Scribd
Upload
167 views

Server-Side Programming: Java Servlets: Web Technologies A Computer Science Perspective

Uploaded by

nithyahimalini
Copyright
© © All Rights Reserved
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
167 views

Server-Side Programming: Java Servlets: Web Technologies A Computer Science Perspective

Uploaded by

nithyahimalini
Copyright
© © All Rights Reserved
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 41

WEB TECHNOLOGIES

A COMPUTER SCIENCE PERSPECTIVE

JEFFREY C. JACKSON

Chapter 6
Server-side Programming:
Java Servlets

Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
Server-side Programming
• The combination of
– HTML
– JavaScript
– DOM
is sometimes referred to as Dynamic HTML
(DHTML)
• Web pages that include scripting are often
called dynamic pages (vs. static)

Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
Server-side Programming
• Similarly, web server response can be
static or dynamic
– Static: HTML document is retrieved from the
file system and returned to the client
– Dynamic: HTML document is generated by a
program in response to an HTTP request
• Java servlets are one technology for
producing dynamic server responses
– Servlet is a Java class instantiated by the
server to produce a dynamic response

Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
Servlet Overview

Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
Servlet Overview
1. When server starts, it instantiates servlets
2. Server receives HTTP request, determines
need for dynamic response
3. Server selects the appropriate servlet to
generate the response, creates
request/response objects, and passes them to
a method on the servlet instance
4. Servlet adds information to response object via
method calls
5. Server generates HTTP response based on
information stored in response object

Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
Hello World! Servlet

Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
Hello World! Servlet
All servlets we will write
are subclasses of
HttpServlet

Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
Hello World! Servlet

Server calls doGet() in response to GET request

Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
Hello World! Servlet

Interfaces implemented by request/response objects

Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
Hello World! Servlet

Production servlet should


catch these exceptions

Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
Servlets vs. Java Applications
• Servlets do not have a main()
– The main() is in the server
– Entry point to servlet code is via call to a
method (doGet() in the example)
• Servlet interaction with end user is indirect
via request/response object APIs
– Actual HTTP request/response processing is
handled by the server
• Primary servlet output is typically HTML

Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
Running Servlets
• Simple way to run a servlet (better later):
1. Compile servlet (make sure that JWSDP
libraries are on path)
2. Copy .class file to shared/classes
directory
3. (Re)start the Tomcat web server
4. If the class is named ServletHello,
browse to
http://localhost:8080/servlet/ServletHello

Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
Dynamic Content

Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
Dynamic Content

Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
Dynamic Content

Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
Servlet Life Cycle
• Servlet API life cycle methods
– init(): called when servlet is instantiated;
must return before any other methods will be
called
– service(): method called directly by server
when an HTTP request is received; default
service() method calls doGet() (or
related methods covered later)
– destroy(): called when server shuts down

Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
Parameter Data
• GET vs. POST for the method attribute of forms:
– GET:
– Choosing GET as the "method" will append all of the data to the URL
and it will show up in the URL bar of your browser.
– The amount of information you can send back using a GET is restricted
as URLs can only be 1024 characters.
– Recommended when parameter data is not stored or updated on the
server, but used only to request information (e.g., search engine query)

Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
Parameter Data
• GET vs. POST method for forms:
– POST:
• Query string is sent as body of HTTP request
• Length of query string is unlimited
• Recommended if parameter data is intended to
cause the server to update stored data
• Most browsers will warn you if they are about to
resubmit POST data to avoid duplicate updates

Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
Sessions
• Many interactive Web sites spread user data entry out over several
pages:
– Ex: add items to cart, enter shipping information, enter billing
information
• Problem: how does the server know which users generated which
HTTP requests?
– Cannot rely on standard HTTP headers to identify a user
• A session can be defined as a server-side storage of information
that is desired to persist throughout the user's interaction with the
web site or web application. 

Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
Sessions

Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
Sessions

Server sends back


new unique
session ID when
the request has
none

Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
Sessions

Client that supports


session stores the
ID and sends it
back to the server
in subsequent
requests

Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
Sessions

Server knows
that all of these
requests are
from the same
client. The
set of requests
is known as a
session.

Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
Sessions

And the server


knows that all
of these
requests are
from a different
client.

Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
Sessions

Three web
pages produced
by a single servlet

Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
Sessions

Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
Sessions

Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
Sessions

Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
Sessions

Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
Sessions
• How to get the HttpSession object ?
• The HttpServletRequest interface provides two methods to get the object of
HttpSession:

• public HttpSession getSession():Returns the current session associated


with this request, or if the request does not have a session, creates one.

• public HttpSession getSession(boolean create):Returns the current


HttpSession associated with this request or, if there is no current session
and create is true, returns a new session.

Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
Commonly used methods of HttpSession interface

• public String getId():Returns a string containing the unique identifier


value.

• public long getCreationTime():Returns the time when this session was


created, measured in milliseconds since midnight January 1, 1970 GMT.

• public long getLastAccessedTime():Returns the last time the client


sent a request associated with this session, as the number of milliseconds
since midnight January 1, 1970 GMT.

• public void invalidate():Invalidates this session then unbinds any


objects bound to it.
•   setMaxInactiveInterval(int )Returns the maximum time
interval, in seconds, that the servlet container will keep this session open
between client accesses.

Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
Cookies
• A cookie is a name/value pair in the Set-Cookie header field of an HTTP response.

• A HTTP cookie (also called web cookie, Internet cookie, browser cookie or


simply cookie), is a small piece of data sent from a website and stored in a
user's web browser while the user is browsing that website.

• Every time the user loads the website, the browser sends the cookie back to the
server to notify the website of the user's previous activity.

• Cookies were designed to be a reliable mechanism for websites to


remember stateful information (such as items in a shopping cart) or to record the
user's browsing activity (including clicking particular buttons, logging in, or recording
which pages were visited by the user as far back as months or years ago)
• .
• Without cookies, websites and their servers have no memory. A cookie, like a key,
enables swift passage from one place to the next.
• Without a cookie every time you open a new web page the server where that page is
stored will treat you like a completely new visitor.

Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
Cookies

Tomcat sends
session ID as value
of cookie named
JSESSIONID

Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
Cookies

Cookie-enabled
browser returns
session ID as value
of cookie named
JSESSIONID

Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
Cookies
• Servlets can set cookies explicitly
– Cookie class used to represent cookies
– request.getCookies() returns an array of
Cookie instances representing cookie data in
HTTP request
– response.addCookie(Cookie) adds a
cookie to the HTTP response

Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
Cookies

Cookies are expired by


client (server can request
expiration date)

Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
Cookies
Privacy issues

HTTP request to
intended site Web site
providing
requested
HTTP response:
content
HTML document
Client
including ad <img>
HTTP request for
ad image
Image
plus Set-Cookie Web site
in response: providing
third-party cookie banner
ads

Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
Cookies
Privacy issues
Second
HTTP request to 2nd Web site
intended site providing
Web site requested
providing content
requested
HTTP response:
content
HTML document
Client
including ad <img>
HTTP request for
ad image plus Cookie (identifies user)
Image Based on
Web site
providing Referer, I know two
banner Web sites that
ads this user has
visited
Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
Cookies
Privacy issues
• Due to privacy concerns, many users
block cookies
– Blocking may be fine-tuned. Ex: Mozilla
allows
• Blocking of third-party cookies
• Blocking based on on-line privacy policy
• Alternative to cookies for maintaining
session: URL rewriting

Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
Data Storage
• Almost all web applications (servlets or related
dynamic web server software) store and retrieve
data
– Typical web app uses a data base management
system (DBMS)
– Another option is to use the file system
– Not web technologies, so beyond our scope
• Some Java data storage details provided in
Appendices B (file system) and C (DBMS)
• One common problem: concurrency

Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
Common Gateway Interface
• The common gateway interface (CGI) is a standard way for a Web server to pass a Web user's
request to an application program and to receive data back to forward to the user.

• When the user requests a Web page (for example, by clicking on a highlighted word or entering
a Web site address), the server sends back the requested page. However, when a user fills out a
form on a Web page and sends it in, it usually needs to be processed by an application program.

• The Web server typically passes the form information to a small application program that
processes the data and may send back a confirmation message. This method or convention for
passing data back and forth between the server and the application is called the common
gateway interface (CGI). It is part of the Web's Hypertext Transfer Protocol (HTTP).

Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)

You might also like