260 likes | 383 Views
CS 390 Unix Programming Environment. Topics to be covered: Run time Class Project Details Introduction to CGI. Implementing a Server. Create a socket, use the ServerSocket class ServerSocket s = new ServerSocket(4444); Socket listens to port 4444 Accept connection from client
E N D
CS 390 Unix Programming Environment Topics to be covered: Run time Class Project Details Introduction to CGI CS390- Unix Programming Environment
Implementing a Server • Create a socket, use the ServerSocket class • ServerSocket s = new ServerSocket(4444); • Socket listens to port 4444 • Accept connection from client • Socket Client_Socket = s.accept(); • Creates a socket that communicates with the client • Open the input and output stream to/from client • DataInputStream in = new DataInputStream(Client_Socket.getInputStream()); • PrintStream ps = new PrintStream(client_Socket.getOutputStream()); CS390- Unix Programming Environment
Implementing a Server • Close all the sockets and Streams • s.close(); • Client_Socket.close(); • in.close(); • ps.close(); • Upon closing the sockets and streams terminates the session between the server process and client process CS390- Unix Programming Environment
Implementing a Client • Create a socket • Specify the hostname or IP and the port where the socket will be created • Socket c = new Socket(“queen.mcs.drexel.edu”,4444); • If you are using a single machine then use localhost as your hostname • Open the input and output stream • DataInputStream in = new DataInputStream(c.getInputStream()); • PrintStream out = new PrintStream(c.getOutputStream()); CS390- Unix Programming Environment
Implementing the client • Close the socket and streams • c.close(); • in.close(); • out.close(); CS390- Unix Programming Environment
Sample Server class EchoServer { public static void main(String args[]) { try { ServerSocket s = new ServerSocket(4444); Socket client_socket = s.accept(); DataInputStream in = new DataInputStream(client_socket.getInputStream()); PrintStream out = new PrintStream(client_socket.getOutputStream()); … CS390- Unix Programming Environment
Sample Server contd… … out.println(“Hello!enter Bye to exit. \r”); boolean done = false; while (!done) { String str = in.readLine(); if(str == null){ done = true; } else { out.println(“Echo :”+str+” \r”); if(str.trim().equals(“BYE”)) done = true; } } }… CS390- Unix Programming Environment
Sample Server contd… client_socket.close(); } catch (Exception e) { System.out.println(e.toString()); } } } } //end of class EchoServer What is the name of this file? CS390- Unix Programming Environment
Sample Client class EchoClient { public static void main(String args[]) { try { Socket c = new Socket(“queen.mcs.drexel.edu”, 4444); // Note that when you are working on queen try to keep the port number > 4200 DataInputStream in = new DataInputStream(c.getInputStream()); boolean more = true; while(more) { String str = in.readLine(); if(str == null) more = false; else System.out.println(str); }… CS390- Unix Programming Environment
Sample Client contd… } catch(IOException ioe) { System.out.println(“Error “+ioe); } } //end of class EchoClient • Now that you have a sample application, try to work on this and get more information from the reference book for implementing your term project • That finishes the tutorial on Java and Socket Programming in Java • Next lecture, we will go through some of the components of the operating system like file manager, memory manager etc. CS390- Unix Programming Environment
Alternate way to create threads • We have seen how to implement threads using the Runnable interface • One can implement threads using extends thread • For example, class ServiceHandler extends Thread { … public void run(){ … } } To run this thread, in the class where it is instantiated say SH.start(), where SH is an object of type ServiceHandler CS390- Unix Programming Environment
How to execute commands? • In your term project, you have to execute the Unix Shell Command, sent by the client, at the server • One can execute commands using the Java Runtime class • Must import java.lang.* • A runtime object is defined as follows: Runtime rt = new Runtime.getRuntime(); CS390- Unix Programming Environment
How to execute commands? One can execute the command using rt.exec(command); This returns a process and you will need to handle the process.Check the “Process” class to know how to read the result upon the completion of the process • Do read the Run time class from the Java Reference book • That concludes the Java and Socket Programming tutorial CS390- Unix Programming Environment
For your project • Decide your team members • In your final report, Must mention work done by each member • Also add a note on how you found this course and your suggestions towards improving the course • Start working, if you have not yet begun, on your project • Project Deadline is Monday Aug 27th instead of Aug 28th (OSIR) CS390- Unix Programming Environment
Project Details • Include the following things along with the project report • A cover page having the team members name • In the Appendix mention the task of individual members CS390- Unix Programming Environment
Milestones • Next Tuesday, 08/14/2000, each team must submit the design of their project • On 08/21/2000, the teams will submit the task finished by each member • On 08/23/2000, there will be a Project Q/A session CS390- Unix Programming Environment
CGI • The Common Gateway Interface (CGI) is a standard for interfacing external applications with information servers, such as HTTP or Web servers • CGI scripts are programs that reside on a server and can be run from a web browser • There are basically two ways to write a CGI script • C: The advantage of C is that it's a compiled language, so it tends to be more efficient than Perl • Perl: However, Perl, with it's advanced data handling capabilities (such as regular expressions) and open source nature, makes it the choice of most people when it comes to CGI programming. • You can even write CGI scripts using shell scripts CS390- Unix Programming Environment
A simple Example • CGI scripts are really just text files saved with an extension of either .cgi or .pl. Consider the following “hello world” cgi example written in perl #!/usr/local/bin/perl # hello_s.pl-- simple "hello, world" program to demonstrate basic CGI output. # Print the CGI response header, required for all HTML output # Note the extra \n, to send the blank line print "Content-type: text/html\n\n" ; # Print the HTML response page to STDOUT print << EOF; <html><head><title> CGI Results</title></head><body> Hello, world.</body></html> EOF exit ; • The use of "print" command of perl is to write out the underlining HTML code for the page. • Notice the line:print "Content-type: text/html\n\n"; • This is required whenever you wish to use Perl to print out a webpage- it tells the browser that the following is HTML content. CS390- Unix Programming Environment
“Hello world” cgi script in c /*************************************************************************/ /** hello_s.c-- simple "hello, world", to demonstrate basic CGI **/ /** output. **/ /************************************************************************/ #include <stdio.h> void main() { /** Print the CGI response header, required for all HTML output. **/ /** Note the extra \n, to send the blank line. **/ printf("Content-type: text/html\n\n") ; /** Print the HTML response page to STDOUT. **/ printf(“<html>\n") ; printf(“<head><title>CGI Output</head></title>\n") ; printf(“<body>\n") ; printf(“<h1>Hello, world.</h1>\n") ; printf(“</body>\n") ; printf(“</html>\n") ; exit(0) ; } CS390- Unix Programming Environment
Advantages of CGI • A plain HTML document that the Web daemon retrieves is static, which means it exists in a constant state: a text file that doesn't change • A CGI program, on the other hand, is executed in real-time, so that it can output dynamic information. • It is exactly the fact that CGI is installed on the server end that makes it able to do all those amazing things such as • submit a form, • create a guest book or forum, • keep track of and rotate your ads etc. • The server has the capability to redirect data to any email address, persist data, dynamically serve out different content to the browser, among many other things that the browser alone simply cannot do. CS390- Unix Programming Environment
Specifics • CGI programs need to reside in a special directory called /cgi-bin so that the Web server knows to execute the program rather than just display it to the browser • This directory is usually under direct control of the webmaster, prohibiting the average user from creating CGI programs. • CGI programs are executables • They are the equivalent of letting the world run a program on the system. • The web host must allow the access to a /cgi-bin in order for you to run the CGI scripts. CS390- Unix Programming Environment
Installing cgi-scripts • Use a text editor to write cgi programs • You should know the path to the perl compiler on your web host #! /usr/bin/perl #! /usr/local/bin/perl • You should know the path to your site • Not the URL of your site but the path from server’s point of view where the site is stored locally on the hard drive • Upload the script in /cgi-bin directory • Upload in ascii mode ( not binary ) • Set permission as 755 or 777 • you either have access to all of it via the browser (by typing in the url to the script, http://mysite.com/cgi-bin/test.pl, for example), or, if it's a form related script, add that URL to the action attribute of the form CS390- Unix Programming Environment
CGI as Dynamic Scripts • CGI scripts are dynamic • You simply write a program that produces data dynamically. • Your data then goes to the browser instead of a file • The cgi scripts write to the standard output CS390- Unix Programming Environment
Input in cgi scripts • CGI scripts are not interactive (That is the CGI program cannot ask the user for input, process it, send out some output, ask for more input etc.) • Instead, the program receives user input at most once, right at the start, and sends output once. • The browser receives user input using HTML forms. A form can instruct the browser to send the data in one of two methods: GET and POST. CS390- Unix Programming Environment
Get and Post • The GET method: data is to be encoded (by a browser) into a URL • The POST method: the form data is to appear within a message body • POST seems to have several major advantages over using the URL: • You can send more data (URL has a size limit). • The data is not logged along the way. Sending a password, for example, as part of the URL leaves a trail in the various systems your data is travelling through! • Data does not appear in the browser Location bar. Again, showing a password there may not be appreciated by the user if someone is watching over his shoulder. CS390- Unix Programming Environment
Security • As is the case with all security, the admin and users must attempt to address the following precautions: • CGI scripts must be made "as safe as possible". • The inevitable damages caused by cracked CGI scripts must be contained. • Let's say you have a CGI program that lets users run "finger" on your host. Such a Perl script might have a line like: • system "finger $username" ; • But if a malicious user enters "james; rm -rf /" as the username, your program runs • system "finger james; rm -rf /" ; • which erases as many of your files as possible, probably not what you intended CS390- Unix Programming Environment