Download Server-Side Processing Overview

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
Document related concepts

Scala (programming language) wikipedia , lookup

C Sharp (programming language) wikipedia , lookup

Java (programming language) wikipedia , lookup

Java performance wikipedia , lookup

Java ConcurrentMap wikipedia , lookup

Transcript 
Server-Side Development Basics
Harry R. Erwin, PhD
University of Sunderland
CIT304/CSE301
Resources
• Hans Bergsten, 2002, JavaServer Pages, 2nd edition, O’Reilly, ISBN:
0-596-00317-X
• http://java.sun.com/products/jsp/
• http://www.apl.jhu.edu/~hall/java/Servlet-Tutorial/
• Farley, et al., 2002, Java Enterprise in a Nutshell, 2nd edition,
O’Reilly, ISBN: 0-596-00152-5
• Brittain and Darwin, 2003, Tomcat: the Definitive Guide, O’Reilly.
• Kurniawan and Deck, 2004, How Tomcat Works,
BrainySoftware.com.
• Knuckles and Yuen, 2005, Web Applications: Concepts and Real
World Design, Wiley.
• Nakhimovsky and Myers, 2004, Google, Amazon and Beyond, Apress.
Questions to be Answered
•
•
•
•
•
What is server-side programming (SSP)?
What are some approaches to SSP?
What are SSP basics?
What is JSP?
How can I support SSP?
What is Server-Side
Programming (SSP)?
• Technologies for developing web pages that
include dynamic content—that is web
applications.
• Can produce web pages that contain information
that is connection- or time-dependent.
• A key technology for on-line shopping, employee
directories, personalized and internationalized
content.
History of Dynamic Web Content
• The Common Gateway Interface (CGI) was the first
approach to providing dynamic web content. Used scripts,
and a process, not just an individual thread, was dispatched
for each web page generated. Hence inefficient and did not
scale well.
• Numerous second generation alternatives were invented:
–
–
–
–
–
FastCGI
mod_perl
NSAPI
ISAPI
Java Servlets
• These embedded HTML in programming code. Hence
costly in programmer time.
Scripting—the Third Generation
Approach
• Idea: embed simple code in HTML pages!
• The HTML pages then use the code to
choose what elements and data to display.
• Classes and/or subroutines may be called to
compute information for inclusion in the
web page. Existing APIs can be invoked.
• This is known as ‘scripting’.
Some Approaches to Scripting
• JavaServer Pages (JSP, uses Java sparingly, will be
covered in these lectures)
• Active Server Pages (ASP, uses VBScript, Jscript, COM
or ActiveX components, ODBC). ASP.NET is quite
similar to JSP, using C#. Has not been very popular.
• PHP (C-like syntax, many functions available, insecure,
covered in DL versions of CIT304)
• ColdFusion (CFML, proprietary)
• Java servlet template engine (Velocity, FreeMarker)
Not much change in the last five years, other than the
introduction of AJAX (JavaScript + XML).
Some JSP Basics
• The HTTP protocol.
• Servlets
The HTTP Protocol
•
A communications model:
–
–
•
A client, often but not always a web browser, sends a
request for a resource to a server.
The server returns a response or an error message.
Points to remember:
1. Stateless protocol.
2. Delayed feedback.
3. Server cannot tell how the request was made. No
client-side processing can be invoked. (If it could be,
it would be a security nightmare.)
Examples of HTTP Clients
• Web browsers (many, including specialized ones for
console interfaces—lynx—and handicapped users)
• Search utilities (Sherlock on MacOS X)
• Help utilities
• FTP clients (e.g., interarchy on MacOS X)
• Software registration programs
• telnet (a hacker can emulate a web browser by connecting
to port 80)
• Specialized programs (e.g., curl)
• Cracker toolkits (to generate malformed http requests)
HTTP Requests
• Information is specified by an HTTP Uniform
Resource Locator (URL, see RFC-2396 and RFC2616).
http://osiris.sunderland.ac.uk:80/~cs0her/index.html
• Consists of:
– Protocol designation (http and https)
– Server name:port number (port number defaults to 80
for http and 8080 443 for https)
– Name of the resource being requested. Need not be a
file. Here it is: /~cs0her/index.html
HTTP Request Message
• Consists of:
– Request line
• GET resource_name protocol_in_use
• POST (provides parameters in the request body, see below)
– Request headers
• Host (server name)
• User-Agent (browser type)
• Various Accept headers describing formats and languages
– Request body (optional)
Java Servlets
• Currently, Java is the predominant language for
SSP. This is due to the Java Servlet API.
• Advantages over other SSP technologies:
– Persistent between invocations, avoiding process
instantiations.
– Portable across operating systems and servers.
– Good security.
– Can use the Java APIs, particularly JDBC.
– Is integrated closely with the J2EE environment.
Servlets
• A servlet runs in a servlet container within a Java
Virtual Machine.
• Servlet containers:
–
–
–
–
Apache/Jserv, which supports Servlets 2.0.
Mortbay.com/Jetty
IBM/WebSphere
Jakarta/Tomcat 4.0 (This is the reference implementation for the Servlet 2.3 API). Available from
http://jakarta.apache.org. We will discuss Tomcat in a
later lecture.
Servlet Basics
• The Servlet API consists of two Java
packages:
– javax.servlet
– javax.servlet.http
• Required for J2EE 1.3
Servlet Lifecycle
• A client makes a request involving a servlet
running on the server.
• The servlet is responsible for loading and
executing the Java classes that generate the HTML
content.
• To the client, this looks like standard HTML
processing, except faster.
• The servlet then need not shut down. Instead, it
can handle subsequent requests without restarting.
Servlet Methods
• init(), to handle startup. Once init() runs, the
servlet is available.
• service() is called to process each request. Disk
writes are only needed to preserve state.
Arguments to service() are ServletRequest and
ServletResponse objects.
• destroy() is called to clean up resources when the
server shuts down (if it ever shuts down).
Core of the API
• javax.servlet.Servlet interface.
• javax.servlet.http.Servlet class, implementing the
interface. Designed to work with the HTTP
protocol.
• javax.servlet.GenericServlet class, implementing
the interface. This class is communication
protocol agnostic. Can implement a filtering
servlet to adapt output from some other source.
This can provide other protocol services (e.g., ftp).
A Web Application
• A set of resources (servlets, static content,
.jsp files, class libraries) installed in a
specific path, making up a directory.
• Should be organized as a chroot jail.
• Multiple servlets can exist concurrently.
Run in a common ServletContext.
• Be careful—the path can change from
machine to machine.
Supporting JSP
• Requirements:
– Workstation or PC with an internet connection.
– Java 2 SDK (available from Sun, links on my
COM379 handbook page)
– JSP 1.2-enabled web server such as Apache
Tomcat (Jakarta Project). This is available here
at the Informatics Centre.
Sounds Good?
• Not really—Java servlets have to be programmed
and their configuration must be managed.
• Programmers make $50,000-$90,000 in the USA,
and programs are notoriously hard to develop and
maintain. This is particularly a problem when
changes to business logic force changes.
• Next lecture: we will look at how the same thing
can be done more quickly, easily, and flexibly
with web pages.
Conclusions
• You’ve gained a general understanding of what
Server Side Processing (SSP) is.
• You’ve seen the role of SSP in HTTP processing.
• You’ve been introduced to Java Servlets, and
• You now know the basic configuration for servlet
processing.
• Next lecture, you will see how JavaServer Pages
(JSP) interact with this environment.
Related documents
A communications model
A communications model
First step to securing servers and the data lying there is to set up a
First step to securing servers and the data lying there is to set up a
0 Text Introduction
0 Text Introduction
Designing Web Applications
Designing Web Applications
6 web applications
6 web applications
CS 412 Study Guidelines for the Midterm Exam
CS 412 Study Guidelines for the Midterm Exam
Slide 1
Slide 1
Chapter 1 - SaigonTech
Chapter 1 - SaigonTech
PowerPoint
PowerPoint
JSP and Servlet Example Code
JSP and Servlet Example Code
EJB - Agile Computers
EJB - Agile Computers
CS 492 Chapter 1 Answers To Odd Questions
CS 492 Chapter 1 Answers To Odd Questions