Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Multi-Threaded Programming in Java
Document related concepts
Transcript
Servlets and the Java Web Server
Server-Side Programming Made Easy
Written by Alex Chaffee (alexc@purpletech.com)
Contents Copyright (c) 1998 Purple Technology, Inc.
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
1
Servlets and the Java Web Server
Course Outline
Servlet Overview
Using Servlets
Writing Servlets
Saving State
Java Web Server Features
Appendix: CGI Tutorial
Appendix: FAQ
Inside the Exercises Handout
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
2
Section I
Servlet Overview
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
3
Servlets and the Java Web Server
What Is A Servlet
A Java object
Plug-in for a web server
Replacement for CGI scripts
Can also be used to extend server as a plug-in
Full power of Java
Platform-independent
Database access
Fun to write
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
4
Servlets and the Java Web Server
Server/Service/Servlet
server - a process running on a host
machine
Apache, Java Web Server
service - a protocol running on a port
HTTP, FTP
servlet - a module running inside a service
PhoneServlet
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
5
Servlets and the Java Web Server
Servlet/Service/Server Diagram
(diagram from Java Web Server tutorial)
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
6
Servlets and the Java Web Server
Servlets vs. Applets
Servlets have no GUI
Server-side, not client-side
Different security model
Installed, not downloaded
But you can download remote servlets too
Consistent server-side VM
Much easier to test
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
7
Servlets and the Java Web Server
Servlets vs. CGI
"performance, flexibility, portability, and
security" (whitepaper)
Faster and Leaner
No fork-process like Perl
No need to initialize for each request
Only lightweight thread context switching
Built-in multithreading
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
8
Servlets and the Java Web Server
Servlets vs. CGI (Cont.)
Easy to manage state
share data across successive requests
share data between concurrent requests
use hidden fields, cookies, or sessions
Write once, run anywhere
It's easy to write unportable Perl
Servlets have standard API
Supports all methods
GET, POST, PUT, DELETE, et al.
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
9
Servlets and the Java Web Server
Servlets vs. FastCGI
FastCGI sends multiple requests to a single
separate process
requires process context switch
Servlets send multiple requests to multiple threads
in same process
requires lightweight thread context switch
(Also applies to ISAPI)
Nice diagram in White Paper
Servlets also automatically take advantage of
multiprocessors
if the underlying JVM does
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
10
Servlets and the Java Web Server
Supported Servers
Java Web Server
Apache
Netscape
Many others (see web site)
Servlet Engines
IBM's ServletExpress
Live Software’s JRun
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
11
Servlets and the Java Web Server
Servlet Security
Trusted Servlets (full access)
JWS Internal
Local (in the "servlets" directory)
Servlet Sandbox
Signed Network Servlets (full access)
Unsigned Network Servlets (limited access)
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
12
Servlets and the Java Web Server
Servlet Security: Implications
IT managers can sign servlets for use in
their organization
ISPs can allow users to run servlets
less of a security hole than CGI scripts, since Java is
safe and secure (at least more so than C or Perl)
still allows denial-of-service attacks
Network servlets are possible
chaining / proxying
allows agents
common servlet repository for multiple servers
one place to install updates
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
13
Servlets and the Java Web Server
Servlet Security: Problems
Too simplistic
All or nothing
Should allow ACLs for particular signers
They claim it will in a future version
Should get better with 1.2 security model
Finer-grained access control
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
14
Servlets and the Java Web Server
Servlet Client Security
Java Web Server
Allows Access Control Lists for clients
Supports HTTP authentication
Supports Digest Authentication
Other Web Servers
Usually support HTTP authentication
May have other security features
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
15
Servlets and the Java Web Server
SSL in JWS
It works
Extra $$
https: supported
Digest Authentication supported
SSL 3 (client certificates) required
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
16
Servlets and the Java Web Server
Authenticating the user’s identity
HTTP Authentication
Username/password sent to server on every request
(like cookies)
Very light encryption (uuencode)
Digest Authentication
Cryptographic handshaking between client and
server
Very good encryption
Not supported by all servers/browsers
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
17
Servlets and the Java Web Server
User Authentication Methods
request.getRemoteUser()
returns username
request.getAuthType()
HTTP or Digest
request.getScheme()
“http” or “https”
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
18
Servlets and the Java Web Server
API Availability
Standard Java Extension API
From white paper: "This means that while it is not
part of the core Java framework which must always
be part of all products bearing the Java brand, it will
be made available with such products by their
vendors as an add-on package."
package javax.servlet.*, javax.servlet.http.*
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
19
Servlets and the Java Web Server
Servlet Architectures:Three-tier system
Tier 1: Client
HTML browser
Java client
Tier 2: Servlets
embody business logic
secure, robust
Tier 3: Data Sources
Java can talk to SQL, CORBA, OODB, File system,
etc. etc.
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
20
Servlets and the Java Web Server
Servlet Architectures: N-tier system
Tier 1: HTML Browser
Tier 2: Servlet
User interface
Tier 3: EJB/CORBA/RMI Objects
Business logic
Tier 4: Other Servers (e.g. RDBMS)
Data storage
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
21
Servlets and the Java Web Server
Servlet Architectures: Web Publishing
SSI Servlets
JSP Servlets
Best to keep business logic inside Java objects
Keep the JSP light so designers don’t get scared
Chaining servlets
Multiple servers
data gathering, collecting, serving, load balancing,
etc.
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
22
Section II
Using Servlets
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
23
Servlets and the Java Web Server
Loading Servlets
From CLASSPATH
includes <root>/classes/ on JWS
From <root>/servlets/ directory
not in classpath
servlets can be added or recompiled inside a running
server
class.initArgs file
From remote codebase
specified by URL
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
24
Servlets and the Java Web Server
Remote Servlets
Three ways to configure
configure with Administration Tool
invoke inside a server-side include
configure inside a servlet chain
Loaded in a Servlet Sandbox
more later
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
25
Servlets and the Java Web Server
What's In A Name
A servlet's name is its class name
if it's in the servlets directory
Or, you can assign it a name in the "Add
Servlet" admin tool
maps code word to servlet class
Name is usually a single word
possibly with a package name and dots
no other punctuation
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
26
Servlets and the Java Web Server
Standard Servlets
DateServlet
echoes current date/time
EchoServlet
echoes CGI parameters (good for testing)
MailServlet
sends email in response to a CGI form
RedirectServlet
used by server to manage HTTP redirects
SessionServlet
used by server to manage sessions
Many more...
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
27
Servlets and the Java Web Server
Server-side Includes (SSI)
Must be in a file named .shtml or .jsp
can change this with Admin Tool
Normal SSI
<!--#include file="foo.txt" -->
Servlet SSI
<servlet code=DateServlet.class>
</servlet>
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
28
Servlets and the Java Web Server
SSI Details
pass init parameters in servlet tag
pass servlet parameters in param tags
can specify codebase in servlet tag
e.g.
<servlet code=DateServlet.class
codebase=http://servlets.foo.com/
initParam1=val1 initParam2=val2>
<param name=serviceParam1 value=val3>
<param name=serviceParam2 value=val4>
</servlet>
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
29
Servlets and the Java Web Server
URL invocation
Directly from browser as URL
http://www.myserver.com/servlet/MyServlet
From inside FORM tag as script
<FORM METHOD=POST ACTION=”/servlet/MyServlet”>
...
</FORM>
From inside JHTML or JSP page
Uses “Page Compilation”
Compiles the jsp file into a servlet on the fly, then
executes it
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
30
Servlets and the Java Web Server
A Note on CLASSPATH and JWS
JWS uses its own JRE
Three ways to add classes
Put the class files into the “classes” subdirectory
Jar them, and put the jar files into the “lib”
subdirectory
Start the server with the -classpath option
httpd -classpath c:\projects\utils
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
31
Section III
Writing Servlets
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
32
Servlets and the Java Web Server
The Servlet API
Independent of
web protocol
server brand or platform
whether it's local or remote
Simple, small, easy
Base class provides core functionality; just
extend it
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
33
Servlets and the Java Web Server
CGI, or not, whichever
Fairly generic interface
Accepts query, returns response
Used for plugins, etc.
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
34
Servlets and the Java Web Server
Servlet Architecture Overview
Servlet Interface
methods to manage servlet
GenericServlet
implements Servlet interface
HttpServlet
extends GenericServlet
exposes HTTP-specific functionality
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
35
Servlets and the Java Web Server
Servlet Architecture Overview
ServletRequest
What the client says to the server
Access to information like protocol, client IP#,
parameters, and body
ServletResponse
What the servlet says to the client
HttpServletRequest, HttpServletResponse
HTTP-specific communication and information
State-tracking and session management
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
36
Servlets and the Java Web Server
Servlet Lifecycle Overview
Server loads and instantiates servlet
Server calls init()
Loop
Server receives request from client
Server calls service()
service() calls doGet() or doPost()
Server calls destroy()
More detail to come later...
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
37
Servlets and the Java Web Server
ServletRequest
passed to the service() method
contains lots of useful goodies…
Client info
URL info
Content info
Content itself
User-entered parameters
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
38
Servlets and the Java Web Server
ServletRequest - Client Info
getRemoteAddr()
Returns the IP address of the agent that sent the request
getRemoteHost()
Returns the fully qualified host name of the agent that
sent the request
getProtocol()
Returns the protocol and version of the request as a string
of the form <protocol>/<major version>.<minor
version>.
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
39
Servlets and the Java Web Server
ServletRequest - URL Info
getScheme()
Returns the scheme of the URL used in this request, for
example "http", "https", or "ftp".
getServerName()
Returns the host name of the server that received the
request
getServerPort()
Returns the port number on which this request was
received
getServletPath()
Returns the URI path that got to this script, e.g.
“/servlet/com.foo.MyServlet”
Useful for putting in a <FORM> tag
40
See also getRequestURI()
(in Technology
HttpServletRequest)
5/24/2017
Copyright © 1997-8, Purple
Inc.
Servlets and the Java Web Server
ServletRequest - Content Info
getContentLength()
Returns the size of the request data
getContentType()
Returns the MIME type of the request data
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
41
Servlets and the Java Web Server
ServletRequest - Content
getInputStream()
Returns an input stream for reading binary data in
the request body.
getReader()
Returns a buffered reader for reading text in the
request body.
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
42
Servlets and the Java Web Server
ServletRequest - Parameters
String getParameter(String)
Returns a string containing the lone value of the specified parameter,
or null if the parameter does not exist.
Was deprecated, but due to popular demand, it'll be undeprecated
String[ ] getParameterValues(String)
Returns the values of the specified parameter for the request as an
array of strings, or null if the named parameter does not exist.
For parameters with multiple values, like lists
Enumeration getParameterNames()
Returns the parameter names for this request as an enumeration of
strings, or an empty enumeration if there are no parameters or the
input stream is empty.
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
43
Servlets and the Java Web Server
ServletResponse
Embodies the response
Basic use:
response.setContentType("text/html");
PrintWriter out = response.getWriter();
out.println(
"<HTML><BODY>Hello</BODY></HTML>");
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
44
Servlets and the Java Web Server
ServletResponse - Output
getWriter()
for writing text data
getOutputStream()
for writing binary data
or for writing multipart MIME
you must call setContentType() before
calling getWriter() or getOutputStream()
by default it's text/plain, which you don't want
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
45
Servlets and the Java Web Server
The GenericServlet class
implements Servlet
also implements Serializable, ServletConfig
implements all Servlet methods
so you don't have to
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
46
Servlets and the Java Web Server
The HelloWorld Servlet
import javax.servlet.*;
import java.io.*;
public class HelloServlet extends GenericServlet
{
public void service(ServletRequest req, ServletResponse res)
throws IOException, ServletException
{
res.setContentType("text/plain");
ServletOutputStream out = res.getOutputStream();
out.println("Hello, World!");
}
}
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
47
Servlets and the Java Web Server
The HttpServlet class
extends the GenericServlet base class
provides a framework for handling the
HTTP protocol
has its own subclasses of ServletRequest
and ServletResponse that do HTTP things
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
48
Servlets and the Java Web Server
HttpServlet methods
provides helper methods for HTTP methods
doGet (GET and HEAD)
doPost (POST)
doPut, doDelete (rare)
doTrace, doOptions (not overridden)
the service() method dispatches requests
to the do* methods
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
49
Servlets and the Java Web Server
HttpServlet: Receiving Data
getParameter / getParameterValues /
getParameterNames
process the data and return you the parameters
getQueryString
for GET method
returns a single string in url-encoded format
getReader / getInputStream
for POST, PUT, DELETE
returns a stream of characters / bytes
mutually exclusive
use EITHER getParameter* OR one of the others (never
both)
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
50
Servlets and the Java Web Server
SimpleServlet (GET)
public class SimpleServlet extends HttpServlet {
public void doGet(HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException {
// set header field first
res.setContentType("text/html");
// then get the writer and write the response data
PrintWriter out = res.getWriter();
out.println(
"<HEAD><TITLE> SimpleServlet Output</TITLE></HEAD><BODY>");
out.println("<h1> SimpleServlet Output </h1>");
out.println("<P>This is output is from SimpleServlet.");
out.println("</BODY>");
out.close();
}
public String getServletInfo() { return "A simple servlet"; }
}
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
51
Servlets and the Java Web Server
DateServlet
public class DateServlet extends HttpServlet {
public void service(
HttpServletRequest req,
HttpServletResponse res)
throws ServletException, IOException
{
Date today = new Date();
res.setContentType("text/plain");
ServletOutputStream out = res.getOutputStream();
out.println(today.toString());
}
public String getServletInfo() {
return "Returns a string representation of the current
time";
}
}
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
52
From Java Web Server Tutorial by Sun Microsystems
Servlets and the Java Web Server
HelloHttpServlet
Reads in a parameter
Can use a form
<FORM METHOD=GET
ACTION=”/servlet/HelloHttpServlet”>
<INPUT NAME=name>
</FORM>
Can use right in a URL
http://localhost:8080/servlet/HelloHttpServlet?name=Fred
Outputs it as HTML
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
53
Servlets and the Java Web Server
HelloHttpServlet
public class HelloHttpServlet extends HttpServlet
{
public void doGet(HttpServletRequest req, HttpServletResponse
res) throws IOException, ServletException
{
String name = req.getParameter("name");
if (name == null) name = "Joe";
res.setContentType("text/plain");
ServletOutputStream out = res.getOutputStream();
out.println("Hello, " + name + "!");
}
}
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
54
Servlets and the Java Web Server
More Advanced Servlets
See Post Servlet
from Servlet Tutorial
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
55
Servlets and the Java Web Server
HttpServletRequest
Cookie[ ] getCookies()
returns list of cookies sent by client
String getMethod()
GET, POST, etc.
String getRequestURI()
returns the URI or URL that was invoked
useful for putting inside <FORM> tag
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
56
Servlets and the Java Web Server
HttpServletRequest (Cont.)
CGI Variable Methods
getServletPath(), getPathInfo(), getPathTranslated(),
getQueryString(), getRemoteUser(), getAuthType()
String getHeader(String name)
Session Management Methods
HttpSession getSession(boolean create)
More later...
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
57
Servlets and the Java Web Server
HttpServletResponse
Contains HTTP status codes as constants
int HttpServletResponse.SC_NOT_FOUND = 404;
Can send Error or Status codes to client
Deals with Cookies
Deals with HTTP Headers
Can send HTTP Redirect to client
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
58
Servlets and the Java Web Server
Servlet Lifecycle: Init()
public void init(ServerConfig cfg)
called once, when servlet loads
don't worry about synchronization
perform costly setup here, rather than once
per request
open database connection(s)
load in persistent data
spawn background threads
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
59
Servlets and the Java Web Server
Init Details
if you fail, throw an UnavailableException
must call super.init(cfg), which saves off
cfg
if you like, you can save it yourself and override
getServletConfig, but why bother?
Can call getInitParameter(paramName) to
read from the server-side config file
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
60
Servlets and the Java Web Server
Servlet Lifecycle: Service
public void service(ServletRequest req,
ServletResponse res)
takes Request and Response objects
called many times, once per request
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
61
Servlets and the Java Web Server
service() and Concurrency
Might be called simultaneously in several
threads
it is your responsibility to handle synchronized
access to shared resources
It is possible to declare a servlet as singlethreaded
implement SingleThreadModel (empty interface)
performance will suffer (if there are multiple
simultaneous requests)
You can use class-static data to share data
across successive or concurrent requests
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
62
Servlets and the Java Web Server
Servlet Lifecycle: Destroy
public void destroy()
takes no parameters
you must clean up
close database connections
stop threads
Afterwards, servlet may be garbage collected
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
63
Servlets and the Java Web Server
Servlet Lifecycle: Destroy Details
The server calls destroy after all service calls have
been completed, or after a certain number of
seconds have passed, whichever comes first.
Warning: other threads might be running service
requests, so be sure to synchronize, and/or wait
for them to quit
Sun's Servlet Tutorial has an example of how to do this
with reference counting
Destroy can not throw an exception, so if
something bad happens, call log() with a helpful
message (like the exception)
See “closing a JDBC connection” example in Tutorial
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
64
Servlets and the Java Web Server
Init Parameters
ServletConfig
String getInitParameter()
Enumeration getInitParameterNames()
There are convenience methods of the
same name inside GenericServlet
Init Parameters are set by the server
administrator
Servlet Parameters are set by the web page
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
65
Servlets and the Java Web Server
ServletContext
call GenericServlet.getServletContext()
getServlets()
returns list of all installed Servlets
getServlet(String name)
returns the named Servlet
log()
see next slide
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
66
Servlets and the Java Web Server
Logging
GenericServlet.log(String message)
Writes the name of your servlet, plus the message,
to the server log file
Location of log file is server-specific
on JWS, you can check in the Admin Tool
"If a servlet will have multiple instances (for example, if the
network service runs the servlet for multiple virtual hosts),
the servlet writer should override this method. The
specialized method should log an instance identifier, along
with the requested message." - Javadoc for GenericServlet
But usually, there is only one instance of each
servlet, called reentrantly by the web server
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
67
Servlets and the Java Web Server
Servlet.getServletInfo()
You should override this method
Returns a string containing author, version,
copyright, etc.
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
68
Servlets and the Java Web Server
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
69
Servlets and the Java Web Server
HTTP Servlet Efficiency
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
70
Servlets and the Java Web Server
Efficiency: KeepAlive
HTTP keepalive improves performance
Keeps connection alive across multiple HTTP
requests
Servlet must set content-length
You can write to a ByteArray or StringBuffer, then
get its length before writing it
res.setContentLength(sb.length());
out.print(sb);
KeepAlive should be enabled by default if all you
do is write short strings, then close the output
stream
but maybe not
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
71
Servlets and the Java Web Server
Efficiency: getLastModified
long HttpServlet.getLastModified(
HttpServletRequest req )
Returns the time the requested entity was
last modified
difference in milliseconds between that time and
midnight, January 1, 1970
negative = unknown (or dynamic)
Improves performance on browser/proxy
caching
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
72
Section IV
Saving State
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
73
Servlets and the Java Web Server
Saving State: Why
Shopping Cart
User Preferences
“Wizard” interfaces
i.e., successive linked dialog boxes / form entry
pages
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
74
Servlets and the Java Web Server
Saving State: How
Client-side storage
Hidden fields
URL Rewriting
Cookies
Server-side storage
Instance variables
Database Access
JWS Session Management
Best possible solution (but still flawed)
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
75
Servlets and the Java Web Server
Hidden Fields
Save data inside the servlet, keyed to a
handle
Store a handle inside each successive
FORM
Use that handle to retrieve data each query
Of course, you could always store all the
data in hidden fields, instead
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
76
Servlets and the Java Web Server
Hidden Fields: Example
private Dictionary cache = new Hashtable();
public void doGet(...) {
String handle = getParameter(“handle”);
UserData data;
if (handle == null) {
data = new UserData();
handle = makeNewHandle(); // defined elsewhere
cache.put( handle, data );
}
else
data = (UserData)cache.get(handle);
77
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
...
Servlets and the Java Web Server
Hidden Fields: Example
out.println(“<FORM ACTION=/servlet/Whatever>”);
out.println(
“<INPUT TYPE=hidden NAME=handle VALUE=” +
handle + “>”);
out.println( ... rest of form ... );
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
78
Servlets and the Java Web Server
Hidden Fields: Example
Survey.java
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
79
Servlets and the Java Web Server
Hidden Fields: Pros and Cons
Pros
Well understood
You have control
Can use your own caching mechanism
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
80
Servlets and the Java Web Server
Hidden Fields: Pros and Cons
Cons
Need to use FORMs
hidden fields do not persist across normal links
Sessions are not persistent across server restarts
unless you write code to do it
Sessions do not expire
unless you write code to do it
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
81
Servlets and the Java Web Server
URL Rewriting
Change HREF and ACTION URLs on the fly
Change “/servlet/catalog” into
“/servlet/catalog?user=1234”
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
82
Servlets and the Java Web Server
URL Rewriting
Pro:
Don’t need to use FORMs
Con
Lose user if he/she travels outside your web site
Need to use Servlet for all accesses -- can’t access a
raw HTML page
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
83
Servlets and the Java Web Server
Using Instance Variables for State
Session data stored in instance variables
directly is bad - not valid for multiple users
indirectly is better - in a hashtable or vector, keyed
off a unique handle
Pro: Quick, easy
Con: Not persistent, memory can fill up
easily
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
84
Servlets and the Java Web Server
Database State
Session data stored in a database
You should open a connection to the
database in your init() method, and close it
in your destroy() method
You can still use the hidden field technique
When you get a handle, you pull in the user
data via a DB query
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
85
Servlets and the Java Web Server
Database State: Pros and Cons
Pro:
persistent
high capacity
Con:
more complicated
have to write more code
still doesn’t automatically expire old sessions
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
86
Servlets and the Java Web Server
C is for Cookie
Cookie Monster is a trademark of
Children’s Television Workshop
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
87
Servlets and the Java Web Server
What’s A Cookie?
Client-side storage
Server can drop arbitrary data on browser
Sent back to server on EVERY successive
request
Automatically expires
Cookies should be neither large nor
numerous
Browsers should support twenty cookies per host, of
at least four kilobytes each
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
88
Servlets and the Java Web Server
Cookie Uses
save session data
save handle to session data
store user preferences for next session
store user login information
not very secure, but appropriate for some
applications
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
89
Servlets and the Java Web Server
Cookies and Servlets
Servlets can easily use Cookies
HttpServletRequest.getCookies() method
HttpServletResponse.addCookie() method
Cookie object
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
90
Servlets and the Java Web Server
javax.servlet.http.Cookie
get/setName()
get/setValue()
Attributes
Comment, Domain, MaxAge, Path, Secure, Version
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
91
Servlets and the Java Web Server
Cookie Example
Cookie Counter Servlet
Counter.java
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
92
Servlets and the Java Web Server
Cookie Pros and Cons
Pro:
No server-side storage requirements
Survive server restarts
Automatically expire
Con:
Not supported by all browsers
Bandwidth limitations
Not good for large amount of data
User can disable them
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
93
Servlets and the Java Web Server
Detecting Cookie Acceptance
CookieDetector.java
Drops a cookie on the client
Sends a redirect back to CookieDetector,
with a flag saying “this is the test phase”
The test phase detects whether
The client accepted the cookie
The client rejected the cookie (or the browser
doesn’t support cookies)
Sends another redirect to appropriate page
You can tell the user “pretty please” here
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
94
Servlets and the Java Web Server
JWS Session Management
Flexible
Lightweight
General
Automatic
Uses cookies if it can, URL rewriting if it
can’t
Based on technology from ATG
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
95
Servlets and the Java Web Server
Session Objects
Server-side
One per client (not one per servlet)
Preserved automatically
even in browsers that don’t support cookies
Expire after 30 minutes (by default)
Saved to disk if server dies; restored if
server restarts
“Loosely speaking, a session corresponds
to a single sitting of a single anonymous
user” - JWS Tutorial
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
96
Servlets and the Java Web Server
Using Sessions
HttpSession session = request.getSession (true);
String info = (String)session.getValue(“foo.info”);
// assume getNewInfo defined elsewhere
String newinfo = getNewInfo();
session.putValue(“foo.info”, newinfo);
// then output page
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
97
Servlets and the Java Web Server
URL Rewriting
Preserves sessions on non-cookie browsers
Changes
<a href="/store/catalog">
into
<a href="/store/catalog;$sessionid$DA32242SSGE2">
You must actively call res.encodeUrl(“/store/catalog”)
see next slide
Does not work if user merely disables cookies
Has to actually BE a non-cookie browser
Lame
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
98
Servlets and the Java Web Server
HttpServletResponse - Encoding
Has methods to process URLs to splice in the session ID if
appropriate
Not the same as URLEncode / URLDecode
the server deals with that
String encodeUrl(String url)
rewrites the given URL if necessary
if the browser supports cookies, returns URL unchanged
All URLs emitted by a session-using Servlet should be run through
this method
e.g.
out.println("<A HREF=\"" + resp.encodeUrl("next.html") + "\">");
also String encodeRedirectUrl(String url)
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
99
Servlets and the Java Web Server
Session Persistence
Sessions swap to disk
When server shuts down
When memory fills up
Uses Java Serialization
Only works for Serializable or Externalizable objects
“Note: Session persistence is intended to
be used as a means for preserving
Sessions across server restarts. It is not
meant to be used as a general long-term
session persistence mechanism.”
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
100
Servlets and the Java Web Server
Example
VectorSessionServlet.java
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
101
Servlets and the Java Web Server
Bugs
Can’t use custom classes inside session
data
Doesn’t really detect whether client
supports cookies
Instead, detects whether browser can potentially
support cookies
Lame - they should use my CookieDetector
technique
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
102
Section V
Java Web Server Features
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
103
Servlets and the Java Web Server
Administration Tools
Play with Admin Tool
http://localhost:9090/
Click on a service, click “Manage” button
To shut down server, click “Shut Down”
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
104
Servlets and the Java Web Server
Manage Servlets
Add
Properties
Load on Startup
Unload
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
105
Servlets and the Java Web Server
Servlet Aliases
Specify a partial URL
Map it to a particular servlet
e.g.
you want http://foo.com/lunch to execute
/servlets/meal?type=lunch
set alias = /lunch
set servlet invoked = meal?type=lunch
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
106
Servlets and the Java Web Server
Servlet Chains (Filters)
specify a comma-separated list of servlets
the first servlet gets the user input
each servlet in turn will get the previous
output
the final servlet will return to the user
all servlets in chain must use same ACL
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
107
Servlets and the Java Web Server
HTML Templates
Define standard look for all (or some)
pages
Template Servlet
A tag inside template page inserts section
from original page
<subst data="HEAD"></subst>
<subst data="BODY"></subst>
Specify which files are templated via
Servlet Aliases in Admin Tool
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
108
Servlets and the Java Web Server
Page Compilation (JSP)
Embed Java code in static HTML pages
then compile those pages into individual
Java servlets to create a dynamic web site
Based on JHTML technology from Art
Technology Group (http://www.atg.com/)
Product: Dynamo, a Java Web Application Server
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
109
Servlets and the Java Web Server
Session Tracking
See above
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
110
Servlets and the Java Web Server
Servlet Beans
Using Servlets That are Beans
Changes to config file are instantly updated
Servlet itself is persistent across server restarts
instance variables, like counters or caches, are
preserved
Calling JavaBeans from Servlets
Invisible Beans
Installed inside “lib” subdirectory
Calling JavaBeans in JHTML/JSP Files
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
111
Servlets and the Java Web Server
FAQ
Answers in the Exercises book
How do I develop using the servlet classes without
installing JDK1.2?
Is it the “servlets” directory or the “servlet” directory
Why doesn’t my servlet work inside a <SERVLET>
tag?
How do I support both GET and POST protocol
from the same Servlet?
How do I fully shut down the server?
My browser says “the server returned an invalid or
unrecognized response” – what gives?
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
112
Servlets and the Java Web Server
References
Java Server 1.1
http://java.sun.com/javastore/jserv/buy_try.html
http://java.sun.com/products/java-server/index.html
be sure to download the JWS documentation
The home for servlets and the Java Web Server.
http://jserv.javasoft.com
The Java Web Server 1.1 is available for trial or purchase.
http://java.sun.com/javastore/jserv/buy_try.html
The Java Web Server 1.1.1 upgrade pack is available for free.
http://java.sun.com/products/java-server/webserver/jws111.html
The Java Server Pages preview pack is available for free.
http://developer.javasoft.com/developer/earlyAccess/jwspreview.html
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
113
Servlets and the Java Web Server
References
RFC2045 - MIME
http://info.internet.isi.edu/in-notes/rfc/files/rfc2045.txt
RFC 2109 - Cookies
http://info.internet.isi.edu/in-notes/rfc/files/rfc2109.txt
Live Software
http://www.livesoftware.com/
JRun, many commercial servlets
ATG - Dynamo Web Application Server
http://www.atg.com/
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
114
Servlets and the Java Web Server
References
Advanced Web Technologies
http://www.javatrain.com/
Purple Technology
http://www.purpletech.com/
Gamelan
http://java.developer.com/
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
115
Servlets and the Java Web Server
Appendix: CGI Tutorial
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
116
Servlets and the Java Web Server
What Is CGI?
Common Gateway Interface
Allows web pages to send parameters to
web server
Use HTML forms on client side
Can also use Java – it's just a protocol!
Use scripts on server side
Can use Servlets!
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
117
Servlets and the Java Web Server
Example CGI HTML
<FORM ACTION="/servlets/GuestBook"
METHOD=POST>
Name: <INPUT TYPE=text
NAME="name"><BR>
Message: <INPUT TYPE=textarea
NAME="message"><BR>
<INPUT TYPE=submit>
</FORM>
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
118
Servlets and the Java Web Server
CGI Flow
Browser downloads HTML page containing
FORM tag
Browser lays out input widgets
User fills out form and clicks "Submit"
Browser takes parameters and sends them
in CGI format
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
119
Servlets and the Java Web Server
CGI Flow (Cont.)
Server receives parameters and sends
them to CGI script
CGI script returns MIME document
usually it's "text/html"
can be any MIME type
Browser receives response document and
displays it
If response contains FORM tag, whole thing
can happen again
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
120
Servlets and the Java Web Server
The FORM tag
Opens a form
ACTION
the URL of the script to execute
METHOD
GET or POST
Usually use POST
closed with </FORM>
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
121
Servlets and the Java Web Server
INPUT TYPE=text
Specifies a text field
NAME
names parameter to be passed to script
VALUE (optional)
initial value for text
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
122
Servlets and the Java Web Server
INPUT TYPE=textarea
Specifies a multi-line text area
NAME
names parameter to be passed to script
…
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
123
Servlets and the Java Web Server
INPUT TYPE=checkbox
Specifies a check box (duh)
NAME
names parameter to be passed to script
ISCHECKED=true
default value on
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
124
Servlets and the Java Web Server
INPUT TYPE=radio
Specifies a radio button (or grouped
checkbox)
NAME
names group of buttons
VALUE
specifies the value for the group
e.g.
<INPUT TYPE=radio NAME="gender"
VALUE="male">Male
<INPUT TYPE=radio NAME="gender"
VALUE="female">Female
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
125
Servlets and the Java Web Server
INPUT TYPE=submit
A push button that submits the form
NAME
specifies name of variable
VALUE
specifies name of button
yes, "value" specifies the name
hey, I didn't write the spec
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
126
Servlets and the Java Web Server
INPUT TYPE=reset
A push button that clears the form
Does not submit it
5/24/2017
Copyright © 1997-8, Purple Technology Inc.
127
