Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Multi-Threaded Programming in Java
Document related concepts
Transcript
Servlets and the Java Web Server Server-Side Programming Made Easy Written by Alex Chaffee ([email protected]) Contents Copyright (c) 1998 Purple Technology, Inc. 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 1 Servlets and the Java Web Server Course Outline Servlet Overview Using Servlets Writing Servlets Saving State Java Web Server Features Appendix: CGI Tutorial Appendix: FAQ Inside the Exercises Handout 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 2 Section I Servlet Overview 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 3 Servlets and the Java Web Server What Is A Servlet A Java object Plug-in for a web server Replacement for CGI scripts Can also be used to extend server as a plug-in Full power of Java Platform-independent Database access Fun to write 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 4 Servlets and the Java Web Server Server/Service/Servlet server - a process running on a host machine Apache, Java Web Server service - a protocol running on a port HTTP, FTP servlet - a module running inside a service PhoneServlet 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 5 Servlets and the Java Web Server Servlet/Service/Server Diagram (diagram from Java Web Server tutorial) 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 6 Servlets and the Java Web Server Servlets vs. Applets Servlets have no GUI Server-side, not client-side Different security model Installed, not downloaded But you can download remote servlets too Consistent server-side VM Much easier to test 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 7 Servlets and the Java Web Server Servlets vs. CGI "performance, flexibility, portability, and security" (whitepaper) Faster and Leaner No fork-process like Perl No need to initialize for each request Only lightweight thread context switching Built-in multithreading 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 8 Servlets and the Java Web Server Servlets vs. CGI (Cont.) Easy to manage state share data across successive requests share data between concurrent requests use hidden fields, cookies, or sessions Write once, run anywhere It's easy to write unportable Perl Servlets have standard API Supports all methods GET, POST, PUT, DELETE, et al. 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 9 Servlets and the Java Web Server Servlets vs. FastCGI FastCGI sends multiple requests to a single separate process requires process context switch Servlets send multiple requests to multiple threads in same process requires lightweight thread context switch (Also applies to ISAPI) Nice diagram in White Paper Servlets also automatically take advantage of multiprocessors if the underlying JVM does 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 10 Servlets and the Java Web Server Supported Servers Java Web Server Apache Netscape Many others (see web site) Servlet Engines IBM's ServletExpress Live Software’s JRun 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 11 Servlets and the Java Web Server Servlet Security Trusted Servlets (full access) JWS Internal Local (in the "servlets" directory) Servlet Sandbox Signed Network Servlets (full access) Unsigned Network Servlets (limited access) 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 12 Servlets and the Java Web Server Servlet Security: Implications IT managers can sign servlets for use in their organization ISPs can allow users to run servlets less of a security hole than CGI scripts, since Java is safe and secure (at least more so than C or Perl) still allows denial-of-service attacks Network servlets are possible chaining / proxying allows agents common servlet repository for multiple servers one place to install updates 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 13 Servlets and the Java Web Server Servlet Security: Problems Too simplistic All or nothing Should allow ACLs for particular signers They claim it will in a future version Should get better with 1.2 security model Finer-grained access control 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 14 Servlets and the Java Web Server Servlet Client Security Java Web Server Allows Access Control Lists for clients Supports HTTP authentication Supports Digest Authentication Other Web Servers Usually support HTTP authentication May have other security features 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 15 Servlets and the Java Web Server SSL in JWS It works Extra $$ https: supported Digest Authentication supported SSL 3 (client certificates) required 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 16 Servlets and the Java Web Server Authenticating the user’s identity HTTP Authentication Username/password sent to server on every request (like cookies) Very light encryption (uuencode) Digest Authentication Cryptographic handshaking between client and server Very good encryption Not supported by all servers/browsers 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 17 Servlets and the Java Web Server User Authentication Methods request.getRemoteUser() returns username request.getAuthType() HTTP or Digest request.getScheme() “http” or “https” 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 18 Servlets and the Java Web Server API Availability Standard Java Extension API From white paper: "This means that while it is not part of the core Java framework which must always be part of all products bearing the Java brand, it will be made available with such products by their vendors as an add-on package." package javax.servlet.*, javax.servlet.http.* 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 19 Servlets and the Java Web Server Servlet Architectures:Three-tier system Tier 1: Client HTML browser Java client Tier 2: Servlets embody business logic secure, robust Tier 3: Data Sources Java can talk to SQL, CORBA, OODB, File system, etc. etc. 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 20 Servlets and the Java Web Server Servlet Architectures: N-tier system Tier 1: HTML Browser Tier 2: Servlet User interface Tier 3: EJB/CORBA/RMI Objects Business logic Tier 4: Other Servers (e.g. RDBMS) Data storage 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 21 Servlets and the Java Web Server Servlet Architectures: Web Publishing SSI Servlets JSP Servlets Best to keep business logic inside Java objects Keep the JSP light so designers don’t get scared Chaining servlets Multiple servers data gathering, collecting, serving, load balancing, etc. 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 22 Section II Using Servlets 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 23 Servlets and the Java Web Server Loading Servlets From CLASSPATH includes <root>/classes/ on JWS From <root>/servlets/ directory not in classpath servlets can be added or recompiled inside a running server class.initArgs file From remote codebase specified by URL 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 24 Servlets and the Java Web Server Remote Servlets Three ways to configure configure with Administration Tool invoke inside a server-side include configure inside a servlet chain Loaded in a Servlet Sandbox more later 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 25 Servlets and the Java Web Server What's In A Name A servlet's name is its class name if it's in the servlets directory Or, you can assign it a name in the "Add Servlet" admin tool maps code word to servlet class Name is usually a single word possibly with a package name and dots no other punctuation 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 26 Servlets and the Java Web Server Standard Servlets DateServlet echoes current date/time EchoServlet echoes CGI parameters (good for testing) MailServlet sends email in response to a CGI form RedirectServlet used by server to manage HTTP redirects SessionServlet used by server to manage sessions Many more... 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 27 Servlets and the Java Web Server Server-side Includes (SSI) Must be in a file named .shtml or .jsp can change this with Admin Tool Normal SSI <!--#include file="foo.txt" --> Servlet SSI <servlet code=DateServlet.class> </servlet> 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 28 Servlets and the Java Web Server SSI Details pass init parameters in servlet tag pass servlet parameters in param tags can specify codebase in servlet tag e.g. <servlet code=DateServlet.class codebase=http://servlets.foo.com/ initParam1=val1 initParam2=val2> <param name=serviceParam1 value=val3> <param name=serviceParam2 value=val4> </servlet> 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 29 Servlets and the Java Web Server URL invocation Directly from browser as URL http://www.myserver.com/servlet/MyServlet From inside FORM tag as script <FORM METHOD=POST ACTION=”/servlet/MyServlet”> ... </FORM> From inside JHTML or JSP page Uses “Page Compilation” Compiles the jsp file into a servlet on the fly, then executes it 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 30 Servlets and the Java Web Server A Note on CLASSPATH and JWS JWS uses its own JRE Three ways to add classes Put the class files into the “classes” subdirectory Jar them, and put the jar files into the “lib” subdirectory Start the server with the -classpath option httpd -classpath c:\projects\utils 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 31 Section III Writing Servlets 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 32 Servlets and the Java Web Server The Servlet API Independent of web protocol server brand or platform whether it's local or remote Simple, small, easy Base class provides core functionality; just extend it 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 33 Servlets and the Java Web Server CGI, or not, whichever Fairly generic interface Accepts query, returns response Used for plugins, etc. 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 34 Servlets and the Java Web Server Servlet Architecture Overview Servlet Interface methods to manage servlet GenericServlet implements Servlet interface HttpServlet extends GenericServlet exposes HTTP-specific functionality 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 35 Servlets and the Java Web Server Servlet Architecture Overview ServletRequest What the client says to the server Access to information like protocol, client IP#, parameters, and body ServletResponse What the servlet says to the client HttpServletRequest, HttpServletResponse HTTP-specific communication and information State-tracking and session management 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 36 Servlets and the Java Web Server Servlet Lifecycle Overview Server loads and instantiates servlet Server calls init() Loop Server receives request from client Server calls service() service() calls doGet() or doPost() Server calls destroy() More detail to come later... 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 37 Servlets and the Java Web Server ServletRequest passed to the service() method contains lots of useful goodies… Client info URL info Content info Content itself User-entered parameters 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 38 Servlets and the Java Web Server ServletRequest - Client Info getRemoteAddr() Returns the IP address of the agent that sent the request getRemoteHost() Returns the fully qualified host name of the agent that sent the request getProtocol() Returns the protocol and version of the request as a string of the form <protocol>/<major version>.<minor version>. 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 39 Servlets and the Java Web Server ServletRequest - URL Info getScheme() Returns the scheme of the URL used in this request, for example "http", "https", or "ftp". getServerName() Returns the host name of the server that received the request getServerPort() Returns the port number on which this request was received getServletPath() Returns the URI path that got to this script, e.g. “/servlet/com.foo.MyServlet” Useful for putting in a <FORM> tag 40 See also getRequestURI() (in Technology HttpServletRequest) 5/24/2017 Copyright © 1997-8, Purple Inc. Servlets and the Java Web Server ServletRequest - Content Info getContentLength() Returns the size of the request data getContentType() Returns the MIME type of the request data 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 41 Servlets and the Java Web Server ServletRequest - Content getInputStream() Returns an input stream for reading binary data in the request body. getReader() Returns a buffered reader for reading text in the request body. 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 42 Servlets and the Java Web Server ServletRequest - Parameters String getParameter(String) Returns a string containing the lone value of the specified parameter, or null if the parameter does not exist. Was deprecated, but due to popular demand, it'll be undeprecated String[ ] getParameterValues(String) Returns the values of the specified parameter for the request as an array of strings, or null if the named parameter does not exist. For parameters with multiple values, like lists Enumeration getParameterNames() Returns the parameter names for this request as an enumeration of strings, or an empty enumeration if there are no parameters or the input stream is empty. 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 43 Servlets and the Java Web Server ServletResponse Embodies the response Basic use: response.setContentType("text/html"); PrintWriter out = response.getWriter(); out.println( "<HTML><BODY>Hello</BODY></HTML>"); 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 44 Servlets and the Java Web Server ServletResponse - Output getWriter() for writing text data getOutputStream() for writing binary data or for writing multipart MIME you must call setContentType() before calling getWriter() or getOutputStream() by default it's text/plain, which you don't want 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 45 Servlets and the Java Web Server The GenericServlet class implements Servlet also implements Serializable, ServletConfig implements all Servlet methods so you don't have to 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 46 Servlets and the Java Web Server The HelloWorld Servlet import javax.servlet.*; import java.io.*; public class HelloServlet extends GenericServlet { public void service(ServletRequest req, ServletResponse res) throws IOException, ServletException { res.setContentType("text/plain"); ServletOutputStream out = res.getOutputStream(); out.println("Hello, World!"); } } 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 47 Servlets and the Java Web Server The HttpServlet class extends the GenericServlet base class provides a framework for handling the HTTP protocol has its own subclasses of ServletRequest and ServletResponse that do HTTP things 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 48 Servlets and the Java Web Server HttpServlet methods provides helper methods for HTTP methods doGet (GET and HEAD) doPost (POST) doPut, doDelete (rare) doTrace, doOptions (not overridden) the service() method dispatches requests to the do* methods 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 49 Servlets and the Java Web Server HttpServlet: Receiving Data getParameter / getParameterValues / getParameterNames process the data and return you the parameters getQueryString for GET method returns a single string in url-encoded format getReader / getInputStream for POST, PUT, DELETE returns a stream of characters / bytes mutually exclusive use EITHER getParameter* OR one of the others (never both) 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 50 Servlets and the Java Web Server SimpleServlet (GET) public class SimpleServlet extends HttpServlet { public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { // set header field first res.setContentType("text/html"); // then get the writer and write the response data PrintWriter out = res.getWriter(); out.println( "<HEAD><TITLE> SimpleServlet Output</TITLE></HEAD><BODY>"); out.println("<h1> SimpleServlet Output </h1>"); out.println("<P>This is output is from SimpleServlet."); out.println("</BODY>"); out.close(); } public String getServletInfo() { return "A simple servlet"; } } 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 51 Servlets and the Java Web Server DateServlet public class DateServlet extends HttpServlet { public void service( HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { Date today = new Date(); res.setContentType("text/plain"); ServletOutputStream out = res.getOutputStream(); out.println(today.toString()); } public String getServletInfo() { return "Returns a string representation of the current time"; } } 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 52 From Java Web Server Tutorial by Sun Microsystems Servlets and the Java Web Server HelloHttpServlet Reads in a parameter Can use a form <FORM METHOD=GET ACTION=”/servlet/HelloHttpServlet”> <INPUT NAME=name> </FORM> Can use right in a URL http://localhost:8080/servlet/HelloHttpServlet?name=Fred Outputs it as HTML 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 53 Servlets and the Java Web Server HelloHttpServlet public class HelloHttpServlet extends HttpServlet { public void doGet(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException { String name = req.getParameter("name"); if (name == null) name = "Joe"; res.setContentType("text/plain"); ServletOutputStream out = res.getOutputStream(); out.println("Hello, " + name + "!"); } } 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 54 Servlets and the Java Web Server More Advanced Servlets See Post Servlet from Servlet Tutorial 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 55 Servlets and the Java Web Server HttpServletRequest Cookie[ ] getCookies() returns list of cookies sent by client String getMethod() GET, POST, etc. String getRequestURI() returns the URI or URL that was invoked useful for putting inside <FORM> tag 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 56 Servlets and the Java Web Server HttpServletRequest (Cont.) CGI Variable Methods getServletPath(), getPathInfo(), getPathTranslated(), getQueryString(), getRemoteUser(), getAuthType() String getHeader(String name) Session Management Methods HttpSession getSession(boolean create) More later... 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 57 Servlets and the Java Web Server HttpServletResponse Contains HTTP status codes as constants int HttpServletResponse.SC_NOT_FOUND = 404; Can send Error or Status codes to client Deals with Cookies Deals with HTTP Headers Can send HTTP Redirect to client 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 58 Servlets and the Java Web Server Servlet Lifecycle: Init() public void init(ServerConfig cfg) called once, when servlet loads don't worry about synchronization perform costly setup here, rather than once per request open database connection(s) load in persistent data spawn background threads 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 59 Servlets and the Java Web Server Init Details if you fail, throw an UnavailableException must call super.init(cfg), which saves off cfg if you like, you can save it yourself and override getServletConfig, but why bother? Can call getInitParameter(paramName) to read from the server-side config file 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 60 Servlets and the Java Web Server Servlet Lifecycle: Service public void service(ServletRequest req, ServletResponse res) takes Request and Response objects called many times, once per request 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 61 Servlets and the Java Web Server service() and Concurrency Might be called simultaneously in several threads it is your responsibility to handle synchronized access to shared resources It is possible to declare a servlet as singlethreaded implement SingleThreadModel (empty interface) performance will suffer (if there are multiple simultaneous requests) You can use class-static data to share data across successive or concurrent requests 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 62 Servlets and the Java Web Server Servlet Lifecycle: Destroy public void destroy() takes no parameters you must clean up close database connections stop threads Afterwards, servlet may be garbage collected 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 63 Servlets and the Java Web Server Servlet Lifecycle: Destroy Details The server calls destroy after all service calls have been completed, or after a certain number of seconds have passed, whichever comes first. Warning: other threads might be running service requests, so be sure to synchronize, and/or wait for them to quit Sun's Servlet Tutorial has an example of how to do this with reference counting Destroy can not throw an exception, so if something bad happens, call log() with a helpful message (like the exception) See “closing a JDBC connection” example in Tutorial 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 64 Servlets and the Java Web Server Init Parameters ServletConfig String getInitParameter() Enumeration getInitParameterNames() There are convenience methods of the same name inside GenericServlet Init Parameters are set by the server administrator Servlet Parameters are set by the web page 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 65 Servlets and the Java Web Server ServletContext call GenericServlet.getServletContext() getServlets() returns list of all installed Servlets getServlet(String name) returns the named Servlet log() see next slide 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 66 Servlets and the Java Web Server Logging GenericServlet.log(String message) Writes the name of your servlet, plus the message, to the server log file Location of log file is server-specific on JWS, you can check in the Admin Tool "If a servlet will have multiple instances (for example, if the network service runs the servlet for multiple virtual hosts), the servlet writer should override this method. The specialized method should log an instance identifier, along with the requested message." - Javadoc for GenericServlet But usually, there is only one instance of each servlet, called reentrantly by the web server 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 67 Servlets and the Java Web Server Servlet.getServletInfo() You should override this method Returns a string containing author, version, copyright, etc. 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 68 Servlets and the Java Web Server 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 69 Servlets and the Java Web Server HTTP Servlet Efficiency 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 70 Servlets and the Java Web Server Efficiency: KeepAlive HTTP keepalive improves performance Keeps connection alive across multiple HTTP requests Servlet must set content-length You can write to a ByteArray or StringBuffer, then get its length before writing it res.setContentLength(sb.length()); out.print(sb); KeepAlive should be enabled by default if all you do is write short strings, then close the output stream but maybe not 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 71 Servlets and the Java Web Server Efficiency: getLastModified long HttpServlet.getLastModified( HttpServletRequest req ) Returns the time the requested entity was last modified difference in milliseconds between that time and midnight, January 1, 1970 negative = unknown (or dynamic) Improves performance on browser/proxy caching 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 72 Section IV Saving State 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 73 Servlets and the Java Web Server Saving State: Why Shopping Cart User Preferences “Wizard” interfaces i.e., successive linked dialog boxes / form entry pages 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 74 Servlets and the Java Web Server Saving State: How Client-side storage Hidden fields URL Rewriting Cookies Server-side storage Instance variables Database Access JWS Session Management Best possible solution (but still flawed) 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 75 Servlets and the Java Web Server Hidden Fields Save data inside the servlet, keyed to a handle Store a handle inside each successive FORM Use that handle to retrieve data each query Of course, you could always store all the data in hidden fields, instead 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 76 Servlets and the Java Web Server Hidden Fields: Example private Dictionary cache = new Hashtable(); public void doGet(...) { String handle = getParameter(“handle”); UserData data; if (handle == null) { data = new UserData(); handle = makeNewHandle(); // defined elsewhere cache.put( handle, data ); } else data = (UserData)cache.get(handle); 77 5/24/2017 Copyright © 1997-8, Purple Technology Inc. ... Servlets and the Java Web Server Hidden Fields: Example out.println(“<FORM ACTION=/servlet/Whatever>”); out.println( “<INPUT TYPE=hidden NAME=handle VALUE=” + handle + “>”); out.println( ... rest of form ... ); 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 78 Servlets and the Java Web Server Hidden Fields: Example Survey.java 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 79 Servlets and the Java Web Server Hidden Fields: Pros and Cons Pros Well understood You have control Can use your own caching mechanism 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 80 Servlets and the Java Web Server Hidden Fields: Pros and Cons Cons Need to use FORMs hidden fields do not persist across normal links Sessions are not persistent across server restarts unless you write code to do it Sessions do not expire unless you write code to do it 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 81 Servlets and the Java Web Server URL Rewriting Change HREF and ACTION URLs on the fly Change “/servlet/catalog” into “/servlet/catalog?user=1234” 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 82 Servlets and the Java Web Server URL Rewriting Pro: Don’t need to use FORMs Con Lose user if he/she travels outside your web site Need to use Servlet for all accesses -- can’t access a raw HTML page 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 83 Servlets and the Java Web Server Using Instance Variables for State Session data stored in instance variables directly is bad - not valid for multiple users indirectly is better - in a hashtable or vector, keyed off a unique handle Pro: Quick, easy Con: Not persistent, memory can fill up easily 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 84 Servlets and the Java Web Server Database State Session data stored in a database You should open a connection to the database in your init() method, and close it in your destroy() method You can still use the hidden field technique When you get a handle, you pull in the user data via a DB query 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 85 Servlets and the Java Web Server Database State: Pros and Cons Pro: persistent high capacity Con: more complicated have to write more code still doesn’t automatically expire old sessions 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 86 Servlets and the Java Web Server C is for Cookie Cookie Monster is a trademark of Children’s Television Workshop 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 87 Servlets and the Java Web Server What’s A Cookie? Client-side storage Server can drop arbitrary data on browser Sent back to server on EVERY successive request Automatically expires Cookies should be neither large nor numerous Browsers should support twenty cookies per host, of at least four kilobytes each 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 88 Servlets and the Java Web Server Cookie Uses save session data save handle to session data store user preferences for next session store user login information not very secure, but appropriate for some applications 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 89 Servlets and the Java Web Server Cookies and Servlets Servlets can easily use Cookies HttpServletRequest.getCookies() method HttpServletResponse.addCookie() method Cookie object 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 90 Servlets and the Java Web Server javax.servlet.http.Cookie get/setName() get/setValue() Attributes Comment, Domain, MaxAge, Path, Secure, Version 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 91 Servlets and the Java Web Server Cookie Example Cookie Counter Servlet Counter.java 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 92 Servlets and the Java Web Server Cookie Pros and Cons Pro: No server-side storage requirements Survive server restarts Automatically expire Con: Not supported by all browsers Bandwidth limitations Not good for large amount of data User can disable them 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 93 Servlets and the Java Web Server Detecting Cookie Acceptance CookieDetector.java Drops a cookie on the client Sends a redirect back to CookieDetector, with a flag saying “this is the test phase” The test phase detects whether The client accepted the cookie The client rejected the cookie (or the browser doesn’t support cookies) Sends another redirect to appropriate page You can tell the user “pretty please” here 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 94 Servlets and the Java Web Server JWS Session Management Flexible Lightweight General Automatic Uses cookies if it can, URL rewriting if it can’t Based on technology from ATG 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 95 Servlets and the Java Web Server Session Objects Server-side One per client (not one per servlet) Preserved automatically even in browsers that don’t support cookies Expire after 30 minutes (by default) Saved to disk if server dies; restored if server restarts “Loosely speaking, a session corresponds to a single sitting of a single anonymous user” - JWS Tutorial 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 96 Servlets and the Java Web Server Using Sessions HttpSession session = request.getSession (true); String info = (String)session.getValue(“foo.info”); // assume getNewInfo defined elsewhere String newinfo = getNewInfo(); session.putValue(“foo.info”, newinfo); // then output page 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 97 Servlets and the Java Web Server URL Rewriting Preserves sessions on non-cookie browsers Changes <a href="/store/catalog"> into <a href="/store/catalog;$sessionid$DA32242SSGE2"> You must actively call res.encodeUrl(“/store/catalog”) see next slide Does not work if user merely disables cookies Has to actually BE a non-cookie browser Lame 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 98 Servlets and the Java Web Server HttpServletResponse - Encoding Has methods to process URLs to splice in the session ID if appropriate Not the same as URLEncode / URLDecode the server deals with that String encodeUrl(String url) rewrites the given URL if necessary if the browser supports cookies, returns URL unchanged All URLs emitted by a session-using Servlet should be run through this method e.g. out.println("<A HREF=\"" + resp.encodeUrl("next.html") + "\">"); also String encodeRedirectUrl(String url) 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 99 Servlets and the Java Web Server Session Persistence Sessions swap to disk When server shuts down When memory fills up Uses Java Serialization Only works for Serializable or Externalizable objects “Note: Session persistence is intended to be used as a means for preserving Sessions across server restarts. It is not meant to be used as a general long-term session persistence mechanism.” 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 100 Servlets and the Java Web Server Example VectorSessionServlet.java 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 101 Servlets and the Java Web Server Bugs Can’t use custom classes inside session data Doesn’t really detect whether client supports cookies Instead, detects whether browser can potentially support cookies Lame - they should use my CookieDetector technique 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 102 Section V Java Web Server Features 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 103 Servlets and the Java Web Server Administration Tools Play with Admin Tool http://localhost:9090/ Click on a service, click “Manage” button To shut down server, click “Shut Down” 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 104 Servlets and the Java Web Server Manage Servlets Add Properties Load on Startup Unload 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 105 Servlets and the Java Web Server Servlet Aliases Specify a partial URL Map it to a particular servlet e.g. you want http://foo.com/lunch to execute /servlets/meal?type=lunch set alias = /lunch set servlet invoked = meal?type=lunch 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 106 Servlets and the Java Web Server Servlet Chains (Filters) specify a comma-separated list of servlets the first servlet gets the user input each servlet in turn will get the previous output the final servlet will return to the user all servlets in chain must use same ACL 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 107 Servlets and the Java Web Server HTML Templates Define standard look for all (or some) pages Template Servlet A tag inside template page inserts section from original page <subst data="HEAD"></subst> <subst data="BODY"></subst> Specify which files are templated via Servlet Aliases in Admin Tool 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 108 Servlets and the Java Web Server Page Compilation (JSP) Embed Java code in static HTML pages then compile those pages into individual Java servlets to create a dynamic web site Based on JHTML technology from Art Technology Group (http://www.atg.com/) Product: Dynamo, a Java Web Application Server 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 109 Servlets and the Java Web Server Session Tracking See above 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 110 Servlets and the Java Web Server Servlet Beans Using Servlets That are Beans Changes to config file are instantly updated Servlet itself is persistent across server restarts instance variables, like counters or caches, are preserved Calling JavaBeans from Servlets Invisible Beans Installed inside “lib” subdirectory Calling JavaBeans in JHTML/JSP Files 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 111 Servlets and the Java Web Server FAQ Answers in the Exercises book How do I develop using the servlet classes without installing JDK1.2? Is it the “servlets” directory or the “servlet” directory Why doesn’t my servlet work inside a <SERVLET> tag? How do I support both GET and POST protocol from the same Servlet? How do I fully shut down the server? My browser says “the server returned an invalid or unrecognized response” – what gives? 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 112 Servlets and the Java Web Server References Java Server 1.1 http://java.sun.com/javastore/jserv/buy_try.html http://java.sun.com/products/java-server/index.html be sure to download the JWS documentation The home for servlets and the Java Web Server. http://jserv.javasoft.com The Java Web Server 1.1 is available for trial or purchase. http://java.sun.com/javastore/jserv/buy_try.html The Java Web Server 1.1.1 upgrade pack is available for free. http://java.sun.com/products/java-server/webserver/jws111.html The Java Server Pages preview pack is available for free. http://developer.javasoft.com/developer/earlyAccess/jwspreview.html 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 113 Servlets and the Java Web Server References RFC2045 - MIME http://info.internet.isi.edu/in-notes/rfc/files/rfc2045.txt RFC 2109 - Cookies http://info.internet.isi.edu/in-notes/rfc/files/rfc2109.txt Live Software http://www.livesoftware.com/ JRun, many commercial servlets ATG - Dynamo Web Application Server http://www.atg.com/ 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 114 Servlets and the Java Web Server References Advanced Web Technologies http://www.javatrain.com/ Purple Technology http://www.purpletech.com/ Gamelan http://java.developer.com/ 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 115 Servlets and the Java Web Server Appendix: CGI Tutorial 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 116 Servlets and the Java Web Server What Is CGI? Common Gateway Interface Allows web pages to send parameters to web server Use HTML forms on client side Can also use Java – it's just a protocol! Use scripts on server side Can use Servlets! 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 117 Servlets and the Java Web Server Example CGI HTML <FORM ACTION="/servlets/GuestBook" METHOD=POST> Name: <INPUT TYPE=text NAME="name"><BR> Message: <INPUT TYPE=textarea NAME="message"><BR> <INPUT TYPE=submit> </FORM> 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 118 Servlets and the Java Web Server CGI Flow Browser downloads HTML page containing FORM tag Browser lays out input widgets User fills out form and clicks "Submit" Browser takes parameters and sends them in CGI format 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 119 Servlets and the Java Web Server CGI Flow (Cont.) Server receives parameters and sends them to CGI script CGI script returns MIME document usually it's "text/html" can be any MIME type Browser receives response document and displays it If response contains FORM tag, whole thing can happen again 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 120 Servlets and the Java Web Server The FORM tag Opens a form ACTION the URL of the script to execute METHOD GET or POST Usually use POST closed with </FORM> 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 121 Servlets and the Java Web Server INPUT TYPE=text Specifies a text field NAME names parameter to be passed to script VALUE (optional) initial value for text 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 122 Servlets and the Java Web Server INPUT TYPE=textarea Specifies a multi-line text area NAME names parameter to be passed to script … 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 123 Servlets and the Java Web Server INPUT TYPE=checkbox Specifies a check box (duh) NAME names parameter to be passed to script ISCHECKED=true default value on 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 124 Servlets and the Java Web Server INPUT TYPE=radio Specifies a radio button (or grouped checkbox) NAME names group of buttons VALUE specifies the value for the group e.g. <INPUT TYPE=radio NAME="gender" VALUE="male">Male <INPUT TYPE=radio NAME="gender" VALUE="female">Female 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 125 Servlets and the Java Web Server INPUT TYPE=submit A push button that submits the form NAME specifies name of variable VALUE specifies name of button yes, "value" specifies the name hey, I didn't write the spec 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 126 Servlets and the Java Web Server INPUT TYPE=reset A push button that clears the form Does not submit it 5/24/2017 Copyright © 1997-8, Purple Technology Inc. 127
