1 / 23

Online Payment Services

Online Payment Services. Ezz Hantash. Java What?!. Began in1990 by Patrick Naughton , Mike Sheridan, and James Gosling Originally Oak It was a revolutionary idea creating the next wave of application development. Java Enterprise Edition. Separate presentation from business logic

boyce
Download Presentation

Online Payment Services

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Online Payment Services Ezz Hantash

  2. Java What?! • Began in1990 by Patrick Naughton, Mike Sheridan, and James Gosling • Originally Oak • It was a revolutionary idea creating the next wave of application development

  3. Java Enterprise Edition • Separate presentation from business logic • Build structured enterprise applications that facilitate code reuse • Deployment on any platform, anytime, anywhere • Scalability, robustness, and performance

  4. The Application Framework

  5. Project Summary • Develop of an e-commerce website • Interface to facilitate online payment for insurance renewal services • Provide interoperability and flexibility • Offer top security against fraudulent transactions

  6. Relationship

  7. Payment User Interface • End User Fields • Credit Card Type (Visa, Mastercard, AMEX) • Card Holder Name • Credit Card Number • Card Expiry Date • Card Verification Value (CVV2)

  8. Payment Transaction • Bank Gateway Servers • Proprietary Java API’s • Not open source (class files supplied to merchant) • Back-end connection to the global credit card networks

  9. Web Services in Action: The Payment Proxy

  10. Code Design Request XML • <XMLPayRequestproxyReqType="CardSale" handShakeKey="e1r2e3f5f8c90912" MerchantID=“12345" AgentID="09090909" Quantity="2" Amount=“6400" BankID=“RPAY" NationalID="0809000000000" CardExpiryDate="1210" CardHolderName="Ezzeddin Abuhantash" CardNumber="4929802251265574" CurrencyCode="840" Cvv2="684" ItemDescription=“Home Insurance Coverage for Client 5493" ItemID="1" Language="EN" MerchantSessionID="e14e13d45c87d39099" PaymentUniqueNumber="AA7899" /> • <XMLPayRequestproxyReqType="AutoUpdate" handShakeKey=" e1r2e3f5f8c90912" MerchantID="928374" BankID=“RPAY" PaymentUniqueNumber="AA7899" />

  11. Code Design Response XML • <XMLPayResponse> • <Status statusCode="100" statusMessage="Success In Parsing XML Data"/> • <PayNetResponseresponseCode="Sale-0000" acsUrl=”null” paMsg=”null”/> • </XMLPayResponse> • <XMLPayResponse> • <Status statusCode="100" statusMessage="Success In Parsing XML Data"/> • <PayNetResponseresponseCode="Autoupdate-0000"/> • </XMLPayResponse>

  12. Java Servlet java.net.URL; java.util.Vector; java.util.Properties; javax.servlet.ServletException; javax.servlet.http.HttpServlet; javax.servlet.http.HttpServletRequest; javax.servlet.http.HttpServletResponse; org.apache.soap.Constants; org.apache.soap.Fault; org.apache.soap.SOAPException; org.apache.soap.rpc.Call; org.apache.soap.rpc.Parameter; org.apache.soap.rpc.Response;

  13. Configuring theTomcat App Server • Make sure that JAVA_HOME is set correctly to the location of the JRE. • In order to compile xmlpay web service successfully: • OS environment variable CLASSPATH has to be set to: "%JREPath%/lib; %JREPath%/lib/j2ee.jar;%JREPath%/lib/P1XMLPayMerchant.jar" • Dependency jars along with P1XMLPayMerchant.jar have to be copied to %JREPath%/lib • To compile the servlet; • javac %JREPath%/projects/xmlpay/web/WEB-INF/classes/PayNetProxy.java

  14. Configuring theTomcat App Server • In order to deploy and run the PayNetProxyservlet successfully: • Copy contents of configuration directory containing paynet'sapiconfig files to WEB-INF/classes • Copy P1XMLPayMerchant.jar and all related dependencies to WEB-INF/lib • Commands: • cd %AppServerPath%/projects/xmlpay/ • ant • xmlpay.war is created under %AppServerPath%/projects/xmlpay/build/assemble/war • Copy xmlpay.war to the webapps folder and it will automatically be deployed • Catalina security manager has to be configured (/usr/share/tomcat5.5/policy.d/04webapps.policy): • $ sudo vim /etc/tomcat5.5/policy.d/04webapps.policy • add: • grant codeBase "file:/usr/share/tomcat5.5/webapps/xmlpay/WEB-INF/-" { permission java.security.AllPermission; }; • grant codeBase "file:/usr/share/tomcat5.5/webapps/xmlpay/WEB-INF/lib/-" { permission java.security.AllPermission; }; • grant codeBase "file:/usr/share/tomcat5.5/webapps/xmlpay/-" { permission java.security.AllPermission; };

  15. Response CODES!!!

  16. Response CODES!!!

  17. Security • Securing the interaction between clients, web services, and payment gateways. • Software and Hardware Firewall Ports • Application Server Security (Catalina Security Manager ) • Web Services Security (Handshake Keys in a SOAP Envelope) • PKI (Public Key Infrastructure) • SSL/HTTPS • 3-Domain Security (Visa)

  18. SSL Security SSL SSL

  19. PKI Security Private Public Key Pair Private Public Key Pair

  20. Web Services Security SOAP Handshake

  21. Remarks • Passed all test case scenarios • Other application nodes now connect to and invoke the xmlpay proxy service • Bank’s outsourced IT services lacked some competencies • Human learning and technology development

  22. Challenges

  23. Questions

More Related