WEB TECHNOLOGIES

A COMPUTER SCIENCE PERSPECTIVE

JEFFREY C. JACKSON

Chapter 6
Server-side Programming:
Java Servlets

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Server-side Programming
• The combination of
– HTML
– JavaScript
– DOM
is sometimes referred to as Dynamic HTML
(DHTML)
• Web pages that include scripting are often
called dynamic pages (vs. static)

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Server-side Programming
• Similarly, web server response can be
static or dynamic
– Static: HTML document is retrieved from the
file system and returned to the client
– Dynamic: HTML document is generated by a
program in response to an HTTP request
• Java servlets are one technology for
producing dynamic server responses
– Servlet is a class instantiated by the server to
produce a dynamic response

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Servlet Overview

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Servlet Overview
1. When server starts it instantiates servlets
2. Server receives HTTP request, determines
need for dynamic response
3. Server selects the appropriate servlet to
generate the response, creates
request/response objects, and passes them to
a method on the servlet instance
4. Servlet adds information to response object via
method calls
5. Server generates HTTP response based on
information stored in response object

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Hello World! Servlet

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Hello World! Servlet
All servlets we will write
are subclasses of
HttpServlet

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Hello World! Servlet

Server calls doGet() in response to GET request

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Hello World! Servlet

Interfaces implemented by request/response objects

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Hello World! Servlet

Production servlet should

catch these exceptions

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Hello World! Servlet
• JWSDP Tomcat server exception
handling:
– Stack trace appended to
logs/jwsdp_log.*.txt
– HTML document returned to client may (or
may not) contain partial stack trace
• Servlet output to System.out.print(),
printStackTrace(), etc. is appended
to logs/launcher.server.log
Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Hello World! Servlet

First two
things done
by typical servlet;
must be in this
order

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Hello World! Servlet

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Hello World! Servlet

HTML generated by calling print() or

println() on the servlet’s
PrintWriter object

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Hello World! Servlet

Good practice to explicitly close

the PrintWriter when done

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Servlets vs. Java Applications
• Servlets do not have a main()
– The main() is in the server
– Entry point to servlet code is via call to a
method (doGet() in the example)
• Servlet interaction with end user is indirect
via request/response object APIs
– Actual HTTP request/response processing is
handled by the server
• Primary servlet output is typically HTML

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Running Servlets
• Simple way to run a servlet (better later):
1. Compile servlet (make sure that JWSDP
libraries are on path)
2. Copy .class file to shared/classes
directory
3. (Re)start the Tomcat web server
4. If the class is named ServletHello,
browse to
http://localhost:8080/servlet/ServletHello

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Dynamic Content

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Dynamic Content

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Dynamic Content

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Dynamic Content
• Potential problems:
– Assuming one instance of servlet on one
server, but
• Many Web sites are distributed over multiple
servers
• Even a single server can (not default) create
multiple instances of a single servlet
– Even if the assumption is correct, this servlet
does not handle concurrent accesses properly
• We’ll deal with this later in the chapter

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Servlet Life Cycle
• Servlet API life cycle methods
– init(): called when servlet is instantiated;
must return before any other methods will be
called
– service(): method called directly by server
when an HTTP request is received; default
service() method calls doGet() (or
related methods covered later)
– destroy(): called when server shuts down

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Servlet Life Cycle
Example life cycle method:
attempt to initialize visits variable
from file

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Servlet Life Cycle

Exception to be thrown
if initialization fails and servlet
should not be instantiated

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Parameter Data
• The request object (which implements
HttpServletRequest) provides
information from the HTTP request to the
servlet
• One type of information is parameter data,
which is information from the query string
portion of the HTTP request

Query string with

one parameter
Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Parameter Data
• Parameter data is the Web analog of
arguments in a method call:

• Query string syntax and semantics

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Parameter Data
• Query string syntax and semantics
– Multiple parameters separated by &

– Order of parameters does not matter

– All parameter values are strings

Value of arg is empty string

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Parameter Data
• Parameter names and values can be any
8-bit characters
• URL encoding is used to represent non-
alphanumeric characters:

Value of arg is
‘a String’

• URL decoding applied by server to retrieve

intended name or value

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Parameter Data
• URL encoding algorithm

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Parameter Data

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Parameter Data

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Parameter Data

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Parameter Data
Must escape XML special characters in
all user-supplied data before adding to HTML
to avoid cross-site scripting attacks

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Parameter Data
• Cross-site scripting
Comment containing
Attacker <script> element

Blogging Web
site

Document containing
Victim attacker’s comment (and script)

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Parameter Data

Also need to escape quotes within

attribute values.

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Parameter Data

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Parameter Data
• A form automatically generates a query
string when submitted
– Parameter name specified by value of name
attributes of form controls

– Parameter value depends on control type

Value for checkbox

specified by value attribute

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Parameter Data

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Parameter Data

username

lifestory

boxgroup1 (values same as labels)

doit

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Parameter Data
• Query string produced by browser (all one
line):

Checkbox parameters have same name values;

only checked boxes have corresponding parameters

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Parameter Data
• GET vs. POST method for forms:
– GET:
• Query string is part of URL
• Length of query string may be limited
• Recommended when parameter data is not stored
but used only to request information (e.g., search
engine query)
– The URL can be bookmarked or emailed and the same
data will be passed to the server when the URL is
revisited

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Parameter Data

Browser content copyright 2004 Google, Inc. Used by permission.

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Parameter Data
• GET vs. POST method for forms:
– POST:
• Query string is sent as body of HTTP request
• Length of query string is unlimited
• Recommended if parameter data is intended to
cause the server to update stored data
• Most browsers will warn you if they are about to
resubmit POST data to avoid duplicate updates

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Parameter Data

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Sessions
• Many interactive Web sites spread user
data entry out over several pages:
– Ex: add items to cart, enter shipping
information, enter billing information
• Problem: how does the server know which
users generated which HTTP requests?
– Cannot rely on standard HTTP headers to
identify a user

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Sessions

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Sessions

Server sends back

new unique
session ID when
the request has
none

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Sessions

Client that supports

session stores the
ID and sends it
back to the server
in subsequent
requests

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Sessions

Server knows
that all of these
requests are
from the same
client. The
set of requests
is known as a
session.

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Sessions

And the server

knows that all
of these
requests are
from a different
client.

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Sessions

Returns HttpSession object associated

with this HTTP request.
• Creates new HttpSession object if no
session ID in request or no object with
this ID exists
• Otherwise, returns previously created
object

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Sessions

Boolean indicating whether returned

object was newly created or already
existed.

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Sessions

Incremented once per session

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Sessions

Three web
pages produced
by a single servlet

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Sessions

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Sessions

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Sessions

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Sessions

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Sessions

,,,

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Sessions

,,, Session attribute is a

name/value pair

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Sessions

,,,

Session attribute will

have null value until
a value is assigned

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Sessions

,,,

Generate
sign-in form
if session is
new or
signIn
attribute has no value,
weclome-back page
otherwise.

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Sessions

Sign-in form

Welcome-back
page

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Sessions

Second argument
(“Greeting”) used as
action attribute value
(relative URL)

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Sessions

Form will be sent using POST HTTP

method (doPost() method will be called)

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Sessions

Text field containing

user name is named
signIn

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Sessions

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Sessions

…
Retrieve
signIn
parameter value

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Sessions

Normal
processing:
signIn
parameter
is present in
HTTP request

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Sessions

Generate
HTML for
response

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Sessions

Thank-you page Must escape

XML special
characters in
user input

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Sessions

Assign a
value to the
signIn session
attribute

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Sessions
• Session attribute methods:
– setAttribute(String name, Object
value): creates a session attribute with the
given name and value
– Object getAttribute(String name):
returns the value of the session attribute
named name, or returns null if this session
does not have an attribute with this name

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Sessions

Error
processing
(return user
to sign-in form)

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Sessions
• By default, each session expires if a
server-determined length of time elapses
between a session’s HTTP requests
– Server destroys the corresponding session
object
• Servlet code can:
– Terminate a session by calling
invalidate() method on session object
– Set the expiration time-out duration (secs) by
calling setMaxInactiveInterval(int)

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Cookies
• A cookie is a name/value pair in the Set-
Cookie header field of an HTTP response
• Most (not all) clients will:
– Store each cookie received in its file system
– Send each cookie back to the server that sent
it as part of the Cookie header field of
subsequent HTTP requests

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Cookies

Tomcat sends
session ID as value
of cookie named
JSESSIONID

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Cookies

Cookie-enabled
browser returns
session ID as value
of cookie named
JSESSIONID

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Cookies
• Servlets can set cookies explicitly
– Cookie class used to represent cookies
– request.getCookies() returns an array of
Cookie instances representing cookie data in
HTTP request
– response.addCookie(Cookie) adds a
cookie to the HTTP response

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Cookies

Cookies are expired by

client (server can request
expiration date)

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Cookies

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Cookies

Return array of cookies

contained in HTTP request

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Cookies

Search for
cookie
named
COUNT and
extract value
as an int

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Cookies

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Cookies

Send
replacement
cookie value
to client
(overwrites
existing cookie)

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Cookies

Should call
addCookie()
before writing
HTML

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Cookies
Privacy issues

HTTP request to
intended site Web site
providing
requested
HTTP response:
content
HTML document
Client
including ad <img>
HTTP request for
ad image
Image
plus Set-Cookie Web site
in response: providing
third-party cookie banner
ads

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Cookies
Privacy issues
Second
HTTP request to 2nd Web site
intended site providing
Web site requested
providing content
requested
HTTP response:
content
HTML document
Client
including ad <img>
HTTP request for
ad image plus Cookie (identifies user)
Image Based on
Web site
providing Referer, I know two
banner Web sites that
ads this user has
visited
Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Cookies
Privacy issues
• Due to privacy concerns, many users
block cookies
– Blocking may be fine-tuned. Ex: Mozilla
allows
• Blocking of third-party cookies
• Blocking based on on-line privacy policy
• Alternative to cookies for maintaining
session: URL rewriting

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 URL Rewriting

Tomcat adds
session ID within
HTML document
to all URL’s
referring to the
servlet Session ID = 4235

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 URL Rewriting

Subsequent
request will contain
session ID in the
URL of the request
Session ID = 4235

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 URL Rewriting

Next response must

again add session ID
to all URL’s Session ID = 4235

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 URL Rewriting
• Original (relative) URL:
href=“URLEncodedGreeting”

• URL containing session ID:

href=“URLEncodedGreeting;jsessionid=0157B9E85”

Path parameter

• Path parameter is treated differently than

query string parameter
– Ex: invisible to getParameter()

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 URL Rewriting
• HttpServletResponse method
encodeURL() will add session id path
parameter to argument URL
Original
servlet
Relative URL of servlet
Servlet
using URL
rewriting

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 URL Rewriting
• Must rewrite every servlet URL in every
document
• Security issues
Web site using
URL with URL rewriting
session ID
7152

User A

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 URL Rewriting
• Must rewrite every servlet URL in every
document
• Security issues
Web site using
URL with URL rewriting
session ID
7152

Email URL
User A User B

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 URL Rewriting
• Must rewrite every servlet URL in every
document
• Security issues
Web site using
URL with URL rewriting Visit Web site with
session ID
session ID 7152
7152

Email URL
User A User B

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 More Servlet Methods

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 More Servlet Methods

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 More Servlet Methods

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 More Servlet Methods
• Response buffer
– All data sent to the PrintWriter object is
stored in a buffer
– When the buffer is full, it is automatically
flushed:
• Contents are sent to the client (preceded by
header fields, if this is the first flush)
• Buffer becomes empty
– Note that all header fields must be defined
before the first buffer flush

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 More Servlet Methods

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 More Servlet Methods
• In addition to doGet() and doPost(),
servlets have methods corresponding to
other HTTP request methods
– doHead(): automatically defined if doGet()
is overridden
– doOptions(), doTrace(): useful default
methods provided
– doDelete(), doPut(): override to support
these methods

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Data Storage
• Almost all web applications (servlets or related
dynamic web server software) store and retrieve
data
– Typical web app uses a data base management
system (DBMS)
– Another option is to use the file system
– Not web technologies, so beyond our scope
• Some Java data storage details provided in
Appendices B (file system) and C (DBMS)
• One common problem: concurrency

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Concurrency

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Concurrency
• Tomcat creates a separate thread for each
HTTP request
• Java thread state saved:
– Which statement to be executed next
– The call stack: where the current method will
return to, where that method will return to, etc.
plus parameter values for each method
– The values of local variables for all methods
on the call stack

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Concurrency
• Some examples of values that are not
saved when a thread is suspended:
– Values of instance variables (variables
declared outside of methods)
– Values of class variables (variables declared
as static outside of methods)
– Contents of files and other external resources

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Concurrency

// Output HTML document

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Concurrency

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Concurrency
• Java support thread synchronization

Only one thread at

at time can call doGet()

– Only one synchronized method within a class

can be called at any one time

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Concurrency

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Concurrency
• Web application with multiple servlet
classes and shared resource:

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Concurrency
• Solution: create a shared class with
synchronized static methods called by
both servlets

readAndReset() incr()
CounterReader CounterFile CounterWriter

File

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Common Gateway Interface
• CGI was the earliest standard technology
used for dynamic server-side content
• CGI basics:
– HTTP request information is stored in
environment variables (e.g.,
QUERY_STRING, REQUEST_METHOD,
HTTP_USER_AGENT)
– Program is executed, output is returned in
HTTP response

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
 Common Gateway Interface
• Advantage:
– Program can be written in any programming
language (Perl frequently used)
• Disadvantages:
– No standard for concepts such as session
– May be slower (programs normally run in
separate processes, not server process)

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0