Download Introduction to dynamic web applications using Servlets and the

Java Servlet-based web apps
Servlet Architecture
SE-2840 Dr. Mark L. Hornick
1
Recall: The interaction between
web clients and servers is
structured around HTTP Request
and Response messages
Server is running a web server app,
like Apache or Microsoft IIS.
SE-2840 Dr. Mark L. Hornick
2
In the simplest scenario, the Server
responds to a browser GET request
by returning a pre-written, static
HTML file
HTTP GET
request
Note: This diagram can
be found in your textbook
HTML file maintained on
Server, returned to the
Browser as the HTTP
response “payload”
SE-2840 Dr. Mark L. Hornick
3
Eclipse J2EE demo
CS-4220 Dr. Mark L. Hornick
4
A web server can employ a Helper
App when it needs to go beyond
serving static web pages
HTTP GET or POST request
(may include parameters)
parameters
CGI
Helper app
CGI* programs can be written
in Perl, Python, PHP, C, or – Java
*Common Gateway Interface
SE-2840 Dr. Mark L. Hornick
5
How it works in general
User enters a URL (or
clicks a link) to a CGI
program rather than a
static page
Web server “sees” that the
request is for a helper
program, so the server runs
the helper, sending along any
parameters sent from the
Client.
The helper app constructs the brand
new (dynamic) page and sends the
HTML back to the server.
SE-2840 Dr. Mark L. Hornick
Note: This diagram can
be found in your textbook
6
How it works for Java Servlets
Web server app is
commonly Apache
Web container app is
Tomcat
SE-2840 Dr. Mark L. Hornick
Servlets are run by
Tomcat
Note: This diagram can
be found in your textbook
7
What does a Container like
Tomcat do?

Communication




Servlet Lifecycle management








Figures out which Servlet should be used to process a specific request
Handles Servlet class loading
Handles Servlet instantiation/construction
Handles Servlet initialization
Servlet execution support


Creates server-side sockets
Listens for client connections
Determines client HTTP request type and “decodes” HTTP headers
Launches/manages threads that service each incoming request
Handles Servlet service() method (doGet and doPost) invocation
Creates and passes Request and Response objects to the Servlet
Supports Security
Supports JSP
SE-2840 Dr. Mark L. Hornick
8
How Tomcat manages Servlets
Web Container
(Tomcat)
Loading can be done upon
Tomcat startup, or
deferred until later
Your servlet class no-arg
ctor runs (you should
NOT write a ctor; just
use the compilersupplied default.
Called only ONCE in the
servlet’s life (and must
complete before Container calls
service()
This is where the servlet
spends most of its life
The methods doGet() or
doPost() are executed to
process requests
Container calls destroy() to give
the servlet a chance to clean up;
like init(), destroy() is only
called ONCE
CS-4220 Dr. Mark L. Hornick
9
Tomcat invokes a Servlet’s service() method,
but your HTTPServlet-derived class should
only override doGet() or doPost()
The service() method is given an
implementation in the HTTPServlet
base class, where the doGet() and
doPost() methods are called.
You must override these methods in
your HttpServlet-derived class
SE-2840 Dr. Mark L. Hornick
10
A Servlet is just a Java class that implements some specific
interfaces (defined by the Java Servlet Specifications) that are used
by the Container
class Serv let-api classes
All Servlets must
implement these 5
methods
+
+
+
+
+
java.lang.Object
java.lang.Object
«interface»
Serv let
«interface»
Serv letConfig
destroy() : void
getServletConfig() : ServletConfig
getServletInfo() : String
init(ServletConfig) : void
service(ServletRequest, ServletResponse) : void
+
+
+
+
getInitParameter(String) : String
getInitParameterNames() : Enumeration
getServletContext() : ServletContext
getServletName() : String
-config
Abstract class.
Implements most of
the basic servlet
methods
Implements the service() method
and calls doGet(), doPost() etc as
appropriate
java.lang.Object
java.io.Serializable
GenericServlet
java.io.Serializable
HttpServlet
+
+
+
+
+
+
+
+
+
+
+
+
+
destroy() : void
GenericServlet() : void
getInitParameter(String) : String
getInitParameterNames() : Enumeration
getServletConfig() : ServletConfig
getServletContext() : ServletContext
getServletInfo() : String
getServletName() : String
init(ServletConfig) : void
init() : void
log(String) : void
log(String, Throwable) : void
service(ServletRequest, ServletResponse) : void
#
#
#
#
#
#
#
#
+
#
+
doDelete(HttpServletRequest, HttpServletResponse) : void
doGet(HttpServletRequest, HttpServletResponse) : void
doHead(HttpServletRequest, HttpServletResponse) : void
doOptions(HttpServletRequest, HttpServletResponse) : void
doPost(HttpServletRequest, HttpServletResponse) : void
doPut(HttpServletRequest, HttpServletResponse) : void
doTrace(HttpServletRequest, HttpServletResponse) : void
getLastModified(HttpServletRequest) : long
HttpServlet() : void
service(HttpServletRequest, HttpServletResponse) : void
service(ServletRequest, ServletResponse) : void
SE-2840 Dr. Mark L. Hornick
11
NOTE

The Java classes pertaining to Servlets are not
part of the standard 1.6 SE


Implementation of the 1.6 SE is provided in the
1.6 JDK/JRE System Library



They are part of the Java EE specification
This is the library you are probably most familiar with
rt.jar is the main jarfile in this library
Container vendors supply the implementation of
the classes that are part of the Servlet
specification


Tomcat comes with its own Servlet libraries
servlet-api.jar implements the Servlet-related classes
SE-2840 Dr. Mark L. Hornick
12
Parameters: HTML <form> tag element
…and the name of
the Web Resource
that will process the
form data if it is
submitted
The opening <form>
tag – all form
elements go
between the opening
and closing tag.
<form action="http://<url>" method=“post">
<!-- form elements go here -->
</form>
The required action attribute
specifies the url of where to send
the form’s data.
Note: See the examples
on the course website
SE-2840 Dr. Mark L. Hornick
The method attribute
specifies which HTTP
message will be used to
send the data in the form
to the server – default is
“get”
13
GET vs. POST scenarios
SE-2840 Dr. Mark L. Hornick
Note: This diagram can
be found in your textbook
14
get specifies that a HTTP GET message
should be used, which appends the form
data to the end of the url
http://<domain>/<resource>?firstname=Arnold&last
name=Ziffel




get requests have a limit
of 256 characters
The data is plainly visible
in the url (insecure!)
You can bookmark a page
that is the result of
submitting a form
Use GET only to submit
small amounts of
insensitive data which the
server app will NOT use to
SE-2840
modify its internal stateDr. Mark
L. Hornick
15
post specifies that a HTTP POST message
should be used, which appends the form
data to the end of the HTTP POST header
There is no limit on the size of the data packet that can
be sent to the server
You cannot bookmark a url that was generated as a
POST message, since the form data is not in the url
A post request can be encrypted (using HTTPS) in
order to protect sensitive data, such as a credit card
numbers or passwords
Use POST to send form data that







Is sensitive (use encryption in that case)
If the data is large (>256 bytes)
Will change the state of the web application
Note: Detailed explanation on pp 112-114 in your text.
Be sure to read it!
SE-2840
Dr. Mark L. Hornick
16
Servlet execution – Part 1 of 2
These contain all kinds of
useful stuff
SE-2840 Dr. Mark L. Hornick
17
Servlet execution – Part 2 of 2
SE-2840 Dr. Mark L. Hornick
Note: This diagram can
be found in your textbook
18
The HTTP Request Wrapper Class
class Request classes
java.lang.Object
«interface»
serv let::Serv letRequest
java.lang.Object
«interface»
http::HttpServ letRequest
java.io.InputStream
servlet::ServletInputStream
+
#
-request
java.lang.Object
provides access to
serv let::Serv letRequestWrapper
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
getAttribute(String) : Object
getAttributeNames() : Enumeration
getCharacterEncoding() : String
getContentLength() : int
getContentT ype() : String
getInputStream() : ServletInputStream
getLocalAddr() : String
getLocale() : Locale
getLocales() : Enumeration
getLocalName() : String
getLocalPort() : int
getParameter(String) : String
getParameterMap() : Map
getParameterNames() : Enumeration
getParameterValues(String) : String[]
getProtocol() : String
getReader() : BufferedReader
getRealPath(String) : String
getRemoteAddr() : String
getRemoteHost() : String
getRemotePort() : int
getRequestDispatcher(String) : RequestDispatcher
getScheme() : String
getServerName() : String
getServerPort() : int
isSecure() : boolean
removeAttribute(String) : void
ServletRequestWrapper(ServletRequest) : void
setAttribute(String, Object) : void
setCharacterEncoding(String) : void
http::HttpServ letRequestWrapper
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
getAuthT ype() : String
getContextPath() : String
These methods are about
getCookies() : Cookie[]
HTTP things like headers,
getDateHeader(String) : long
getHeader(String) : String
sessions, and cookies
getHeaderNames() : Enumeration
getHeaders(String) : Enumeration
getIntHeader(String) : int
getMethod() : String
getPathInfo() : String
getPathT ranslated() : String
getQueryString() : String
getRemoteUser() : String
getRequestedSessionId() : String
getRequestURI() : String
getRequestURL() : StringBuffer
getServletPath() : String
getSession(boolean) : HttpSession
getSession() : HttpSession
getUserPrincipal() : Principal
HttpServletRequestWrapper(HttpServletRequest) : void
isRequestedSessionIdFromCookie() : boolean
isRequestedSessionIdFromURL() : boolean
isRequestedSessionIdFromUrl() : boolean
isRequestedSessionIdValid() : boolean
isUserInRole(String) : boolean
«property get»
+ getRequest() : ServletRequest
«property set»
+ setRequest(ServletRequest) : void
readLine(byte[], int, int) : int
ServletInputStream() : void
SE-2840 Dr. Mark L. Hornick
A reference to an HTTPServletRequest
is created by the Container
and passed to the doGet() and doPost()
methods of an HTTPServlet
19
The HTTP Response Wrapper Class
class Response Classes
java.lang.Object
«interface»
serv let::Serv letResponse
java.lang.Object
«interface»
http::HttpServ letResponse
java.io.OutputStream
servlet::ServletOutputStream
-response
provides access to
java.lang.Object
serv let::Serv letResponseWrapper
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
flushBuffer() : void
getBufferSize() : int
getCharacterEncoding() : String
getContentT ype() : String
getLocale() : Locale
getOutputStream() : ServletOutputStream
getWriter() : PrintWriter
isCommitted() : boolean
reset() : void
resetBuffer() : void
ServletResponseWrapper(ServletResponse) : void
setBufferSize(int) : void
setCharacterEncoding(String) : void
setContentLength(int) : void
setContentT ype(String) : void
setLocale(Locale) : void
«property get»
+ getResponse() : ServletResponse
http::HttpServ letResponseWrapper
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
addCookie(Cookie) : void
addDateHeader(String, long) : void
These methods are also
addHeader(String, String) : void
about HTTP things like
addIntHeader(String, int) : void
containsHeader(String) : boolean
headers, sessions, and
encodeRedirectURL(String) : String
cookies
encodeRedirectUrl(String) : String
encodeURL(String) : String
encodeUrl(String) : String
HttpServletResponseWrapper(HttpServletResponse) : void
sendError(int, String) : void
sendError(int) : void
sendRedirect(String) : void
setDateHeader(String, long) : void
setHeader(String, String) : void
setIntHeader(String, int) : void
setStatus(int) : void
setStatus(int, String) : void
«property set»
+ setResponse(ServletResponse) : void
A reference to an HTTPServletResponse is created by the Container
and passed to the doGet() and doPost() methods of an HTTPServlet
SE-2840 Dr. Mark L. Hornick
20