Download Servlets - CS

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
Document related concepts
no text concepts found
Transcript 
Servlets – Part 2
Representation and Management
of Data on the Web
1
Announcement
• I have put an excellent book on Servlets
and JSP pages at:
– ~dbi/Core-Servlets-and-JSP.pdf
2
What are Cookies used For?
• Identifying a user during an e-commerce
(or other) session
• Avoiding user-name and password
• Customizing a site
• Focusing advertising
3
Cookies
• Cookies are state information that
gets passed back and forth between
the web server and browser in HTTP
headers
A response header
Set-Cookie: NAME=VALUE; expires=DATE;
path=PATH; domain=DOMAIN_NAME; secure
A request header
Cookie: NAME=VALUE; NAME2=VALUE2; NAME3=VALUE3...
4
Problems
• A privacy threat:
– search engine can remember previous searches
– The computer that stores the cookie can allow an
access to a site for a person that is not the person
that the site recognizes
• However, cookies do not pose a security threat
5
Sharing Information
• Can two sites share the information that
they have with cookies?
• What if the two sites use images from
the same source?
6
javax.servlet.http.Cookie
• Cookies are represented with the class
Cookie in javax.servlet.http
• A cookie object can be created by the
cookie constructor
• The name and the value of the
constructor should not include: []()
= , “
/ ? @ : ;
7
Cookies
• You create cookies and then add them to
the HttpServletResponse
– public Cookie[] getCookies()
• You can get cookies from the
HttpServletRequest
– public void addCookie(Cookie)
8
Properties of Cookies
• getDomain / setDomain
– The domain for which the cookie belongs
• getMaxAge / setMaxAge
– How long (in seconds) will the cookie last
– Negative value = per-session cookie
– Default: Only exists during session
• getName
– The name of the cookie to identify it
9
Properties of Cookies
• getPath / setPath
– Defines the path for which the cookie relates
– Cookie.setPath(“/”) means that all the pages on host
will get the cookie
– Defualt: Entire host
• getSecure / setSecure
– Should the cookie be sent with SSL secured line
• getValue / setValue
– The value that the cookie holds*
10
<html> <head>
<title>Login Page</title>
</head>
<body>
<h1>Logon to My Site</h1>
<form action="servlet/WelcomeBack">
Your Name:
<input type="text" name="username">
<input type="submit">
</form>
</body> </html>
HTML Page
11
import java.io.*;import javax.servlet.*;import javax.servlet.http.*;
public class WelcomeBack extends HttpServlet {
public void doGet(HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException {
String user = req.getParameter("username");
if (user == null) {
Cookie[] cookies = req.getCookies();
for (int i = 0 ; i < cookies.length ; i++) {
if (cookies[i].getName().equals("username"))
user = cookies[i].getValue();
}
} else res.addCookie(new Cookie("username", user));
if (user != null) {
res.setContentType("text/html");
PrintWriter out = res.getWriter();
out.println("<html><body>Welcome Back" + user + "</html></body>");
} else {
res.sendRedirect("/dbi/login.html");
} }}
12
Session Tracking
• HTTP is a stateless protocol
• Many web applications (i.e. shopping carts)
are not stateless)
• Need to keep track of each user’s state
(i.e. items in the shopping cart)
• Sessions can be managed using: cookies,
hidden form fields or URL rewriting
13
Using Cookies: Intuition
sessionId
dsf39324
324jlsdf
234jksdf
789388dd
sessionData
…
…
…
…
…
…
…
…
…
…
…
…
…
…
…
…
…
…
…
…
…
…
…
…
14
Hidden Form Fields: Inutiton
<INPUT TYPE = hidden
NAME = “session”
VALUE = “…” >
• Hidden fields are just another type of input tag
for a form
• The receiving web server can’t tell the
difference between a user entered value and a
hidden form field value
• For this to work: All pages must be results of
form submission
15
URL Encoding
• Client appends some extra data to all URLs of the
session:
– http://host/path/file.html?sessionid=455hh
• You must embed all links into your site!
• If you want to embed a link in a response, and want the
link to reflect the session-id, use either (from
HttpServletResponse)
– public String encodeURL(String url)
– public String encodeRedirectURL(String url)
• These encode the session id as ?name=value on the end
of the url
16
Tracking with HttpSession
• Servlets have built-in session tracking
• Every user has a HttpSession object to store
and retrieve user information, e.g.,
– shopping cart contents,
– database connections
• Can be implemented using cookies/URL Encoding
(for us it doesn’t make a difference which)
17
Getting the Session
• Retrieve the user’s session: (from the request
object) HttpSession getSession(boolean create)
• if the user has no valid session,
– a new one is created if create is true;
– null is returned if create is false
• HttpSession's method isNew() returns true if
the session is new to the client
18
Session Tracking API
• Add data to a session using HTTPSession's
method:
void setAttribute(String name, Object val)
– value must implement Serializable interface
– replaces any object that is bound in the session and
has the same name
• Retrieve data from a session
public Object getAttribute(String name)
– returns null if no object is bound to the name
19
More on Tracking API
• Retrieve the name of all session objects
– public Enumeration getAttributeNames()
• Remove an attribute from the session
– public void removeAttribute(String name)
– does nothing if no object is bound
• You can get the identifier of the object by
– public String getId(String name)
• These methods throw an IllegalStateException
if the session is invalid
20
import java.io.*;import javax.servlet.*;import javax.servlet.http.*;
public class HitCount extends HttpServlet {
public void doGet(HttpServletRequest req,
HttpServletResponse res) throws ServletException,
IOException {
res.setContentType("text/html");
PrintWriter out = res.getWriter();
HttpSession session = req.getSession(true);
Integer count = (Integer)session.getValue("tracker.count");
if (count == null) count = new Integer(1);
else count = new Integer(count.intValue() + 1);
session.putValue("tracker.count", count);
out.println("<HTML><BODY>You've visited this page " +
count + ((count.intValue() == 1) ? " time." : " times.") +
"</BODY></HTML>");
}}
21
Note about HTTPSession
• There is a single session per user, per
session.
• Different Sevlets will get the same
HttpSession object, when calling
getSession on different
HTTPServletRequest objects during the
same session
22
ServletContext
• For sharing resources among servlets in the
same web application, we use ServletContext
• Can store web application initialization
parameters (similar to ServletConfig)
• Can store attributes (defined during lifetime of
application)
• Access to logger
• Dispatching requests to other Servlets
23
ServletContext Methods
• Get a ServlerContext using getServletContext().
This is a method of Servlet
• Partial Method List:
– public void log(String msg)
– public void log(String msg, Throwable exception)
– public String getRealPath(String path)
– public Object getAttribute(String name)
– public void setAttribute(String name, Object object)
– public void removeAttribute(String name)
– public RequestDispatcher
getRequestDistpatcher(String Name);
24
Note about ServletContext
• There is a single ServletContext per web
application
• Different Sevlets will get the same
ServletContext object, when calling
getServletContext during different
sessions
25
Request Dispatcher Methods
• void forward (ServletRequest request,
ServletResponse response)
– Forwards a request from a servlet to another
resource (servlet, JSP file, or HTML file) on the
server
• void include (ServletRequest request,
ServletResponse response)
– Includes the content of a resource (servlet, JSP
page, HTML file) in the response
26
Passing on Data
• 3 different ways to set parameters for the
forwarded servlet or JSP to see
– Data that will be used only for this request:
request.setAttribute("key", value);
– Data will be used for this client (also for future
requests):
session.setAttribute("key", value);
– Data that will be used in the future for any client
context.setAttribute("key", value);
27
Fowarding Request Example
• Consider an online Travel Agent, as shown
here
• The Travel Servlet is called by the page
• The Travel Servlet sets some variables
• The request is then forwarded depending
on the button that the user had pressed
28
public class Travel extends HttpServlet {
public void doGet(HttpServletRequest request,
HttpServletResponse response) throws ServletException,
IOException {
String emailAddress = request.getParameter("emailAddress");
String password = request.getParameter("password");
TravelCustomer customer =
TravelCustomer.findCustomer(password, emailAddress);
if (customer == null)
gotoPage("/travel/Accounts", request, response);
customer.setStartDate(request.getParameter("startDate"));
customer.setEndDate(request.getParameter("endDate"));
customer.setOrigin(request.getParameter("origin"));
customer.setDestination(request.getParameter ("destination"));
HttpSession session = request.getSession(true);
session.putValue("customer", customer);
29
if (request.getParameter("flights") != null) {
gotoPage("/travel/BookFlights", request, response);
} else if (request.getParameter("cars") != null) {
gotoPage("/travel/RentCars", request, response);
} else if (request.getParameter("hotels") != null) {
gotoPage("/travel/FindHotels", request, response);
} else if (request.getParameter("cars") != null) {
gotoPage("/travel/EditAccounts", request, response);
} else gotoPage("/travel/IllegalRequest", request, response);
}
private void gotoPage(String address, HttpServletRequest request,
HttpServletResponse response)throws ServletException, IOException {
RequestDispatcher dispatcher =
getServletContext().getRequestDispatcher(address);
dispatcher.forward(request, response);
}
}
30
Forward versus SendRedirect
• SendRedirect requires extra communication on
part of the client: Why?
• SendRedirect does not have to preserve all the
variables in the request
• SendRedirect ends up with a different URL on
the client. What problems does this imply might
happen when using Forward?
31
Include
• Forwarding a request completely services
a request
• To include the result of a resource (html
page, jsp page, servlet) in our response
use the include method of
RequestDispatcher
32
Servlet Chaining
• Servlets cooperate to create content
• Multiple servlets in a chain
– request parameters supplied to first servlet
– output from each Servlet piped to the next Servlet in
the chain
– last servlet in chain sends output to client
request
Web
server
Servlet
request +
response
Servlet
request +
response
Servlet
response
33
More on Servlet Chaining
• Example use:
– Servlet #1: Translates XSQL page to XML page
– Servlet #2: Translates XML to HTML using XSL
• Can Servlet chaining be implemented using
RequestDispatcher.forward?
• Can Servlet chaining be implemented using
RequestDispatcher.include?
• How can Servlet chaining be implemented?
34
Comparison
Comparing Servlets to Other
Technologies
35
Comparing Servlets to Applets
• An Applet is a Java application, embedded in a
Web page
• Commonly used for: games, graphics, etc.
• To add an Applet to a web page, use the <applet
code=“…”> tag
• When a browser loads the Web page, the applet
byte-code is downloaded to the client box and
executed by the browser
36
Problems with Applets
• Security Restrictions: Applets cannot access
files or databases
• The Bandwidth Problem: As your applets grow in
size, the download time becomes unacceptable
• Compatibility:
– client must have a compatible browser
– If a client's browser is not compatible, s/he will not
be presented with proper content
– Thin clients do not support the whole Java API
37
Servlet Solutions
• Why don't Servlets have:
– Security restrictions?
– Bandwidth problems?
– Compatibility problems?
• What disadvantages do Servlets have
over Applets?
38
Comparing Servlets to CGI
• Common Gateway Interface (CGI): Perl scripts
that generate Web pages dynamically by
processing form data
• With CGI, each request causes a new process to
be created that runs the script
• With Servlets, each request causes a new
thread to be created
• Thread creation requires less time and
resources
39
Java Server Pages (JSP)
• JavaServer Pages: use XML-like tags and
scriptlets written in Java within a web
page
• Result in dynamic data in web page
• JSP is automatically compiled to Servlet
• Next Week: Learn about JSP!
40
Related documents
CS 492 Chapter 1 Answers To Odd Questions
CS 492 Chapter 1 Answers To Odd Questions
First step to securing servers and the data lying there is to set up a
First step to securing servers and the data lying there is to set up a
PowerPoint
PowerPoint
0 Text Introduction
0 Text Introduction
COMPS311F-9-database
COMPS311F-9-database
Servlets - itk.ilstu.edu
Servlets - itk.ilstu.edu
Designing Web Applications
Designing Web Applications
Servlets - Examples
Servlets - Examples
CUSTOMER_CODE SMUDE DIVISION_CODE SMUDE
CUSTOMER_CODE SMUDE DIVISION_CODE SMUDE
Chapter 1 - SaigonTech
Chapter 1 - SaigonTech
The Cookie Class
The Cookie Class
Week 4-Java Servlets and Tomcat
Week 4-Java Servlets and Tomcat
CUSTOMER_CODE SMUDE DIVISION_CODE SMUDE
CUSTOMER_CODE SMUDE DIVISION_CODE SMUDE
Servlets
Servlets