Ch 3 - Java Servlets

WHY IDE WHY NOT NOTEPAD

OR COMMANDLINE

234321 Java by
Example
2
integrated development
environment

integrated development environment (IDE)
is an application or set of tools that allows
a programmer to write, compile, edit, and
in some cases test and debug within an
integrated, interactive environment.
Java Servlet API
The predominant language for server-side
programming
Standard way to extend server to generate
dynamic content
Web browsers are universally available thin
clients
Web server is middleware for running
application logic
User sends request server invokes servlet
servlet takes request and generates response-
returned to user
Advantages of Servlet API
CGI, ISAPI, ASP, PHP, etc also generate
dynamic content
Standard, stable, supported API
multithreaded for improved performance
Persistent between invovations, improved
performance
100% portable between OS and servers
Access to all APIs of Java platform
Basis of JSP technology
Basis of Struts and JSF frameworks

Servlet Basics
Packages:
javax.servlet, javax.servlet.http
Runs in servlet container such as Tomcat
Tomcat 4.x for Servlet 2.3 API
Tomcat 5.x for Servlet 2.4 API
Servlet lifecycle
Persistent (remains in memory between requests)
Startup overhead occurrs only once
init() method runs at first request
service() method for each request
destroy() method when server shuts down
Common Gateway Interface (CGI)
Not persistent
Not multithreaded
Not high performancce
Any language that can read standard input, write
standard output and read environment variables
Server sends request information specially
encoded on standard input
Server expects response information on
standard output
Writing servlets
public class MyServlet extends
javax.servlet.GenericServlet {
public void service(ServletRequest req,
ServletResponse resp)
throws ServletException, IOException {
Resp.SetContentType(text/plain);

}
}
GenericServlet
public class MyServlet extends
javax.servlet.GenericServlet {
public void service(ServletRequest req,
ServletResponse resp)
throws ServletException, IOException {
resp.SetContentType(text/plain);

}
}

HttpServlet
public class MyServlet extends
javax.servlet.http.HttpServlet {
public void doGet(ServletRequest req, ServletResponse
resp)
throws ServletException, IOException {
resp.SetContentType(text/plain);
PrintWriter out = resp.getWriter();
out.println(Hello, world);
}
public void doPost(ServletRequest req, ServletResponse
resp)
throws ServletException, IOException {
doGet(req, resp);
}
HttpServlet
doPost does three things
Set output type text/plain MIME type
getWriter() method for out stream
Print on out stream
getLastModified() method
To cache content if content delivered by a servlet has
not changed
Return Long =time content last changed
Default implementation returns a negative number
servlet doesnt know
getServletInfo() method
Returns String for logging purposes


Web Applications
Consists of a set of resources including
Servlets, Static content, JSP files, Class libraries
Servlet context,
a particular path on server to identify the web
application
Servlets have an isolated, protected environment to
operate in without interference
ServletContext class where servlets running in same
context can use this to communicate with each other
Example servlet context: /catalog
request.getContextPath() + /servlet/CatalogServlet
Web App Structure
Directory tree
Static resources: /
Packed classes: /WEB-INF/lib/*.jar
Unpacked classes: /WEB-INF/classes/*.class
Deployment descriptor: /WEB-INF/web.xml
Configuration information for the servlets including
Names, servlet (path) mapprings, initialization
parameters, context-level configuration
Servlet Path Mappings
Servlets are not files, so must be mapped to URIs (Uniform
Resource Identifiers)
Servet container can set default, typically /servlet/*
Example: /servlet/MyPacPageServlet can invoke
PageServlet.class
Mapping by
Exact path: /store/chairs
Prefix: /store/*
Extension: *.page
A servlet mapped to / path becomes the default servlet for
the application and is invoked when no other servlet is
found
Servlet Context Methods
Resources such as index.html can be accessed through
web server or by servlet
Servlet uses request.getContextPath() to identify its context path,
for example: /app
Servlet uses getResource() and
getResourceAsStream(request.getContextPath() + /index.html)
To retrieve context-wide initialization parameters, servlet
uses getInitParameter() and getInitParameterNames()
To access a range of information about the local
environment, shared with other servlets in same servlet
context, servlet uses getAttribute(), setAttribute(),
removeAttribute(), getAttributeNames()


HttpServletRequest interface
Server creates object implementing this
interface, passes it to servlet. Allows access to
URL info: getProtocol(), getServerName(),
getPort(), getScheme()
User host name: getRemoteHost()
Parameter info: (variables from input form):
.getParameterNames(), getParameter()
HTTP specific request data:
getHeaderNames(), getHeader(), getAuthType()

Forms and Interaction
<form method=get action=/servlet/MyServlet>
GET method appends parameters to action URL:
/servlet/MyServlet?userid=Jeff&pass=1234
This is called a query string (starting with ?)
Username: <input type=text name=userid
size=20>
Password: <input type=password name=pass
size=20>
<input type=submit value=Login>
POST Method
<form method=post
Post method does not append parameters to action URL:
/servlet/MyServlet
Instead, parameters are sent in body of request where the
password is not visible as in GET method
POST requests are not idempotent
From Mathematics an idempotent unary operator definition:
whenever it is applied twice to any element, it gives the same
result as if it were applied once.
Cannot bookmark them
Are not safely repeatable
Cant be reloaded
browsers treat them specially, ask user
HEAD, and Other Methods
HEAD returns headers only
PUT, DELETE create and remove resources
from the web server
TRACE returns the request headers to the
client
doXXX() methods (XXX is one of the four)
Most servlet programmers ignore these methods
Default implementation informs user that request
is unsupported or provides minimal
implementation

HttpServletResponse
Specify the MIME type of the response
.setContentType(image/gif);
Called before .getWriter() so correct Charset is used
Two methods for producing output streams:
Java.io.Printwriter out = resp.getWriter()
ServletOutputStream str = resp.getOutputStream()
//used for non-text responses
HTTP response headers and status code
setHeader(), containsHeader(),
setStatus(), 200 OK, 404 Not Found, etc.
sendError()
sendRedirect(), sets Location header and status code for
redirect. Causes browser to make another request.
RequestDispatcher
Can forward request to another servlet
Can include bits of content from other servlets in its own
response
RequestDispatcher d =
req.getRequestDispatcher(/servlet/OtherServlet);
Either include goes and comes back
d.include(req, resp);
Or forward doesnt come back
d.forward(req, resp);
Request dispatching is Different from sendRedirect()
browser not involved
from user perspective, URL is unchanged

Security
J2EE User Role Model -- users can be assigned
one or more roles
web.xml defines which servlets and resources
are protected and which users have access
particular role allows access to specific
protected resources
getRemoteUser() -- users ID
getAuthType() -- Basic, Digest, or SSL
isUserInRole() for dynamic content decisions
getUserPrincipal() returns a
java.security.Principal object identifying the user
Servlet Filters
Filters perform processing on the request
Implement logging, control security, set up
connection-specific objects
javax.servlet.Filter = filter resource class
Filter chain zero or more Filter objects and a
destination resource (servlet or JSP)
Set up a filter for a particular request path, (like a
servlet mapping) such as *.jsp
Filter resource calls doFilter() to advance to next
filter in the chain, if no more filters, request is
passed to ultimate destination
Thread Safety
Multithreaded = one servlet, multiple requests
simultaneously
Threadsafe not using class variables since one
copy of these variables is shared by all threads
Synchronized blocks of code, all threads wait
until they can enter, one at a time
Servlet 2.4 deprecates SingleThreadModel
interface could not resolve all potential
threading issues.
Cookies
Persistent client-side storage of data known to server
and sent to client
Cookie is multiple names and values. Value limited to
4096 bytes
has expiration date, and a server name (returned to
same host and not to others)
Cookie is sent in HTTP header of response
resp.addCookie(name,value)
Cookie is returned to server in HTTP header of
subsequent request
cookies = req.getCookies();
For (int i=0;i<cookies.length;i++) {
cookies[i].getName cookies[i].getAttribute
Session Tracking
For tracking individual users through the site
Application needs stateful environment whereas
the web is inherently stateless
Previously, applications had to resort to
complicated code, using cookies, hidden
variables in forms, rewriting URLs to contain
state information
Delegates most of the user-tracking functions to
the server
Server creates object
javax.servlet.http.HttpSession
Session
Servlet uses req.getSession(true)
Boolean arg handles case if no current session object
Should new one be created or not
Session.isNew() useful to detect new session object
Servlet binds data to the HttpSession object with
session.setAttribute(hits,new Integer(34));
Server assigns unique session ID, stored in a cookie
If cookies are not available, server uses URL rewriting.
To create links, with session ID use
resp.encodeURL(/servlet/View)
or
resp.encodeRedirectURL(/servlet/View)