Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Servlets DBI - Representation and Management of Data on the Web Java and Web Pages • Java was introduced to embed greater interactivity into Web pages • Java has accomplished this through the use of applets • Applets add functionality to Web pages • For example, – Adding games to Web pages – Adding graphics – etc. About Java Applets • Java applets are programs that are embedded directly into Web pages • We add the <applet code=“…”> tag to the HTML page • When a browser loads a Web page, the applet byte-code is downloaded to the client box and executed by the browser Problems with Applets • Three main problems are – Accessing files and databases (security restrictions) – Compatibility – Bandwidth • The bandwidth problem: – as your applets grow in size, the download time becomes unacceptable Compatibility Problems • Applets are also faced with compatibility problems • In order to run an applet, you need to have a compatible browser • If a customer doesn't have a compatible browser, she will not be presented with proper content • Thin clients do not support the all Java API We Tried So Far Running applications on the client Instead, We … Move to the server The Solution • Server-side Java solves some of the problems that applets face: – There are no compatibility problems with code execution – There are no issues with long download time – Server Java only sends the client small packets of information that it can understand (mainly HTML) • Java servlets are one of the options for server-side Java Servlets • Servlets most common usages: – 1. Used to extend Web servers – 2. Used as replacement for CGI that is • secure, portable, and easy-to-use • A servlet is a dynamically loaded module that services requests from a Web server • A servlet runs entirely inside the Java Virtual Machine • Servlet does not depend on browser compatibility Execution of a Java Servlet Sending a request and receiving a response Example of Using Servlets Developing e-commerce store fronts: a. A Servlet can build an on-line catalog from database b. The Servlets can present the catalog using dynamic HTML c. A customer fills out order and submits it to the servlet d. The Servlet processes the order and submits the result to the database Alternatives to Java Servlets I. II. III. IV. CGI Proprietary server APIs Server side JavaScript Microsoft Active Server Pages • All above are viable solutions, but each has their own set of problems CGI • Common Gateway Interface (CGI): Scripts generate Web pages or other files dynamically by processing form data and returning documents based on form values or other data Servlets Versus CGI • Platform Independence – servlets work on any servlet-enabled server • Single process that handles many requests • Written in Java • Faster to Run Servlet • Not platform CGI independent • Work order: get request, open process, shut down • Not persistent – reestablish resources each time • Each request requires new CGI process Servlets Give • • • • Portability The power of Java Efficiency since using a single process Safety – strong typing differently from scripts • “Clean”, object oriented code • Integration with the server HTML Forms • Interactive HTML • Composed of input elements (buttons, text fields, check boxes) with <form> tag • On Submission, browser packages user input and sends to server • Server passes information to supporting application that formats reply (HTML page) The <input> Tag • Inside a form, INPUT tags define fields for data entry • Standard input types include: buttons, checkboxes, password field, radio buttons, text fields, imagebuttons, text areas, pull-down menus, • They all associate a single (string) value with a named parameter The <form> Tag • <form> …</form> comprise single form • Two Special Attributes: – action – the name of the processing server – method – the method to pass parameters to server Form Parameters • action attribute give URL of application that receives and processes form’s data (cgi-bin) <form action=“http://www.cs.huji.ac.il/~dbi/cgibin/update”> … </form> • enctype attribute to change encryption • method attribute sets the method by which data sent to server (HTTP methods) HTTP Methods • POST: – Data sent in two steps – Designed for Posting information • Browser contacts server • Sends data • GET: – Contacts server and sends data in single step – Appends data to action URL separated by question mark – Designed to get information Other Methods • HEAD: Client sees only header of response to determine size, etc… • PUT: Place documents directly on server • DELETE: Opposite of PUT • TRACE: Debugging aid returns to client contents of its request • OPTIONS: what options available on server Example <HTML> … <form method=GET action=“http://www.cs.huji.ac.il/~dbi/cgi-bin/update”> … </form> … </HTML> http://www.cs.huji.ac.il/~dbi/cgi-bin/update?x=19&y=104 A Book Review Example <html> <head> <title>Book Review</title> </head> <body> <H1>Book Review</H1> <form action=/cgi-bin/bookreview.pl method=POST> What is your first name? <input type=text name=fname> <BR><BR>Check if you are planning to write a servlet <input type=checkbox name=writeservlet> <BR><BR>What was your favorite chapter so far?<BR> <BR>Chp. 1<input type=radio name=favchap value=1> <BR>Chp. 2<input type=radio name=favchap value=2> <BR>Chp. 3<input type=radio name=favchap value=3> <BR>Chp. 4<input type=radio name=favchap value=4> <BR>Chp. 5<input type=radio name=favchap value=5> <BR>Chp. 6<input type=radio name=favchap value=6> <BR><BR><input type=submit><input type=reset> </form> </body> </html> #!/usr/bin/perl require "cgilib.pl"; print "Content-type: text/html\n\n"; %dataDict = (); &readData(*data); &parseData(*data,*dataDict); $fName = $dataDict{"fname"}; $chp = $dataDict{"favchap"}; $writeServlet = $dataDict{"writeservlet"}; print print print print print print print print print "<HTML>"; "<TITLE>Book Review Response</TITLE>"; $fName; ", thank you for your feedback.<BR>"; "Your favorite chapter so far is chapter "; $chp; ".<BR>"; "<HR>"; "You are "; ($writeServlet ne "") || print "not "; print "planning to write a servlet."; print "</HTML>"; Instead, We Write <form action=http://localhost:8080/servlet/BookReviewServlet method=POST> for calling a servlet import java.io.*; import javax.servlet.*; import javax.servlet.http.*; public class BookReviewServlet extends HttpServlet { // Write a response to the client. public void doPost(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { /* Set the "content type" header of the response so that the browser knows we are sending HTML and not just raw text. If you don't do this then the HTML tags will not be interpreted. Try commenting out this line to see what happens. */ res.setContentType("text/html"); //Get the response's PrintWriter to return text to the client. PrintWriter toClient = res.getWriter(); String fName = req.getParameter("fname"); String chp = req.getParameter("favchap"); String writeServlet = req.getParameter("writeservlet"); // Respond to client with a thank you toClient.println("<HTML>"); toClient.println("<TITLE>Book Review Response</TITLE>"); toClient.print(fName); toClient.println(", thank you for your feedback.<BR>"); toClient.print("Your favorite chapter so far is chapter "); toClient.println(chp + ".<BR>"); toClient.println("<HR>"); toClient.println("You are "); if(writeServlet == null) toClient.print("not "); toClient.println("planning to write a servlet."); BookReviewServlet extends HttpServlet doPost for handling a POST request toClient.println("</HTML>"); // Close the writer; the response is done. toClient.close(); } } More on Server-side Technologies • Server-side Includes: – Extension to HTML – Server-side scripting – Embedding code in HTML documents • Java Server Pages: – JavaServer Pages technology uses XML-like tags and scriptlets written in the Java programming language to encapsulate the logic that generates the content for the page – Dynamic data in web page – JSP compiled to Servlet Servlet Package • javax.servlet • Servlet interface defines methods that manage servlet and its communication with clients • Client Interaction: When it accepts call, receives two objects – ServletRequest – ServletResponse Architecture Hello World Example import import import import java.io.*; java.util.*; javax.servlet.*; javax.servlet.http.*; public class HelloWorldServlet extends GenericServlet { public void service(ServletRequest request, ServletResponse response) throws ServletException, IOException { PrintWriter out; response.setContentType("text/html"); out = response.getWriter(); out.println("<HTML><HEAD><TITLE>"); out.println("Hello World"); out.println("</TITLE></HEAD><BODY>"); out.println("<H1>Hello World</H1>"); out.println("</BODY></HTML>"); out.close(); } } Hello World Example import java.io.*; import javax.servlet.*; import javax.servlet.http.*; public class HelloWorld extends HttpServlet { public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { res.setContentType("text/html"); PrintWriter out = res.getWriter(); out.println("<HTML>"); out.println("<HEAD><TITLE>Hello World</TITLE></HEAD>"); out.println("<BODY>"); out.println("<BIG>Hello World</BIG>"); out.println("</BODY></HTML>"); } } The Servlet Interface • All servlets must implement the Servlet interface – void init(ServletConfig config) • called every time the servlet is instantiated – void service(ServletRequest req, ServletResponse res) • ServletRequest: parameters from the client • ServletResponse: contains an output stream used to return information to the client • needs to be thread-safe since multiple requests can be handled concurrently • not called until init() has finished execution The Servlet Interface – void destroy() • called by the servlet engine when it removes the servlet • should free any resources (i.e. files or database connections) held by the servlet – String getServletInfo() • Returns version and copyright information The HttpServlet Interface • Implements Servlet • Receives requests and sends responses to a web browser • Methods to handle different types of HTTP requests: – doGet() handles GET requests – doPost() handles POST requests – doPut() handles PUT requests – doDelete() handles DELETE requests Handling HttpServlet Requests • service() method not usually overridden – doXXX() methods handle the different request types • Needs to be thread-safe or must run on a STM (SingleThreadModel) Servlet Engine – multiple requests can be handled at the same time HttpServlet Request Handling Web GET request Server HttpServlet subclass doGet() response service() POST request doPost() response ServletRequest Interface • Encapsulates communication from client to server – parameters passed by client, – protocol used by client, – names of remote host, and server • ServletInputStream for data transfer from client to server using HTTP POST and PUT • HttpServletRequest access HTTP header info ServletRequest Interface public abstract int getContentLength() public abstract String getContentType() public abstract String getProtocol() public abstract String getScheme() public public public public abstract abstract abstract abstract String getServerName() int getServerPort() String getRemoteAddr() String getRemoteHost() public public public public abstract abstract abstract abstract String getParameter(String name) String[] getParameterValues(String name) Enumeration getParameterNames() Object getAttribute(String name) HttpServletRequest Interface public String getMethod() public String getRequestURI() public public public public Enumeration getHeaderNames() String getHeader(String name) int getIntHeader(String name) long getDateHeader(String name) public public public public public public Cookie[] getCookies() HttpSession getSession(boolean create) String getRequestedSessionId() boolean isRequestedSessionIdValid() boolean isRequestedSessionIdFromCookie() boolean isRequestedSessionIdFromUrl() ServletResponse Interface • Methods for replying to client • Set content length and MIME type of reply • ServletOutputStream and a Writer to send data • HttpServletResponse protocol specific ServletResponse Interface public void setContentLength(int len) public void setContentType(String type) public ServletOutputStream getOutputStream() throws IOException public PrintWriter getWriter() throws IOException public String getCharacterEncoding() HttpServletResponse Interface public void sendError(int sc, String msg) throws IOException public void sendError(int sc) throws IOException public void setStatus(int sc, String sm) public void setStatus(int sc) public public public public boolean containsHeader(String name) void setHeader(String name,String value) void setIntHeader(String name, int value) void setDateHeader(String name, long date) public void sendRedirect(String location) throws IOException public void addCookie(Cookie cookie) public String encodeUrl(String url) public String encodeRedirectUrl(String url) HTTP Specifics • MIME: Multipurpose Internet Mail Extension to identify file type • GET/POST/PUT: Ways that browser sends form data to the server • Persistent Sessions • Cookies public class SimpleServlet extends HttpServlet { /** * Handle the HTTP GET method by building a simple web page. */ public void doGet (HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { PrintWriter out; String title = "Simple Servlet Output"; // set content type and other response header fields first response.setContentType("text/html"); // then write the data of the response out = response.getWriter(); out.println("<HTML><HEAD><TITLE>"); out.println(title); out.println("</TITLE></HEAD><BODY>"); out.println("<H1>" + title + "</H1>"); out.println("<P>This is output from SimpleServlet."); out.println("</BODY></HTML>"); out.close(); } } You Do The Following • Subclass HttpServlet • Override doGet() • User Request encapsulated in HttpServletRequest object • Response encapsulated in HttpServletResponse object • Use output stream from HttpServletResponse Interacting with Clients • • • • • • Requests and Responses Header Data Get Requests Post Requests Threading Servlet Descriptions • Handle requests through service method (calls doGet()) • HttpServletRequest Objects – getParameter returns value of named parameter – getParameterValues if more than one value – getParameterNames for names of parameters – getQueryString for HTTP GET returns string of raw data from client. Must parse. – HTTP POST, PUT, DELETE Requests • Text: getReader returns BufferedReader • Binary: getInputStream returns ServletInputStream • HttpServletResponse Object – getWriter returns a Writer for text – getOutputStream returns ServletOutputStream for binary – Set header data before above IO set – setContentType in header Response Type • Response type does not have to be a text • You can, for example, setContent(“image/gif”) and send a stream of bits of an image • You can also return an HTML form that calls your servlet again as a response to a user action An Example <HTML> <HEAD> <TITLE>Introductions</TITLE> </HEAD> <BODY> <FORM METHOD=GET ACTION="/servlet/Hello"> If you don't mind me asking, what is your name? <INPUT TYPE=TEXT NAME="name"><P> <INPUT TYPE=SUBMIT> </FORM> </BODY> </HTML> import java.io.*; import javax.servlet.*; import javax.servlet.http.*; public class Hello extends HttpServlet { public void doPost(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { doGet(req, res); } public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { // Set the Content-Type header res.setContentType("text/html"); // Return early if this is a HEAD if (req.getMethod().equals("HEAD")) return; // Proceed otherwise PrintWriter out = res.getWriter(); String name = req.getParameter("name"); out.println("<HTML>"); out.println("<HEAD><TITLE>Hello, " + name + "</TITLE></HEAD>"); out.println("<BODY>"); out.println("Hello, " + name); out.println("</BODY></HTML>"); } } Using the <SERVLET> Tag • It is a server-side tag that is written in the HTML document • The web server is configured to replace the tag with the output from the invoked servlet • Many times, for servlets to recognize such files, they are files that end with “.shtml” <HTML> <HEAD> <title>Mountain View Public Access Bank Account Query Service </title> The Servlet is not invoked directly </HEAD> <BODY> <h1>Bank Server</h1> <hr> <form action="/Bank/SecondPage.shtml" method="GET"> Which account do you want to find out about ? <input type="text" name="Person"> <input type="submit" value="Send"> </form> <hr> <small>All information subject to change without notice and probably quite inaccurate. </small> </BODY> </HTML> <HTML> <HEAD> <title>Mountain View Public Access Bank Account Query Service </title> </HEAD> <BODY> <h1>Bank Server</h1> <hr> <SERVLET CODE = bank.servlets.AccountSummary> <PARAM NAME = "DriverName" VALUE = "sun.jdbc.odbc.JdbcOdbcDriver"> <PARAM NAME = "DatabaseURL" VALUE = "jdbc:odbc:AccountsDatabase"> <PARAM NAME = "Account" VALUE = "SYSDBA" > <PARAM NAME = "Password" VALUE = "masterkey"> Your server doesn't support the servlet tag. </SERVLET> <hr> <SERVLET CODE = bank.servlets.AccountTransactions> <PARAM NAME = "DriverName" VALUE = "sun.jdbc.odbc.JdbcOdbcDriver"> <PARAM NAME = "DatabaseURL" VALUE = "jdbc:odbc:AccountsDatabase"> <PARAM NAME = "Account" VALUE = "SYSDBA" > <PARAM NAME = "Password" VALUE = "masterkey"> Your server doesn't support the servlet tag. </SERVLET> <form action="/Bank/SecondPage.shtml" method="GET"> Which account do you want to find out about ? <input type="text" name="Person"> <input type="submit" value="Send"> </form> <hr> <small>All information subject to change without notice and probably quite inaccurate. </small> </BODY> </HTML> SecondPage.shtml public abstract class BankAccountSSIRoot extends HttpServlet { public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { _driverName = request.getParameter("DriverName"); _databaseURL = request.getParameter("DatabaseURL"); _account = request.getParameter("Account"); _password = request.getParameter("Password"); PrintWriter output; try { output = new PrintWriter(response.getOutputStream(), true); } catch (Exception e){ log("Couldn't get Printwriter for request"); return; } String person = request.getParameter("Person"); if (null==person){ logError(output, "Please enter a person's name"); } else{ printAccountData(person, output); } return; Class.forName(_driverName); return DriverManager.getConnection( Servlet can’t tell the difference _databaseURL, between SERVLET tag _account, parameters and form parameters _password); } Servlets Package in UML ServletConfig 1 GenericServlet 1 ServletContext HttpUtils HttpServlet 1..* 1 1 HttpSessionContext HttpSession 0..* 1 0..* 0..* 0..* HttpSessionBindingListener 1 HttpServletRequest 1 1 HttpServletResponse 0..* Cookie 1 0..* Object Second Lecture A Search Engine Choice Example • Taken from a tutorial by Marty Hall • http://www.apl.jhu.edu/~hall/java/ServletTutorial/ • SearchEngines.java • SearchSpec.java • SearchEngines.html Servlet Life Cycle • • • • • No main() method! Server loads and initializes servlet servlet handles client requests server removes servlet Servlet can remain loaded to handle additional requests • Incur startup costs only once Life Cycle Schema Starting and Destroying Servlets • Initialization: – – – – Servlet’s init(ServletConfig) method Create I/O to intensive resources (database) Initialization parameters are server specific Seen in servletrunner properties file • Destroying: – destroy() method – make sure all service threads complete ServletConfig • When a servlet is created, it can have a set of initialization parameters (just like applets or command line args to an application) – How these parameters are set is web-server specific (you need to configure the web server) • ServletConfig lets the Servlet get at this initial configuration information public ServletContext getServletContext() public String getInitParameter(String name) public Enumeration getInitParameterNames() package database; import java.io.*; import javax.servlet.*; /** * This is a simple example of a Generic Servlet. Other servlets * call its public methods; it does not accept calls from clients. */ public class BookDBServlet extends GenericServlet { private BookstoreDB books; public void init(ServletConfig config) throws ServletException { // Store the ServletConfig object and log the initialization super.init(config); // Load the database to prepare for requests books = new BookstoreDB(); } public void destroy() { // Allow the database to be garbage collected books = null; } public void service(ServletRequest req, ServletResponse res) throws ServletException, IOException { throw new UnavailableException( this, "This servlet does not accept client requests."); } public BookDetails getBookDetails(String bookId) { return books.getBookDetails(bookId); } public BookDetails[] getBooksSortedByTitle() { return books.getBooksSortedByTitle(); } public int getNumberOfBooks() { return books.getNumberOfBooks(); } public String getServletInfo() { return "The BookDB servlet manages the bookstore database. " + "It is called by other servlets, not directly by a user."; } } Servlet Threads • Applying a service method for each client request • The server usually only calls destroy() after all service threads complete • Need to keep track of threads currently running • Wait for long-running threads to complete • Have long-running threads poll for shutdown Example – Counting Threads public ShutdownExample extends HttpServlet { private int serviceCounter = 0; ... //Access methods for serviceCounter protected synchronized void enteringServiceMethod() { serviceCounter++; } protected synchronized void leavingServiceMethod() { serviceCounter--; } protected synchronized int numServices() { return serviceCounter; } } Maintaining the Count protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { enteringServiceMethod(); try { super.service(req, resp); } finally { leavingServiceMethod(); } } Notifying a Shutdown public ShutdownExample extends HttpServlet { private boolean shuttingDown; ... //Access methods for shuttingDown protected setShuttingDown(boolean flag) { shuttingDown = flag; } protected boolean isShuttingDown() { return shuttingDown; } } A Destroy Example public void destroy() { /* Check to see whether there are still * service methods running, * and if there are, tell them to stop. */ if (numServices() > 0) { setShuttingDown(true); } /* Wait for the service methods to stop. */ while(numServices() > 0) { try { Thread.sleep(interval); } catch (InterruptedException e) {} } } “Listening” to a Shutdown public void doPost(...) { ... for(i = 0; ((i < numberOfThingsToDo) && !isShuttingDown()); i++) { try { partOfLongRunningOperation(i); } catch (InterruptedException e) {} } } SingelThreadModel • SingleThreadModel is a marker interface – No methods – Tells servlet engines about lifecycle expectations • Ensure that no two threads will execute concurrently the service method of that servlet • This is guaranteed by maintaining a pool of servlet instances for each such servlet, and dispatching each service call to a free servlet SingleThreadModel • SingleThreadModel let you break servlet functionality into multiple methods • Can rely on “instance state” being uncorrupted by other requests • Can’t rely on singletons (static members) or persistent instance state between connections – The same client making the same request, can get different instances of your servlet Servlets Chaining • Servlets cooperate to create content • Multiple servlets in a chain – request parameters supplied to first servlet – output piped to successive servlets – last servlet in chain sends output to client • Two ways to direct server to use chains: – configure server to handle certain URLs with explicitlyspecified chains – configure server to direct certain content types to specific servlets before output Example – Removing blink Tags import java.io.*; import javax.servlet.*; import javax.servlet.http.*; public class Deblink extends HttpServlet { public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { // get the incoming type String contentType = req.getContentType(); // nothing incoming, nothing to do if (contentType == null) return; // set outgoing type to be incoming type res.setContentType(contentType); PrintWriter out = res.getWriter(); BufferedReader in = req.getReader(); String line = null; while ((line = in.readLine()) != null) { line = replace(line, ”<BLINK>", ""); line = replace(line, ”</BLINK>", ""); out.println(line); } } // end doGet() public void doPost(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { doGet(req, res); } // end doPost() private String replace(String line, String oldString, String newString) { int index = 0; while ((index = line.indexOf(oldString, index)) = 0) { // Replace the old string with the new string // (inefficiently) line = line.substring(0, index) + newString + line.substring(index + oldString.length()); index += newString.length(); } return line; } // end replace() } // end Deblink Servlet Chaining Can be Used to • Quickly change appearance of a page, group of pages, or type of content – suppress <BLINK> tags – translate into a different language • Display section of page in special format – <SQL> tag - print results of query • Support obscure data types – serve up unsupported image formats as GIF or JPEG Session Tracking • HTTP is a stateless protocol – many web applications (i.e. shopping carts) are not – need to keep track of each user’s state (i.e. items in the shopping cart) • Common techniques – – – – user authorization hidden form fields URL rewriting persistent cookies Hidden Form Fields • Hidden fields are just another type of input tag for a form • The receiving web server can’t tell the difference between a user entered value and a hidden form field value <INPUT TYPE = hidden NAME = “DefaultBGColor” VALUE = “Green” > URL Encoding • Basically, a way to store lots of name value pairs as arguments after a URL – End result is a url that looks like a “GET” URL • If you want to embed a link in a response, and want the link to reflect the session-id, use either (from HttpServletResponse) public String encodeUrl(String url) public String encodeRedirectUrl(String url) • These encode the session id as ?name=value on the end of the url Tracking with HttpSession • Servlets have built-in session tracking • Every user has a HttpSession object – store and retrieve user information • i.e. shopping cart contents, database connections • Retrieve the user’s session: public HttpSession HttpServletRequest.getSession (boolean create) – if the user has no valid session, • a new one is created if create is true; • null is returned if create is false Session Tracking API • Add data to a session public void HttpSession.putValue(String name, Object value) – value must implement Serializable interface – replaces any object that is bound in the session with the same name • Retrieve data from a session public Object HttpSession.getValue(String name) – returns null if no object is bound to the name More on Tracking API • Retrieve the name of all session objects public String[] HttpSession.getValueNames() – returns an empty array if no bindings • Remove a value from the session public void HttpSession.removeValue(String name) – does nothing if no object is bound • These methods throw an IllegalStateException if the session is invalid Hit Count using Session Tracking import java.io.*; import javax.servlet.*; import javax.servlet.http.*; public class SessionTracker extends HttpServlet { public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { res.setContentType("text/html"); PrintWriter out = res.getWriter(); HttpSession session = req.getSession(true); Integer count = (Integer)session.getValue("tracker.count"); if (count == null) count = new Integer(1); else count = new Integer(count.intValue() + 1); Hit Count using Session Tracking session.putValue("tracker.count", count); out.println("<HTML><HEAD><TITLE>SessionTracker</TITLE> </HEAD>"); out.println("<BODY><H1>Session Tracking Demo</H1>"); out.println("You've visited this page " + count + ((count.intValue() == 1) ? " time." : " times.")); out.println("<P>"); out.println("<H2>Here is your session data:</H2>"); String[] names = session.getValueNames(); for (int i = 0; i < names.length; i++) { out.println(names[i] + ": " + session.getValue(names[i]) + "<BR>"); } out.println("</BODY></HTML>"); } } Cookies • Usages: – Identifying a user during an e-commerce (or other) session – Avoiding user-name and password – Customizing a site – Focusing advartising Cookies • Cookies are state information that gets passed back and forth between the web server and browser in HTTP headers – A response header Set-Cookie: NAME=VALUE; expires=DATE; path=PATH; domain=DOMAIN_NAME; secure – A request header Cookie: NAME=VALUE; NAME2=VALUE2; NAME3=VALUE3... • You create cookies and then add them to the HttpServletResponse (or get them from the HttpServletRequest) public void addCookie(Cookie cookie) public Cookie[] getCookies() Limitations on Cookies • Must be set before any HMTL is generated. – Neither servlets embedded using the SERVLET tag, nor chained servlets, can set a cookie – They can still access cookie values • Name isn’t unique – Uniqueness enforced on (Name, Domain, Path) • Most applicable cookie of each name (best match) is returned • Only name, value, and version are returned More Limitations • • • • Limited to 20 cookies per server/ domain Limited to 300 cookies per user A 4KB size limit per cooky Cookies expire: A Lasting Cooky import javax.servlet.http.*; public class LongLivedCookie extends Cookie { public static final int SECONDS_PER_YEAR = 60*60*24*365; public LongLivedCookie(String name, String value) { super(name, value); setMaxAge(SECONDS_PER_YEAR); } } javax.servlet.Http.Cookie Secure means, practically, “only send if SSL is being used” Note that you can’t change a cookies name public void setComment(String purpose) public void setDomain(String pattern) public void setMaxAge(int expiry) public void setPath(String uri) public void setSecure(boolean flag) public void setValue(String newValue) public void setVersion(int v) public String getValue() public int getVersion() public String getName() public String getComment() public String getPath() public int getMaxAge() public String getDomain() public boolean getSecure() Comment is used if client individually approves cookies Pointless to call these because browser doesn’t send them Cookie Defaults • Max Age – if not set, cookie will expire when browser is closed • Domain/Path – together, they specify where the cookie is valid – A cookie created in response to the request http://www.cs.huji.ac.il/~dbi/home/index.html defaults to domain: www.cs.huji.ac.il/ path: ~dbi/home/ Note that • Cookies do not pose a security threat • They do pose a privacy threat Servlet Communication • To service a request, the servlet may need to get resources from: – – – – databases other servlets HTML pages (or other files) objects shared among servlets at the same server – and so on Getting a Resource • There are two ways to get a resource: – With a HTTP request – Using a RequestDispatcher object Getting a Request Dispatcher public class BookStoreServlet extends HttpServlet { public void service (HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // Get the dispatcher; it gets the main page to the user RequestDispatcher dispatcher = getServletContext().getRequestDispatcher( "/bookstore/bookstore.html"); ... } } Resources that are not Available • To deal with resources that are not available you should do: if (dispatcher == null) { // No dispatcher means the html file can not be delivered response.sendError(response.SC_NO_CONTENT); } Forwarding Request public class BookStoreServlet extends HttpServlet { public void service (HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { ... // Get or start a new session for this user HttpSession session = request.getSession(); // Send the user the bookstore's opening page dispatcher.forward(request, response); ... } } Include • Forwarding a request cannot be used to service requests partially • We should use include() of resources ServletContext • For sharing resources among servlets, we use ServletContext – Server-specific attributes (name-value pairs, much like System.properties) and server configuration information – Ability to find other servlets public Servlet getServlet(String name) throws ServletException public Enumeration getServlets() public Enumeration getServletNames() public void log(String msg) public void log(Exception exception, String msg) public String getRealPath(String path) public String getMimeType(String file) public String getServerInfo() public Object getAttribute(String name) public void setAttribute(String name, Object object) public void removeAttribute(string name) public Enumeration getAttributeNames(); public class CatalogServlet extends HttpServlet { public void init() throws ServletException { BookDBFrontEnd bookDBFrontEnd = ... if (bookDBFrontEnd == null) { getServletContext().setAttribute( "examples.bookstore.database. BookDBFrontEnd", BookDBFrontEnd.instance()); } With getAttribute() the values are taken and used by other } servlets ... } Servers • JavaServer Web Development Kit (JSWDK) – By Sun – the official reference implementation of the servlet 2.1 and JSP 1.0 specifications • Tomcat – By Apache – Tomcat is the official reference implementation of the servlet 2.2 and JSP 1.1 specifications Tomcat • Configuring: – A file “web.xml” (called Web application deployment descriptor) holds the configuration information – There are • <servlet> and • <servlet-mapping> elements in the file The <servlet> Element • The Servlet Element – establishes a mapping between a servlet name and the fully-qualified name of the servlet class: <servlet> <servlet-name>catalog</servlet-name> <servlet-class>CatalogServlet</servletclass> </servlet> Determining the Servlet • When a request is received by Tomcat it must determine which servlet should handle it • You designate that certain paths (called aliases) map to a specific servlet with the servlet-mapping element The Mapping of URLs And Servlets • A context root is a path that gets mapped to the document root of the servlet application • If your application's context root is /bookstore, then a request URL such as http://hostname:8000/bookstore/catalog will send the request to the servlet named catalog within the bookstore context Example <servlet-mapping> <servlet-name> catalog </servlet-name> <url-pattern> /catalog </url-pattern> </servlet-mapping> Start-up File • The server startup file is TOMCAT_HOME/conf/server.xml • It holds configuration information – Server host (default localhost) – server port (default 8080) – etc Calling Servlets From a Browser • Context-root corresponds to the subdirectory of TOMCAT_HOME/webapps where you have installed your application • Servlet-name corresponds to the name you have given your servlet http://machine-name:port/Context-root/Servlet- name Online Bookstore package cart; import java.util.*; import database.BookDetails; public class ShoppingCart { Hashtable items = null; int numberOfItems = 0; public ShoppingCart() { items = new Hashtable(); } public void add(String bookId, BookDetails book) { if(items.containsKey(bookId)) { ShoppingCartItem scitem = (ShoppingCartItem) items.get(bookId); scitem.incrementQuantity(); } else { ShoppingCartItem newItem = new ShoppingCartItem(book); items.put(bookId, newItem); } numberOfItems++; } public void remove(String bookId) { if(items.containsKey(bookId)) { ShoppingCartItem scitem = (ShoppingCartItem) items.get(bookId); scitem.decrementQuantity(); if(scitem.getQuantity() <= 0) items.remove(bookId); numberOfItems--; } } public Enumeration getItems() { return items.elements(); } protected void finalize() throws Throwable { items.clear(); } public int getNumberOfItems() { return numberOfItems; } public void clear() { items.clear(); numberOfItems = 0; } } package cart; public class ShoppingCartItem { Object item; int quantity; public ShoppingCartItem(Object anItem) { item = anItem; quantity = 1; } public void incrementQuantity() { quantity++; } public void decrementQuantity() { quantity--; } public Object getItem() { return item; } public int getQuantity() { return quantity; } } package database; public class BookDetails { private String bookId = null; private String title = null; private String firstName = null; private String surname = null; private float price = 0.0F; private int year = 0; private String description = null; public BookDetails(String bookId, String surname, String firstName, String title, float price, int year, String description) { this.bookId = bookId; this.title = title; this.firstName = firstName; this.surname = surname; this.price = price; this.year = year; this.description = description; } public String getTitle() { return title; } public float getPrice() { return price; } public int getYear() { return year; } public String getDescription() { return description; } public String getBookId() { return this.bookId; } public String getFirstName() { return this.firstName; } public String getSurname() { return this.surname; } } package database; import java.util.*; /** * Sets up the database with the appropriate things for our bookstore. */ class BookStoreDB { /* The database hashtable and dbByTitle vector are filled with * 10 objects of type BookDetails. The hashtable is pretending to * be a database; the vector is pretending to be a view of the * database. */ private Hashtable database; private BookDetails[] dbByTitle; private final int numberOfBooks = 10; public BookStoreDB () { BookDetails book; database = new Hashtable(); dbByTitle = new BookDetails[numberOfBooks]; book = new BookDetails("201", "Duke", "", "My Early Years: Growing up on *7", (float)10.75, 1995, "What a cool book"); database.put(new Integer(201), book); dbByTitle[5] = book; book = new BookDetails("202", "Jeeves", "", "Web Servers for Fun and Profit", (float)10.75, 1996, "What a cool book"); database.put(new Integer(202), book); dbByTitle[8] = book; book = new BookDetails("203", "Masterson", "Webster", "Servlets: A Web Developers Dream Come True", (float)17.75, 1995, "What a cool book"); database.put(new Integer(203), book); dbByTitle[7] = book; book = new BookDetails("204", "RealGood", "Coad", "Moving from C++ to the Java(tm) Programming Language", (float)10.75, 1996, "What a cool book"); database.put(new Integer(204), book); dbByTitle[4] = book; book = new BookDetails("205", "Novation", "Kevin", "From Oak to Java: The Revolution of a Language", (float)10.75, 1998, "What a cool book"); database.put(new Integer(205), book); dbByTitle[1] = book; book = new BookDetails("206", "Gosling", "James", "Oak Intermediate Bytecodes", (float)10.75, 1998, "What a cool book"); database.put(new Integer(206), book); dbByTitle[6] = book; book = new BookDetails("207", "Thrilled", "Ben", "The Green Project: Programming for Consumer Devices", (float)10.75, 1998, "What a cool book"); database.put(new Integer(207), book); dbByTitle[2] = book; book = new BookDetails("208", "Duke", "", "100% Pure: Making Cross Platform Deployment a Reality", (float)10.75, 1998, "What a cool book"); database.put(new Integer(208), book); dbByTitle[9] = book; book = new BookDetails("209", "Tru", "Itzal", "Duke: A Biography of the Java Evangelist", (float)10.75, 1998, "What a cool book"); database.put(new Integer(209), book); dbByTitle[0] = book; book = new BookDetails("210", "Sidence", "Cohen", "I Think Not: Duke's Likeness to the Federation Insignia", (float)10.75, 1998, "What a cool book"); database.put(new Integer(210), book); dbByTitle[3] = book; } BookDetails getBookDetails(String bookId) { Integer key = new Integer(bookId); return (BookDetails)database.get(key); } BookDetails[] getBooksSortedByTitle() { return dbByTitle; } package database; import java.io.*; /** * Object that gets information from the Duke's Bookstore database. */ public class BookDBFrontEnd { private BookStoreDB books; private static BookDBFrontEnd onlyInstance = null; /* Private no-args constructor */ private BookDBFrontEnd() { init(); } /** Static factory method that makes a single instance of this * class. */ public static BookDBFrontEnd instance () { if (onlyInstance == null) onlyInstance = new BookDBFrontEnd(); return onlyInstance; } /** Initialize the book database, and store it in this. */ public void init() { // Load the database to prepare for requests books = new BookStoreDB(); } /** Set the database to null so that it can be garbage collected. */ public void destroy() { books = null; } /** Return information about the book associated with the given * book identifier. */ public BookDetails getBookDetails(String bookId) { return books.getBookDetails(bookId); } /** Return information about all the books in the bookstore. * Sort the books into alphabetical order using their title * as the key. */ public BookDetails[] getBooksSortedByTitle() { return books.getBooksSortedByTitle(); } /** Return the number of books in the bookstore database. */ public int getNumberOfBooks() { return books.getNumberOfBooks(); } } Handling Get Requests import import import import import java.io.*; javax.servlet.*; javax.servlet.http.*; database.*; cart.*; /** * This is a simple example of an HTTP Servlet. It responds to the GET * and HEAD methods of the HTTP protocol. This servlet calls other * servlets. */ public class BookDetailServlet extends HttpServlet { //Get Servlet specific configuration information public void init() throws ServletException { //getServletContext() retrieves information about servlet engine //getAttribute() returns servlet engine attribute with given name BookDBFrontEnd bookDBFrontEnd = (BookDBFrontEnd)getServletContext().getAttribute( "examples.bookstore.database.BookDBFrontEnd"); if (bookDBFrontEnd == null) { getServletContext().setAttribute( "examples.bookstore.database.BookDBFrontEnd", BookDBFrontEnd.instance()); } } public void doGet (HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // Get the user's session and shopping cart HttpSession session = request.getSession(true); ShoppingCart cart = (ShoppingCart)session.getValue(session.getId()); // If the user has no cart, create a new one if (cart == null) { cart = new ShoppingCart(); session.putValue(session.getId(), cart); } // set content-type header before accessing the Writer response.setContentType("text/html"); PrintWriter out = response.getWriter(); // then write the response out.println("<html>" + "<head><title>Book Description</title></head>" + "<body bgcolor=\"#FFFFFF\">" + "<center>" + "<hr> <br> " + "<h1>" + "<font size=\"+3\" color=\"red\">Duke's </font>" + "<font size=\"+3\" color=\"purple\">Bookstore</font>" + "</h1>" + "</center>" + "<br> <hr> <br> "); //Get the identifier of the book to display String bookId = request.getParameter("bookId"); if (bookId != null) { // and the information about the book BookDBFrontEnd frontEnd = (BookDBFrontEnd)getServletContext().getAttribute( "examples.bookstore.database.BookDBFrontEnd"); BookDetails bd = frontEnd.getBookDetails(bookId); //Print out the information obtained out.println("<h2>" + bd.getTitle() + "</h2>" + " By <em>" + bd.getFirstName() + ", " + bd.getSurname() + "</em> " + "(" + bd.getYear() + ")<br> <br>" + "<h4>Here's what the critics say: </h4>" + "<blockquote>" + bd.getDescription() + "</blockquote>" + "<h4>Our price: $" + bd.getPrice() + "</h4>" + "<center>" + "<p><a href=\"" + "/servlet/catalog?Buy=" + bookId + "\"> Add this item to your shopping cart.</a></p>" + "</center>"); } out.println("</body></html>"); out.close(); } public String getServletInfo() { return "The BookDetail servlet returns information about" + "any book that is available from the bookstore."; } } Handling Post Requests import import import import java.io.*; javax.servlet.*; javax.servlet.http.*; cart.ShoppingCart; /** * An HTTP servlet that responds to the POST method of the HTTP protocol. * It clears the shopping cart, thanks the user for the order, * and resets the page to the BookStore's main page. */ public class ReceiptServlet extends HttpServlet { public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // Get the user's session and shopping cart HttpSession session = request.getSession(true); ShoppingCart cart = (ShoppingCart)session.getValue(session.getId()); // If the user has no cart, create a new one if (cart == null) { cart = new ShoppingCart(); session.putValue(session.getId(), cart); } // Payment received -- invalidate the session session.invalidate(); // set content type header before accessing the Writer response.setContentType("text/html"); PrintWriter out = response.getWriter(); // then write the response out.println("<html>" + "<head><title> Receipt </title>" + "<meta http-equiv=\"refresh\" content=\"4; url=" + "http://" + request.getHeader("Host") + "/servlet/bookstore;\">" + "</head>" + "<body bgcolor=\"#FFFFFF\">" + "<center>" + "<hr> <br> " + "<h1>" + "<font size=\"+3\" color=\"red\">Duke's </font>" + "<font size=\"+3\" color=\"purple\">Bookstore</font>" + "</h1>" + "</center>" + "<br> <hr> <br> "); out.println("<h3>Thank you for purchasing your books from us " + request.getParameter("cardname") + "<p>Please shop with us again soon!</h3>" + "<p><i>This page automatically resets.</i>" + "</body></html>"); out.close(); } public String getServletInfo() { return "The Receipt servlet clears the shopping cart, " + "thanks the user for the order, and resets the " + "page to the BookStore's main page."; } } Servlet Descriptions • To allow server to display information about servlet • getServletInfo public class BookStoreServlet extends HttpServlet { ... public String getServletInfo() { return "The BookStore servlet returns the " + "main web page for Duke's Bookstore."; }}