Java Stones is a framework for creating secure database web applications in Java. It is still in development stage.
This page shows a very small demo application that is implemented on the top of the Stones framework.
The application only consists of a database-based authentication system, and a page displaying some user's
information. Its purpose is only to illustrate the usage of the framework.
The source code of the demo application can be downloaded
here. There is no online demo for the moment.
To install the demo, you need the following:
To run the demo within Eclipse:
- Windows 2000/XP. The demo does not run on Linux as it currently uses an Access database. Microsoft Access is not mandatory,
only the Access ODBC driver is required.
- Eclipse 3.2 or better
- Apache Tomcat 5.5 or better.
- The Sysdeo Tomcat plugin for Eclipse.
The DevLoader utility which is part of the plugin must be installed as well.
Note that the plugin must be configured within Eclipse: the minimal requirement is to specify the Tomcat
version and home folder. Use the "Tomcat" category in the dialog of the "Window->Preferences" menu.
- Import the "StonesTest" project into Eclipse. The project should be recognized as a Tomcat project.
- Create an ODBC User DNS named "StonesTest" (Menu "Start" of Windows XP, then Control Panel -> Administrative Tools ->
Data Sources; button "Add").
Use the Microsoft Access driver and select the file "Database.mdb" located in the folder "Data" of the
- Start the Tomcat server with the menu "Tomcat->Démarrer Tomcat"
- Open a web browser and type the address:
Note well the ".jst" extension.
The demo web application has only two pages:
The purpose of these two pages is to illustrate various aspects of the Stones framework. See below for more informations.
- A login page that allows the user to authenticate. The user names and passwords are stored in the database.
For this demo, you can use the user name "jdoe" and the password "stones" to test the authentication.
- A page that prints various informations from the database:
- A welcome message with the name of the user
- A list of the user's roles
- The list of other users that have the administrator role
- A table with all users and their roles.
Here we briefly describe how the demo application is implemented. Also have a look at the comments in the source code.
The database access is performed using the Active Record design pattern: for each table, there is a corresponding
class. The fields of a class correspond to the columns of the table, and an instance of a class correspond to a
row of the table that is loaded in memory. Additionally, a nested class provides a descriptive information on the table
and its fields.
Most of the code of the classes that correspond to tables are generated automatically by an Eclipse plugin. This demo
applications uses only three tables, and hence three corresponding classes (in the package diuf.stones.test.demo1.db):
- The "tblUsers" table holds the users' information (first name, last name, user name, password). The corresponding
class is User.java.
- The "tblRoles" table holds the list of roles. The corresponding class is Role.java.
- The "tblUserRoles" table holds the many-to-many relationship between users and roles. The corresponding class
The base class, DemoPageBase.java
This class implements functionalities that are potentially used by all web pages of the application:
It is located in the diuf.stones.test.demo1 package.
- The connection to the database
- The authentication, and the related checks.
The login page
This page implements the "Login" web page. Note that the Stones framework uses the Code-Behind model:
Each web page is implemented by two different files:
Mind that HTML elements with an "id" attribute in the ".html" file are automatically mapped to fields with the same
name in the Java class.
- An ".html" template file with the static content only
- A ".java" class, whose purpose is process all requests of the page by adding dynamic content.
The main page
This page displays various informations about the current user and the other users. The Java class is MainPage.java.
Note that database accesses are methods invocations to a class of the diuf.stones.test.demo1.db package.
Also note that the application does not use HTML syntax directly. All the HTML that is generated is generated using
object and methods of the Stones framework. Because the framework encodes all textual contents passed by the application,
risks of Cross Site Scripting are mitigated.
Finally note that the renderRolesTable method uses the HTML object model to build an HTML table. This illustrates
the use of this low-level model. In practice (and in the future), a higher-level object (similar to JSP's custom tags) will
be provided by the framework for common visual elements such as tables, trees, etc.