240 likes | 322 Views
Servlet Threads and Sessions. Servlet execution. What are some ramifications of running each doGet () or doPost () on a separate thread??. What can happen here?. User 1 hits Submit on a form page. service(request, response). service(request, response). Thread 19. User 1. Data store.
E N D
Servlet Threads and Sessions SE-2840 Dr. Mark L. Hornick
Servlet execution What are some ramifications of running each doGet() or doPost()on a separate thread?? SE-2840 Dr. Mark L. Hornick
What can happen here? User 1 hits Submit on a form page. service(request, response) service(request, response) Thread 19 User 1 Datastore Thread 20 Assume the Datastore is managed via a Servlet-owned reference. User 2 hits Submit on the same form page at about the same time. User 2 SE-2840 Dr. Mark L. Hornick
Multithreading is a fact of a Servlet’s life The only code objects that are thread-safe are the ones that are stack-based (or readonly): • HttpServletRequest object • HttpServletResponse object • Local Servlet method variables • Servlet class/instance constants These are NOT thread-safe: • Servlet class attribute variables • ServletConfig object • ServletContext object These first three are unique to eachthread. Reading is thread-safe These are objects are shared among threads. SE-2840 Dr. Mark L. Hornick
Are any of the following good approaches to avoid threading problems? • Synchronize a Servlet’sservice methods • Let only a single thread at a time execute doGet(), doPost(), etc • Synchronize a block of code within a method • Let only a single thread at a time execute critical sections. • Synchronize on the ServletConfig object • Let only a single thread at a time access any Servlet-specific data • Synchronize on the ServletContext object • Let only a single thread at a time access any Context-specific (that is, web application-specific) data SE-2840 Dr. Mark L. Hornick
A related problem: If we use a Servlet’s attributes to store data, only that Servlet can access the data service(request, response) service(request, response) Thread 19 Datastore Thread 20 What if we wanted a different Servlet to generate the response, in order to separate class responsibilities and improve cohesion? And what happens if our Servlet is used in another web app on the same server??? SE-2840 Dr. Mark L. Hornick
Using ServletContext to store data would make it accessible to all Servlets in the web app. The ServletContext is initializedby Tomcat before any Servlet is initialized. Note: This diagram canbe found in your textbook SE-2840 Dr. Mark L. Hornick
We know we can use the DD to create ServletContextString parameters… <?xml version="1.0" encoding="UTF-8"?> ... <servlet> <servlet-name>MyServlet</servlet-name> <servlet-class>myPackage.MyServlet</servlet-class> ... </servlet> <servlet> ... Some other servlet’sdefn goes here </servlet> ... <!-- Here is a context parameter that all Servlets in this web app can see --> <context-param> <param-name>lab1_version</param-name> <param-value>2.1</param-value> </context-param> ... </web-app> But what if we want to initialize something more complex? SE-2840 Dr. Mark L. Hornick
ServletContext: Parameters vs. Attributes • Parameters are init’d in the DD • Parameters are name/value pairs, where the value is a String • Parameters are readonly • Attributes can be created/modified by code • Attributes are name/value pairs, where the value is an Object • Attributes are read/write CS-4220 Dr. Mark L. Hornick
We need a way to initialize a complex ServletContextattribute before any Servlets are initialized Solution: Use a class that implements the ServletContextListener interface This is one of 8 different Listeners The event class SE-2840 Dr. Mark L. Hornick
The contextInitialized() event handler is called by Tomcat at startup In the contextInitialized() method, we can create a ServletContext attribute that is a complex datatype: public void contextInitialized(ServletContextEvent e) { ServletContext context = e.getServletContext(); context.setAttribute(“foo”, new MyComplexType() ); } // later, any Servlet will be able to access MyComplexType via a call to getServletContext().getAttribute(“foo”); SE-2840 Dr. Mark L. Hornick
We need to register ServletContextListeners with Tomcat in the DD: <?xml version="1.0" encoding="UTF-8"?> ... <servlet> <servlet-name>MyServlet</servlet-name> <servlet-class>test.HelloWorldServlet</servlet-class> ... </servlet> <servlet> ... Some other servlet’sdefn goes here </servlet> ... <!– Here’s how a ServletContextListener is registered --> <listener> <listener-class>myPackage.MyContextListener</listener-class> </listener ... </web-app> SE-2840 Dr. Mark L. Hornick
Finally…thread-safe data accessed as a ServletContext attribute • All users sharing the same object maintained by the ServletContext… • Is this really what we want?? SE-2840 Dr. Mark L. Hornick
By default, Servlets have no memory of who makes a request • The HTTP protocol is stateless, meaning it does not keep track of ongoing request/response messages. • Each HTTP request/response is independent of any other request/response ? SE-2840 Dr. Mark L. Hornick
Stateless Pro/Con Good for browsing and hyperlinking pages in any order without regard to past history • No HTTP overhead in maintaining state Bad for applications that require complex user interaction between web pages • The web application may want/need to know • what page you’ve visited previous to the current page • What you’ve done on previous visits SE-2840 Dr. Mark L. Hornick
A web server can ask a browser to set/read/send Cookies as part of the HTTP header HTTP request: “give me a page” Web Browser Web Server HTTP response: “OK, and BTW,store this Cookie” SE-2840 Dr. Mark L. Hornick
A Cookie is a small amount of information that can be used to implement state As a web site developer, you can store information you gather from a user on the file system of the user’s PC as a Cookie • Previous date of web site access • Login status • . . . Cookie information Web Browser SE-2840 Dr. Mark L. Hornick
A Cookie has various properties • name – the cookie name • value – the value of the cookie • expires – the date the cookie expires • path – path in domain in which cookie is visible • domain – domain the cookie is visible to • secure – cookie is only available over secure connections • httponly – cookie is only available via HTTP SE-2840 Dr. Mark L. Hornick
On subsequent visits, the web server can retrieve the Cookies via the HTTP header HTTP request: “give me that page again” Web Browser Web Server HTTP response: “OK, give me that Cookie you stored last time so I can customize the page” SE-2840 Dr. Mark L. Hornick
Session Protocol • User's browser is given a session ID by the server • Tomcat does this automatically • Cookie expiration is usually very short; sometimes longer • ID is included in subsequent HTTP exchanges with the server • “subsequent” can be even weeks later (usually not) • Server uses received session ID to locate/ retrieve corresponding session data/variables • Session variables kept on server for efficiency and security • Persist somewhere on the server filesystem or server db SE-2840 Dr. Mark L. Hornick
Application Session lifetime can be adjusted <?xml version="1.0" encoding="UTF-8"?> ... <servlet> <servlet-name>HelloWorld</servlet-name> <servlet-class>test.HelloWorldServlet</servlet-class> ... </servlet> <servlet> ... Some other servlet’sdefn goes here </servlet> ... <!– Session life in minutes; 0 means end w/ browser session --> <session-config> <session_timeout>30</session_timeout> </session-config> ... </web-app> SE-2840 Dr. Mark L. Hornick
Tomcat handles session management for Servlets A reference to an HTTPServletRequest is created by the Containerand passed to the doGet() and doPost() methods of an HTTPServlet. Session references are retrieved from the Request object. Note: You can look at Cookie objectsvia request.getCookies(), and set your ownCookie objects via response.addCookie() SE-2840 Dr. Mark L. Hornick
This is what we really want User 1 hits Submit on a form page. service(request, response) Datastore service(request, response) Thread 19 User 1 User1 session Thread 20 Datastore User2 session Each user gets a separate session object which can be used to manage separate data stores. User 2 hits Submit on the same form page at about the same time. User 2 SE-2840 Dr. Mark L. Hornick