1 / 35

Cooperation between applets and servlets

Cooperation between applets and servlets. Applets. Applets runs on the clientsside, the servlet on the server side Suitable for presentations and logic that belongs on the client, for example: Advanced graphics or animation Special GUI controls (eg. WYSIWYG editor)

walt
Download Presentation

Cooperation between applets and servlets

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cooperation between applets and servlets

  2. Applets • Applets runs on the clientsside, the servlet on the server side • Suitable for presentations and logic that belongs on the client, for example: • Advanced graphics or animation • Special GUI controls (eg. WYSIWYG editor) • Problem: how does applets and servlets communicate

  3. Constraints • Applets runs in a sandbox,therefore limitations. • Can only contact the network resource from which the applet originated. • The applet can therefore only retreive information from its ”home”.

  4. Technique 1: control the applet from the server

  5. <html> <head> <title>Drawing applet examplel</title> </head> <body> <applet width="300" height="200" code=”drawing.class"> <param name=”drawing" value="0-255-255-255-0-0; 5-0-0-300-200-0; 0-255-0-0-0-0; 1-18-18-188-288-0; 1-20-10-400-10-0; 5-45-29-22-23-3;frode; 4-200-30-0-0-my name is frode"> </applet> </body> </html> Technique : configurable applet

  6. The Applet import java.util.*; import java.awt.*; import java.applet.*; public class drawing extends Applet { String drawing; public void init() { // retreive drawing parameters from the server drawing = getParameter(”drawing"); } public void paint(Graphics g) { parseTegning(g); }

  7. public void parseDrawing(Graphics g) { // retreive all commands StringTokenizer commands = new StringTokenizer(drawing,";"); while (commands.hasMoreElements()) { try { int op, arg1, arg2, arg3 = 0, arg4 = 0; String arg5 = ""; String fullcommand = commands.nextToken(); // tokenize the command StringTokenizer parts = new StringTokenizer(fullcommand,"-"); op = Integer.parseInt(parts.nextToken()); arg1 = Integer.parseInt(parts.nextToken()); arg2 = Integer.parseInt(parts.nextToken()); arg3 = Integer.parseInt(parts.nextToken()); arg4 = Integer.parseInt(parts.nextToken()); arg5 = parts.nextToken(); draw(g,op,arg1,arg2,arg3,arg4,arg5); } catch (Exception e) { // Syntax errors that occur in command input are ignored in this example } } }

  8. public void draw(Graphics g,int op,int a1, int a2,int a3,int a4,String a5) { switch (op) { case 0: g.setColor(new Color(a1,a2,a3)); break; case 1: g.drawLine(a1,a2,a3,a4); break; case 2: g.drawOval(a1,a2,a3,a4); break; case 3: g.drawRect(a1,a2,a3,a4); break; case 4: g.drawString(a5,a1,a2); break; case 5: g.fillRect(a1,a2,a3,a4); break; case 6: g.fillOval(a1,a2,a3,a4); break; } }

  9. Technique 2: the applet contact the server

  10. <html> <head> <title>Drawing applet example</title> </head> <body> <applet width="300" height="200" code="dynamicdrawing.class"> <param name=”source" value="/drawing.jsp"> </applet> </body> </html> Functionality: user clicks And the text follows

  11. drawing.jsp <% response.setHeader(”drawing", "1-10-10-100-100-0;1-100-10-20-200-0;4-" +request.getParameter("x")+"-"+request.getParameter("y") +"-0-0-Hi hereI am"); %>

  12. public void init() { kilde = getParameter(”source"); contactServer(-1,-1); addMouseListener(this); } public void contactServer(int x,int y) { try { URL server = new URL(getCodeBase().getProtocol(), getCodeBase().getHost(), getCodeBase().getPort(), source+"?x="+x+"&y="+y); URLConnection connection = tjener.openConnection(); connection.setUseCaches(false); drawing = connection.getHeaderField(”drawing"); } catch (Exception e) { } Runtime.getRuntime().gc(); } public void mouseClicked(MouseEvent h) { contactServer(h.getX(),h.getY()); repaint(); } }

  13. Filtering og filters

  14. request client filter filter Servlet JSP-page response filter filter

  15. Application areas • Catch requests and inspect contect and http-headers • Catch and modify requests before they reach the actual resource (servlet or jsp-page) • Catch responses from resource and inspect content and http-headers • Catch and modify responses from resources

  16. Examples • Compression filters • Encryption filters • Image conversion filters • Log and account filters • Security and autentication filters • XSLT transformation filters

  17. Example 1:Catch and block requests

  18. package filter; import javax.servlet.*; import javax.servlet.http.*; import java.io.*; public class IEfilter implements Filter { private FilterConfig filterConfig; public void setFilterConfig(final FilterConfig filterConfig) { this.filterConfig = filterConfig; } public void doFilter(final ServletRequest request, final ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest)request; HttpServletResponse res = (HttpServletResponse)response; String browser = req.getHeader( "User-Agent" ); System.out.println(”Before if check "+browser); if ( nettleser.indexOf("IE") == -1 ) { request.setAttribute("filtercheck", ”Approved by frode's filter"); chain.doFilter(request, response); } svar.sendError(res.SC_FORBIDDEN); } public void init(FilterConfig c) { this.filterConfig = c; } public void destroy() { this.filterConfig = null; } }

  19. <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd"> <web-app> <filter> <filter-name>MSblocker</filter-name> <filter-class>filter.IEfilter</filter-class> </filter> <filter-mapping> <filter-name>MSblocker</filter-name> <url-pattern>*.jsp</url-pattern> </filter-mapping> </web-app>

  20. Example 2:Filter chaining – avoid html injectionModifyingrequest <h1> &lt;hi&gt;

  21. <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd"> <web-app> <filter> <filter-name>ltFilter</filter-name> <filter-class>filter.SensureFilterConfig</filter-class> <init-param> <param-name>find</param-name> <param-value><![CDATA[<]]></param-value> </init-param> <init-param> <param-name>replace</param-name> <param-value>&amp;lt;</param-value> </init-param> </filter> <filter> <filter-name>gtFilter</filter-name> <filter-class>filter.SensureFilterConfig</filter-class> <init-param> <param-name>find</param-name> <param-value><![CDATA[>]]></param-value> </init-param> <init-param> <param-name>replace</param-name> <param-value><![CDATA[&gt;]]></param-value> </init-param> </filter>

  22. <filter> <filter-name>ampFilter</filter-name> <filter-class>filter.SensureFilterConfig</filter-class> <init-param> <param-name>find</param-name> <param-value><![CDATA[&]]></param-value> </init-param> <init-param> <param-name>replace</param-name> <param-value><![CDATA[&amp;]]></param-value> </init-param> </filter> <filter> <filter-name>quotFilter</filter-name> <filter-class>filter.SensureFilterConfig</filter-class> <init-param> <param-name>find</param-name> <param-value><![CDATA["]]></param-value> </init-param> <init-param> <param-name>replace</param-name> <param-value><![CDATA[&quot;]]></param-value> </init-param> </filter>

  23. <filter-mapping> <filter-name>ampFilter</filter-name> <url-pattern>*.jsp</url-pattern> </filter-mapping> <filter-mapping> <filter-name>ltFilter</filter-name> <url-pattern>*.jsp</url-pattern> </filter-mapping> <filter-mapping> <filter-name>gtFilter</filter-name> <url-pattern>*.jsp</url-pattern> </filter-mapping> <filter-mapping> <filter-name>quotFilter</filter-name> <url-pattern>*.jsp</url-pattern> </filter-mapping> </web-app>

  24. The Filter

  25. package filter; import javax.servlet.*; import javax.servlet.http.*; import java.io.*; import java.util.*; import filter.SensureWrapperConfig; public class SensureFilterConfig implements Filter { private FilterConfig filterConfig; private String find, replace; public void setFilterConfig(final FilterConfig filterConfig) { this.filterConfig = filterConfig; } public void doFilter(final ServletRequest request, final ServletResponse response, FilterChain chain) throws IOException, ServletException { SensureWrapperConfig req = new SensureWrapperConfig((HttpServletRequest)request, find, replace); chain.doFilter(req,response); } public void init(FilterConfig c) { this.filterConfig = c; find = filterConfig.getInitParameter("find"); replace = filterConfig.getInitParameter(”replace"); } public void destroy() { this.filterConfig = null; } }

  26. We need a wrapper • Because a request cannot be modified once it is created – (read only)

  27. package filter; import javax.servlet.*; import javax.servlet.http.*; import java.io.*; import java.util.*; // This class is reading and mofifying the parameter list public class SensureWrapperConfig extends HttpServletRequestWrapper { private String find, replace; public SensureWrapperConfig(HttpServletRequest req) { super(spørsmål); } public SensureWrapperConfig(HttpServletRequest req, String find, String replace) { super(req); this.find = find; this.replace = replace; } public String getParameter(String param) { String value = super.getParameter(param); value = value.replaceAll(find,replace); return value; } }

  28. Example 3:Modify the response <body> <head> <link rel="stylesheet" href="style.css" type="text/css"/> </head> <body>

  29. <web-app> <filter> <filter-name>postFilter</filter-name> <filter-class>filter.BodyFilter</filter-class> <init-param> <param-name>find</param-name> <param-value><![CDATA[<body>]]></param-value> </init-param> <init-param> <param-name>replace</param-name> <param-value><![CDATA[ <head> <link rel="stylesheet" href="style.css" type="text/css"/> </head> <body> ]]></param-value> </init-param> </filter> <filter-mapping> <filter-name>postFilter</filter-name> <url-pattern>*.jsp</url-pattern> </filter-mapping> </web-app>

  30. The Filter

  31. import filter.BodyWrapper; public class BodyFilter implements Filter { private FilterConfig filterConfig; private String find, replace; public void setFilterConfig(final FilterConfig filterConfig) { this.filterConfig = filterConfig; } public void doFilter(final ServletRequest request, final ServletResponse response, FilterChain chain) throws IOException, ServletException { OutputStream out = response.getOutputStream(); KroppsWrapper res = new KroppsWrapper((HttpServletResponse)response); chain.doFilter(request, res); String body = new String(svar.getData()); body = body.replaceAll(find,replace); out.write(body.getBytes()); out.close(); } public void init(FilterConfig c) { this.filterConfig = c; find = filterConfig.getInitParameter("find"); replace = filterConfig.getInitParameter(”replace"); } public void destroy() { this.filterConfig = null; } }

  32. The Wrapper

  33. Part 1 package filter; import javax.servlet.*; import java.io.*; public class BodyStream extends ServletOutputStream { private DataOutputStream stream; public BodyStream(OutputStream output) { stream = new DataOutputStream(output); } public void write(int b) throws IOException { stream.write(b); } public void write(byte[] b) throws IOException { stream.write(b); } public void write(byte[] b, int off, int len) throws IOException { stream.write(b, off, len); } } package filter; import javax.servlet.*; import javax.servlet.http.*; import java.io.*; import filter.BodyStream; public class BodyWrapper extends HttpServletResponseWrapper { private ByteArrayOutputStream output; private int contentLength; private String contentType; private FilterConfig filterConfig; private String find, replace; public KroppsWrapper(HttpServletResponse res) { super(res); output = new ByteArrayOutputStream(); } public byte[] getData() { return output.toByteArray(); } public ServletOutputStream getOutputStream() { return new KroppsStream(output); }

  34. public void setContentLength(int length) { this.contentLength = length; super.setContentLength(length); } public int getContentLength() { return contentLength; } public void setContentType(String type) { this.contentType = type; super.setContentType(type); } public String getContentType() { return contentType; } public PrintWriter getWriter() { return new PrintWriter(getOutputStream(), true); } } Part 2

  35. Have a nice weekend

More Related