Servlets

Servlets and the Java Web Server
Server-Side Programming Made Easy
Written by Alex Chaffee (alexc@purpletech.com)

Contents Copyright (c) 1998 Purple Technology, Inc.
11/04/08 Copyright © 1997-8, Purple Technology Inc. 1

Course Outline
 Servlet Overview
 Using Servlets
 Writing Servlets
 Saving State
 Java Web Server Features
 Appendix: CGI Tutorial
 Appendix: FAQ
 Inside the Exercises Handout
Section I
Servlet Overview

What Is A Servlet
 A Java object
 Plug-in for a web server
 Replacement for CGI scripts
 Can also be used to extend server as a plug-in
 Full power of Java
 Platform-independent
 Database access
 Fun to write

Server/Service/Servlet
 server - a process running on a host
machine
 Apache, Java Web Server
 service - a protocol running on a port
 HTTP, FTP
 servlet - a module running inside a service
 PhoneServlet

Servlet/Service/Server Diagram
 (diagram from Java Web Server tutorial)

Servlets vs. Applets

 Servlets have no GUI
 Server-side, not client-side
 Different security model
 Installed, not downloaded
 But you can download remote servlets too
 Consistent server-side VM
 Much easier to test

Servlets vs. CGI

 "performance, flexibility, portability, and
security" (whitepaper)
 Faster and Leaner
 No fork-process like Perl
 No need to initialize for each request
 Only lightweight thread context switching
 Built-in multithreading

Servlets vs. CGI (Cont.)

 Easy to manage state
 share data across successive requests
 share data between concurrent requests
 use hidden fields, cookies, or sessions
 Write once, run anywhere
 It's easy to write unportable Perl
 Servlets have standard API
 Supports all methods
 GET, POST, PUT, DELETE, et al.
Servlets vs. FastCGI

 FastCGI sends multiple requests to a single
separate process
 requires process context switch
 Servlets send multiple requests to multiple threads
in same process
 requires lightweight thread context switch
 (Also applies to ISAPI)
 Nice diagram in White Paper
 Servlets also automatically take advantage of
multiprocessors
 if the underlying JVM does
Supported Servers
 Java Web Server
 Apache
 Netscape
 Many others (see web site)
 Servlet Engines
 IBM's ServletExpress
 Live Software’s JRun

Servlet Security
 Trusted Servlets (full access)
 JWS Internal
 Local (in the "servlets" directory)
 Servlet Sandbox
 Signed Network Servlets (full access)
 Unsigned Network Servlets (limited access)

Servlet Security: Implications

 IT managers can sign servlets for use in
their organization
 ISPs can allow users to run servlets
 less of a security hole than CGI scripts, since Java is
safe and secure (at least more so than C or Perl)
 still allows denial-of-service attacks
 Network servlets are possible
 chaining / proxying
 allows agents
 common servlet repository for multiple servers
 one place to install updates

Servlet Security: Problems

 Too simplistic
 All or nothing
 Should allow ACLs for particular signers
 They claim it will in a future version
 Should get better with 1.2 security model
 Finer-grained access control

Servlet Client Security

 Java Web Server
 Allows Access Control Lists for clients
 Supports HTTP authentication
 Supports Digest Authentication
 Other Web Servers
 Usually support HTTP authentication
 May have other security features

SSL in JWS
 It works
 Extra $$
 https: supported
 Digest Authentication supported
 SSL 3 (client certificates) required

Authenticating the user’s identity

 HTTP Authentication
 Username/password sent to server on every request
(like cookies)
 Very light encryption (uuencode)
 Digest Authentication
 Cryptographic handshaking between client and
server
 Very good encryption
 Not supported by all servers/browsers

User Authentication Methods

 request.getRemoteUser()
 returns username
 request.getAuthType()
 HTTP or Digest
 request.getScheme()
 “http” or “https”

API Availability
 Standard Java Extension API
 From white paper: "This means that while it is not
part of the core Java framework which must always
be part of all products bearing the Java brand, it will
be made available with such products by their
vendors as an add-on package."
 package javax.servlet.*, javax.servlet.http.*

Servlet Architectures:Three-tier system

 Tier 1: Client
 HTML browser
 Java client
 Tier 2: Servlets
 embody business logic
 secure, robust
 Tier 3: Data Sources
 Java can talk to SQL, CORBA, OODB, File system,
etc. etc.
Servlet Architectures: N-tier system

 Tier 1: HTML Browser
 Tier 2: Servlet
 User interface
 Tier 3: EJB/CORBA/RMI Objects
 Business logic
 Tier 4: Other Servers (e.g. RDBMS)
 Data storage

Servlet Architectures: Web Publishing

 SSI Servlets
 JSP Servlets
 Best to keep business logic inside Java objects
 Keep the JSP light so designers don’t get scared
 Chaining servlets
 Multiple servers
 data gathering, collecting, serving, load balancing,
etc.

Section II
Using Servlets

Loading Servlets
 From CLASSPATH
 includes <root>/classes/ on JWS
 From <root>/servlets/ directory
 not in classpath
 servlets can be added or recompiled inside a running
server
 class.initArgs file
 From remote codebase
 specified by URL

Remote Servlets
 Three ways to configure
 configure with Administration Tool
 invoke inside a server-side include
 configure inside a servlet chain
 Loaded in a Servlet Sandbox
 more later

What's In A Name
 A servlet's name is its class name
 if it's in the servlets directory
 Or, you can assign it a name in the "Add
Servlet" admin tool
 maps code word to servlet class
 Name is usually a single word
 possibly with a package name and dots
 no other punctuation

Standard Servlets
 DateServlet
 echoes current date/time
 EchoServlet
 echoes CGI parameters (good for testing)
 MailServlet
 sends email in response to a CGI form
 RedirectServlet
 used by server to manage HTTP redirects
 SessionServlet
 used by server to manage sessions
 Many more...

Server-side Includes (SSI)

 Must be in a file named .shtml or .jsp
 can change this with Admin Tool
 Normal SSI
 
 Servlet SSI
 <servlet code=DateServlet.class>
 </servlet>

SSI Details
 pass init parameters in servlet tag
 pass servlet parameters in param tags
 can specify codebase in servlet tag
 e.g.
<servlet code=DateServlet.class
codebase=http://servlets.foo.com/
initParam1=val1 initParam2=val2>
<param name=serviceParam1 value=val3>
<param name=serviceParam2 value=val4>
</servlet>

URL invocation
 Directly from browser as URL
 http://www.myserver.com/servlet/MyServlet
 From inside FORM tag as script
<FORM METHOD=POST
ACTION=”/servlet/MyServlet”>
...
</FORM>
 From inside JHTML or JSP page
 Uses “Page Compilation”
 Compiles the jsp file into a servlet on the fly, then
executes it
A Note on CLASSPATH and JWS

 JWS uses its own JRE
 Three ways to add classes
 Put the class files into the “classes” subdirectory
 Jar them, and put the jar files into the “lib”
subdirectory
 Start the server with the -classpath option
httpd -classpath c:\projects\utils

Section III
Writing Servlets

The Servlet API

 Independent of
 web protocol
 server brand or platform
 whether it's local or remote
 Simple, small, easy
 Base class provides core functionality; just
extend it

CGI, or not, whichever

 Fairly generic interface
 Accepts query, returns response
 Used for plugins, etc.

Servlet Architecture Overview

 Servlet Interface
 methods to manage servlet
 GenericServlet
 implements Servlet interface
 HttpServlet
 extends GenericServlet
 exposes HTTP-specific functionality

Servlet Architecture Overview

 ServletRequest
 What the client says to the server
 Access to information like protocol, client IP#,
parameters, and body
 ServletResponse
 What the servlet says to the client
 HttpServletRequest, HttpServletResponse
 HTTP-specific communication and information
 State-tracking and session management

Servlet Lifecycle Overview

 Server loads and instantiates servlet
 Server calls init()
 Loop
 Server receives request from client
 Server calls service()
 service() calls doGet() or doPost()
 Server calls destroy()
 More detail to come later...

ServletRequest
 passed to the service() method
 contains lots of useful goodies…
 Client info
 URL info
 Content info
 Content itself
 User-entered parameters

ServletRequest - Client Info

 getRemoteAddr()
 Returns the IP address of the agent that sent the request
 getRemoteHost()
 Returns the fully qualified host name of the agent that
sent the request
 getProtocol()
 Returns the protocol and version of the request as a
string of the form <protocol>/<major version>.<minor
version>.

ServletRequest - URL Info

 getScheme()
 Returns the scheme of the URL used in this request, for
example "http", "https", or "ftp".
 getServerName()
 Returns the host name of the server that received the
request
 getServerPort()
 Returns the port number on which this request was
received
 getServletPath()
 Returns the URI path that got to this script, e.g.
“/servlet/com.foo.MyServlet”
 Useful for putting in a <FORM> tag
 See also getRequestURI()
11/04/08 Copyright © 1997-8, Purple(in HttpServletRequest)
Technology Inc. 40
ServletRequest - Content Info

 getContentLength()
 Returns the size of the request data
 getContentType()
 Returns the MIME type of the request data

ServletRequest - Content
 getInputStream()
 Returns an input stream for reading binary data in
the request body.
 getReader()
 Returns a buffered reader for reading text in the
request body.

ServletRequest - Parameters
 String getParameter(String)
 Returns a string containing the lone value of the specified parameter,
or null if the parameter does not exist.
 Was deprecated, but due to popular demand, it'll be undeprecated
 String[ ] getParameterValues(String)
 Returns the values of the specified parameter for the request as an
array of strings, or null if the named parameter does not exist.
 For parameters with multiple values, like lists
 Enumeration getParameterNames()
 Returns the parameter names for this request as an enumeration of
strings, or an empty enumeration if there are no parameters or the
input stream is empty.

ServletResponse
 Embodies the response
 Basic use:
response.setContentType("text/html");
PrintWriter out = response.getWriter();
out.println(
"<HTML><BODY>Hello</BODY></HTML
>");

ServletResponse - Output
 getWriter()
 for writing text data
 getOutputStream()
 for writing binary data
 or for writing multipart MIME
 you must call setContentType() before
calling getWriter() or getOutputStream()
 by default it's text/plain, which you don't want

The GenericServlet class

 implements Servlet
 also implements Serializable, ServletConfig
 implements all Servlet methods
 so you don't have to

The HelloWorld Servlet

import javax.servlet.*;
import java.io.*;
public class HelloServlet extends GenericServlet
{
public void service(ServletRequest req,
ServletResponse res)
throws IOException, ServletException
{
res.setContentType("text/plain");
ServletOutputStream out = res.getOutputStream();
out.println("Hello, World!");
}
}
The HttpServlet class

 extends the GenericServlet base class
 provides a framework for handling the
HTTP protocol
 has its own subclasses of ServletRequest
and ServletResponse that do HTTP things

HttpServlet methods
 provides helper methods for HTTP methods
 doGet (GET and HEAD)
 doPost (POST)
 doPut, doDelete (rare)
 doTrace, doOptions (not overridden)
 the service() method dispatches requests
to the do* methods

HttpServlet: Receiving Data

 getParameter / getParameterValues /
getParameterNames
 process the data and return you the parameters
 getQueryString
 for GET method
 returns a single string in url-encoded format
 getReader / getInputStream
 for POST, PUT, DELETE
 returns a stream of characters / bytes
 mutually exclusive
 use EITHER getParameter* OR one of the others (never
both)

SimpleServlet (GET)
public class SimpleServlet extends HttpServlet {
public void doGet(HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException {
// set header field first
res.setContentType("text/html");
// then get the writer and write the response data
PrintWriter out = res.getWriter();
out.println(
"<HEAD><TITLE> SimpleServlet
Output</TITLE></HEAD><BODY>");
out.println("<h1> SimpleServlet Output </h1>");
out.println("<P>This is output is from SimpleServlet.");
out.println("</BODY>");
out.close();
}
public String getServletInfo() { return "A simple servlet"; }
}

DateServlet
public class DateServlet extends HttpServlet {
public void service( HttpServletRequest req,
HttpServletResponse res)
throws ServletException, IOException
{
Date today = new Date();
out.println(today.toString());
}
public String getServletInfo() {
return "Returns a string representation of the current
time";
}
}
From Java Web Server Tutorial by Sun Microsystems
HelloHttpServlet
 Reads in a parameter
 Can use a form
 <FORM METHOD=GET
ACTION=”/servlet/HelloHttpServlet”>
 <INPUT NAME=name>
 </FORM>
 Can use right in a URL
http://localhost:8080/servlet/HelloHttpServlet?name=Fred
 Outputs it as HTML

HelloHttpServlet
public class HelloHttpServlet extends HttpServlet
{
public void doGet(HttpServletRequest req,
HttpServletResponse res) throws IOException,
ServletException
{
String name = req.getParameter("name");
if (name == null) name = "Joe";
out.println("Hello, " + name + "!");
}
}
More Advanced Servlets

 See Post Servlet
 from Servlet Tutorial

HttpServletRequest
 Cookie[ ] getCookies()
 returns list of cookies sent by client
 String getMethod()
 GET, POST, etc.
 String getRequestURI()
 returns the URI or URL that was invoked
 useful for putting inside <FORM> tag

HttpServletRequest (Cont.)
 CGI Variable Methods
 getServletPath(), getPathInfo(), getPathTranslated(),
getQueryString(), getRemoteUser(), getAuthType()
 String getHeader(String name)
 Session Management Methods
 HttpSession getSession(boolean create)
 More later...

HttpServletResponse
 Contains HTTP status codes as constants
 int HttpServletResponse.SC_NOT_FOUND = 404;
 Can send Error or Status codes to client
 Deals with Cookies
 Deals with HTTP Headers
 Can send HTTP Redirect to client

Servlet Lifecycle: Init()

 public void init(ServerConfig cfg)
 called once, when servlet loads
 don't worry about synchronization
 perform costly setup here, rather than once
per request
 open database connection(s)
 load in persistent data
 spawn background threads

Init Details
 if you fail, throw an UnavailableException
 must call super.init(cfg), which saves off
cfg
 if you like, you can save it yourself and override
getServletConfig, but why bother?
 Can call getInitParameter(paramName) to
read from the server-side config file

Servlet Lifecycle: Service

 public void service(ServletRequest req,
ServletResponse res)
 takes Request and Response objects
 called many times, once per request

service() and Concurrency

 Might be called simultaneously in several
threads
 it is your responsibility to handle synchronized
access to shared resources
 It is possible to declare a servlet as single-
threaded
 implement SingleThreadModel (empty interface)
 performance will suffer (if there are multiple
simultaneous requests)
 You can use class-static data to share data
across successive or concurrent requests
Servlet Lifecycle: Destroy

 public void destroy()
 takes no parameters
 you must clean up
 close database connections
 stop threads
 Afterwards, servlet may be garbage collected

Servlet Lifecycle: Destroy Details

 The server calls destroy after all service calls have
been completed, or after a certain number of
seconds have passed, whichever comes first.
 Warning: other threads might be running service
requests, so be sure to synchronize, and/or wait
for them to quit
 Sun's Servlet Tutorial has an example of how to do this
with reference counting
 Destroy can not throw an exception, so if
something bad happens, call log() with a helpful
message (like the exception)
 See “closing a JDBC connection” example in Tutorial

Init Parameters
 ServletConfig
 String getInitParameter()
 Enumeration getInitParameterNames()
 There are convenience methods of the
same name inside GenericServlet
 Init Parameters are set by the server
administrator
 Servlet Parameters are set by the web page

ServletContext
 call GenericServlet.getServletContext()
 getServlets()
 returns list of all installed Servlets
 getServlet(String name)
 returns the named Servlet
 log()
 see next slide

Logging
 GenericServlet.log(String message)
 Writes the name of your servlet, plus the message,
to the server log file
 Location of log file is server-specific
 on JWS, you can check in the Admin Tool
 "If a servlet will have multiple instances (for example, if the
network service runs the servlet for multiple virtual hosts),
the servlet writer should override this method. The
specialized method should log an instance identifier, along
with the requested message." - Javadoc for GenericServlet
 But usually, there is only one instance of each
servlet, called reentrantly by the web server

Servlet.getServletInfo()
 You should override this method
 Returns a string containing author, version,
copyright, etc.


HTTP Servlet Efficiency

Efficiency: KeepAlive
 HTTP keepalive improves performance
 Keeps connection alive across multiple HTTP
requests
 Servlet must set content-length
 You can write to a ByteArray or StringBuffer, then
get its length before writing it
 res.setContentLength(sb.length());
 out.print(sb);
 KeepAlive should be enabled by default if all you
do is write short strings, then close the output
stream
 but maybe not

Efficiency: getLastModified
 long HttpServlet.getLastModified(
HttpServletRequest req )
 Returns the time the requested entity was
last modified
 difference in milliseconds between that time and
midnight, January 1, 1970
 negative = unknown (or dynamic)
 Improves performance on browser/proxy
caching
Section IV
Saving State

Saving State: Why

 Shopping Cart
 User Preferences
 “Wizard” interfaces
 i.e., successive linked dialog boxes / form entry
pages

Saving State: How

 Client-side storage
 Hidden fields
 URL Rewriting
 Cookies
 Server-side storage
 Instance variables
 Database Access
 JWS Session Management
 Best possible solution (but still flawed)
Hidden Fields
 Save data inside the servlet, keyed to a
handle
 Store a handle inside each successive
FORM
 Use that handle to retrieve data each query
 Of course, you could always store all the
data in hidden fields, instead

Hidden Fields: Example

private Dictionary cache = new Hashtable();
public void doGet(...) {
String handle = getParameter(“handle”);
UserData data;
if (handle == null) {
data = new UserData();
handle = makeNewHandle(); // defined
elsewhere
cache.put( handle, data );
}
else
11/04/08data = (UserData)cache.get(handle);
Copyright © 1997-8, Purple Technology Inc. 77

out.println(“<FORM
ACTION=/servlet/Whatever>”);
out.println(
“<INPUT TYPE=hidden NAME=handle VALUE=”
+
handle + “>”);
out.println( ... rest of form ... );


 Survey.java

Hidden Fields: Pros and Cons

 Pros
 Well understood
 You have control
 Can use your own caching mechanism

Hidden Fields: Pros and Cons

 Cons
 Need to use FORMs
 hidden fields do not persist across normal links
 Sessions are not persistent across server restarts
 unless you write code to do it
 Sessions do not expire
 unless you write code to do it

URL Rewriting
 Change HREF and ACTION URLs on the fly
 Change “/servlet/catalog” into
“/servlet/catalog?user=1234”

URL Rewriting
 Pro:
 Don’t need to use FORMs
 Con
 Lose user if he/she travels outside your web site
 Need to use Servlet for all accesses -- can’t access a
raw HTML page

Using Instance Variables for State

 Session data stored in instance variables
 directly is bad - not valid for multiple users
 indirectly is better - in a hashtable or vector, keyed
off a unique handle
 Pro: Quick, easy
 Con: Not persistent, memory can fill up
easily

Database State
 Session data stored in a database
 You should open a connection to the
database in your init() method, and close it
in your destroy() method
 You can still use the hidden field technique
 When you get a handle, you pull in the user
data via a DB query

Database State: Pros and Cons

 Pro:
 persistent
 high capacity
 Con:
 more complicated
 have to write more code
 still doesn’t automatically expire old sessions

C is for Cookie
Cookie Monster is a trademark of

Children’s Television Workshop

What’s A Cookie?
 Client-side storage
 Server can drop arbitrary data on browser
 Sent back to server on EVERY successive
request
 Automatically expires
 Cookies should be neither large nor
numerous
 Browsers should support twenty cookies per host, of
at least four kilobytes each
Cookie Uses
 save session data
 save handle to session data
 store user preferences for next session
 store user login information
 not very secure, but appropriate for some
applications

Cookies and Servlets

 Servlets can easily use Cookies
 HttpServletRequest.getCookies() method
 HttpServletResponse.addCookie() method
 Cookie object

javax.servlet.http.Cookie
 get/setName()
 get/setValue()
 Attributes
 Comment, Domain, MaxAge, Path, Secure, Version

Cookie Example
 Cookie Counter Servlet
 Counter.java

Cookie Pros and Cons

 Pro:
 No server-side storage requirements
 Survive server restarts
 Automatically expire
 Con:
 Not supported by all browsers
 Bandwidth limitations
 Not good for large amount of data
 User can disable them

Detecting Cookie Acceptance

 CookieDetector.java
 Drops a cookie on the client
 Sends a redirect back to CookieDetector,
with a flag saying “this is the test phase”
 The test phase detects whether
 The client accepted the cookie
 The client rejected the cookie (or the browser
doesn’t support cookies)
 Sends another redirect to appropriate page
 You can tell the user “pretty please” here
JWS Session Management

 Flexible
 Lightweight
 General
 Automatic
 Uses cookies if it can, URL rewriting if it
can’t
 Based on technology from ATG

Session Objects
 Server-side
 One per client (not one per servlet)
 Preserved automatically
 even in browsers that don’t support cookies
 Expire after 30 minutes (by default)
 Saved to disk if server dies; restored if
server restarts
 “Loosely speaking, a session corresponds
to a single sitting of a single anonymous
user” - JWS Tutorial

Using Sessions
HttpSession session = request.getSession
(true);
String info =
(String)session.getValue(“foo.info”);
// assume getNewInfo defined elsewhere
String newinfo = getNewInfo();
session.putValue(“foo.info”, newinfo);
// then output page

URL Rewriting
 Preserves sessions on non-cookie browsers
 Changes
<a href="/store/catalog">
 into
<a
href="/store/catalog;$sessionid$DA32242SSG
E2">
 You must actively call res.encodeUrl(“/store/catalog”)
 see next slide
 Does not work if user merely disables cookies
 Has to actually
11/04/08 BE a©non-cookie
Copyright browserInc.
1997-8, Purple Technology 98
 Lame
HttpServletResponse - Encoding
 Has methods to process URLs to splice in the session ID if
appropriate
 Not the same as URLEncode / URLDecode
 the server deals with that
 String encodeUrl(String url)
 rewrites the given URL if necessary
 if the browser supports cookies, returns URL unchanged
 All URLs emitted by a session-using Servlet should be run through
this method
 e.g.
 out.println("<A HREF=\"" + resp.encodeUrl("next.html") + "\">");
 also String encodeRedirectUrl(String url)

Session Persistence
 Sessions swap to disk
 When server shuts down
 When memory fills up
 Uses Java Serialization
 Only works for Serializable or Externalizable
objects
 “Note: Session persistence is intended to
be used as a means for preserving
Sessions across server restarts. It is not
meant to be used as a general long-term
session persistence mechanism.”
Example
 VectorSessionServlet.java

Bugs
 Can’t use custom classes inside session
data
 Doesn’t really detect whether client
supports cookies
 Instead, detects whether browser can potentially
support cookies
 Lame - they should use my CookieDetector
technique

Section V
Java Web Server Features

Administration Tools
 Play with Admin Tool
 http://localhost:9090/
 Click on a service, click “Manage” button
 To shut down server, click “Shut Down”

Manage Servlets
 Add
 Properties
 Load on Startup
 Unload

Servlet Aliases
 Specify a partial URL
 Map it to a particular servlet
 e.g.
 you want http://foo.com/lunch to execute
/servlets/meal?type=lunch
 set alias = /lunch
 set servlet invoked = meal?type=lunch

Servlet Chains (Filters)

 specify a comma-separated list of servlets
 the first servlet gets the user input
 each servlet in turn will get the previous
output
 the final servlet will return to the user
 all servlets in chain must use same ACL

HTML Templates
 Define standard look for all (or some) pages
 Template Servlet
 A tag inside template page inserts section
from original page
 <subst data="HEAD"></subst>
 <subst data="BODY"></subst>
 Specify which files are templated via
Servlet Aliases in Admin Tool

Page Compilation (JSP)

 Embed Java code in static HTML pages
then compile those pages into individual
Java servlets to create a dynamic web site
 Based on JHTML technology from Art
Technology Group (http://www.atg.com/)
 Product: Dynamo, a Java Web Application Server

Session Tracking
 See above

Servlet Beans
 Using Servlets That are Beans
 Changes to config file are instantly updated
 Servlet itself is persistent across server restarts
 instance variables, like counters or caches, are
preserved
 Calling JavaBeans from Servlets
 Invisible Beans
 Installed inside “lib” subdirectory
 Calling JavaBeans in JHTML/JSP Files

FAQ
 Answers in the Exercises book
 How do I develop using the servlet classes without
installing JDK1.2?
 Is it the “servlets” directory or the “servlet” directory
 Why doesn’t my servlet work inside a <SERVLET>
tag?
 How do I support both GET and POST protocol
from the same Servlet?
 How do I fully shut down the server?
 My browser says “the server returned an invalid or
unrecognized response” – what gives?
References
 Java Server 1.1
 http://java.sun.com/javastore/jserv/buy_try.html
 http://java.sun.com/products/java-server/index.html
 be sure to download the JWS documentation
 The home for servlets and the Java Web Server.
 http://jserv.javasoft.com
 The Java Web Server 1.1 is available for trial or purchase.
 http://java.sun.com/javastore/jserv/buy_try.html
 The Java Web Server 1.1.1 upgrade pack is available for free.
 http://java.sun.com/products/java-server/webserver/jws111.html
 The Java Server Pages preview pack is available for free.
 http://developer.javasoft.com/developer/earlyAccess/jws-
preview.html

References
 RFC2045 - MIME
 http://info.internet.isi.edu/in-notes/rfc/files/rfc2045.txt
 RFC 2109 - Cookies
 http://info.internet.isi.edu/in-notes/rfc/files/rfc2109.txt
 Live Software
 http://www.livesoftware.com/
 JRun, many commercial servlets
 ATG - Dynamo Web Application Server
 http://www.atg.com/

References
 Advanced Web Technologies
 http://www.javatrain.com/
 Purple Technology
 http://www.purpletech.com/
 Gamelan
 http://java.developer.com/

Appendix: CGI Tutorial

What Is CGI?
 Common Gateway Interface
 Allows web pages to send parameters to
web server
 Use HTML forms on client side
 Can also use Java – it's just a protocol!
 Use scripts on server side
 Can use Servlets!

Example CGI HTML

<FORM ACTION="/servlets/GuestBook"
METHOD=POST>
Name: <INPUT TYPE=text
NAME="name"><BR>
Message: <INPUT TYPE=textarea
NAME="message"><BR>
<INPUT TYPE=submit>
</FORM>

CGI Flow
 Browser downloads HTML page containing
FORM tag
 Browser lays out input widgets
 User fills out form and clicks "Submit"
 Browser takes parameters and sends them
in CGI format

CGI Flow (Cont.)

 Server receives parameters and sends
them to CGI script
 CGI script returns MIME document
 usually it's "text/html"
 can be any MIME type
 Browser receives response document and
displays it
 If response contains FORM tag, whole thing
can happen again
The FORM tag

 Opens a form
 ACTION
 the URL of the script to execute
 METHOD
 GET or POST
 Usually use POST
 closed with </FORM>

INPUT TYPE=text
 Specifies a text field
 NAME
 names parameter to be passed to script
 VALUE (optional)
 initial value for text

INPUT TYPE=textarea
 Specifies a multi-line text area
 NAME
…

INPUT TYPE=checkbox
 Specifies a check box (duh)
 NAME
 ISCHECKED=true
 default value on

INPUT TYPE=radio
 Specifies a radio button (or grouped
checkbox)
 NAME
 names group of buttons
 VALUE
 specifies the value for the group
 e.g.
<INPUT TYPE=radio NAME="gender"
VALUE="male">Male
<INPUT TYPE=radio NAME="gender"
VALUE="female">Female

INPUT TYPE=submit
 A push button that submits the form
 NAME
 specifies name of variable
 VALUE
 specifies name of button
 yes, "value" specifies the name
 hey, I didn't write the spec

INPUT TYPE=reset
 A push button that clears the form
 Does not submit it

Servlets

Încărcat de

Informații document

Descriere originală:

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Servlets

Încărcat de

Drepturi de autor:

Formate disponibile

Servlets and the Java Web Server

Server-Side Programming Made Easy

Written by Alex Chaffee (alexc@purpletech.com)

11/04/08 Copyright © 1997-8, Purple Technology Inc. 1

11/04/08 Copyright © 1997-8, Purple Technology Inc. 3

11/04/08 Copyright © 1997-8, Purple Technology Inc. 4

11/04/08 Copyright © 1997-8, Purple Technology Inc. 5

 (diagram from Java Web Server tutorial)

11/04/08 Copyright © 1997-8, Purple Technology Inc. 6

Servlets vs. Applets

11/04/08 Copyright © 1997-8, Purple Technology Inc. 7

Servlets vs. CGI

11/04/08 Copyright © 1997-8, Purple Technology Inc. 8

Servlets vs. CGI (Cont.)

Servlets vs. FastCGI

11/04/08 Copyright © 1997-8, Purple Technology Inc. 11

11/04/08 Copyright © 1997-8, Purple Technology Inc. 12

Servlet Security: Implications

11/04/08 Copyright © 1997-8, Purple Technology Inc. 13

Servlet Security: Problems

11/04/08 Copyright © 1997-8, Purple Technology Inc. 14

Servlet Client Security

11/04/08 Copyright © 1997-8, Purple Technology Inc. 15

11/04/08 Copyright © 1997-8, Purple Technology Inc. 16

Authenticating the user’s identity

11/04/08 Copyright © 1997-8, Purple Technology Inc. 17

User Authentication Methods

11/04/08 Copyright © 1997-8, Purple Technology Inc. 18

11/04/08 Copyright © 1997-8, Purple Technology Inc. 19

Servlet Architectures:Three-tier system

Servlet Architectures: N-tier system

11/04/08 Copyright © 1997-8, Purple Technology Inc. 21

Servlet Architectures: Web Publishing

11/04/08 Copyright © 1997-8, Purple Technology Inc. 22

11/04/08 Copyright © 1997-8, Purple Technology Inc. 23

11/04/08 Copyright © 1997-8, Purple Technology Inc. 24

11/04/08 Copyright © 1997-8, Purple Technology Inc. 25

11/04/08 Copyright © 1997-8, Purple Technology Inc. 26

11/04/08 Copyright © 1997-8, Purple Technology Inc. 27

Server-side Includes (SSI)

11/04/08 Copyright © 1997-8, Purple Technology Inc. 28

11/04/08 Copyright © 1997-8, Purple Technology Inc. 29

A Note on CLASSPATH and JWS

11/04/08 Copyright © 1997-8, Purple Technology Inc. 31

11/04/08 Copyright © 1997-8, Purple Technology Inc. 32

The Servlet API

11/04/08 Copyright © 1997-8, Purple Technology Inc. 33

CGI, or not, whichever

11/04/08 Copyright © 1997-8, Purple Technology Inc. 34

Servlet Architecture Overview

11/04/08 Copyright © 1997-8, Purple Technology Inc. 35

Servlet Architecture Overview

11/04/08 Copyright © 1997-8, Purple Technology Inc. 36

Servlet Lifecycle Overview

11/04/08 Copyright © 1997-8, Purple Technology Inc. 37

11/04/08 Copyright © 1997-8, Purple Technology Inc. 38

ServletRequest - Client Info

11/04/08 Copyright © 1997-8, Purple Technology Inc. 39

ServletRequest - URL Info

ServletRequest - Content Info

11/04/08 Copyright © 1997-8, Purple Technology Inc. 41

11/04/08 Copyright © 1997-8, Purple Technology Inc. 42

11/04/08 Copyright © 1997-8, Purple Technology Inc. 43