Ch 3 - Java Servlets

Ch 3 - Java Servlets COSC 617 Jeff Schmitt September 21, 2006

Java Servlet API • The predominant language for server-side programming • Standard way to extend server to generate dynamic content • Web browsers are universally available “thin” clients • Web server is “middleware” for running application logic • User sends request – server invokes servlet – servlet takes request and generates response- returned to user

Advantages of Servlet API • CGI, ISAPI, ASP, PHP, etc also generate dynamic content • Standard, stable, supported API • multithreaded for improved performance • Persistent between invovations, improved performance • 100% portable between OS and servers • Access to all API’s of Java platform • Basis of JSP technology • Basis of Struts and JSF frameworks

Servlet Basics • Packages: javax.servlet, javax.servlet.http • Runs in servlet container such as Tomcat • Tomcat 4.x for Servlet 2.3 API • Tomcat 5.x for Servlet 2.4 API • Servlet lifecycle • Persistent (remains in memory between requests) • Startup overhead occurrs only once • init() method runs at first request • service() method for each request • destroy() method when server shuts down

Common Gateway Interface (CGI) • Not persistent • Not multithreaded • Not high performancce • Any language that can read standard input, write standard output and read environment variables • Server sends request information specially encoded on standard input • Server expects response information on standard output

Writing servlets • public class MyServlet extends javax.servlet.GenericServlet { • public void service(ServletRequest req, ServletResponse resp) • throws ServletException, IOException { • Resp.SetContentType(“text/plain”); • … • } • }

GenericServlet • public class MyServlet extends javax.servlet.GenericServlet { • public void service(ServletRequest req, ServletResponse resp) • throws ServletException, IOException { • resp.SetContentType(“text/plain”); • … • } • }

HttpServlet • public class MyServlet extends javax.servlet.http.HttpServlet { • public void doGet(ServletRequest req, ServletResponse resp) • throws ServletException, IOException { • resp.SetContentType(“text/plain”); • PrintWriter out = resp.getWriter(); • out.println(“Hello, world”); • } • public void doPost(ServletRequest req, ServletResponse resp) • throws ServletException, IOException { • doGet(req, resp); • }

HttpServlet • doPost does three things • Set output type “text/plain” MIME type • getWriter() method for out stream • Print on out stream • getLastModified() method • To cache content if content delivered by a servlet has not changed • Return Long =time content last changed • Default implementation returns a negative number – servlet doesn’t know • getServletInfo() method • Returns String for logging purposes

Web Applications • Consists of a set of resources including • Servlets, Static content, JSP files, Class libraries • Servlet context, • a particular path on server to identify the web application • Servlets have an isolated, protected environment to operate in without interference • ServletContext class where servlets running in same context can use this to communicate with each other • Example servlet context: /catalog • request.getContextPath() + “/servlet/CatalogServlet”

Web App Structure • Directory tree • Static resources: / • Packed classes: /WEB-INF/lib/*.jar • Unpacked classes: /WEB-INF/classes/*.class • Deployment descriptor: /WEB-INF/web.xml • Configuration information for the servlets including • Names, servlet (path) mapprings, initialization parameters, context-level configuration

Servlet Path Mappings • Servlets are not files, so must be mapped to URIs (Uniform Resource Identifiers) • Servet container can set default, typically /servlet/* • Example: /servlet/MyPacPageServlet can invoke PageServlet.class • Mapping by • Exact path: /store/chairs • Prefix: /store/* • Extension: *.page • A servlet mapped to / path becomes the default servlet for the application and is invoked when no other servlet is found

Servlet Context Methods • Resources such as index.html can be accessed through web server or by servlet • Servlet uses request.getContextPath() to identify its context path, for example: /app • Servlet uses getResource() and getResourceAsStream(request.getContextPath() + “/index.html”) • To retrieve context-wide initialization parameters, servlet uses getInitParameter() and getInitParameterNames() • To access a range of information about the local environment, shared with other servlets in same servlet context, servlet uses getAttribute(), setAttribute(), removeAttribute(), getAttributeNames()

HttpServletRequest interface • Server creates object implementing this interface, passes it to servlet. Allows access to • URL info: getProtocol(), getServerName(), getPort(), getScheme() • User host name: getRemoteHost() • Parameter info: (variables from input form): .getParameterNames(), getParameter() • HTTP –specific request data: getHeaderNames(), getHeader(), getAuthType()

Forms and Interaction • <form method=get action=“/servlet/MyServlet”> • GET method appends parameters to action URL:/servlet/MyServlet?userid=Jeff&pass=1234 • This is called a query string (starting with ?) • Username: <input type=text name=“userid” size=20> • Password: <input type=password name=“pass” size=20> • <input type=submit value=“Login”>

POST Method • <form method=post … • Post method does not append parameters to action URL: /servlet/MyServlet • Instead, parameters are sent in body of request where the password is not visible as in GET method • POST requests are not idempotent • From Mathematics – an idempotent unary operator definition: whenever it is applied twice to any element, it gives the same result as if it were applied once. • Cannot bookmark them • Are not safely repeatable • Can’t be reloaded • browsers treat them specially, ask user

HEAD, and Other Methods • HEAD – returns headers only • PUT, DELETE – create and remove resources from the web server • TRACE – returns the request headers to the client • doXXX() methods (XXX is one of the four) • Most servlet programmers ignore these methods • Default implementation informs user that request is unsupported or provides minimal implementation

HttpServletResponse • Specify the MIME type of the response • .setContentType(“image/gif”); • Called before .getWriter() so correct Charset is used • Two methods for producing output streams: • Java.io.Printwriter out = resp.getWriter() • ServletOutputStream str = resp.getOutputStream() //used for non-text responses • HTTP response headers and status code • setHeader(), containsHeader(), • setStatus(), 200 OK, 404 Not Found, etc. • sendError() • sendRedirect(), sets Location header and status code for redirect. Causes browser to make another request.

RequestDispatcher • Can forward request to another servlet • Can include bits of content from other servlets in its own response • RequestDispatcher d = req.getRequestDispatcher(“/servlet/OtherServlet”); • Either include – goes and comes backd.include(req, resp); • Or forward – doesn’t come back d.forward(req, resp); • Request dispatching is Different from sendRedirect() • browser not involved • from user perspective, URL is unchanged

Status Codes response.sendError,HttpServletResponse.SC_NOT_FOUND, “Could not find it”); • SC_OK = 200 // the success code • SC_NO_CONTENT = 204 //content unchanged -- browser view stays at the form but avoids “contains no data” error message • SC_MOVED_PERMANENTLY = 301// browser uses Location header • SC_MOVED_TEMPORARILY = 302 // browser uses Location header • SC_UNAUTHORIZED = 401 // wrong authentication • SC_NOT_FOUND = 404 // page not found • SC_INTERNAL_SERVER_ERROR = 500 • SC_NOT_IMPLEMENTED = 501 // for HEADER, PUT, DELETE • SC_SERVICE_UNAVAILABLE = 503

Servlet Exceptions • ServletException – thrown to indicate a general servlet problem • try { … } catch (Exception ex) { throw new ServletException(ex); } • UnavailableException, a derivative of ServletException, notifies the server that servlet is going to be temporarily unavailable

Servlet Context Initialization • Application-level events use a listener style interface • Opportunity to create and share application-level resources such as DB connection pools • Classes that implement ServletContextListener are notified when the context is initialized or destroyed. • Context listeners are associated with their context with the application-level web.xml file.

Security • J2EE User Role Model -- users can be assigned one or more roles • web.xml defines which servlets and resources are protected and which users have access • particular role allows access to specific protected resources • getRemoteUser() -- user’s ID • getAuthType() -- Basic, Digest, or SSL • isUserInRole() – for dynamic content decisions • getUserPrincipal() – returns a java.security.Principal object identifying the user

Servlet Filters • Filters perform processing on the request • Implement logging, control security, set up connection-specific objects • javax.servlet.Filter = filter resource class • Filter chain – zero or more Filter objects and a destination resource (servlet or JSP) • Set up a filter for a particular request path, (like a servlet mapping) such as *.jsp • Filter resource calls doFilter() to advance to next filter in the chain, if no more filters, request is passed to ultimate destination

Thread Safety • Multithreaded = one servlet, multiple requests simultaneously • Threadsafe – not using class variables since one copy of these variables is shared by all threads • Synchronized blocks of code, all threads wait until they can enter, one at a time • Servlet 2.4 deprecates SingleThreadModel interface – could not resolve all potential threading issues.

Cookies • Persistent client-side storage of data known to server and sent to client • Cookie is multiple names and values. Value limited to 4096 bytes • has expiration date, and a server name (returned to same host and not to others) • Cookie is sent in HTTP header of response • resp.addCookie(name,value) • Cookie is returned to server in HTTP header of subsequent request • cookies = req.getCookies(); • For (int i=0;i<cookies.length;i++) { • cookies[i].getName cookies[i].getAttribute

Session Tracking • For tracking individual users through the site • Application needs stateful environment whereas the web is inherently stateless • Previously, applications had to resort to complicated code, using cookies, hidden variables in forms, rewriting URLs to contain state information • Delegates most of the user-tracking functions to the server • Server creates object javax.servlet.http.HttpSession

Session • Servlet uses req.getSession(true) • Boolean arg handles case if no current session object • Should new one be created or not • Session.isNew() – useful to detect new session object • Servlet binds data to the HttpSession object with session.setAttribute(“hits”,new Integer(34)); • Server assigns unique session ID, stored in a cookie • If cookies are not available, server uses URL rewriting. To create links, with session ID use • resp.encodeURL(“/servlet/View”)or • resp.encodeRedirectURL(“/servlet/View”)

JDBC • Load the driver class • Get a connection • Create a statement • Execute the query, returns ResultSet • Iterate through ResultSet

JDBC Example • // Load the Oracle JDBC driver Class.forName ("oracle.jdbc.driver.OracleDriver"); • //Connect to DB server as authorized userConnection conn = DriverManager.getConnection ("jdbc:oracle:thin:@orion.towson.edu:1521:cosc", account, password); • // Create a JDBC Statement to hold SQL query Statement stmt = conn.createStatement (); ResultSet rset = stmt.executeQuery ("select ticker from stocks"); • // Iterate through the result and print the employee names while (rset.next ()) { out.println (rset.getString (1)); }

Ch 3 - Java Servlets

Ch 3 - Java Servlets

Presentation Transcript

Java Servlets

Java Servlets

Understanding Java servlets

Java Servlets

Enterprise Java Servlets

Java Servlets

Java Servlets

Java Servlets

Java Servlets

Java Servlets

Java Servlets

Java Servlets and JSP

Java Servlets

Java Servlets

Java Servlets

Java Servlets Tutorial | Java Servlets Explained | Java Tutorial For Beginners | Simplilearn