1 / 52

Allen Day

Introduction to Web App Development. Allen Day. Notes. This is a training NOT a presentation Please ask questions https://tech.lds.org/wiki/Java_Stack_Training Prerequisites Basic Java and HTML skills. Installed LDSTech IDE (or other equivalent). Installed App Server (such as Tomcat).

selah
Download Presentation

Allen Day

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introduction to Web App Development Allen Day

  2. Notes • This is a training NOT a presentation • Please ask questions • https://tech.lds.org/wiki/Java_Stack_Training • Prerequisites • Basic Java and HTML skills. • Installed LDSTech IDE (or other equivalent). • Installed App Server (such as Tomcat).

  3. Overview • Basic Web App Architecture • HTTP • CGI Overview • Understanding the role of servlets • Maven Project Directory Structure • Servlet Life Cycle • Event Listeners • Servlet Filters • Servlet Response (Redirect, Request Dispatch)

  4. Basic Web App Architecture WWW Browser Web Server Request Response

  5. Basic Web App Architecture WWW Browser Web Server Request Response

  6. HTTP WWW Browser Web Server HTTP Request Response

  7. HTTP Request Methods • GET • POST • HEAD • TRACE • PUT • DELETE • OPTIONS • CONNECT

  8. GET Method • Simple • The total amount of characters in a GET is limited. • The data you send with the GET is appended to the URL, so whatever you send is exposed.

  9. POST Method • Used for complex requests, such as form submissions. • Parameters are stored in the body.

  10. CGI Overview WWW Browser Web Server Application Server 2. Call CGI 1. Submit Form 3. CGI Program’s response 4. CGI Program’s response

  11. CGI Process Form use strict; main(); sub main () { my $query; read( STDIN, $query, $ENV{CONTENT_LENGTH} ); my @param = split( /&/, $query ); my %pairs = (); foreach my $item ( @param ) { my ($key, $value) = split( /=/, $item ); $key =~ tr/+/ /; $value =~ tr/+/ /; $key =~ s/%([A-F\d]{2})/chr(hex($1))/ieg; $value =~ s/%([A-F\d]{2})/chr(hex($1))/ieg; $pairs{$key} = $value; } my $name = $pairs{name}; my $email = $pairs{email}; my $machine = $ENV{REMOTE_HOST}; print( STDOUT "Content-Type:text/html\r\n" ); print( STDOUT "Status: 200 Ok\r\n" ); print( STDOUT "\r\n" ); print( STDOUT <<HTML ); <html> <head> <title>Form example output</title> </head> <body> <h1>welcome</h1> <hr> <p> Hi <em>$name</em> of <em>$email</em> from machine <em>$machine</em> </p> <hr> </body> </html> HTML }

  12. CGI Issues • May intentionally or unintentionally leak information about the host system that will help hackers break in. • Scripts may be vulnerable to attacks in which the remote user tricks them into executing commands. • Susceptible to Buffer overflows. • Insufficient input validation. • Each call to a CGI script runs as a separate process. • Simultaneous CGI requests cause the CGI script to be copied and loaded into memory as many times as there are requests.

  13. Servlet Overview Web Server Servlet Container Client Response Request

  14. Advantages of Servlets • Efficient • Convenient • Powerful • Portable • Inexpensive • Secure • Mainstream

  15. Advantages of Servlets • Servlets stay loaded and client requests for a Servlet resource are handled as separate threads of a single running Servlet. • A servlet can be run by a servlet engine in a restrictive environment, called a sandbox. This reduces security risks.

  16. Maven Project Directory Structure pom.xml web.xml

  17. pom.xml <projectxmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>org.lds.training</groupId> <artifactId>MyServlet</artifactId> <packaging>war</packaging> <version>1.0</version> <dependencies> <dependency> <groupId>javax.servlet</groupId> <artifactId>servlet-api</artifactId> <version>2.5</version> </dependency> </dependencies> </project>

  18. web.xml <web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5"> <display-name>Welcome to Java Stack Training</display-name> <description>Introduction to Servlets</description> <servlet> <display-name>HelloWorldServlet</display-name> <servlet-name>HelloWorldServlet</servlet-name> <servlet-class>org.lds.training.HelloWorldServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>HelloWorldServlet</servlet-name> <url-pattern>/HelloWorldServlet</url-pattern> </servlet-mapping> </web-app>

  19. Lab 1: Simple Servlet https://tech.lds.org/wiki/Introduction_To_Servlets#Lab_1_Simple_Servlet

  20. Servlet Life Cycle • Load class • Instantiate servlet • init • service • doGet, doPost, doTrace, doDelete, doPut… • destroy

  21. Servlet Container Web Server Servlet Container Client

  22. Servlet Container • Context (Web Application) • Session • Request

  23. Servlet Container • Loads the servlet class. • Creates an instance of the servlet class. • Initializes the servlet instance by calling the init method. • Handles client requests. • If the container needs to remove the servlet it finalizes the servlet by calling the servlet's destroy method.

  24. Servlet Container • Communications support • Lifecycle Management • Multithreading Support • Declarative Security • JSP Support

  25. Servlet Container Web Server Servlet Container request response Servlet

  26. Servlet Container Servlet thread Servlet Container request response

  27. Servlet Container Servlet thread Servlet Container Service() request response

  28. Servlet Container Servlet thread Servlet Container Service() response doGet()

  29. Servlet Container Web Server Servlet Container request response X

  30. HttpServletRequest

  31. HttpServletRequest String name = request.getParameter("fullName“); String requestMethod = request.getMethod(); String userAgent = request.getHeader("User-Agent"); String host = request.getHeader("host");

  32. HttpServletResponse

  33. HttpServletResponse response.setContentType("text/html"); PrintWriterout = response.getWriter(); Date today = new Date(); out.print("<html> " + "<body> " + "<h1 align=center>Hello World</h1> " + "<br> " + today + "</body> " +"</html>");

  34. Servlet Class Extends java.servlet.http.HttpServlet • init() • service() • doGet() • doPost() • destroy()

  35. init() public void init() throws ServletException { // custom code goes here } public void init(ServletConfigconfig) throws ServletException { super.init(ServletConfig) // custom code goes here }

  36. service() public void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // Custom code goes here }

  37. doGet() public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // Custom Code goes here}

  38. doPost() public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // Custom Code goes here}

  39. destroy() public void destroy() { // custom code goes here }

  40. Lab 2: Page Hit Counter https://tech.lds.org/wiki/Introduction_To_Servlets#Lab_2_Page_Hit_Counter

  41. Event Listeners

  42. Event Listeners • javax.servlet.ServletContextListener • javax.servlet.ServletContextAttributeListener • javax.servlet.http.HttpSessionListener • javax.servlet.http.HttpSessionAttributeListener • javax.servlet.http.HttpSessionActivationListener • javax.servlet.http.HttpSessionBindingListener • javax.servlet.http.HttpRequestListener • javax.servlet.http.HttpRequestAttributeListener

  43. Event Listeners • javax.servlet.ServletContextListener • javax.servlet.http.HttpSessionListener • javax.servlet.http.HttpSessionActivationListener • javax.servlet.http.HttpRequestListener

  44. web.xml <listener> <listener-class>org.lds.training.HelloWorldSessionListener</listenerclass> </listener> <listener> <listener-class>org.lds.training.HelloWorldContextListener</listener-class> </listener>

  45. Servlet Filters

  46. Servlet Filters Web Server Servlet Container Client Response Request Filter 1 Filter 2

  47. Servlet Filter public void doFilter(ServletRequest request, ServletResponse response, FilterChainchain) throws IOException, ServletException{ // preprocessing code goes here HttpServletResponseres = (HttpServletResponse)response; String name = request.getParameter("fullName"); if (name.equals("")) { res.sendRedirect("index.html"); return; } // pass the request along the filter chain chain.doFilter(request, response); // postprocessing code goes here }

  48. web.xml <filter> <filter-name>timer</filter-name> <filter-class>filter.TimerFilter</filter-class> </filter> <filter-mapping> <filter-name>timer</filter-name> <servlet-name>myservlet</servlet-name> <url-pattern>/mypath/*</url-pattern> </filter-mapping>

  49. Redirect response.sendRedirect(http://lds.org/?lang=eng);

  50. Request Dispatch // from a ServletRequest RequestDispatcher view = request.getRequestDispatcher(“MyOtherServlet”); // from a ServletContext RequestDispatcher view = getServletContext().getRequestDispatcher(“/MyOtherServlet”); view.forward(request, response);

More Related