1 / 30

Ch 3 - Java Servlets

Ch 3 - Java Servlets. COSC 617 Jeff Schmitt September 21, 2006. Java Servlet API. The predominant language for server-side programming Standard way to extend server to generate dynamic content Web browsers are universally available “thin” clients

Download Presentation

Ch 3 - Java Servlets

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Ch 3 - Java Servlets COSC 617 Jeff Schmitt September 21, 2006

  2. Java Servlet API • The predominant language for server-side programming • Standard way to extend server to generate dynamic content • Web browsers are universally available “thin” clients • Web server is “middleware” for running application logic • User sends request – server invokes servlet – servlet takes request and generates response- returned to user

  3. Advantages of Servlet API • CGI, ISAPI, ASP, PHP, etc also generate dynamic content • Standard, stable, supported API • multithreaded for improved performance • Persistent between invovations, improved performance • 100% portable between OS and servers • Access to all API’s of Java platform • Basis of JSP technology • Basis of Struts and JSF frameworks

  4. Servlet Basics • Packages: javax.servlet, javax.servlet.http • Runs in servlet container such as Tomcat • Tomcat 4.x for Servlet 2.3 API • Tomcat 5.x for Servlet 2.4 API • Servlet lifecycle • Persistent (remains in memory between requests) • Startup overhead occurrs only once • init() method runs at first request • service() method for each request • destroy() method when server shuts down

  5. Common Gateway Interface (CGI) • Not persistent • Not multithreaded • Not high performancce • Any language that can read standard input, write standard output and read environment variables • Server sends request information specially encoded on standard input • Server expects response information on standard output

  6. Writing servlets • public class MyServlet extends javax.servlet.GenericServlet { • public void service(ServletRequest req, ServletResponse resp) • throws ServletException, IOException { • Resp.SetContentType(“text/plain”); • … • } • }

  7. GenericServlet • public class MyServlet extends javax.servlet.GenericServlet { • public void service(ServletRequest req, ServletResponse resp) • throws ServletException, IOException { • resp.SetContentType(“text/plain”); • … • } • }

  8. HttpServlet • public class MyServlet extends javax.servlet.http.HttpServlet { • public void doGet(ServletRequest req, ServletResponse resp) • throws ServletException, IOException { • resp.SetContentType(“text/plain”); • PrintWriter out = resp.getWriter(); • out.println(“Hello, world”); • } • public void doPost(ServletRequest req, ServletResponse resp) • throws ServletException, IOException { • doGet(req, resp); • }

  9. HttpServlet • doPost does three things • Set output type “text/plain” MIME type • getWriter() method for out stream • Print on out stream • getLastModified() method • To cache content if content delivered by a servlet has not changed • Return Long =time content last changed • Default implementation returns a negative number – servlet doesn’t know • getServletInfo() method • Returns String for logging purposes

  10. Web Applications • Consists of a set of resources including • Servlets, Static content, JSP files, Class libraries • Servlet context, • a particular path on server to identify the web application • Servlets have an isolated, protected environment to operate in without interference • ServletContext class where servlets running in same context can use this to communicate with each other • Example servlet context: /catalog • request.getContextPath() + “/servlet/CatalogServlet”

  11. Web App Structure • Directory tree • Static resources: / • Packed classes: /WEB-INF/lib/*.jar • Unpacked classes: /WEB-INF/classes/*.class • Deployment descriptor: /WEB-INF/web.xml • Configuration information for the servlets including • Names, servlet (path) mapprings, initialization parameters, context-level configuration

  12. Servlet Path Mappings • Servlets are not files, so must be mapped to URIs (Uniform Resource Identifiers) • Servet container can set default, typically /servlet/* • Example: /servlet/MyPacPageServlet can invoke PageServlet.class • Mapping by • Exact path: /store/chairs • Prefix: /store/* • Extension: *.page • A servlet mapped to / path becomes the default servlet for the application and is invoked when no other servlet is found

  13. Servlet Context Methods • Resources such as index.html can be accessed through web server or by servlet • Servlet uses request.getContextPath() to identify its context path, for example: /app • Servlet uses getResource() and getResourceAsStream(request.getContextPath() + “/index.html”) • To retrieve context-wide initialization parameters, servlet uses getInitParameter() and getInitParameterNames() • To access a range of information about the local environment, shared with other servlets in same servlet context, servlet uses getAttribute(), setAttribute(), removeAttribute(), getAttributeNames()

  14. HttpServletRequest interface • Server creates object implementing this interface, passes it to servlet. Allows access to • URL info: getProtocol(), getServerName(), getPort(), getScheme() • User host name: getRemoteHost() • Parameter info: (variables from input form): .getParameterNames(), getParameter() • HTTP –specific request data: getHeaderNames(), getHeader(), getAuthType()

  15. Forms and Interaction • <form method=get action=“/servlet/MyServlet”> • GET method appends parameters to action URL:/servlet/MyServlet?userid=Jeff&pass=1234 • This is called a query string (starting with ?) • Username: <input type=text name=“userid” size=20> • Password: <input type=password name=“pass” size=20> • <input type=submit value=“Login”>

  16. POST Method • <form method=post … • Post method does not append parameters to action URL: /servlet/MyServlet • Instead, parameters are sent in body of request where the password is not visible as in GET method • POST requests are not idempotent • From Mathematics – an idempotent unary operator definition: whenever it is applied twice to any element, it gives the same result as if it were applied once. • Cannot bookmark them • Are not safely repeatable • Can’t be reloaded • browsers treat them specially, ask user

  17. HEAD, and Other Methods • HEAD – returns headers only • PUT, DELETE – create and remove resources from the web server • TRACE – returns the request headers to the client • doXXX() methods (XXX is one of the four) • Most servlet programmers ignore these methods • Default implementation informs user that request is unsupported or provides minimal implementation

  18. HttpServletResponse • Specify the MIME type of the response • .setContentType(“image/gif”); • Called before .getWriter() so correct Charset is used • Two methods for producing output streams: • Java.io.Printwriter out = resp.getWriter() • ServletOutputStream str = resp.getOutputStream() //used for non-text responses • HTTP response headers and status code • setHeader(), containsHeader(), • setStatus(), 200 OK, 404 Not Found, etc. • sendError() • sendRedirect(), sets Location header and status code for redirect. Causes browser to make another request.

  19. RequestDispatcher • Can forward request to another servlet • Can include bits of content from other servlets in its own response • RequestDispatcher d = req.getRequestDispatcher(“/servlet/OtherServlet”); • Either include – goes and comes backd.include(req, resp); • Or forward – doesn’t come back d.forward(req, resp); • Request dispatching is Different from sendRedirect() • browser not involved • from user perspective, URL is unchanged

  20. Status Codes response.sendError,HttpServletResponse.SC_NOT_FOUND, “Could not find it”); • SC_OK = 200 // the success code • SC_NO_CONTENT = 204 //content unchanged -- browser view stays at the form but avoids “contains no data” error message • SC_MOVED_PERMANENTLY = 301// browser uses Location header • SC_MOVED_TEMPORARILY = 302 // browser uses Location header • SC_UNAUTHORIZED = 401 // wrong authentication • SC_NOT_FOUND = 404 // page not found • SC_INTERNAL_SERVER_ERROR = 500 • SC_NOT_IMPLEMENTED = 501 // for HEADER, PUT, DELETE • SC_SERVICE_UNAVAILABLE = 503

  21. Servlet Exceptions • ServletException – thrown to indicate a general servlet problem • try { … } catch (Exception ex) { throw new ServletException(ex); } • UnavailableException, a derivative of ServletException, notifies the server that servlet is going to be temporarily unavailable

  22. Servlet Context Initialization • Application-level events use a listener style interface • Opportunity to create and share application-level resources such as DB connection pools • Classes that implement ServletContextListener are notified when the context is initialized or destroyed. • Context listeners are associated with their context with the application-level web.xml file.

  23. Security • J2EE User Role Model -- users can be assigned one or more roles • web.xml defines which servlets and resources are protected and which users have access • particular role allows access to specific protected resources • getRemoteUser() -- user’s ID • getAuthType() -- Basic, Digest, or SSL • isUserInRole() – for dynamic content decisions • getUserPrincipal() – returns a java.security.Principal object identifying the user

  24. Servlet Filters • Filters perform processing on the request • Implement logging, control security, set up connection-specific objects • javax.servlet.Filter = filter resource class • Filter chain – zero or more Filter objects and a destination resource (servlet or JSP) • Set up a filter for a particular request path, (like a servlet mapping) such as *.jsp • Filter resource calls doFilter() to advance to next filter in the chain, if no more filters, request is passed to ultimate destination

  25. Thread Safety • Multithreaded = one servlet, multiple requests simultaneously • Threadsafe – not using class variables since one copy of these variables is shared by all threads • Synchronized blocks of code, all threads wait until they can enter, one at a time • Servlet 2.4 deprecates SingleThreadModel interface – could not resolve all potential threading issues.

  26. Cookies • Persistent client-side storage of data known to server and sent to client • Cookie is multiple names and values. Value limited to 4096 bytes • has expiration date, and a server name (returned to same host and not to others) • Cookie is sent in HTTP header of response • resp.addCookie(name,value) • Cookie is returned to server in HTTP header of subsequent request • cookies = req.getCookies(); • For (int i=0;i<cookies.length;i++) { • cookies[i].getName cookies[i].getAttribute

  27. Session Tracking • For tracking individual users through the site • Application needs stateful environment whereas the web is inherently stateless • Previously, applications had to resort to complicated code, using cookies, hidden variables in forms, rewriting URLs to contain state information • Delegates most of the user-tracking functions to the server • Server creates object javax.servlet.http.HttpSession

  28. Session • Servlet uses req.getSession(true) • Boolean arg handles case if no current session object • Should new one be created or not • Session.isNew() – useful to detect new session object • Servlet binds data to the HttpSession object with session.setAttribute(“hits”,new Integer(34)); • Server assigns unique session ID, stored in a cookie • If cookies are not available, server uses URL rewriting. To create links, with session ID use • resp.encodeURL(“/servlet/View”)or • resp.encodeRedirectURL(“/servlet/View”)

  29. JDBC • Load the driver class • Get a connection • Create a statement • Execute the query, returns ResultSet • Iterate through ResultSet

  30. JDBC Example • // Load the Oracle JDBC driver Class.forName ("oracle.jdbc.driver.OracleDriver"); • //Connect to DB server as authorized userConnection conn = DriverManager.getConnection ("jdbc:oracle:thin:@orion.towson.edu:1521:cosc", account, password); • // Create a JDBC Statement to hold SQL query Statement stmt = conn.createStatement (); ResultSet rset = stmt.executeQuery ("select ticker from stocks"); • // Iterate through the result and print the employee names while (rset.next ()) { out.println (rset.getString (1)); }

More Related