Download Servlets - CS

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
page
48
page
49
page
50
page
51
page
52
page
53
page
54
page
55
page
56
page
57
page
58
page
59
page
60
page
61
page
62
page
63
page
64
page
65
page
66
page
67
page
68
page
69
page
70
page
71
page
72
page
73
page
74
page
75
page
76
page
77
page
78
page
79
page
80
page
81
page
82
page
83
page
84
page
85
page
86
page
87
page
88
page
89
page
90
page
91
page
92
page
93
page
94
page
95
page
96
page
97
page
98
page
99
page
100
page
101
page
102
page
103
page
104
page
105
page
106
page
107
page
108
page
109
page
110
page
111
page
112
page
113
page
114
page
115
page
116
page
117
page
118
page
119
page
120
page
121
page
122
page
123
page
124
page
125
page
126
page
127
page
128
page
129
page
130
page
131
page
132
page
133
page
134
page
135
Document related concepts
no text concepts found
Transcript 
Servlets
DBI - Representation and
Management of Data on the Web
Java and Web Pages
• Java was introduced to embed greater interactivity
into Web pages
• Java has accomplished this through the use of
applets
• Applets add functionality to Web pages
• For example,
– Adding games to Web pages
– Adding graphics
– etc.
About Java Applets
• Java applets are programs that are
embedded directly into Web pages
• We add the <applet code=“…”> tag to
the HTML page
• When a browser loads a Web page, the
applet byte-code is downloaded to the client
box and executed by the browser
Problems with Applets
• Three main problems are
– Accessing files and databases (security
restrictions)
– Compatibility
– Bandwidth
• The bandwidth problem:
– as your applets grow in size, the download time
becomes unacceptable
Compatibility Problems
• Applets are also faced with compatibility
problems
• In order to run an applet, you need to have a
compatible browser
• If a customer doesn't have a compatible
browser, she will not be presented with
proper content
• Thin clients do not support the all Java API
We Tried So Far
Running applications
on the client
Instead, We …
Move to the server
The Solution
• Server-side Java solves some of the problems that
applets face:
– There are no compatibility problems with code
execution
– There are no issues with long download time
– Server Java only sends the client small packets of
information that it can understand (mainly HTML)
• Java servlets are one of the options for server-side
Java
Servlets
• Servlets most common usages:
– 1. Used to extend Web servers
– 2. Used as replacement for CGI that is
• secure, portable, and easy-to-use
• A servlet is a dynamically loaded module that
services requests from a Web server
• A servlet runs entirely inside the Java Virtual
Machine
• Servlet does not depend on browser compatibility
Execution of a Java Servlet
Sending a
request and
receiving a
response
Example of Using Servlets
Developing e-commerce store fronts:
a. A Servlet can build an on-line catalog from
database
b. The Servlets can present the catalog using
dynamic HTML
c. A customer fills out order and submits it to
the servlet
d. The Servlet processes the order and submits
the result to the database
Alternatives to Java Servlets
I.
II.
III.
IV.
CGI
Proprietary server APIs
Server side JavaScript
Microsoft Active Server Pages
•
All above are viable solutions, but each
has their own set of problems
CGI
• Common Gateway Interface (CGI): Scripts
generate Web pages or other files
dynamically by processing form data and
returning documents based on form values
or other data
Servlets Versus CGI
• Platform
Independence –
servlets work on any
servlet-enabled server
• Single process that
handles many requests
• Written in Java
• Faster to Run
Servlet
• Not platform
CGI
independent
• Work order: get
request, open process,
shut down
• Not persistent –
reestablish resources
each time
• Each request requires
new CGI process
Servlets Give
•
•
•
•
Portability
The power of Java
Efficiency since using a single process
Safety – strong typing differently from
scripts
• “Clean”, object oriented code
• Integration with the server
HTML Forms
• Interactive HTML
• Composed of input elements (buttons, text
fields, check boxes) with <form> tag
• On Submission, browser packages user
input and sends to server
• Server passes information to supporting
application that formats reply (HTML page)
The <input> Tag
• Inside a form, INPUT tags define fields for data
entry
• Standard input types include: buttons, checkboxes,
password field, radio buttons, text fields, imagebuttons, text areas, pull-down menus,
• They all associate a single (string) value with a
named parameter
The <form> Tag
• <form> …</form> comprise single form
• Two Special Attributes:
– action – the name of the processing server
– method – the method to pass parameters to
server
Form Parameters
• action attribute give URL of application that
receives and processes form’s data (cgi-bin)
<form action=“http://www.cs.huji.ac.il/~dbi/cgibin/update”>
…
</form>
• enctype attribute to change encryption
• method attribute sets the method by which
data sent to server (HTTP methods)
HTTP Methods
• POST:
– Data sent in two steps
– Designed for Posting information
• Browser contacts server
• Sends data
• GET:
– Contacts server and sends data in single step
– Appends data to action URL separated by question
mark
– Designed to get information
Other Methods
• HEAD: Client sees only header of response
to determine size, etc…
• PUT: Place documents directly on server
• DELETE: Opposite of PUT
• TRACE: Debugging aid returns to client
contents of its request
• OPTIONS: what options available on server
Example
<HTML>
…
<form method=GET
action=“http://www.cs.huji.ac.il/~dbi/cgi-bin/update”>
…
</form>
…
</HTML>
http://www.cs.huji.ac.il/~dbi/cgi-bin/update?x=19&y=104
A Book Review Example
<html>
<head>
<title>Book Review</title>
</head>
<body>
<H1>Book Review</H1>
<form action=/cgi-bin/bookreview.pl method=POST>
What is your first name?
<input type=text name=fname>
<BR><BR>Check if you are planning to write a servlet
<input type=checkbox name=writeservlet>
<BR><BR>What was your favorite chapter so far?<BR>
<BR>Chp. 1<input type=radio name=favchap value=1>
<BR>Chp. 2<input type=radio name=favchap value=2>
<BR>Chp. 3<input type=radio name=favchap value=3>
<BR>Chp. 4<input type=radio name=favchap value=4>
<BR>Chp. 5<input type=radio name=favchap value=5>
<BR>Chp. 6<input type=radio name=favchap value=6>
<BR><BR><input type=submit><input type=reset>
</form>
</body>
</html>
#!/usr/bin/perl
require "cgilib.pl";
print "Content-type: text/html\n\n";
%dataDict = ();
&readData(*data);
&parseData(*data,*dataDict);
$fName = $dataDict{"fname"};
$chp = $dataDict{"favchap"};
$writeServlet = $dataDict{"writeservlet"};
print
print
print
print
print
print
print
print
print
"<HTML>";
"<TITLE>Book Review Response</TITLE>";
$fName;
", thank you for your feedback.<BR>";
"Your favorite chapter so far is chapter ";
$chp;
".<BR>";
"<HR>";
"You are ";
($writeServlet ne "") || print "not ";
print "planning to write a servlet.";
print "</HTML>";
Instead, We Write
<form
action=http://localhost:8080/servlet/BookReviewServlet
method=POST>
for calling a servlet
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class BookReviewServlet extends HttpServlet
{
// Write a response to the client.
public void doPost(HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException
{
/*
Set the "content type" header of the response so that
the browser knows we are sending HTML and not just raw text.
If you don't do this then the HTML tags will not be interpreted.
Try commenting out this line to see what happens.
*/
res.setContentType("text/html");
//Get the response's PrintWriter to return text to the client.
PrintWriter toClient = res.getWriter();
String fName = req.getParameter("fname");
String chp = req.getParameter("favchap");
String writeServlet = req.getParameter("writeservlet");
// Respond to client with a thank you
toClient.println("<HTML>");
toClient.println("<TITLE>Book Review Response</TITLE>");
toClient.print(fName);
toClient.println(", thank you for your feedback.<BR>");
toClient.print("Your favorite chapter so far is chapter ");
toClient.println(chp + ".<BR>");
toClient.println("<HR>");
toClient.println("You are ");
if(writeServlet == null)
toClient.print("not ");
toClient.println("planning to write a servlet.");
BookReviewServlet
extends
HttpServlet
doPost
for handling
a POST
request
toClient.println("</HTML>");
// Close the writer; the response is done.
toClient.close();
}
}
More on Server-side
Technologies
• Server-side Includes:
– Extension to HTML
– Server-side scripting
– Embedding code in HTML documents
• Java Server Pages:
– JavaServer Pages technology uses XML-like tags and
scriptlets written in the Java programming language to
encapsulate the logic that generates the content for the
page
– Dynamic data in web page
– JSP compiled to Servlet
Servlet Package
• javax.servlet
• Servlet interface defines methods that
manage servlet and its communication with
clients
• Client Interaction: When it accepts call,
receives two objects
– ServletRequest
– ServletResponse
Architecture
Hello World Example
import
import
import
import
java.io.*;
java.util.*;
javax.servlet.*;
javax.servlet.http.*;
public class HelloWorldServlet extends GenericServlet
{
public void service(ServletRequest
request,
ServletResponse
response)
throws ServletException, IOException
{
PrintWriter out;
response.setContentType("text/html");
out = response.getWriter();
out.println("<HTML><HEAD><TITLE>");
out.println("Hello World");
out.println("</TITLE></HEAD><BODY>");
out.println("<H1>Hello World</H1>");
out.println("</BODY></HTML>");
out.close();
}
}
Hello World Example
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class HelloWorld extends HttpServlet
{
public void doGet(HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException
{
res.setContentType("text/html");
PrintWriter out = res.getWriter();
out.println("<HTML>");
out.println("<HEAD><TITLE>Hello World</TITLE></HEAD>");
out.println("<BODY>");
out.println("<BIG>Hello World</BIG>");
out.println("</BODY></HTML>");
}
}
The Servlet Interface
• All servlets must implement the Servlet interface
– void init(ServletConfig config)
• called every time the servlet is instantiated
– void service(ServletRequest req,
ServletResponse res)
• ServletRequest: parameters from the client
• ServletResponse: contains an output stream used to return
information to the client
• needs to be thread-safe since multiple requests can be handled
concurrently
• not called until init() has finished execution
The Servlet Interface
– void destroy()
• called by the servlet engine when it removes the
servlet
• should free any resources (i.e. files or database
connections) held by the servlet
– String getServletInfo()
• Returns version and copyright information
The HttpServlet Interface
• Implements Servlet
• Receives requests and sends responses to a web
browser
• Methods to handle different types of HTTP
requests:
– doGet() handles GET requests
– doPost() handles POST requests
– doPut() handles PUT requests
– doDelete() handles DELETE requests
Handling HttpServlet
Requests
• service() method not usually overridden
– doXXX() methods handle the different request
types
• Needs to be thread-safe or must run on a
STM (SingleThreadModel) Servlet Engine
– multiple requests can be handled at the same
time
HttpServlet Request Handling
Web
GET request Server
HttpServlet subclass
doGet()
response
service()
POST request
doPost()
response
ServletRequest Interface
• Encapsulates communication from client to
server
– parameters passed by client,
– protocol used by client,
– names of remote host, and server
• ServletInputStream for data transfer from client
to server using HTTP POST and PUT
• HttpServletRequest access HTTP header info
ServletRequest Interface
public abstract int getContentLength()
public abstract String getContentType()
public abstract String getProtocol()
public abstract String getScheme()
public
public
public
public
abstract
abstract
abstract
abstract
String getServerName()
int getServerPort()
String getRemoteAddr()
String getRemoteHost()
public
public
public
public
abstract
abstract
abstract
abstract
String getParameter(String name)
String[] getParameterValues(String name)
Enumeration getParameterNames()
Object getAttribute(String name)
HttpServletRequest
Interface
public String getMethod()
public String getRequestURI()
public
public
public
public
Enumeration getHeaderNames()
String getHeader(String name)
int getIntHeader(String name)
long getDateHeader(String name)
public
public
public
public
public
public
Cookie[] getCookies()
HttpSession getSession(boolean create)
String getRequestedSessionId()
boolean isRequestedSessionIdValid()
boolean isRequestedSessionIdFromCookie()
boolean isRequestedSessionIdFromUrl()
ServletResponse Interface
• Methods for replying to client
• Set content length and MIME type of reply
• ServletOutputStream and a Writer to send
data
• HttpServletResponse protocol specific
ServletResponse Interface
public void setContentLength(int len)
public void setContentType(String type)
public ServletOutputStream getOutputStream()
throws IOException
public PrintWriter getWriter() throws IOException
public String getCharacterEncoding()
HttpServletResponse
Interface
public void sendError(int sc, String msg) throws IOException
public void sendError(int sc) throws IOException
public void setStatus(int sc, String sm)
public void setStatus(int sc)
public
public
public
public
boolean containsHeader(String name)
void setHeader(String name,String value)
void setIntHeader(String name, int value)
void setDateHeader(String name, long date)
public void sendRedirect(String location) throws IOException
public void addCookie(Cookie cookie)
public String encodeUrl(String url)
public String encodeRedirectUrl(String url)
HTTP Specifics
• MIME: Multipurpose Internet Mail
Extension to identify file type
• GET/POST/PUT: Ways that browser sends
form data to the server
• Persistent Sessions
• Cookies
public class SimpleServlet extends HttpServlet {
/** * Handle the HTTP GET method by building a simple web page. */
public void doGet (HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
PrintWriter out;
String title = "Simple Servlet Output";
// set content type and other response header fields first
response.setContentType("text/html");
// then write the data of the response
out = response.getWriter();
out.println("<HTML><HEAD><TITLE>");
out.println(title); out.println("</TITLE></HEAD><BODY>");
out.println("<H1>" + title + "</H1>");
out.println("<P>This is output from SimpleServlet.");
out.println("</BODY></HTML>");
out.close(); }
}
You Do The Following
• Subclass HttpServlet
• Override doGet()
• User Request encapsulated in
HttpServletRequest object
• Response encapsulated in
HttpServletResponse object
• Use output stream from
HttpServletResponse
Interacting with Clients
•
•
•
•
•
•
Requests and Responses
Header Data
Get Requests
Post Requests
Threading
Servlet Descriptions
• Handle requests through service method
(calls doGet())
• HttpServletRequest Objects
– getParameter returns value of named
parameter
– getParameterValues if more than one value
– getParameterNames for names of parameters
– getQueryString for HTTP GET returns string
of raw data from client. Must parse.
– HTTP POST, PUT, DELETE Requests
• Text: getReader returns BufferedReader
• Binary: getInputStream returns
ServletInputStream
• HttpServletResponse Object
– getWriter returns a Writer for text
– getOutputStream returns
ServletOutputStream for binary
– Set header data before above IO set
– setContentType in header
Response Type
• Response type does not have to be a text
• You can, for example,
setContent(“image/gif”)
and send a stream of bits of an image
• You can also return an HTML form that
calls your servlet again as a response to a
user action
An Example
<HTML>
<HEAD>
<TITLE>Introductions</TITLE>
</HEAD>
<BODY>
<FORM METHOD=GET ACTION="/servlet/Hello">
If you don't mind me asking, what is your name?
<INPUT TYPE=TEXT NAME="name"><P>
<INPUT TYPE=SUBMIT>
</FORM>
</BODY>
</HTML>
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class Hello extends HttpServlet {
public void doPost(HttpServletRequest req,
HttpServletResponse res)
throws ServletException, IOException {
doGet(req, res);
}
public void doGet(HttpServletRequest req,
HttpServletResponse res)
throws ServletException, IOException {
// Set the Content-Type header
res.setContentType("text/html");
// Return early if this is a HEAD
if (req.getMethod().equals("HEAD")) return;
// Proceed otherwise
PrintWriter out = res.getWriter();
String name = req.getParameter("name");
out.println("<HTML>");
out.println("<HEAD><TITLE>Hello, " + name +
"</TITLE></HEAD>");
out.println("<BODY>");
out.println("Hello, " + name);
out.println("</BODY></HTML>");
}
}
Using the <SERVLET> Tag
• It is a server-side tag that is written in the
HTML document
• The web server is configured to replace the
tag with the output from the invoked servlet
• Many times, for servlets to recognize such
files, they are files that end with “.shtml”
<HTML>
<HEAD>
<title>Mountain View Public Access Bank Account Query
Service
</title>
The Servlet is not invoked directly
</HEAD>
<BODY>
<h1>Bank Server</h1>
<hr>
<form action="/Bank/SecondPage.shtml" method="GET">
Which account do you want to find out about ?
<input type="text" name="Person">
<input type="submit" value="Send">
</form>
<hr>
<small>All information subject to change without notice
and probably quite inaccurate.
</small>
</BODY>
</HTML>
<HTML>
<HEAD>
<title>Mountain View Public Access Bank Account
Query Service
</title>
</HEAD>
<BODY>
<h1>Bank Server</h1>
<hr>
<SERVLET CODE = bank.servlets.AccountSummary>
<PARAM NAME = "DriverName" VALUE =
"sun.jdbc.odbc.JdbcOdbcDriver">
<PARAM NAME = "DatabaseURL" VALUE =
"jdbc:odbc:AccountsDatabase">
<PARAM NAME = "Account" VALUE = "SYSDBA" >
<PARAM NAME = "Password" VALUE = "masterkey">
Your server doesn't support the servlet tag.
</SERVLET>
<hr>
<SERVLET CODE = bank.servlets.AccountTransactions>
<PARAM NAME = "DriverName" VALUE =
"sun.jdbc.odbc.JdbcOdbcDriver">
<PARAM NAME = "DatabaseURL" VALUE =
"jdbc:odbc:AccountsDatabase">
<PARAM NAME = "Account" VALUE = "SYSDBA" >
<PARAM NAME = "Password" VALUE = "masterkey">
Your server doesn't support the servlet tag.
</SERVLET>
<form action="/Bank/SecondPage.shtml" method="GET">
Which account do you want to find out about ?
<input type="text" name="Person">
<input type="submit" value="Send">
</form> <hr>
<small>All information subject to change without notice
and probably quite inaccurate.
</small>
</BODY>
</HTML>
SecondPage.shtml
public abstract class BankAccountSSIRoot extends HttpServlet {
public void doPost(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
_driverName = request.getParameter("DriverName");
_databaseURL = request.getParameter("DatabaseURL");
_account = request.getParameter("Account");
_password = request.getParameter("Password");
PrintWriter output;
try {
output = new PrintWriter(response.getOutputStream(), true);
}
catch (Exception e){
log("Couldn't get Printwriter for request");
return;
}
String person = request.getParameter("Person");
if (null==person){
logError(output, "Please enter a person's name");
}
else{
printAccountData(person, output);
}
return;
Class.forName(_driverName);
return DriverManager.getConnection(
Servlet can’t tell the difference
_databaseURL,
between SERVLET tag
_account,
parameters and form parameters
_password);
}
Servlets Package in UML
ServletConfig
1
GenericServlet
1
ServletContext
HttpUtils
HttpServlet
1..*
1
1
HttpSessionContext
HttpSession
0..*
1
0..*
0..*
0..*
HttpSessionBindingListener
1
HttpServletRequest
1
1
HttpServletResponse
0..*
Cookie
1
0..*
Object
Second Lecture
A Search Engine Choice
Example
• Taken from a tutorial by Marty Hall
• http://www.apl.jhu.edu/~hall/java/ServletTutorial/
• SearchEngines.java
• SearchSpec.java
• SearchEngines.html
Servlet Life Cycle
•
•
•
•
•
No main() method!
Server loads and initializes servlet
servlet handles client requests
server removes servlet
Servlet can remain loaded to handle
additional requests
• Incur startup costs only once
Life Cycle Schema
Starting and Destroying Servlets
• Initialization:
–
–
–
–
Servlet’s init(ServletConfig) method
Create I/O to intensive resources (database)
Initialization parameters are server specific
Seen in servletrunner properties file
• Destroying:
– destroy() method
– make sure all service threads complete
ServletConfig
• When a servlet is created, it can have a set
of initialization parameters (just like applets
or command line args to an application)
– How these parameters are set is web-server
specific (you need to configure the web server)
• ServletConfig lets the Servlet get at this
initial configuration information
public ServletContext getServletContext()
public String getInitParameter(String name)
public Enumeration getInitParameterNames()
package database;
import java.io.*;
import javax.servlet.*;
/**
* This is a simple example of a Generic Servlet. Other servlets
* call its public methods; it does not accept calls from clients.
*/
public class BookDBServlet extends GenericServlet {
private BookstoreDB books;
public void init(ServletConfig config) throws ServletException {
// Store the ServletConfig object and log the initialization
super.init(config);
// Load the database to prepare for requests
books = new BookstoreDB();
}
public void destroy() {
// Allow the database to be garbage collected
books = null;
}
public void service(ServletRequest req, ServletResponse res)
throws ServletException, IOException {
throw new UnavailableException(
this,
"This servlet does not accept client requests.");
}
public BookDetails getBookDetails(String bookId) {
return books.getBookDetails(bookId);
}
public BookDetails[] getBooksSortedByTitle() {
return books.getBooksSortedByTitle();
}
public int getNumberOfBooks() {
return books.getNumberOfBooks();
}
public String getServletInfo() {
return "The BookDB servlet manages the bookstore database. " +
"It is called by other servlets, not directly by a user.";
}
}
Servlet Threads
• Applying a service method for each client request
• The server usually only calls destroy() after all
service threads complete
• Need to keep track of threads currently running
• Wait for long-running threads to complete
• Have long-running threads poll for shutdown
Example – Counting Threads
public ShutdownExample extends HttpServlet {
private int serviceCounter = 0;
...
//Access methods for serviceCounter
protected synchronized void enteringServiceMethod()
{
serviceCounter++;
}
protected synchronized void leavingServiceMethod()
{
serviceCounter--;
}
protected synchronized int numServices() {
return serviceCounter;
}
}
Maintaining the Count
protected void service(HttpServletRequest req,
HttpServletResponse resp)
throws ServletException, IOException
{
enteringServiceMethod();
try {
super.service(req, resp);
} finally {
leavingServiceMethod();
}
}
Notifying a Shutdown
public ShutdownExample extends HttpServlet {
private boolean shuttingDown;
...
//Access methods for shuttingDown
protected setShuttingDown(boolean flag) {
shuttingDown = flag;
}
protected boolean isShuttingDown() {
return shuttingDown;
}
}
A Destroy Example
public void destroy() {
/* Check to see whether there are still
* service methods running,
* and if there are, tell them to stop.
*/
if (numServices() > 0) {
setShuttingDown(true);
}
/* Wait for the service methods to stop. */
while(numServices() > 0) {
try {
Thread.sleep(interval);
} catch (InterruptedException e) {}
}
}
“Listening” to a Shutdown
public void doPost(...) {
...
for(i = 0; ((i < numberOfThingsToDo)
&& !isShuttingDown()); i++) {
try {
partOfLongRunningOperation(i);
} catch (InterruptedException e) {}
}
}
SingelThreadModel
• SingleThreadModel is a marker interface
– No methods
– Tells servlet engines about lifecycle expectations
• Ensure that no two threads will execute
concurrently the service method of that servlet
• This is guaranteed by maintaining a pool of servlet
instances for each such servlet, and dispatching
each service call to a free servlet
SingleThreadModel
• SingleThreadModel let you break servlet
functionality into multiple methods
• Can rely on “instance state” being uncorrupted by
other requests
• Can’t rely on singletons (static members) or
persistent instance state between connections
– The same client making the same request, can get
different instances of your servlet
Servlets Chaining
• Servlets cooperate to create content
• Multiple servlets in a chain
– request parameters supplied to first servlet
– output piped to successive servlets
– last servlet in chain sends output to client
• Two ways to direct server to use chains:
– configure server to handle certain URLs with explicitlyspecified chains
– configure server to direct certain content types to
specific servlets before output
Example – Removing
blink Tags
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class Deblink extends HttpServlet
{
public void doGet(HttpServletRequest req,
HttpServletResponse res) throws ServletException,
IOException
{
// get the incoming type
String contentType = req.getContentType();
// nothing incoming, nothing to do
if (contentType == null) return;
// set outgoing type to be incoming type
res.setContentType(contentType);
PrintWriter out = res.getWriter();
BufferedReader in = req.getReader();
String line = null;
while ((line = in.readLine()) != null)
{
line = replace(line, ”<BLINK>", "");
line = replace(line, ”</BLINK>", "");
out.println(line);
}
} // end doGet()
public void doPost(HttpServletRequest req,
HttpServletResponse res) throws ServletException,
IOException
{
doGet(req, res);
} // end doPost()
private String replace(String line, String oldString,
String newString)
{
int index = 0;
while ((index = line.indexOf(oldString, index)) = 0)
{
// Replace the old string with the new string
// (inefficiently)
line = line.substring(0, index)
+ newString
+ line.substring(index
+ oldString.length());
index += newString.length();
}
return line;
} // end replace()
} // end Deblink
Servlet Chaining Can be Used to
• Quickly change appearance of a page, group of
pages, or type of content
– suppress <BLINK> tags
– translate into a different language
• Display section of page in special format
– <SQL> tag - print results of query
• Support obscure data types
– serve up unsupported image formats as GIF or JPEG
Session Tracking
• HTTP is a stateless protocol
– many web applications (i.e. shopping carts) are not
– need to keep track of each user’s state (i.e. items in the
shopping cart)
• Common techniques
–
–
–
–
user authorization
hidden form fields
URL rewriting
persistent cookies
Hidden Form Fields
• Hidden fields are just another type of input
tag for a form
• The receiving web server can’t tell the
difference between a user entered value and
a hidden form field value
<INPUT TYPE = hidden
NAME = “DefaultBGColor”
VALUE = “Green” >
URL Encoding
• Basically, a way to store lots of name value pairs
as arguments after a URL
– End result is a url that looks like a “GET” URL
• If you want to embed a link in a response, and
want the link to reflect the session-id, use either
(from HttpServletResponse)
public String encodeUrl(String url)
public String encodeRedirectUrl(String url)
• These encode the session id as ?name=value on
the end of the url
Tracking with HttpSession
• Servlets have built-in session tracking
• Every user has a HttpSession object
– store and retrieve user information
• i.e. shopping cart contents, database connections
• Retrieve the user’s session:
public HttpSession HttpServletRequest.getSession (boolean create)
– if the user has no valid session,
• a new one is created if create is true;
• null is returned if create is false
Session Tracking API
• Add data to a session
public void HttpSession.putValue(String name,
Object value)
– value must implement Serializable interface
– replaces any object that is bound in the session
with the same name
• Retrieve data from a session
public Object HttpSession.getValue(String name)
– returns null if no object is bound to the name
More on Tracking API
• Retrieve the name of all session objects
public String[] HttpSession.getValueNames()
– returns an empty array if no bindings
• Remove a value from the session
public void HttpSession.removeValue(String name)
– does nothing if no object is bound
• These methods throw an
IllegalStateException if the session is
invalid
Hit Count using Session Tracking
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class SessionTracker extends HttpServlet
{
public void doGet(HttpServletRequest req,
HttpServletResponse res) throws ServletException,
IOException
{
res.setContentType("text/html");
PrintWriter out = res.getWriter();
HttpSession session = req.getSession(true);
Integer count =
(Integer)session.getValue("tracker.count");
if (count == null)
count = new Integer(1);
else
count = new Integer(count.intValue() + 1);
Hit Count using Session Tracking
session.putValue("tracker.count", count);
out.println("<HTML><HEAD><TITLE>SessionTracker</TITLE>
</HEAD>");
out.println("<BODY><H1>Session Tracking Demo</H1>");
out.println("You've visited this page " + count +
((count.intValue() == 1) ? " time." : " times."));
out.println("<P>");
out.println("<H2>Here is your session data:</H2>");
String[] names = session.getValueNames();
for (int i = 0; i < names.length; i++)
{
out.println(names[i] + ": " +
session.getValue(names[i]) + "<BR>");
}
out.println("</BODY></HTML>");
}
}
Cookies
• Usages:
– Identifying a user during an e-commerce (or
other) session
– Avoiding user-name and password
– Customizing a site
– Focusing advartising
Cookies
• Cookies are state information that gets passed
back and forth between the web server and
browser in HTTP headers
– A response header
Set-Cookie: NAME=VALUE; expires=DATE;
path=PATH; domain=DOMAIN_NAME; secure
– A request header
Cookie: NAME=VALUE; NAME2=VALUE2; NAME3=VALUE3...
• You create cookies and then add them to the
HttpServletResponse (or get them from the
HttpServletRequest)
public void addCookie(Cookie cookie)
public Cookie[] getCookies()
Limitations on Cookies
• Must be set before any HMTL is generated.
– Neither servlets embedded using the SERVLET tag, nor
chained servlets, can set a cookie
– They can still access cookie values
• Name isn’t unique
– Uniqueness enforced on (Name, Domain, Path)
• Most applicable cookie of each name (best match) is
returned
• Only name, value, and version are returned
More Limitations
•
•
•
•
Limited to 20 cookies per server/ domain
Limited to 300 cookies per user
A 4KB size limit per cooky
Cookies expire:
A Lasting Cooky
import javax.servlet.http.*;
public class LongLivedCookie extends Cookie {
public static final int SECONDS_PER_YEAR =
60*60*24*365;
public LongLivedCookie(String name, String
value) {
super(name, value);
setMaxAge(SECONDS_PER_YEAR);
}
}
javax.servlet.Http.Cookie
Secure means, practically, “only
send if SSL is being used”
Note that you
can’t change a
cookies name
public void setComment(String purpose)
public void setDomain(String pattern)
public void setMaxAge(int expiry)
public void setPath(String uri)
public void setSecure(boolean flag)
public void setValue(String newValue)
public void setVersion(int v)
public String getValue()
public int getVersion()
public String getName()
public String getComment()
public String getPath()
public int getMaxAge()
public String getDomain()
public boolean getSecure()
Comment is used if client
individually approves
cookies
Pointless to call
these because
browser doesn’t
send them
Cookie Defaults
• Max Age – if not set, cookie will expire
when browser is closed
• Domain/Path – together, they specify where
the cookie is valid
– A cookie created in response to the request
http://www.cs.huji.ac.il/~dbi/home/index.html
defaults to
domain: www.cs.huji.ac.il/
path: ~dbi/home/
Note that
• Cookies do not pose a security threat
• They do pose a privacy threat
Servlet Communication
• To service a request, the servlet may need to
get resources from:
–
–
–
–
databases
other servlets
HTML pages (or other files)
objects shared among servlets at the same
server
– and so on
Getting a Resource
• There are two ways to get a resource:
– With a HTTP request
– Using a RequestDispatcher object
Getting a Request Dispatcher
public class BookStoreServlet extends HttpServlet {
public void service (HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
// Get the dispatcher; it gets the main page to the
user
RequestDispatcher dispatcher =
getServletContext().getRequestDispatcher(
"/bookstore/bookstore.html");
...
}
}
Resources that are not Available
• To deal with resources that are not available
you should do:
if (dispatcher == null) {
// No dispatcher means the html file can not be
delivered
response.sendError(response.SC_NO_CONTENT);
}
Forwarding Request
public class BookStoreServlet extends HttpServlet {
public void service (HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
...
// Get or start a new session for this user
HttpSession session = request.getSession();
// Send the user the bookstore's opening page
dispatcher.forward(request, response);
...
}
}
Include
• Forwarding a request cannot be used to
service requests partially
• We should use include() of resources
ServletContext
• For sharing resources among servlets, we
use ServletContext
– Server-specific attributes (name-value pairs,
much like System.properties) and server
configuration information
– Ability to find other servlets
public Servlet getServlet(String name)
throws ServletException
public Enumeration getServlets()
public Enumeration getServletNames()
public void log(String msg)
public void log(Exception exception, String msg)
public String getRealPath(String path)
public String getMimeType(String file)
public String getServerInfo()
public Object getAttribute(String name)
public void setAttribute(String name,
Object object)
public void removeAttribute(string name)
public Enumeration getAttributeNames();
public class CatalogServlet extends HttpServlet
{
public void init() throws ServletException {
BookDBFrontEnd bookDBFrontEnd =
...
if (bookDBFrontEnd == null) {
getServletContext().setAttribute(
"examples.bookstore.database.
BookDBFrontEnd",
BookDBFrontEnd.instance());
}
With getAttribute() the values
are taken and used by other
}
servlets
...
}
Servers
• JavaServer Web Development Kit (JSWDK)
– By Sun
– the official reference implementation of the servlet 2.1
and JSP 1.0 specifications
• Tomcat
– By Apache
– Tomcat is the official reference implementation of the
servlet 2.2 and JSP 1.1 specifications
Tomcat
• Configuring:
– A file “web.xml” (called Web application
deployment descriptor) holds the configuration
information
– There are
• <servlet> and
• <servlet-mapping>
elements in the file
The <servlet> Element
• The Servlet Element
– establishes a mapping between a servlet name and the
fully-qualified name of the servlet class:
<servlet>
<servlet-name>catalog</servlet-name>
<servlet-class>CatalogServlet</servletclass>
</servlet>
Determining the Servlet
• When a request is received by Tomcat it
must determine which servlet should handle
it
• You designate that certain paths (called
aliases) map to a specific servlet with the
servlet-mapping element
The Mapping of URLs And
Servlets
• A context root is a path that gets mapped to
the document root of the servlet application
• If your application's context root is
/bookstore, then a request URL such as
http://hostname:8000/bookstore/catalog
will send the request to the servlet named
catalog within the bookstore context
Example
<servlet-mapping>
<servlet-name>
catalog
</servlet-name>
<url-pattern>
/catalog
</url-pattern>
</servlet-mapping>
Start-up File
• The server startup file is
TOMCAT_HOME/conf/server.xml
• It holds configuration information
– Server host (default localhost)
– server port (default 8080)
– etc
Calling Servlets From a Browser
• Context-root corresponds to the
subdirectory of
TOMCAT_HOME/webapps where you
have installed your application
• Servlet-name corresponds to the name you
have given your servlet
http://machine-name:port/Context-root/Servlet-
name
Online Bookstore
package cart;
import java.util.*;
import database.BookDetails;
public class ShoppingCart {
Hashtable items = null;
int numberOfItems = 0;
public ShoppingCart() {
items = new Hashtable();
}
public void add(String bookId, BookDetails book) {
if(items.containsKey(bookId)) {
ShoppingCartItem scitem = (ShoppingCartItem)
items.get(bookId);
scitem.incrementQuantity();
} else {
ShoppingCartItem newItem = new ShoppingCartItem(book);
items.put(bookId, newItem);
}
numberOfItems++;
}
public void remove(String bookId) {
if(items.containsKey(bookId)) {
ShoppingCartItem scitem = (ShoppingCartItem)
items.get(bookId);
scitem.decrementQuantity();
if(scitem.getQuantity() <= 0)
items.remove(bookId);
numberOfItems--;
}
}
public Enumeration getItems() {
return items.elements();
}
protected void finalize() throws Throwable {
items.clear();
}
public int getNumberOfItems() {
return numberOfItems;
}
public void clear() {
items.clear();
numberOfItems = 0;
}
}
package cart;
public class ShoppingCartItem {
Object item;
int quantity;
public ShoppingCartItem(Object anItem) {
item = anItem;
quantity = 1;
}
public void incrementQuantity() {
quantity++;
}
public void decrementQuantity() {
quantity--;
}
public Object getItem() {
return item;
}
public int getQuantity() {
return quantity;
}
}
package database;
public class BookDetails {
private String bookId = null;
private String title = null;
private String firstName = null;
private String surname = null;
private float price = 0.0F;
private int year = 0;
private String description = null;
public BookDetails(String bookId, String surname, String firstName,
String title, float price, int year,
String description) {
this.bookId = bookId;
this.title = title;
this.firstName = firstName;
this.surname = surname;
this.price = price;
this.year = year;
this.description = description;
}
public String getTitle() {
return title;
}
public float getPrice() {
return price;
}
public int getYear() {
return year;
}
public String getDescription() {
return description;
}
public String getBookId() {
return this.bookId;
}
public String getFirstName() {
return this.firstName;
}
public String getSurname() {
return this.surname;
}
}
package database;
import java.util.*;
/**
* Sets up the database with the appropriate things for our bookstore.
*/
class BookStoreDB {
/* The database hashtable and dbByTitle vector are filled with
* 10 objects of type BookDetails. The hashtable is pretending to
* be a database; the vector is pretending to be a view of the
* database.
*/
private Hashtable database;
private BookDetails[] dbByTitle;
private final int numberOfBooks = 10;
public BookStoreDB () {
BookDetails book;
database = new Hashtable();
dbByTitle = new BookDetails[numberOfBooks];
book = new BookDetails("201", "Duke", "",
"My Early Years: Growing up on *7",
(float)10.75, 1995, "What a cool book");
database.put(new Integer(201), book);
dbByTitle[5] = book;
book = new BookDetails("202", "Jeeves", "",
"Web Servers for Fun and Profit", (float)10.75,
1996, "What a cool book");
database.put(new Integer(202), book);
dbByTitle[8] = book;
book = new BookDetails("203", "Masterson", "Webster",
"Servlets: A Web Developers Dream Come True",
(float)17.75, 1995, "What a cool book");
database.put(new Integer(203), book);
dbByTitle[7] = book;
book = new BookDetails("204", "RealGood", "Coad",
"Moving from C++ to the Java(tm) Programming
Language",
(float)10.75, 1996, "What a cool book");
database.put(new Integer(204), book);
dbByTitle[4] = book;
book = new BookDetails("205", "Novation", "Kevin",
"From Oak to Java: The Revolution of a Language",
(float)10.75, 1998, "What a cool book");
database.put(new Integer(205), book);
dbByTitle[1] = book;
book = new BookDetails("206", "Gosling", "James",
"Oak Intermediate Bytecodes", (float)10.75,
1998, "What a cool book");
database.put(new Integer(206), book);
dbByTitle[6] = book;
book = new BookDetails("207", "Thrilled", "Ben",
"The Green Project: Programming for Consumer
Devices",
(float)10.75, 1998, "What a cool book");
database.put(new Integer(207), book);
dbByTitle[2] = book;
book = new BookDetails("208", "Duke", "",
"100% Pure: Making Cross Platform Deployment a
Reality",
(float)10.75, 1998, "What a cool book");
database.put(new Integer(208), book);
dbByTitle[9] = book;
book = new BookDetails("209", "Tru", "Itzal",
"Duke: A Biography of the Java Evangelist",
(float)10.75, 1998, "What a cool book");
database.put(new Integer(209), book);
dbByTitle[0] = book;
book = new BookDetails("210", "Sidence", "Cohen",
"I Think Not: Duke's Likeness to the Federation
Insignia",
(float)10.75, 1998, "What a cool book");
database.put(new Integer(210), book);
dbByTitle[3] = book;
}
BookDetails getBookDetails(String bookId) {
Integer key = new Integer(bookId);
return (BookDetails)database.get(key);
}
BookDetails[] getBooksSortedByTitle() {
return dbByTitle;
}
package database;
import java.io.*;
/**
* Object that gets information from the Duke's Bookstore database.
*/
public class BookDBFrontEnd {
private BookStoreDB books;
private static BookDBFrontEnd onlyInstance = null;
/* Private no-args constructor */
private BookDBFrontEnd() {
init();
}
/** Static factory method that makes a single instance of this
* class. */
public static BookDBFrontEnd instance () {
if (onlyInstance == null)
onlyInstance = new BookDBFrontEnd();
return onlyInstance;
}
/** Initialize the book database, and store it in this. */
public void init() {
// Load the database to prepare for requests
books = new BookStoreDB();
}
/** Set the database to null so that it can be garbage collected. */
public void destroy() {
books = null;
}
/** Return information about the book associated with the given
* book identifier. */
public BookDetails getBookDetails(String bookId) {
return books.getBookDetails(bookId);
}
/** Return information about all the books in the bookstore.
* Sort the books into alphabetical order using their title
* as the key. */
public BookDetails[] getBooksSortedByTitle() {
return books.getBooksSortedByTitle();
}
/** Return the number of books in the bookstore database. */
public int getNumberOfBooks() {
return books.getNumberOfBooks();
}
}
Handling Get Requests
import
import
import
import
import
java.io.*;
javax.servlet.*;
javax.servlet.http.*;
database.*;
cart.*;
/**
* This is a simple example of an HTTP Servlet. It responds to the GET
* and HEAD methods of the HTTP protocol. This servlet calls other
* servlets.
*/
public class BookDetailServlet extends HttpServlet {
//Get Servlet specific configuration information
public void init() throws ServletException {
//getServletContext() retrieves information about servlet engine
//getAttribute() returns servlet engine attribute with given name
BookDBFrontEnd bookDBFrontEnd =
(BookDBFrontEnd)getServletContext().getAttribute(
"examples.bookstore.database.BookDBFrontEnd");
if (bookDBFrontEnd == null) {
getServletContext().setAttribute(
"examples.bookstore.database.BookDBFrontEnd",
BookDBFrontEnd.instance());
}
}
public void doGet (HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException
{
// Get the user's session and shopping cart
HttpSession session = request.getSession(true);
ShoppingCart cart =
(ShoppingCart)session.getValue(session.getId());
// If the user has no cart, create a new one
if (cart == null) {
cart = new ShoppingCart();
session.putValue(session.getId(), cart);
}
// set content-type header before accessing the Writer
response.setContentType("text/html");
PrintWriter out = response.getWriter();
// then write the response
out.println("<html>" +
"<head><title>Book Description</title></head>" +
"<body bgcolor=\"#FFFFFF\">" +
"<center>" +
"<hr> <br> &nbsp;" +
"<h1>" +
"<font size=\"+3\" color=\"red\">Duke's </font>" +
"<font size=\"+3\"
color=\"purple\">Bookstore</font>" +
"</h1>" +
"</center>" +
"<br> &nbsp; <hr> <br> &nbsp;");
//Get the identifier of the book to display
String bookId = request.getParameter("bookId");
if (bookId != null) {
// and the information about the book
BookDBFrontEnd frontEnd =
(BookDBFrontEnd)getServletContext().getAttribute(
"examples.bookstore.database.BookDBFrontEnd");
BookDetails bd = frontEnd.getBookDetails(bookId);
//Print out the information obtained
out.println("<h2>" + bd.getTitle() + "</h2>" +
"&nbsp; By <em>" + bd.getFirstName() + ", " +
bd.getSurname() + "</em> &nbsp; &nbsp; " +
"(" + bd.getYear() + ")<br> &nbsp; <br>" +
"<h4>Here's what the critics say: </h4>" +
"<blockquote>" + bd.getDescription() +
"</blockquote>" +
"<h4>Our price: $" + bd.getPrice() + "</h4>" +
"<center>" +
"<p><a href=\"" +
"/servlet/catalog?Buy=" + bookId +
"\"> Add this item to your shopping
cart.</a></p>" +
"</center>");
}
out.println("</body></html>");
out.close();
}
public String getServletInfo() {
return "The BookDetail servlet returns information about" +
"any book that is available from the bookstore.";
}
}
Handling Post Requests
import
import
import
import
java.io.*;
javax.servlet.*;
javax.servlet.http.*;
cart.ShoppingCart;
/**
* An HTTP servlet that responds to the POST method of the HTTP
protocol.
* It clears the shopping cart, thanks the user for the order,
* and resets the page to the BookStore's main page.
*/
public class ReceiptServlet extends HttpServlet {
public void doPost(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException
{
// Get the user's session and shopping cart
HttpSession session = request.getSession(true);
ShoppingCart cart =
(ShoppingCart)session.getValue(session.getId());
// If the user has no cart, create a new one
if (cart == null) {
cart = new ShoppingCart();
session.putValue(session.getId(), cart);
}
// Payment received -- invalidate the session
session.invalidate();
// set content type header before accessing the Writer
response.setContentType("text/html");
PrintWriter out = response.getWriter();
// then write the response
out.println("<html>" +
"<head><title> Receipt </title>" +
"<meta http-equiv=\"refresh\" content=\"4; url=" +
"http://" + request.getHeader("Host") +
"/servlet/bookstore;\">" +
"</head>" +
"<body bgcolor=\"#FFFFFF\">" +
"<center>" +
"<hr> <br> &nbsp;" +
"<h1>" +
"<font size=\"+3\" color=\"red\">Duke's </font>" +
"<font size=\"+3\"
color=\"purple\">Bookstore</font>" +
"</h1>" +
"</center>" +
"<br> &nbsp; <hr> <br> &nbsp;");
out.println("<h3>Thank you for purchasing your books from us "
+
request.getParameter("cardname") +
"<p>Please shop with us again soon!</h3>" +
"<p><i>This page automatically resets.</i>" +
"</body></html>");
out.close();
}
public String getServletInfo() {
return "The Receipt servlet clears the shopping cart, " +
"thanks the user for the order, and resets the " +
"page to the BookStore's main page.";
}
}
Servlet Descriptions
• To allow server to display information about
servlet
• getServletInfo
public class BookStoreServlet extends HttpServlet {
...
public String getServletInfo() {
return "The BookStore servlet returns the " +
"main web page for Duke's Bookstore.";
}}
Related documents
First step to securing servers and the data lying there is to set up a
First step to securing servers and the data lying there is to set up a
PowerPoint
PowerPoint
JSP and Servlet Example Code
JSP and Servlet Example Code
1 Do not delete anything from this file. Just write your answer under
1 Do not delete anything from this file. Just write your answer under
Servlets - itk.ilstu.edu
Servlets - itk.ilstu.edu
Servlets
Servlets
CUSTOMER_CODE SMUDE DIVISION_CODE SMUDE
CUSTOMER_CODE SMUDE DIVISION_CODE SMUDE
1.1 Servlets Lab content
1.1 Servlets Lab content
CUSTOMER_CODE SMUDE DIVISION_CODE SMUDE
CUSTOMER_CODE SMUDE DIVISION_CODE SMUDE
Designing Web Applications
Designing Web Applications
Servlets - Examples
Servlets - Examples