Java Stones

Early preview


Java Stones is a framework for creating secure database web applications in Java. It is still in development stage. This page shows a very small demo application that is implemented on the top of the Stones framework. The application only consists of a database-based authentication system, and a page displaying some user's information. Its purpose is only to illustrate the usage of the framework.


The source code of the demo application can be downloaded here. There is no online demo for the moment.


To install the demo, you need the following:

To run the demo within Eclipse:


The demo web application has only two pages:

The purpose of these two pages is to illustrate various aspects of the Stones framework. See below for more informations.


Here we briefly describe how the demo application is implemented. Also have a look at the comments in the source code.

Database Access

The database access is performed using the Active Record design pattern: for each table, there is a corresponding class. The fields of a class correspond to the columns of the table, and an instance of a class correspond to a row of the table that is loaded in memory. Additionally, a nested class provides a descriptive information on the table and its fields.

Most of the code of the classes that correspond to tables are generated automatically by an Eclipse plugin. This demo applications uses only three tables, and hence three corresponding classes (in the package diuf.stones.test.demo1.db):

The base class,

This class implements functionalities that are potentially used by all web pages of the application:

It is located in the diuf.stones.test.demo1 package.

The login page

This page implements the "Login" web page. Note that the Stones framework uses the Code-Behind model: Each web page is implemented by two different files:

Mind that HTML elements with an "id" attribute in the ".html" file are automatically mapped to fields with the same name in the Java class.

The main page

This page displays various informations about the current user and the other users. The Java class is Note that database accesses are methods invocations to a class of the diuf.stones.test.demo1.db package. Also note that the application does not use HTML syntax directly. All the HTML that is generated is generated using object and methods of the Stones framework. Because the framework encodes all textual contents passed by the application, risks of Cross Site Scripting are mitigated.

Finally note that the renderRolesTable method uses the HTML object model to build an HTML table. This illustrates the use of this low-level model. In practice (and in the future), a higher-level object (similar to JSP's custom tags) will be provided by the framework for common visual elements such as tables, trees, etc.