520 likes | 620 Views
Introduction to Web App Development. Allen Day. Notes. This is a training NOT a presentation Please ask questions https://tech.lds.org/wiki/Java_Stack_Training Prerequisites Basic Java and HTML skills. Installed LDSTech IDE (or other equivalent). Installed App Server (such as Tomcat).
E N D
Introduction to Web App Development Allen Day
Notes • This is a training NOT a presentation • Please ask questions • https://tech.lds.org/wiki/Java_Stack_Training • Prerequisites • Basic Java and HTML skills. • Installed LDSTech IDE (or other equivalent). • Installed App Server (such as Tomcat).
Overview • Basic Web App Architecture • HTTP • CGI Overview • Understanding the role of servlets • Maven Project Directory Structure • Servlet Life Cycle • Event Listeners • Servlet Filters • Servlet Response (Redirect, Request Dispatch)
Basic Web App Architecture WWW Browser Web Server Request Response
Basic Web App Architecture WWW Browser Web Server Request Response
HTTP WWW Browser Web Server HTTP Request Response
HTTP Request Methods • GET • POST • HEAD • TRACE • PUT • DELETE • OPTIONS • CONNECT
GET Method • Simple • The total amount of characters in a GET is limited. • The data you send with the GET is appended to the URL, so whatever you send is exposed.
POST Method • Used for complex requests, such as form submissions. • Parameters are stored in the body.
CGI Overview WWW Browser Web Server Application Server 2. Call CGI 1. Submit Form 3. CGI Program’s response 4. CGI Program’s response
CGI Process Form use strict; main(); sub main () { my $query; read( STDIN, $query, $ENV{CONTENT_LENGTH} ); my @param = split( /&/, $query ); my %pairs = (); foreach my $item ( @param ) { my ($key, $value) = split( /=/, $item ); $key =~ tr/+/ /; $value =~ tr/+/ /; $key =~ s/%([A-F\d]{2})/chr(hex($1))/ieg; $value =~ s/%([A-F\d]{2})/chr(hex($1))/ieg; $pairs{$key} = $value; } my $name = $pairs{name}; my $email = $pairs{email}; my $machine = $ENV{REMOTE_HOST}; print( STDOUT "Content-Type:text/html\r\n" ); print( STDOUT "Status: 200 Ok\r\n" ); print( STDOUT "\r\n" ); print( STDOUT <<HTML ); <html> <head> <title>Form example output</title> </head> <body> <h1>welcome</h1> <hr> <p> Hi <em>$name</em> of <em>$email</em> from machine <em>$machine</em> </p> <hr> </body> </html> HTML }
CGI Issues • May intentionally or unintentionally leak information about the host system that will help hackers break in. • Scripts may be vulnerable to attacks in which the remote user tricks them into executing commands. • Susceptible to Buffer overflows. • Insufficient input validation. • Each call to a CGI script runs as a separate process. • Simultaneous CGI requests cause the CGI script to be copied and loaded into memory as many times as there are requests.
Servlet Overview Web Server Servlet Container Client Response Request
Advantages of Servlets • Efficient • Convenient • Powerful • Portable • Inexpensive • Secure • Mainstream
Advantages of Servlets • Servlets stay loaded and client requests for a Servlet resource are handled as separate threads of a single running Servlet. • A servlet can be run by a servlet engine in a restrictive environment, called a sandbox. This reduces security risks.
Maven Project Directory Structure pom.xml web.xml
pom.xml <projectxmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>org.lds.training</groupId> <artifactId>MyServlet</artifactId> <packaging>war</packaging> <version>1.0</version> <dependencies> <dependency> <groupId>javax.servlet</groupId> <artifactId>servlet-api</artifactId> <version>2.5</version> </dependency> </dependencies> </project>
web.xml <web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5"> <display-name>Welcome to Java Stack Training</display-name> <description>Introduction to Servlets</description> <servlet> <display-name>HelloWorldServlet</display-name> <servlet-name>HelloWorldServlet</servlet-name> <servlet-class>org.lds.training.HelloWorldServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>HelloWorldServlet</servlet-name> <url-pattern>/HelloWorldServlet</url-pattern> </servlet-mapping> </web-app>
Lab 1: Simple Servlet https://tech.lds.org/wiki/Introduction_To_Servlets#Lab_1_Simple_Servlet
Servlet Life Cycle • Load class • Instantiate servlet • init • service • doGet, doPost, doTrace, doDelete, doPut… • destroy
Servlet Container Web Server Servlet Container Client
Servlet Container • Context (Web Application) • Session • Request
Servlet Container • Loads the servlet class. • Creates an instance of the servlet class. • Initializes the servlet instance by calling the init method. • Handles client requests. • If the container needs to remove the servlet it finalizes the servlet by calling the servlet's destroy method.
Servlet Container • Communications support • Lifecycle Management • Multithreading Support • Declarative Security • JSP Support
Servlet Container Web Server Servlet Container request response Servlet
Servlet Container Servlet thread Servlet Container request response
Servlet Container Servlet thread Servlet Container Service() request response
Servlet Container Servlet thread Servlet Container Service() response doGet()
Servlet Container Web Server Servlet Container request response X
HttpServletRequest String name = request.getParameter("fullName“); String requestMethod = request.getMethod(); String userAgent = request.getHeader("User-Agent"); String host = request.getHeader("host");
HttpServletResponse response.setContentType("text/html"); PrintWriterout = response.getWriter(); Date today = new Date(); out.print("<html> " + "<body> " + "<h1 align=center>Hello World</h1> " + "<br> " + today + "</body> " +"</html>");
Servlet Class Extends java.servlet.http.HttpServlet • init() • service() • doGet() • doPost() • destroy()
init() public void init() throws ServletException { // custom code goes here } public void init(ServletConfigconfig) throws ServletException { super.init(ServletConfig) // custom code goes here }
service() public void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // Custom code goes here }
doGet() public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // Custom Code goes here}
doPost() public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // Custom Code goes here}
destroy() public void destroy() { // custom code goes here }
Lab 2: Page Hit Counter https://tech.lds.org/wiki/Introduction_To_Servlets#Lab_2_Page_Hit_Counter
Event Listeners • javax.servlet.ServletContextListener • javax.servlet.ServletContextAttributeListener • javax.servlet.http.HttpSessionListener • javax.servlet.http.HttpSessionAttributeListener • javax.servlet.http.HttpSessionActivationListener • javax.servlet.http.HttpSessionBindingListener • javax.servlet.http.HttpRequestListener • javax.servlet.http.HttpRequestAttributeListener
Event Listeners • javax.servlet.ServletContextListener • javax.servlet.http.HttpSessionListener • javax.servlet.http.HttpSessionActivationListener • javax.servlet.http.HttpRequestListener
web.xml <listener> <listener-class>org.lds.training.HelloWorldSessionListener</listenerclass> </listener> <listener> <listener-class>org.lds.training.HelloWorldContextListener</listener-class> </listener>
Servlet Filters Web Server Servlet Container Client Response Request Filter 1 Filter 2
Servlet Filter public void doFilter(ServletRequest request, ServletResponse response, FilterChainchain) throws IOException, ServletException{ // preprocessing code goes here HttpServletResponseres = (HttpServletResponse)response; String name = request.getParameter("fullName"); if (name.equals("")) { res.sendRedirect("index.html"); return; } // pass the request along the filter chain chain.doFilter(request, response); // postprocessing code goes here }
web.xml <filter> <filter-name>timer</filter-name> <filter-class>filter.TimerFilter</filter-class> </filter> <filter-mapping> <filter-name>timer</filter-name> <servlet-name>myservlet</servlet-name> <url-pattern>/mypath/*</url-pattern> </filter-mapping>
Redirect response.sendRedirect(http://lds.org/?lang=eng);
Request Dispatch // from a ServletRequest RequestDispatcher view = request.getRequestDispatcher(“MyOtherServlet”); // from a ServletContext RequestDispatcher view = getServletContext().getRequestDispatcher(“/MyOtherServlet”); view.forward(request, response);