234321 Java by Example 2 integrated development environment
integrated development environment (IDE) is an application or set of tools that allows a programmer to write, compile, edit, and in some cases test and debug within an integrated, interactive environment. Java Servlet API The predominant language for server-side programming Standard way to extend server to generate dynamic content Web browsers are universally available thin clients Web server is middleware for running application logic User sends request server invokes servlet servlet takes request and generates response- returned to user Advantages of Servlet API CGI, ISAPI, ASP, PHP, etc also generate dynamic content Standard, stable, supported API multithreaded for improved performance Persistent between invovations, improved performance 100% portable between OS and servers Access to all APIs of Java platform Basis of JSP technology Basis of Struts and JSF frameworks
Servlet Basics Packages: javax.servlet, javax.servlet.http Runs in servlet container such as Tomcat Tomcat 4.x for Servlet 2.3 API Tomcat 5.x for Servlet 2.4 API Servlet lifecycle Persistent (remains in memory between requests) Startup overhead occurrs only once init() method runs at first request service() method for each request destroy() method when server shuts down Common Gateway Interface (CGI) Not persistent Not multithreaded Not high performancce Any language that can read standard input, write standard output and read environment variables Server sends request information specially encoded on standard input Server expects response information on standard output Writing servlets public class MyServlet extends javax.servlet.GenericServlet { public void service(ServletRequest req, ServletResponse resp) throws ServletException, IOException { Resp.SetContentType(text/plain);
} } GenericServlet public class MyServlet extends javax.servlet.GenericServlet { public void service(ServletRequest req, ServletResponse resp) throws ServletException, IOException { resp.SetContentType(text/plain);
} }
HttpServlet public class MyServlet extends javax.servlet.http.HttpServlet { public void doGet(ServletRequest req, ServletResponse resp) throws ServletException, IOException { resp.SetContentType(text/plain); PrintWriter out = resp.getWriter(); out.println(Hello, world); } public void doPost(ServletRequest req, ServletResponse resp) throws ServletException, IOException { doGet(req, resp); } HttpServlet doPost does three things Set output type text/plain MIME type getWriter() method for out stream Print on out stream getLastModified() method To cache content if content delivered by a servlet has not changed Return Long =time content last changed Default implementation returns a negative number servlet doesnt know getServletInfo() method Returns String for logging purposes
Web Applications Consists of a set of resources including Servlets, Static content, JSP files, Class libraries Servlet context, a particular path on server to identify the web application Servlets have an isolated, protected environment to operate in without interference ServletContext class where servlets running in same context can use this to communicate with each other Example servlet context: /catalog request.getContextPath() + /servlet/CatalogServlet Web App Structure Directory tree Static resources: / Packed classes: /WEB-INF/lib/*.jar Unpacked classes: /WEB-INF/classes/*.class Deployment descriptor: /WEB-INF/web.xml Configuration information for the servlets including Names, servlet (path) mapprings, initialization parameters, context-level configuration Servlet Path Mappings Servlets are not files, so must be mapped to URIs (Uniform Resource Identifiers) Servet container can set default, typically /servlet/* Example: /servlet/MyPacPageServlet can invoke PageServlet.class Mapping by Exact path: /store/chairs Prefix: /store/* Extension: *.page A servlet mapped to / path becomes the default servlet for the application and is invoked when no other servlet is found Servlet Context Methods Resources such as index.html can be accessed through web server or by servlet Servlet uses request.getContextPath() to identify its context path, for example: /app Servlet uses getResource() and getResourceAsStream(request.getContextPath() + /index.html) To retrieve context-wide initialization parameters, servlet uses getInitParameter() and getInitParameterNames() To access a range of information about the local environment, shared with other servlets in same servlet context, servlet uses getAttribute(), setAttribute(), removeAttribute(), getAttributeNames()
HttpServletRequest interface Server creates object implementing this interface, passes it to servlet. Allows access to URL info: getProtocol(), getServerName(), getPort(), getScheme() User host name: getRemoteHost() Parameter info: (variables from input form): .getParameterNames(), getParameter() HTTP specific request data: getHeaderNames(), getHeader(), getAuthType()
Forms and Interaction <form method=get action=/servlet/MyServlet> GET method appends parameters to action URL: /servlet/MyServlet?userid=Jeff&pass=1234 This is called a query string (starting with ?) Username: <input type=text name=userid size=20> Password: <input type=password name=pass size=20> <input type=submit value=Login> POST Method <form method=post Post method does not append parameters to action URL: /servlet/MyServlet Instead, parameters are sent in body of request where the password is not visible as in GET method POST requests are not idempotent From Mathematics an idempotent unary operator definition: whenever it is applied twice to any element, it gives the same result as if it were applied once. Cannot bookmark them Are not safely repeatable Cant be reloaded browsers treat them specially, ask user HEAD, and Other Methods HEAD returns headers only PUT, DELETE create and remove resources from the web server TRACE returns the request headers to the client doXXX() methods (XXX is one of the four) Most servlet programmers ignore these methods Default implementation informs user that request is unsupported or provides minimal implementation
HttpServletResponse Specify the MIME type of the response .setContentType(image/gif); Called before .getWriter() so correct Charset is used Two methods for producing output streams: Java.io.Printwriter out = resp.getWriter() ServletOutputStream str = resp.getOutputStream() //used for non-text responses HTTP response headers and status code setHeader(), containsHeader(), setStatus(), 200 OK, 404 Not Found, etc. sendError() sendRedirect(), sets Location header and status code for redirect. Causes browser to make another request. RequestDispatcher Can forward request to another servlet Can include bits of content from other servlets in its own response RequestDispatcher d = req.getRequestDispatcher(/servlet/OtherServlet); Either include goes and comes back d.include(req, resp); Or forward doesnt come back d.forward(req, resp); Request dispatching is Different from sendRedirect() browser not involved from user perspective, URL is unchanged
Security J2EE User Role Model -- users can be assigned one or more roles web.xml defines which servlets and resources are protected and which users have access particular role allows access to specific protected resources getRemoteUser() -- users ID getAuthType() -- Basic, Digest, or SSL isUserInRole() for dynamic content decisions getUserPrincipal() returns a java.security.Principal object identifying the user Servlet Filters Filters perform processing on the request Implement logging, control security, set up connection-specific objects javax.servlet.Filter = filter resource class Filter chain zero or more Filter objects and a destination resource (servlet or JSP) Set up a filter for a particular request path, (like a servlet mapping) such as *.jsp Filter resource calls doFilter() to advance to next filter in the chain, if no more filters, request is passed to ultimate destination Thread Safety Multithreaded = one servlet, multiple requests simultaneously Threadsafe not using class variables since one copy of these variables is shared by all threads Synchronized blocks of code, all threads wait until they can enter, one at a time Servlet 2.4 deprecates SingleThreadModel interface could not resolve all potential threading issues. Cookies Persistent client-side storage of data known to server and sent to client Cookie is multiple names and values. Value limited to 4096 bytes has expiration date, and a server name (returned to same host and not to others) Cookie is sent in HTTP header of response resp.addCookie(name,value) Cookie is returned to server in HTTP header of subsequent request cookies = req.getCookies(); For (int i=0;i<cookies.length;i++) { cookies[i].getName cookies[i].getAttribute Session Tracking For tracking individual users through the site Application needs stateful environment whereas the web is inherently stateless Previously, applications had to resort to complicated code, using cookies, hidden variables in forms, rewriting URLs to contain state information Delegates most of the user-tracking functions to the server Server creates object javax.servlet.http.HttpSession Session Servlet uses req.getSession(true) Boolean arg handles case if no current session object Should new one be created or not Session.isNew() useful to detect new session object Servlet binds data to the HttpSession object with session.setAttribute(hits,new Integer(34)); Server assigns unique session ID, stored in a cookie If cookies are not available, server uses URL rewriting. To create links, with session ID use resp.encodeURL(/servlet/View) or resp.encodeRedirectURL(/servlet/View)