until the customer is

satisfied that the refined prototype represents the final
product desired.
  The final system is constructed, based on the refined
prototype.

 The final system is thoroughly evaluated and tested.

Routine maintenance is carried on a continuing basis to
prevent large scale failures and to minimize down time.

The following diagram shows how a spiral model acts

like:

Fig 1.0-Spiral Model

ADVANTAGES
  Estimates(i.e. budget, schedule etc .) become more
relistic as work progresses, because important issues
discoved earlier.

 It is more able to cope with the changes that are software

development generally entails.

 Software engineers can get their hands in and start

woring on the core of a project earlier.

SYSTEM REQUIREMENT SPECIFICATION

Software Engineering Paradigm applied

ARCHITECTURE DIAGRAM:

1. THE PRESENTATION LAYER

Also called as the client layer comprises of components that

are dedicated to presenting the data to the user. For
example: Windows/Web Forms and buttons, edit boxes,
Text boxes, labels, grids, etc.
2. THE BUSINESS RULES LAYER

This layer encapsulates the Business rules or the business

logic of the encapsulations. To have a separate layer for
 business logic is of a great advantage. This is because any
changes in Business Rules can be easily handled in this
layer. As long as the interface between the layers remains
the same, any changes to the functionality/processing logic
in this layer can be made without impacting the others. A
lot of client-server apps failed to implement successfully as
changing the business logic was a painful process

3. THE DATA ACCESS LAYER

This layer comprises of components that help in accessing

the Database. If used in the right way, this layer provides a
level of abstraction for the database structures. Simply put
changes made to the database, tables, etc do not affect the
rest of the application because of the Data Access layer. The
different application layers send the data requests to this
layer and receive the response from this layer.
4. THE DATABASE LAYER

This layer comprises of the Database Components such as

DB Files, Tables, Views, etc. The Actual database could be
created using SQL Server, Oracle, Flat files, etc.
In an n-tier application, the entire application can be
implemented in such a way that it is independent of the
actual Database. For instance, you could change the
Database Location with minimal changes to Data Access
Layer. The rest of the Application should remain unaffected.
External Interface Requirements
3.1 User Interfaces
The application to be provided with keyboard shortcuts and
a facility to use the mouse to trigger the required actions. They
act as shortcuts and provide an easy navigation within the
software. Error detection is handled by using Exception
handling. Exception class is used to trap abnormal conditions
and terminations.

3.2 Hardware Interfaces

The system requires an Internet connection with a decent
band width. A printer in addition to take printouts of reports. A
internet connection that is either thru dial-up, cable , modem,
Wi-Fi is required. Appropriate networking and protocols should
be.

3.3 Software Interfaces

The incoming data to the product would be raw text data and
outgoing data would be text itself. Both input and output are
handled thru dynamic HTML. A browser is required for access.

Modules of the System

1. Administrator Module
2. User Module
3. Encryption Decryption Module
4. Security and Authentication
5. Reports

Functional Requirements of the Project:

Administrator:
 View Users
 Accept Users
 Delete or reject user authentication
User:
Banks Accounts Information
 Add Banks Accounts Information
 View Banks Accounts Information
 Update Bank Account Information
 Delete Bank Acc Information
Mails Information
 Add Mails
 View Mails
 Update Mails
 Delete Mails
Career Information
 Add Study Details
 View Study Details
  Delete Study Details
 Update Study Details
License Details
 Add License Details
 View License Details
 Delete License Details
 Update License Details
Passport Details
 Add Passport Details
 View Passport Details
 Delete Passport Details
 Update Passport Details
Pan card Details
 Add pan card Details
 View pan card Details
 Delete Pan card Details
 Update Pan card Details
Add Insurance Details
 Add Insurance Details
 View Insurance Details
 Delete Insurance Details
 Update Insurance Details
Imp Files Details
 Add
 View
 Delete
 Update
3. Encryption and Decryption Module:

ECC is abbreviated as Elliptic Curve Cryptography:

The primary benefit promised by ECC is a smaller key size,

reducing storage and transmission requirements—i.e., that an
elliptic curve group could provide the same level of security
afforded by an RSA-based system with a large modulus and
correspondingly larger key—e.g., a 256bit ECC public key should
provide comparable security to a 3072bit RSA public key (see
:Key sizes).

Public-key cryptography is based on the intractability of certain

mathematical problems. Early public-key systems are secure
assuming that it is difficult to factor a large integer composed of
two or more large prime factors. For elliptic-curve-based
protocols, it is assumed that finding the discrete logarithm of a
random elliptic curve element with respect to a publicly known
base point is infeasible. The size of the elliptic curve determines
the difficulty of the problem
Example:
• Consider y2 = x3 + 2x + 3 (mod 5)

x = 0 Þ y2 2= 3 Þ no solution (mod 5)
x = 1 Þ y2 = 6 = 1 Þ y = 1,4 (mod 5)
x = 2 Þ y2 = 15 = 0 Þ y = 0 (mod 5)
x = 3 Þ y2 = 36 = 1 Þ y = 1,4 (mod 5)
x = 4 Þ y2 = 75 = 0 Þ y = 0 (mod 5)
• Then points on the elliptic curve are

(1,1) (1,4) (2,0) (3,1) (3,4) (4,0) and the point at infinity: ¥
By using above mathematical calculations are getting Encryption
& decryption.

RSA:
The RSA algorithm was publicly described in 1977 by Ron Rivest, Adi Shamir, and Leonard
Adleman
The RSA algorithm involves three steps:
key generation, encryption and decryption.
Key generation
RSA involves a public key and a private key.
The public key can be known to everyone and is used for encrypting messages.
Messages encrypted with the public key can only be decrypted using the private key.
The keys for the RSA algorithm are generated the following way:
1. Choose two distinct prime numbers p and q.
o For security purposes, the integers p and q should be chosen at random, and
should be of similar bit-length.
2. Compute n = pq.
o n is used as the modulus for both the public and private keys. Its length,
usually expressed in bits, is the key length.

3. Compute φ(n) = (p – 1)(q – 1), where φ is Euler's totient function.

4. Choose an integer e such that 1 < e < φ(n) and greatest common divisor gcd(e, φ(n))
= 1; i.e., e and φ(n) are coprime.
o e is released as the public key exponent.

o e having a short bit-length and small Hamming weight results in more

efficient encryption – most commonly 216 + 1 = 65,537. However, much
smaller values of e (such as 3) have been shown to be less secure in some
settings.[4]
5. Determine d as d ≡ e−1 (mod φ(n)), i.e., d is the multiplicative inverse of e (modulo
φ(n)).

 This is more clearly stated as solve for d given de ≡ 1 (mod φ(n))

 This is often computed using the extended Euclidean algorithm.

 d is kept as the private key exponent.

By construction, d⋅e ≡ 1 (mod φ(n)). The public key consists of the modulus n and the public
(or encryption) exponent e. The private key consists of the modulus n and the private (or
decryption) exponent d, which must be kept secret. p, q, and φ(n) must also be kept secret
because they can be used to calculate d.

 An alternative, used by PKCS#1, is to choose d matching de ≡ 1 (mod λ) with λ =

lcm(p − 1, q − 1), where lcm is the least common multiple. Using λ instead of φ(n)
allows more choices for d. λ can also be defined using the Carmichael function, λ(n).
 The ANSI X9.31 standard prescribes, IEEE 1363 describes, and PKCS#1 allows, that
p and q match additional requirements: being strong primes, and being different
enough that Fermat factorization fails.
Encryption
Alice transmits her public key (n, e) to Bob and keeps the private key secret. Bob then wishes
to send message M to Alice.
He first turns M into an integer m, such that 0 ≤ m < n by using an agreed-upon reversible
protocol known as a padding scheme. He then computes the ciphertext c corresponding to

This can be done quickly using the method of exponentiation by squaring. Bob then transmits
c to Alice.

Decryption
Alice can recover m from c by using her private key exponent d via computing

Given m, she can recover the original message M by reversing the padding scheme.
(In practice, there are more efficient methods of calculating cd using the precomputed values
below.)

A working example
Here is an example of RSA encryption and decryption. The parameters used here are
artificially small, but one can also use OpenSSL to generate and examine a real keypair.
1. Choose two distinct prime numbers, such as
and .
2. Compute n = pq giving
.
3. Compute the totient of the product as φ(n) = (p − 1)(q − 1) giving
.
4. Choose any number 1 < e < 3120 that is coprime to 3120. Choosing a prime number
for e leaves us only to check that e is not a divisor of 3120.
Let .
5. Compute d, the modular multiplicative inverse of e (mod φ(n)) yielding
.
The public key is (n = 3233, e = 17). For a padded plaintext message m, the encryption
function is m17 (mod 3233).
The private key is (n = 3233, d = 2753). For an encrypted ciphertext c, the decryption
function is c2753 (mod 3233).
For instance, in order to encrypt m = 65, we calculate
To decrypt c = 2790, we calculate

.
Both of these calculations can be computed efficiently using the square-and-multiply
algorithm for modular exponentiation. In real life situations the primes selected would be
much larger; in our example it would be relatively trivial to factor n, 3233, obtained from the
freely available public key back to the primes p and q. Given e, also from the public key, we
could then compute d and so acquire the private key.
 Public –key cryptosystems:

ECC:
Elliptic curve cryptography (ECC) is an approach to public-key cryptography based on the
algebraic structure of elliptic curves over finite fields.
Elliptic Curve Cryptography (ECC) was discovered in 1985 by Victor Miller (IBM) and Neil
Koblitz (University of Washington) as an alternative mechanism for implementing public-
key cryptography.

I assume that those who are going through this article will have a basic understanding of
cryptography ( terms like encryption and decryption ) .
The equation of an elliptic curve is given as,
Few terms that will be used,
E -> Elliptic Curve
P -> Point on the curve
n -> Maximum limit ( This should be a prime number )

Fig 3
The fig 3 show are simple elliptic curve.

Key Generation
Key generation is an important part where we have to generate both public key and private
key. The sender will be encrypting the message with receiver’s public key and the receiver
will decrypt its private key.
Now, we have to select a number ‘d’ within the range of ‘n’.
Using the following equation we can generate the public key

Q=d*P
d = The random number that we have selected within the range of ( 1 to n-1 ).
P is the point on the curve.
‘Q’ is the public key and ‘d’ is the private key.

Encryption
Let ‘m’ be the message that we are sending. We have to represent this message on the curve.
This have in-depth implementation details. All the advance research on ECC is done by a
company called certicom.
Conside ‘m’ has the point ‘M’ on the curve ‘E’. Randomly select ‘k’ from [1 - (n-1)].
Two cipher texts will be generated let it be C1 and C2.
 C1 = k*P

C2 = M + k*Q
C1 and C2 will be send.

Decryption
We have to get back the message ‘m’ that was send to us,

M = C2 – d * C1
M is the original message that we have send.

Proof
How does we get back the message,
M = C2 – d * C1
‘M’ can be represented as ‘C2 – d * C1′
C2 – d * C1 = (M + k * Q) – d * ( k * P ) ( C2 = M + k * Q and C1 = k * P )
C2 – d * C1 = M +( k * d*P) – (d * k * P)
= M +( k * d * P) – (d * k *P) ( canceling out k * d * P )
= M ( Original Message )
4. Security and Authentication:
 Login
 Logout
 Registration
 Change Passwords
 Forget Password
 View Profile
 Update Profile
5. Reports
* Generating Different Format report To be download (.xls,
pdf, html, txt)

Front end (Store from front) Requirements

Bank Account Information

  Add Banks Accounts Information
 Update Bank Account Information
Mails Information
 Add Mails
 Update Mails
Career Information
 Add Study Details
 Update Study Details
License Details
 Add License Details
 Update License Details
Passport Details
 Add Passport Details
 Update Passport Details
Pan card Details
 Add pan card Details
 Update Pan card Details
Add Insurance Details
 Add Insurance Details
 Update Insurance Details
Imp Files Details
 Add
 Update

Security and Authentication:

 Login
 Logout
 Registration
 Change Passwords
 Update Profile
Back end (Retrive from backend) Requirements :

Administrator:
 View Users
 Accept or reject user authentication
 Delete user (or ) user Authentication
Banks Accounts Information
 View Banks Accounts Information
 Delete Bank Acc Information
Mails Information
 View Mails
 Delete Mails
Career Information
 View Study Details
 Delete Study Details
License Details
 View License Details
 Delete License Details
Passport Details
 View Passport Details
 Delete Passport Details
Pan card Details
 View pan card Details
 Delete Pan card Details
Add Insurance Details
 View Insurance Details
 Delete Insurance Details
Imp Files Details
 View
 Delete
 Login
 View Profile
 Generating Different Format report To be download (.xls,
pdf, html, txt)
5). Non Funtional Requirements

5.1 Usability Requirements

(As it is a Internet Application, must have some usabilty

Features. End users of this System are Unlimited and from
Various Skilled groups, so that we can’t restrict them. By
providing some fecilities we have to make them comfortable.)

 Colors what we use in this Web Portal design are must be

attractive.

 Fonts that uses for User Interface (Customer Store front)

Design are must be in Uniform.

 Easy Navigations are freferable to do any task.

 Multiple flows (ways) are freferable to do any task.

 Home page Should be Centralized System (Screen/Window)

to go to any feature and to get any result.

 The fecility to return to Home page from any page Should

available.

 Labels of all Objects in the entire system Must be in

Understadable form(Meaningful form).

5.1 Performance Requirements

(Application’s performance not only depends on application

design also on Customers System’s Configuration (both
Hardware and Software), Internet Access Speed, networks and
Others)

Even though the performance is not only depends on application

design, our application design and implimentation also
responcible for the Performance.

 It has to load, with in the Industry Standard time.

 It has to support up to 2000 Concurrent users.

  It has to update the database in short time in order to
reduce the stock verfication problems.

5.3 Compatibility Requirements

(As it is a Internet Application, it has to support various

Hardware configurarions, Softwares and Network
Communications)

It should support all types of Hardware versions, Operating

Systems and Browsers

SYSTEM DESIGN

E-R DIAGRAM
 DATA FLOW DIAGRAM

DATA FLOW DIAGRAMS:

A graphical tool used to describe and analyze the moment of

data through a system manual or automated including the

process, stores of data, and delays in the system. Data Flow

Diagrams are the central tool and the basis from which other

components are developed. The transformation of data from

input to output, through processes, may be described logically

and independently of the physical components associated with

the system. The DFD is also know as a data flow graph or a

bubble chart. DFDs are the model of the proposed system. They

clearly should show the requirements on which the new system

should be built. Later during design activity this is taken as the

basis for drawing the system’s structure charts. The Basic

Notation used to create a DFD’s are as follows:

1. Dataflow: Data move in a specific direction from an origin to a

destination.

2. Process: People, procedures, or devices that use or produce

(Transform) Data. The physical component is not identified.

3. Source: External sources or destination of data, which may be

People, programs, organizations or other entities.

4. Data Store: Here data are stored or referenced by a process in

the System.

Context Level DATA FLOW DIAGRAM:

ADMIN:
AUTHENTICATION DFD:
 Level 2 Data Flow Diagram for Users
Authentication

Level2 Data Flow Diagram for Admin:

Login DFD

Admin Activities DFD 1st Level

users:
1st Level
 UML DIAGRAMS

UNIFIED MODELING LANGUAGE DIAGRAMS

The unified modeling language allows the software engineer to
express an analysis model using the modeling notation that is
governed by a set of syntactic semantic and pragmatic rules.

A UML system is represented using five different views that

describe the system from distinctly different perspective. Each
view is defined by a set of diagram, which is as follows.
USER MODEL VIEW
This view represents the system from the users perspective.
The analysis representation describes a usage scenario from the
end-users perspective.

STRUCTURAL MODEL VIEW

In this model the data and functionality are arrived from inside
the system.
This model view models the static structures.

BEHAVIORAL MODEL VIEW

It represents the dynamic of behavioral as parts of the system,
depicting the interactions of collection between various structural
elements described in the user model and structural model view.

IMPLEMENTATION MODEL VIEW

In this the structural and behavioral as parts of the system are
represented as they are to be built.
ENVIRONMENTAL MODEL VIEW
In this the structural and behavioral aspects of the
environment in which the system is to be implemented are
represented.

UML is specifically constructed through two different domains

they are:
UML Analysis modeling, which focuses on the user
model and structural model views of the system.
UML design modeling, which focuses on the behavioral
modeling, implementation modeling and environmental
model views.

Use case Diagrams represent the functionality of the system

from a user’s point of view. Use cases are used during
requirements elicitation and analysis to represent the
functionality of the system. Use cases focus on the behavior
of the system from external point of view.

Actors are external entities that interact with the

system. Examples of actors include users like
 administrator, bank customer …etc., or another system like
central database.

Class Diagram

CLASS DIAGRAM
Class diagrams describe the structure of the system
in terms of classes and objects. The servlet api class
diagram will be as follows.
 Use Case Diagrams

UML Diagrams
Unified Modeling Language:

The Unified Modeling Language allows the software engineer to

express an analysis model using the modeling notation that is
governed by a set of syntactic semantic and pragmatic rules.

A UML system is represented using five different views that

describe the system from distinctly different perspective. Each
view is defined by a set of diagram, which is as follows.
 User Model View
i. This view represents the system from the users
perspective.
ii. The analysis representation describes a usage
scenario from the end-users perspective.

 Structural model view

i. In this model the data and functionality are
arrived from inside the system.
ii. This model view models the static structures.

 Behavioral Model View

It represents the dynamic of behavioral as parts of the
system, depicting the interactions of collection
between various structural elements described in the
user model and structural model view.
  Implementation Model View
In this the structural and behavioral as parts of the
system are represented as they are to be built.

 Environmental Model View

In this the structural and behavioral aspects of the
environment in which the system is to be implemented
are represented.

UML is specifically constructed through two different domains

they are:
 UML Analysis modeling, this focuses on the user model and
structural model views of the system.
 UML design modeling, which focuses on the behavioral
modeling, implementation modeling and environmental
model views.

Use case Diagrams represent the functionality of the system from

a user’s point of view. Use cases are used during requirements
elicitation and analysis to represent the functionality of the
system. Use cases focus on the behavior of the system from
external point of view.

Actors are external entities that interact with the system.

Examples of actors include users like administrator, bank
customer …etc., or another system like central database.
1. system Use Case Diagram
 System

Administrator

Highly Confidential Security System

Authenticated User

2. Administrator Use Case Diagram

Delete Users

<<include>>
View RegisteredUsers
Accept/RejectUsers Request

<<include>>

Authenticated Users
View Requested Users

Delete User
<<include>>

Profile

Administrator view Profile

UpdateProfile

<<include>>

Change Password

Logout
3. User Use Case Diagram

Update Study Details

Add StudyDetails
Delete Studey Details
View Studey Details

Add Bank UpdateBank Details

Education
View Bank Delete BankDetails
<<include>>
Bank <<include>>

Add Mails Details Update Mails Details

Mails
view Mails Details deleteMails Details
<<include>>
<<include>>
Add Passport Details
PassPort Details
update Passport Details
View Passport Details

<<include>> delete PassportDetails

Authendicated User
<<include>>
Pancard Details
AddPancard Details

View Pancard Details Update Pancard Details

Insurance
<<include>> deletePancard Details
<<include>>
Add Insurance
License
View Insurance Update Insuracne Details

<<include>> Delete Insuracne Details

<<include>>
Other Files
Add License

view License Update License

Profile <<include>> delete License

<<include>>
Add Files

View Files update Files

<<include>> deleteFiles
<<include>>
view Profile
Logout

UpdateProfile
<<include>>
Change Password

4.User Use Case Diagram

 login

UsernameCheck
new Registration
<<include>>

User <<extend>>

ForgetPassword NewPassword

Site Information
 ACTIVITY DIAGRAMS

ACTIVITY DIAGRAMS

1. Activity Diagram for Admin :

Admin

False
logincheck

True

Authenticated Users
Profile

Change Password
View Requested Users View Profile Update Profile
View Registered Users

Accept/Reject Users

Delete Users
User Activity:

Authendicated User

logincheck False

True

Study Banks Passport Mails

Pancard License
IMP Files insurance
viewBankDetails view
viewStudyDetails AddBankDetails add view add add
add view add view view add
Add Study Details view

delete update
DeleteBankDetails update update update
delete delete update
DeleteStudyDetails updateBankDetails delete
delete delete
UpdateStudeyDetails update

Component Diagram
Component Diagram:
 Deployment Diagram

Deployment Diagram:
 TECHNOLOGY DESCRIPTION

HTML
HTML, an initialism of Hypertext Markup Language, is the
predominant markup language for web pages. It provides a
means to describe the structure of text-based information in a
document — by denoting certain text as headings, paragraphs,
lists, and so on — and to supplement that text with interactive
forms, embedded images, and other objects. HTML is written in
the form of labels (known as tags), surrounded by angle brackets.
HTML can also describe, to some degree, the appearance and
semantics of a document, and can include embedded scripting
language code which can affect the behavior of web browsers and
other HTML processors.

Basic HTML Tags:

<! -- --> specifies comments
<A>……….</A> Creates hypertext links
<B>……….</B> Formats text as bold
<BIG>……….</BIG> Formats text in large font.
<BODY>…</BODY> Contains all tags and text in the HTML
document
<CENTER>...</CENTER> Creates text
<DD>…</DD> Definition of a term
<DL>...</DL> Creates definition list
<FONT>…</FONT> Formats text with a particular
font
<FORM>...</FORM> Encloses a fill-out form
<FRAME>...</FRAME> Defines a particular frame in a
set of frames
<H#>…</H#> Creates headings of different levels( 1 –
6)
<HEAD>...</HEAD> Contains tags that specify information
about a document
<HR>...</HR> Creates a horizontal rule
<HTML>…</HTML> Contains all other HTML tags
<META>...</META> Provides meta-information about a
document
<SCRIPT>…</SCRIPT> Contains client-side or server-side
script
<TABLE>…</TABLE> Creates a table
<TD>…</TD> Indicates table data in a table
<TR>…</TR> Designates a table row
<TH>…</TH> Creates a heading in a table
JavaScript:
Java Script is case sensitive language

JavaScript is a script-based programming language that was

developed by Netscape Communication Corporation.
JavaScript was originally called Live Script and renamed as
JavaScript to indicate its relationship with Java. JavaScript
supports the development of both client and server components
of Web-based applications. On the client side, it can be used to
write programs that are executed by a Web browser within the
context of a Web page. On the server side, it can be used to write
Web server programs that can process information submitted by
a Web browser and then update the browser’s display
accordingly

Even though JavaScript supports both client and server Web

programming, we prefer JavaScript at Client side programming
since most of the browsers supports it. JavaScript is almost as
easy to learn as HTML, and JavaScript statements can be
included in HTML documents by enclosing the statements
between a pair of scripting tags
<SCRIPTS>.. </SCRIPT>.
<SCRIPT LANGUAGE = “JavaScript”>
JavaScript statements
</SCRIPT>
Here are a few things we can do with JavaScript:
 Validate the contents of a form and make calculations.
  Add scrolling or changing messages to the Browser’s
status line.
 Animate images or rotate images that change when we
move the mouse over them.
 Detect the browser in use and display different content
for different browsers.
 Detect installed plug-ins and notify the user if a plug-
in is required.
We can do much more with JavaScript, including creating entire
application.

JavaScript Vs Java

JavaScript and Java are entirely different languages. A few of the

most glaring differences are:

 Java applets are generally displayed in a box within the web

document; JavaScript can affect any part of the Web
document itself.
 While JavaScript is best suited to simple applications and
adding interactive features to Web pages; Java can be used
for incredibly complex applications.

There are many other differences but the important thing to

remember is that JavaScript and Java are separate languages.
They are both useful for different things; in fact they can be used
together to combine their advantages.

Advantages
 JavaScript can be used for Sever-side and Client-side
scripting.
 It is more flexible than VBScript.
 JavaScript is the default scripting languages at Client-
side since all the browsers supports it.
Java Technology

Initially the language was called as “oak” but it was renamed as

“Java” in 1995. The primary motivation of this language was the
need for a platform-independent (i.e., architecture neutral)
language that could be used to create software to be embedded in
various consumer electronic devices.
 Java is a programmer’s language.
 Java is cohesive and consistent.
 Except for those constraints imposed by the Internet
environment, Java gives the programmer, full control.
 Finally, Java is to Internet programming where C was to
system programming.

Importance of Java to the Internet

Java has had a profound effect on the Internet. This is because;

Java expands the Universe of objects that can move about freely
in Cyberspace. In a network, two categories of objects are
transmitted between the Server and the Personal computer. They
are: Passive information and Dynamic active programs. The
Dynamic, Self-executing programs cause serious problems in the
areas of Security and probability. But, Java addresses those
concerns and by doing so, has opened the door to an exciting
new form of program called the Applet.
Java can be used to create two types of programs

Applications and Applets: An application is a program that

runs on our Computer under the operating system of that
computer. It is more or less like one creating using C or C++.
Java’s ability to create Applets makes it important. An Applet is
an application designed to be transmitted over the Internet and
executed by a Java –compatible web browser. An applet is
actually a tiny Java program, dynamically downloaded across the
network, just like an image. But the difference is, it is an
intelligent program, not just a media file. It can react to the user
input and dynamically change.

Features of Java Security

Every time you that you download a “normal” program, you are
risking a viral infection. Prior to Java, most users did not
download executable programs frequently, and those who did
scan them for viruses prior to execution. Most users still worried
about the possibility of infecting their systems with a virus. In
addition, another type of malicious program exists that must be
guarded against. This type of program can gather private
information, such as credit card numbers, bank account
balances, and passwords. Java answers both these concerns by
providing a “firewall” between a network application and your
computer.

When you use a Java-compatible Web browser, you can safely

download Java applets without fear of virus infection or
malicious intent.

Portability

For programs to be dynamically downloaded to all the various

types of platforms connected to the Internet, some means of
generating portable executable code is needed .As you will see,
the same mechanism that helps ensure security also helps create
portability. Indeed, Java’s solution to these two problems is both
elegant and efficient.

The Byte code

The key that allows the Java to solve the security and portability
problems is that the output of Java compiler is Byte code. Byte
code is a highly optimized set of instructions designed to be
executed by the Java run-time system, which is called the Java
Virtual Machine (JVM). That is, in its standard form, the JVM is
an interpreter for byte code.

Translating a Java program into byte code helps makes it much

easier to run a program in a wide variety of environments. The
reason is, once the run-time package exists for a given system,
any Java program can run on it.

Although Java was designed for interpretation, there is

technically nothing about Java that prevents on-the-fly
compilation of byte code into native code. Sun has just completed
its Just In Time (JIT) compiler for byte code. When the JIT
compiler is a part of JVM, it compiles byte code into executable
code in real time, on a piece-by-piece, demand basis. It is not
possible to compile an entire Java program into executable code
all at once, because Java performs various run-time checks that
can be done only at run time. The JIT compiles code, as it is
needed, during execution.

Java Virtual Machine (JVM)

Beyond the language, there is the Java virtual machine. The Java
virtual machine is an important element of the Java technology.
The virtual machine can be embedded within a web browser or
an operating system. Once a piece of Java code is loaded onto a
machine, it is verified. As part of the loading process, a class
loader is invoked and does byte code verification makes sure that
the code that’s has been generated by the compiler will not
corrupt the machine that it’s loaded on. Byte code verification
takes place at the end of the compilation process to make sure
that is all accurate and correct. So byte code verification is
integral to the compiling and executing of Java code.
Overall Description

Java Source Java byte code JavaVM

Java .Class

Picture showing the development process of JAVA Program

Java programming uses to produce byte codes and executes
them. The first box indicates that the Java source code is located
in a. Java file that is processed with a Java compiler called javac.
The Java compiler produces a file called a. class file, which
contains the byte code. The .Class file is then loaded across the
network or loaded locally on your machine into the execution
environment is the Java virtual machine, which interprets and
executes the byte code.

Java Architecture

Java architecture provides a portable, robust, high performing

environment for development. Java provides portability by
compiling the byte codes for the Java Virtual Machine, which is
then interpreted on each platform by the run-time environment.
Java is a dynamic system, able to load code when needed from a
machine in the same room or across the planet.

Compilation of code

When you compile the code, the Java compiler creates machine
code (called byte code) for a hypothetical machine called Java
Virtual Machine (JVM). The JVM is supposed to execute the byte
code. The JVM is created for overcoming the issue of portability.
The code is written and compiled for one machine and
interpreted on all machines. This machine is called Java Virtual
Machine.
Compiling and interpreting Java Source Code

Java
PC Compiler Interpreter
Java (PC)
Source
Code Byte code
………..
……….. Macintosh Java
Compiler (Platform Interpreter
Independe (Macintosh)
………..
nt)

………… SPARC
Java
Interpreter
Compiler (Spare)

During run-time the Java interpreter tricks the byte code file into
thinking that it is running on a Java Virtual Machine. In reality
this could be a Intel Pentium Windows 95 or SunSARC station
running Solaris or Apple Macintosh running system and all could
receive code from any computer through Internet and run the
Applets.

Simple

Java was designed to be easy for the Professional programmer to

learn and to use effectively. If you are an experienced C++
programmer, learning Java will be even easier. Because Java
inherits the C/C++ syntax and many of the object oriented
features of C++. Most of the confusing concepts from C++ are
either left out of Java or implemented in a cleaner, more
approachable manner. In Java there are a small number of
clearly defined ways to accomplish a given task.

Struts 2 Features:
The strut-2 framework is designed for the compilation of the
entire development cycle including of building, developing and
maintaining the whole application. It is very extensible as each
class of the framework is based on an Interface and all the base
classes are given an extra application and even you can add your
own. The basic platform requirements are Servlet API 2.4, JSP
API 2.0 and Java 5.

Some of the general features of the current Apache Strut 2

framework are given below.

Architecture ? First the web browser request a resource for

which the Filter Dispatcher decides the suitable action. Then the
Interceptors use the required functions and after that the Action
method executes all the functions like storing and retrieving data
from a database. Then the result can be seen on the output of
the browser in HTML, PDF, images or any other.

Tags - Tags in Strut 2 allow creating dynamic web applications

with less number of coding. Not only these tags contain output
data but also provide style sheet driven markup that in turn
helps in creating pages with less code. Here the tags also support
validation and localization of coding that in turn offer more
utilization. The less number of codes also makes it easy to read
and maintain.

MVC ? The Model View Controller in Strut 2 framework acts as

a coordinator between application?s model and web view. Its
Controller and View components can come together with other
technology to develop the model. The framework has its library
and markup tags to present the data dynamically.
Configuration ? Provides a deployment descriptor to initialize
resources in XML format. The initialization takes place simply by
scanning all the classes using Java packages or you can use an
application configuration file to control the entire configuration.
Its general-purpose defaults allow using struts directly Out of the
box.

Configuration files are re-loadable that allows changes without

restarting a web container.

Other Features:

 All framework classes are based on interfaces and core

interfaces are independent from HTTP.

 Check boxes do not require any kind of special application

for false values.

 Any class can be used as an action class and one can input
properties by using any JavaBean directly to the action
class.

 Strut 2 actions are Spring friendly and so easy to Spring

integration.

 AJAX theme enables to make the application more

dynamic.

 Portal and servlet deployment are easy due to automatic

portlet support without altering code.

 The request handling in every action makes it easy to

customize, when required.

Struts 2 History:
Apache Struts is an open-source framework that is used for
developing Java web application. Originally developed by the
programmer and author Craig R. McClanahan, this was later
taken over by the Apache Software Foundation in 2002. Struts
have provided an excellent framework for developing application
easily by organizing JSP and Servlet based on HTML formats and
Java code. Strut1 with all standard Java technologies and
packages of Jakarta assists to create an extensible development
environment. However, with the growing demand of web
application, Strut 1 does not stand firm and needs to be changed
with demand. This leads to the creation of Strut2, which is more
developer friendly with features like Ajax, rapid development and
extensibility.

Struts is a well-organized framework based on MVC architecture.

In Model-View-Controller Architecture, Model stands for the
business or database code, View represents the page design code
and the Controller for navigational code. All these together makes
Struts an essential framework for building Java applications. But
with the development of new and lightweight MVC based
framworks like Spring, Stripes and Tapestry, it becomes
necessary to modify the Struts framework. So, the team of
Apache Struts and another J2EE
framework, WebWork of OpenSymphony joined hand together to
develop an advanced framework with all possible developing
features that will make it developer and user friendly.

Strut2 contains the combined features of Struts Ti and WebWork

2 projects that advocates higher level application by using the
architecture of WebWork2 with features including a plugin
framework, a new API, Ajax tags etc. So the Struts communities
and the WebWork team brought together several special features
in WebWork2 to make it more advance in the Open Source world.
Later the name of WebWork2 has changed to Struts2. Hence,
Apache Strut 2 is a dynamic, extensible framework for a
complete application development from building, deploying and
maintaining.
WebWork is a framework for web-application development that
has been included in Struts framework 2.0 release. It has some
unique concepts and constructs like its compatibility of working
within existing Web APIs in Java rather than trying to replace
them completely. It has been built specifically taking into
account the developer?s productivity and code simplicity.
Furthermore it is completely context dependent that provides a
wrapper around XWork. When working on web applications the
web work provides a context that helps web developer in specific
implementations.
While, XWork provides a mechanism that is used for
configuration and factory implementation management. This
mechanism is dependencies inject mechanism.

Struts 2 Architecture:
Struts and webwork has joined together to develop the Struts 2
Framework. Struts 2 Framework is very extensible and elegant
for the development of enterprise web application of any size. In
this section we are going to explain you the architecture of Struts
2 Framework.

Request Lifecycle in Struts 2 applications

1. User Sends request: User sends a request to the server for

some resource.

2. FilterDispatcher determines the appropriate action: The

FilterDispatcher looks at the request and then determines
the appropriate Action.

3. Interceptors are applied: Interceptors configured for

applying the common functionalities such as workflow,
validation, file upload etc. are automatically applied to the
request.

4. Execution of Action: Then the action method is executed

to perform the database related operations like storing or
retrieving data from the database.
 5. Output rendering: Then the Result renders the output.

6. Return of Request: Then the request returns through the

interceptors in the reverse order. The returning request
allows us to perform the clean-up or additional processing.

7. Display the result to user: Finally the control is returned

to the servlet container, which sends the output to the user
browser.

Image: Struts 2 high level overview of request processing:

Struts 2 Architecture

Struts 2 is a very elegant and flexible front controller framework

based on many standard technologies like Java Filters, Java
Beans, ResourceBundles, XML etc.

For the Model, the framework can use any data access
technologies like JDBC, EJB, Hibernate etc and for the View, the
framework can be integrated with JSP, JTL, JSF, Jakarta
Velocity Engine, Templates, PDF, XSLT etc.

Exception Handling:
The Struts 2 Framework allows us to define exception handlers
and inceptors.

 Exception Handlers:
Exception handlers allows us to define the exception
handling procedure on global and local basis. Framework
catches the exception and then displays the page of our
choice with appropriate message and exception details.

 Interceptors:
The Interceptors are used to specify the "request-processing
lifecycle" for an action. Interceptors are configured to apply
the common functionalities like workflow, validation etc.. to
the request.

Struts 2 Architecture

The following diagram depicts the architecture of Struts 2

Framework and also shows the the initial request goes to the
servlet container such as tomcat, which is then passed through
standard filer chain.

Image: Struts 2 Architecture

The filter chain includes:

 Action ContextCleanUp filter:

The ActionContextCleanUp filter is optional and it is useful
when integration has to be done with other technologies like
SiteMash Plugin.

 FilterDispatcher:
Next the FilterDispatch is called, which in turn uses the
ActionMapper to determine whether to invoke an Action or
not. If the action is required to be invoked, the
FilterDispatcher delegates the control to the ActionProxy.

 ActionProxy:
The ActionProxy takes help from Configuration Files
manager, which is initialized from the struts.xml. Then the
 ActionProxy creates an ActionInvocation, which
implements the command pattern. The ActionInvocation
process invokes the Interceptors (if configured) and then
invokes the action. The the ActionInvocation looks for
proper result. Then the result is executed, which involves
the rendering of JSP or templates.

Then the Interceptors are executed again in reverse order.

Finally the response returns through the filters configured
in web.xml file. If the ActionContextCleanUp filter is
configured, the FilterDispatcher does not clean the
ThreadLocal ActionContext. If the ActionContextCleanUp
filter is not present then the FilterDispatcher will cleanup
all the ThreadLocals present.

In this section we have learnt about the Architecture of Struts 2

Framework.

Why Struts 2:
The new version Struts 2.0 is a combination of the Sturts
action framework and Webwork. According to the Struts
2.0.1 release announcement, some key features are:

 Simplified Design - Programming the abstract classes

instead of interfaces is one of design problem of struts1
framework that has been resolved in the struts 2
framework. Most of the Struts 2 classes are based on
interfaces and most of its core interfaces are HTTP
independent. Struts 2 Action classes are framework
independent and are simplified to look as simple POJOs.
Framework components are tried to keep loosely coupled.

 Simplified Actions - Actions are simple POJOs. Any java

class with execute() method can be used as an Action class.
Even we don't need to implement interfaces always.
Inversion of Control is introduced while developing the
action classes. This make the actions to be neutral to the
underlying framework .
 No more ActionForms - ActionForms feature is no more
known to the struts2 framework. Simple JavaBean flavored
actions are used to put properties directly. No need to use
all String properties.

 Simplified testability - Struts 2 Actions are HTTP

independent and framework neutral. This enables to test
struts applications very easily without resorting to mock
objects.

 Intelligent Defaults - Most configuration elements have a

default value which can be set according to the need. Even
there are xml-based default configuration files that can be
overridden according to the need.

 Improved results - Unlike ActionForwards, Struts 2

Results provide flexibility to create multiple type of outputs
and in actual it helps to prepare the response.

 Better Tag features - Struts 2 tags enables to add style

sheet-driven markup capabilities, so that we can create
consistent pages with less code. Struts 2 tags are more
capable and result oriented. Struts 2 tag markup can be
altered by changing an underlying stylesheet. Individual tag
markup can be changed by editing a FreeMarker template.
Both JSP and FreeMarker tags are fully supported.

 Annotations introduced : Applications in struts 2 can use

Java 5 annotations as an alternative to XML and Java
properties configuration. Annotations minimize the use of
xml.

 Stateful Checkboxes - Struts 2 checkboxes do not require

special handling for false values.

 QuickStart - Many changes can be made on the fly without

restarting a web container.
  customizing controller - Struts 1 lets to customize the
request processor per module, Struts 2 lets to customize the
request handling per action, if desired.

 Easy Spring integration - Struts 2 Actions are Spring-

aware. Just need to add Spring beans!

 Easy plugins - Struts 2 extensions can be added by

dropping in a JAR. No manual configuration is required!

 AJAX support - The AJAX theme gives interactive

applications a significant boost.
The framework provides a set of tags to help you ajaxify
your applications, even on Dojo. The AJAX features include:

1. AJAX Client Side Validation

2. Remote form submission support (works with the

submit tag as well)

3. An advanced div template that provides dynamic

reloading of partial HTML

4. An advanced template that provides the ability to load

and evaluate JavaScript remotely

5. An AJAX-only tabbed Panel implementation

6. A rich pub-sub event model

7. Interactive auto complete tag

Struts 1.x Vs Struts 2.x:

In the following section, we are going to compare the various
features between the two frameworks. Struts 2.x is very simple
as compared to struts 1.x, few of its excelent features are:

1. Servlet Dependency:

Actions in Struts1 have dependencies on the servlet API since

the HttpServletRequest andHttpServletResponse objects are
passed to the execute method when an Action is invoked but in
case of Struts 2, Actions are not container dependent because
they are made simple POJOs. In struts 2, the servlet contexts are
represented as simple Maps which allows actions to be tested in
isolation. Struts 2 Actions can access the original request and
response, if required. However, other architectural elements
reduce or eliminate the need to access the HttpServetRequest or
HttpServletResponse directly.

2. Action classes

Programming the abstract classes instead of interfaces is one of

design issues of struts1 framework that has been resolved in the
struts 2 framework.
Struts1 Action classes needs to extend framework dependent
abstract base class. But in case of Struts 2 Action class may or
may not implement interfaces to enable optional and custom
services. In case of Struts 2 , Actions are not container
dependent because they are made simple POJOs. Struts 2
provides a base ActionSupport class to implement commonly
used interfaces. Albeit, the Action interface is not required. Any
POJO object with an execute signature can be used as an Struts
2 Action object.

3. Validation

Struts1 and Struts 2 both supports the manual validation via

a validate method.
Struts1 uses validate method on the ActionForm, or validates
through an extension to the Commons Validator. However, Struts
2 supports manual validation via the validate method and the
XWork Validation framework. The Xwork Validation Framework
supports chaining validation into sub-properties using the
validations defined for the properties class type and the
validation context.

4. Threading Model

In Struts1, Action resources must be thread-safe or

synchronized. So Actions are singletons and thread-safe, there
should only be one instance of a class to handle all requests for
that Action. The singleton strategy places restrictions on what
can be done with Struts1 Actions and requires extra care to
develop. However in case of Struts 2, Action objects are
instantiated for each request, so there are no thread-safety
issues. (In practice, servlet containers generate many throw-away
objects per request, and one more object does not impose a
performance penalty or impact garbage collection.)

5. Testability

Testing Struts1 applications are a bit complex. A major hurdle to

test Struts1 Actions is that theexecute method because it
exposes the Servlet API. A third-party extension, Struts TestCase,
offers a set of mock object for Struts1. But the Struts 2 Actions
can be tested by instantiating the Action, setting properties and
invoking methods. Dependency Injection support also makes
testing simpler. Actions in struts2 are simple POJOs and are
framework independent, hence testability is quite easy in
struts2.

6. Harvesting Input

Struts1 uses an ActionForm object to capture input. And all

ActionForms needs to extend a framework dependent base class.
JavaBeans cannot be used as ActionForms, so the developers
have to create redundant classes to capture input.
However Struts 2 uses Action properties (as input properties
independent of underlying framework) that eliminates the need
for a second input object, hence reduces redundancy.
Additionally in struts2, Action properties can be accessed from
the web page via the taglibs. Struts 2 also supports the
ActionForm pattern, as well as POJO form objects and POJO
Actions. Even rich object types, including business or domain
objects, can be used as input/output objects.

7. Expression Language

Struts1 integrates with JSTL, so it uses the JSTL-EL. The struts1

EL has basic object graph traversal, but relatively weak collection
and indexed property support. Struts 2 can also use JSTL,
however it supports a more powerful and flexible expression
language called "Object Graph Notation Language" (OGNL).

8. Binding values into views

In the view section, Struts1 uses the standard JSP mechanism to

bind objects (processed from the model section) into the page
context to access. However Struts 2 uses a "ValueStack"
technology so that the taglibs can access values without coupling
your view to the object type it is rendering. The ValueStack
strategy allows the reuse of views across a range of types which
may have the same property name but different property types.

9. Type Conversion

Usually, Struts1 ActionForm properties are all Strings. Struts1

uses Commons-Beanutils for type conversion. These type
converters are per-class and not configurable per instance.
However Struts 2 uses OGNL for type conversion. The framework
includes converters for basic and common object types and
primitives.

Introduction to Hibernate 3.0

What is Hibernate?
Hibernate 3.0, the latest Open Source persistence technology at
the heart of J2EE EJB 3.0 is available for download
from Hibernet.org.The Hibernate 3.0 core is 68,549 lines of Java
code together with 27,948 lines of unit tests, all freely available
under the LGPL, and has been in development for well over a
year. Hibernate maps the Java classes to the database tables. It
also provides the data query and retrieval facilities that
significantly reduces the development time. Hibernate is not the
best solutions for data centric applications that only uses the
stored-procedures to implement the business logic in database. It
is most useful with object-oriented domain modes and business
logic in the Java-based middle-tier. Hibernate allows transparent
persistence that enables the applications to switch any database.
Hibernate can be used in Java Swing applications, Java Servlet-
based applications, or J2EE applications using EJB session
beans.

Features of Hibernate

 Hibernate 3.0 provides three full-featured query

facilities: Hibernate Query Language, the newly
enhanced Hibernate Criteria Query API, and enhanced
support for queries expressed in the native SQL dialect of
the database.

 Filters for working with temporal (historical), regional or

permissioned data.

 Enhanced Criteria query API: with full support for

projection/aggregation and subselects.

 Runtime performance monitoring: via JMX or local Java

API, including a second-level cache browser.

 Eclipse support, including a suite of Eclipse plug-ins for

working with Hibernate 3.0, including mapping editor,
interactive query prototyping, schema reverse engineering
tool.

 Hibernate is Free under LGPL: Hibernate can be used to

develop/package and distribute the applications for free.

 Hibernate is Scalable: Hibernate is very performant and due

to its dual-layer architecture can be used in the clustered
environments.

 Less Development Time: Hibernate reduces the development

timings as it supports inheritance, polymorphism,
composition and the Java Collection framework.

 Automatic Key Generation: Hibernate supports the

automatic generation of primary key for your.
  JDK 1.5 Enhancements: The new JDK has been released
as a preview earlier this year and we expect a slow
migration to the new 1.5 platform throughout 2004. While
Hibernate3 still runs perfectly with JDK 1.2, Hibernate3 will
make use of some new JDK features. JSR 175 annotations,
for example, are a perfect fit for Hibernate metadata and we
will embrace them aggressively. We will also support Java
generics, which basically boils down to allowing type safe
collections.

 EJB3-style persistence operations: EJB3 defines

the create() and merge() operations, which are slightly
different to
Hibernate's saveOrUpdate() and saveOrUpdateCopy()operati
ons. Hibernate3 will support all four operations as methods
of the Session interface.

 Hibernate XML binding enables data to be represented as

XML and POJOs interchangeably.

 The EJB3 draft specification support for POJO persistence

and annotations.

Hibernate Architecture
In this lesson you will learn the architecture of Hibernate. The
following diagram describes the high level architecture of
hibernate:
The above diagram shows that Hibernate is using the database
and configuration data to provide persistence services
(and persistent objects) to the application.

To use Hibernate, it is required to create Java classes that

represents the table in the database and then map the instance
variable in the class with the columns in the database. Then
Hibernate can be used to perform operations on the database like
select, insert, update and delete the records in the table.
Hibernate automatically creates the query to perform these
operations.

Hibernate architecture has three main components:

 Connection Management
Hibernate Connection management service provide efficient
management of the database connections. Database
connection is the most expensive part of interacting with
the database as it requires a lot of resources of open and
close the database connection.

 Transaction management:
Transaction management service provide the ability to the
user to execute more than one database statements at a
time.
  Object relational mapping:
Object relational mapping is technique of mapping the data
representation from an object model to a relational data
model. This part of the hibernate is used to select, insert,
update and delete the records form the underlying table.
When we pass an object to a Session.save() method,
Hibernate reads the state of the variables of that object and
executes the necessary query.

Hibernate is very good tool as far as object relational mapping is

concern, but in terms of connection management and
transaction management, it is lacking in performance and
capabilities. So usually hibernate is being used with other
connection management and transaction management tools. For
example apache DBCP is used for connection pooling with the
Hibernate.

Hibernate provides a lot of flexibility in use. It is called "Lite"

architecture when we only uses the object relational mapping
component. While in "Full Cream" architecture all the three
component Object Relational mapping, Connection Management
and Transaction Management) are used

In the next section I will show how to run and test the program.
_R01
FOREIGN KEY (USERIDREF)
REFERENCES HCSS.USERDETAILS (USERID));

DATA DICTIONARY
ADDRESSES :

BANK_DETAILS
EDUCATIONAL_DETAILS

IMPORTANT_FILES

INSURENCE_DETAILS

LOGINDETAILS

MAIL_DETAILS
PANCARD_DETAILS

PASSPORT_DETAILS

USERDETAILS
System Security Measures :

Data Security
Term Definition
Data security is the process of protecting information systems
and its data from unauthorized accidental or intentional
modification, destruction or disclosure. The protection includes
the confidentiality, integrity and availability of these systems and
data.

Risk assessment, mitigation and measurement are key

components of data security. To maintain a secure environment,
data security protocols require that any changes to data systems
have an audit trail, which identifies the individual, department,
time and date of any system change. Companies utilize
personnel, policies, protocols, standards, procedures, software,
hardware and physical security measures to attain data security.
Data security may include one or a combination of all of these.

Data security is not confined to the Information Services or

Information Technology departments, but will involve various
stakeholders including senior management, the board of
directors, regulators, internal and external auditors, partners,
suppliers and shareholders.

Data security encompasses the security of the Information

System in its entirety. The U.S. National Information Systems
Security Glossary defines Information Systems Security
(INFOSEC) as: “The protection of information systems against
unauthorized access to or modification of information, whether in
storage, processing or transit, and against the denial of service to
authorized users or the provision of service to unauthorized
users, including those measures necessary to detect, document,
and counter such threats.“
Protecting data from unauthorized access is one component of
data security that receives a great deal of attention. The concern
for data protection extends beyond corporate concerns but is a
high priority consumer interest as well. Data can be protected
against unauthorized access through a variety of mechanisms.
Passwords, digital certificates and biometric techniques all
provide a more secure method to access data. Once the
authorized user has been authorized or authenticated, sensitive
information can be encrypted to prevent spying or theft. However,
even the most sophisticated data security programs and
measures cannot prevent human error. Security safeguards must
be adhered to and protected to be effective.

a. Creating user profiles and access rights

Step 1.
Open SqlPlus
Enter Administrator User Name:--------
Password:--------
HostString:--------
Step 2.
SQL>create user <username> identified by
<password>;
user Created.

SQL>grant dba to <username>;

grant succeeded.

SQL>conn username/password ;(newly created

username password)
Connected.

SQL>show user;
 user is "username" (check here username).

SQL>select * from tab;

no rows selected.

Step 3.
Start---->Run--->imp--->
username:<username>/<password>
----Press
Enter Key-----

Import file:EXPDAT.DMP><give database dump file

path>
(Example:---> f:\
xxx.dmp)
----Press Enter Key-----

Enter insert buffer size(min is 8192) 30720>

---Press Enter Key---

List Contents of Import file only(yes/no):no> Press -->

n

---Press Enter Key---

Press --> y
---Press Enter Key---

Press --> y
---Press Enter Key---

Press --> y
 ---Press Enter Key---

Press --> y
---Press Enter Key---

SQL>select * from tab;

rows selected.

SQL>desc <tablename>;
It gives column names and datatypes.

SQL>select * from <tablename>;

this is for userids,passwords,logintypes.

Cost of Estimation of Project :

Total Metrics specialises in quantifying software development
projects early in their lifecycle and using their functional size as
input into software project resource estimates of effort, cost,
team size and schedule. We use industry project data sourced
from ISBSG combined with the expert knowledge base of
KnowledgePLAN™ to determine the likely productivity and quality
of the project.

Functional size can be determined as soon as the Business

Requirements are identified. Our project estimates use an
independent 'top down' method of estimating, which complement
the standard 'bottom up' work breakdown methodologies.
However industry experience shows that functional size based
estimates are much more accurate early in the lifecycle of a
project and can be completed in under 3 days of effort as
compared to work breakdown estimates which need detailed
project information and take weeks to develop.
Our estimation techniques have been proven to be accurate and
provide an independent estimate of project budget and schedule
requirements.

Why Estimate?
The accuracy of project estimates can have a dramatic impact on
profitability. Software development projects are characterised by
regularly over running their budgets and rarely meeting
deadlines.
Effective software estimation is one of the most important
software development activities however it is also one of the most
difficult. Under estimating a project will lead to under staffing it,
under scoping the quality assurance effort and setting too
short a schedule. That in turn can lead to staff burnout , low
quality , loss of credibility, deadlines being missed and
ultimately to inefficient development effort that takes longer than
normal. Overestimating a project can be almost as bad.
Parkinson's Law is that work expands until available time comes
into play. Which means that the project will take as long as
estimated even if the project is over estimated. An accurate
estimate is a critical part of the foundation of efficient software
development.

Total Metrics uses Functional Size Measures and Industry

data to develop Project Estimates :
Size is a major driver of effort, duration and risk. Once Total
Metrics can measure the functional size of your project then the
estimates of cost, duration, effort and defects can be created.
Estimating is a critical business process, especially at the early
stages of the project.
Enterprises have limited resources of personnel, time and
budget, and proper estimating will allow the leaders of the
enterprise to properly allocate these limited resources to
achieve the highest benefits.
There are detailed estimating processes in many different
industry sectors. In the building industry, there are standard
books with detailed methodologies for all of the craftsmen
required to build a home or building In engineering, there are
similar guidelines based on physics and chemistry If these
disciplines have strong estimating practices, then why is software
estimation's track record so abysmal?
The information technology (IT) trade magazines are constantly
filled with stories of runaway projects which have exceeded their
original budgets by multiples of two and higher, projects which
failed to meet the users' requirements, time of delivery, or
projects which were cancelled after substantial financial
Investments. These failed projects seem to have some consistent
elements:

 Inadequate project definition

 Lack of scope control

 Poor or non-existent estimating process

 Misapplication of metrics

 Lack of project management

LIMITATIONS AND SCOPE FOR FUTURE ENHANCEMENTS:

Limitations of the system:.
 System works in all platforms and its compatible
environments.
 Advanced techniques are not used to check the
authorization.
Future Enhancements:
It is not possible to develop a system that makes all the
requirements of the user. User requirements keep changing as
the system is being used. Some of the future enhancements that
can be done to this system are:
 As the technology emerges, it is possible to upgrade the
system and can be adaptable to desired environment.
 Because it is based on object-oriented design, any further
changes can be easily adaptable.
 Based on the future security issues, security can be
improved using emerging technologies.
 Attendance module can be added
 sub admin module can be added
PROJECT SUMMARY
This application software has been computed successfully
and was also tested successfully by taking “test cases”. It is user
friendly, and has required options, which can be utilized by the
user to perform the desired operations.
The software is developed using Java as front end and
Oracle as back end in Windows environment. The goals that are
achieved by the software are:
 Optimum utilization of resources.
 Efficient management of records.
 Simplification of the operations.
 Less processing time and getting required information.
 User friendly.
 Portable and flexible for further enhancement.
REPORTS:
WORK DONE:

The HCSS was successfully designed and is tested for accuracy

and quality.
During this project we have accomplished all the objectives and
this project meets the needs of the organization. The developed
will be used in searching, retrieving and generating information
for the concerned requests.
GOALS
 Reduced entry work
 Easy retrieval of information
 Reduced errors due to human intervention
 User friendly screens to enter the data
  Portable and flexible for further enhancement
 Web enabled.
 Fast finding of information requested
BIBILIOGRAPHY
(1) Java Complete Reference by Herbert Shield
(2) Database Programming with JDBC and Java by George
Reese
(3) Java and XML By Brett McLaughlin
(4) Wikipedia, URL: http://www.wikipedia.org.

(5) Answers.com, Online Dictionary, Encyclopedia and much

more, URL: http://www.answers.com

(6) Google, URL: http://www.google.co.in

(7) The Complete Refernce Struts James Holmes

Struts: The Complete Reference, 2nd Edition - Free PDF Ebooks
Download

comcol.nl: Struts: The Complete Reference, Second Edition ...

STRUTS:The complete Reference

(8) Jakarta Struts Pocket Reference Chuck Cavaness,

Brian Keeton

(9) Hibernate Tutorial in PDF URL:

www.tutorialspoint.com/hibernate/hibernate_pdf_version.htm

(10) NARESH I TECHNOLOGIES MATERIALS