Date post: | 23-Dec-2015 |
Category: |
Documents |
Upload: | joleen-mcgee |
View: | 220 times |
Download: | 2 times |
Recall: The interaction between web clients and servers is structured around HTTP Request and Response messages
SE-2840 Dr. Mark L. Hornick 2
Server is running a web server app,like Apache or Microsoft IIS.
In the simplest scenario, the Server responds to a browser GET request by returning a pre-written, static HTML file
SE-2840 Dr. Mark L. Hornick 3
Note: This diagram canbe found in your textbook
HTML file maintained on Server, returned to theBrowser as the HTTP response “payload”
HTTP GETrequest
A web server can employ a Helper App when it needs to go beyond serving static web pages
SE-2840 Dr. Mark L. Hornick 4
parameters
CGI* programs can be writtenin Perl, Python, PHP, C, or – Java
*Common Gateway Interface
HTTP GET or POST request(may include parameters)
CGIHelper app
How it works in general
SE-2840 Dr. Mark L. Hornick 5Note: This diagram canbe found in your textbook
User enters a URL (or clicks a link) to a CGI program rather than a static page
Web server “sees” that the request is for a helper program, so the server runs the helper, sending along any parameters sent from the Client.
The helper app constructs the brand new (dynamic) page and sends the HTML back to the server.
How it works for Java Servlets
SE-2840 Dr. Mark L. Hornick 6Note: This diagram canbe found in your textbook
Web server app is commonly Apache
Web container app is Tomcat
Servlets are run by Tomcat
What does a Container like Tomcat do? Communication
Creates server-side sockets Listens for client connections Determines client HTTP request type and “decodes” HTTP headers
Servlet Lifecycle management Figures out which Servlet should be used to process a specific request Handles Servlet class loading Handles Servlet instantiation/construction Handles Servlet initialization
Servlet execution support Launches/manages threads that service each incoming request Handles Servlet service() method invocation Creates and passes Request and Response objects to the Servlet
Supports Security Supports JSP
SE-2840 Dr. Mark L. Hornick 7
How Tomcat manages Servlets
CS-4220 Dr. Mark L. Hornick 8Note: This diagram canbe found in your textbook
Called only ONCE in the servlet’s life (and must complete before Container calls service()
Container calls destroy() to give the servlet a chance to clean up; like init(), destroy() is only called ONCE
The methods doGet() or doPost() are executed to process requests
This is where the servlet spends most of its life
Web Container(Tomcat)
Your servlet class no-arg ctor runs (you should NOT write a ctor; just use the compiler-supplied default.
Tomcat invokes a Servlet’s service() method, but your HTTPServlet-derived class should only override doGet() or doPost()
SE-2840 Dr. Mark L. Hornick 9
The service() method is given animplementation in the HTTPServletbase class, where the doGet() and doPost() methods are called.
You must override these methods in your HttpServlet-derived class
class Serv let-api classes
java.io.Serializable
HttpServlet
# doDelete(HttpServletRequest, HttpServletResponse) : void# doGet(HttpServletRequest, HttpServletResponse) : void# doHead(HttpServletRequest, HttpServletResponse) : void# doOptions(HttpServletRequest, HttpServletResponse) : void# doPost(HttpServletRequest, HttpServletResponse) : void# doPut(HttpServletRequest, HttpServletResponse) : void# doTrace(HttpServletRequest, HttpServletResponse) : void# getLastModified(HttpServletRequest) : long+ HttpServlet() : void# service(HttpServletRequest, HttpServletResponse) : void+ service(ServletRequest, ServletResponse) : void
java.lang.Objectjava.io.Serializable
GenericServlet
+ destroy() : void+ GenericServlet() : void+ getInitParameter(String) : String+ getInitParameterNames() : Enumeration+ getServletConfig() : ServletConfig+ getServletContext() : ServletContext+ getServletInfo() : String+ getServletName() : String+ init(ServletConfig) : void+ init() : void+ log(String) : void+ log(String, Throwable) : void+ service(ServletRequest, ServletResponse) : void
java.lang.Object
«interface»Serv let
+ destroy() : void+ getServletConfig() : ServletConfig+ getServletInfo() : String+ init(ServletConfig) : void+ service(ServletRequest, ServletResponse) : void
java.lang.Object
«interface»Serv letConfig
+ getInitParameter(String) : String+ getInitParameterNames() : Enumeration+ getServletContext() : ServletContext+ getServletName() : String
-config
A Servlet is just a Java class that implements some specific interfaces (defined by the Java Servlet Specifications) that are used by the Container
SE-2840 Dr. Mark L. Hornick 10
All Servlets must implement these 5 methods
Abstract class. Implements most of the basic servlet methods
Implements the service() method and calls doGet(), doPost() etc as appropriate
NOTE The Java classes pertaining to Servlets are not
part of the standard 1.6 SE They are part of the Java EE specification
Implementation of the 1.6 SE is provided in the 1.6 JDK/JRE System Library This is the library you are probably most familiar with rt.jar is the main jarfile in this library
Container vendors supply the implementation of the classes that are part of the Servlet specification Tomcat comes with its own Servlet libraries servlet-api.jar implements the Servlet-related classes
SE-2840 Dr. Mark L. Hornick 11
SE-2840 Dr. Mark L. Hornick 12
Parameters: HTML <form> tag element
<form action="http://<url>" method=“post"> <!-- form elements go here --></form>
The opening <form> tag – all form elements go between the opening and closing tag.
The required action attribute specifies the url of where to send the form’s data.
…and the name of the Web Resource that will process the form data if it is submitted
The method attribute specifies which HTTP message will be used to send the data in the form to the server – default is “get”
Note: See the exampleson the course website
GET vs. POST scenarios
SE-2840 Dr. Mark L. Hornick 13Note: This diagram canbe found in your textbook
SE-2840 Dr. Mark L. Hornick
14
get specifies that a HTTP GET message should be used, which appends the form data to the end of the urlhttp://<domain>/<resource>?
firstname=Arnold&lastname=Ziffel
get requests have a limit of 256 characters
The data is plainly visible in the url (insecure!)
You can bookmark a page that is the result of submitting a form
Use GET only to submit small amounts of insensitive data which the server app will NOT use to modify its internal state
SE-2840 Dr. Mark L. Hornick
15
post specifies that a HTTP POST message should be used, which appends the form data to the end of the HTTP POST header
There is no limit on the size of the data packet that can be sent to the server
You cannot bookmark a url that was generated as a POST message, since the form data is not in the url
A post request can be encrypted (using HTTPS) in order to protect sensitive data, such as a credit card numbers or passwords
Use POST to send form data that Is sensitive (use encryption in that case) If the data is large (>256 bytes) Will change the state of the web application
Note: Detailed explanation on pp 112-114 in your text.Be sure to read it!
SE-2840 Dr. Mark L. Hornick 16
These contain all kinds ofuseful stuff
Servlet execution – Part 1 of 2
SE-2840 Dr. Mark L. Hornick
17Note: This diagram canbe found in your textbook
Servlet execution – Part 2 of 2
class Request classes
java.lang.Object
serv let::Serv letRequestWrapper
+ getAttribute(String) : Object+ getAttributeNames() : Enumeration+ getCharacterEncoding() : String+ getContentLength() : int+ getContentType() : String+ getInputStream() : ServletInputStream+ getLocalAddr() : String+ getLocale() : Locale+ getLocales() : Enumeration+ getLocalName() : String+ getLocalPort() : int+ getParameter(String) : String+ getParameterMap() : Map+ getParameterNames() : Enumeration+ getParameterValues(String) : String[]+ getProtocol() : String+ getReader() : BufferedReader+ getRealPath(String) : String+ getRemoteAddr() : String+ getRemoteHost() : String+ getRemotePort() : int+ getRequestDispatcher(String) : RequestDispatcher+ getScheme() : String+ getServerName() : String+ getServerPort() : int+ isSecure() : boolean+ removeAttribute(String) : void+ ServletRequestWrapper(ServletRequest) : void+ setAttribute(String, Object) : void+ setCharacterEncoding(String) : void
«property get»+ getRequest() : ServletRequest
«property set»+ setRequest(ServletRequest) : void
java.io.InputStream
servlet::ServletInputStream
+ readLine(byte[], int, int) : int# ServletInputStream() : void
java.lang.Object
«interface»serv let::Serv letRequest
java.lang.Object
«interface»http::HttpServ letRequest
http::HttpServ letRequestWrapper
+ getAuthType() : String+ getContextPath() : String+ getCookies() : Cookie[]+ getDateHeader(String) : long+ getHeader(String) : String+ getHeaderNames() : Enumeration+ getHeaders(String) : Enumeration+ getIntHeader(String) : int+ getMethod() : String+ getPathInfo() : String+ getPathTranslated() : String+ getQueryString() : String+ getRemoteUser() : String+ getRequestedSessionId() : String+ getRequestURI() : String+ getRequestURL() : StringBuffer+ getServletPath() : String+ getSession(boolean) : HttpSession+ getSession() : HttpSession+ getUserPrincipal() : Principal+ HttpServletRequestWrapper(HttpServletRequest) : void+ isRequestedSessionIdFromCookie() : boolean+ isRequestedSessionIdFromURL() : boolean+ isRequestedSessionIdFromUrl() : boolean+ isRequestedSessionIdValid() : boolean+ isUserInRole(String) : boolean
-request
provides access to
The HTTP Request Wrapper Class
SE-2840 Dr. Mark L. Hornick 18
A reference to an HTTPServletRequest is created by the Containerand passed to the doGet() and doPost() methods of an HTTPServlet
These methods are about HTTP things like headers, sessions, and cookies
The HTTP Response Wrapper Class
SE-2840 Dr. Mark L. Hornick 19
A reference to an HTTPServletResponse is created by the Containerand passed to the doGet() and doPost() methods of an HTTPServlet
class Response Classes
java.io.OutputStream
servlet::ServletOutputStream
java.lang.Object
serv let::Serv letResponseWrapper
+ flushBuffer() : void+ getBufferSize() : int+ getCharacterEncoding() : String+ getContentType() : String+ getLocale() : Locale+ getOutputStream() : ServletOutputStream+ getWriter() : PrintWriter+ isCommitted() : boolean+ reset() : void+ resetBuffer() : void+ ServletResponseWrapper(ServletResponse) : void+ setBufferSize(int) : void+ setCharacterEncoding(String) : void+ setContentLength(int) : void+ setContentType(String) : void+ setLocale(Locale) : void
«property get»+ getResponse() : ServletResponse
«property set»+ setResponse(ServletResponse) : void
http::HttpServ letResponseWrapper
+ addCookie(Cookie) : void+ addDateHeader(String, long) : void+ addHeader(String, String) : void+ addIntHeader(String, int) : void+ containsHeader(String) : boolean+ encodeRedirectURL(String) : String+ encodeRedirectUrl(String) : String+ encodeURL(String) : String+ encodeUrl(String) : String+ HttpServletResponseWrapper(HttpServletResponse) : void+ sendError(int, String) : void+ sendError(int) : void+ sendRedirect(String) : void+ setDateHeader(String, long) : void+ setHeader(String, String) : void+ setIntHeader(String, int) : void+ setStatus(int) : void+ setStatus(int, String) : void
java.lang.Object
«interface»http::HttpServ letResponse
java.lang.Object
«interface»serv let::Serv letResponse
-response
provides access to
These methods are also about HTTP things like headers, sessions, and cookies