1

2

Web Application Terminology

A Web application is provided by a server and used by a client, and it spans the network distance between those two points. To use an application, clients are required to establish one or more connections with the server so that the data to be processed can be routed. In conversing with the server, a client makes a request that is typically answered by a server reply.

Note - A web site (server) is not the same thing as a Web application (the client, network and server)

An action at the Web application level is a request-and-reply dialogue that corresponds to a single logical application behavior. For example when you use an online application to purchase a book, you click the Buy button. Clicking that button starts a series of activities that refer to the general application notion of "adding a book to your shopping cart." - this is an example of action

Note - Let's distinguish between transactions and isolated requests that require no application logic. For example, if we are browsing a list of books before purchasing, we may be simply accessing static Web pages.

Finally, a session is the use of an application by a client over some time period. Sessions are composed of one or more of the actions. Thus, just as actions correspond to a series of application operations, sessions correspond to a series of actions.

3

We will say that Web applications are used by consumers via client software (i.e., Web browsers or applications that use the Web to retrieve or process data) running on client hardware (i.e., PCs, PDAs). Application data is provided and processing is handled by producers via server software (i.e., Web server, server-side component software, database) running on server hardware (i.e., high-end multiprocessor systems, clusters, networking infrastructure.

The browser breaks the URL into three parts:

The protocol ("http")

The server name ("www.example.com")

The file name (“index.html")

The browser communicated with a name server to translate the server name "www.example.com" into an IP Address, which it uses to connect to the server machine.

The browser then formed a connection to the server at that IP address on port 80. (Default port for HTTP.)

Following the HTTP protocol, the browser sent a GET request to the server, asking for the file "http://www.example.com/index.html."

The server then sent the HTML text for the Web page to the browser.

The browser reads the HTML tags and formats the page onto your screen. 4

Keep in mind that HTTP is an application-level protocol. According to the OSI model of network programming, that means it exists above session-level protocols like TCP.

Deployment Paradigms

When considering Web applications, there are two basic deployment paradigms to consider— those that involve Web browsers as application clients and those that don’t.

Most interactive Web applications assume that a Web browser interface will be used to view and navigate their content. A browser has two primary jobs: to communicate with a Web server based on user directives and to render the content it retrieves from that server in response.

Web servers don’t always have Web browsers as clients. This can be true if your application involves a special client that retrieves information from a Web server or if you have multiple clients for your data (Web browsers, other software agents, etc.) and you want to consolidate your data serving.

5

Once a TCP connection has been established between client and server, the client can issue an HTTP request, such as GET or POST, and receive an HTTP reply.

HTTP requests and replies contain a header and a body. The header is a series of name/value pairs—the metadata of the communication. The body contains the application-level content, such as an HTML file.

More HTTP Methods

HEAD Method - The HEAD method is identical to GET except that the server MUST NOT return a message-body in the response. This method is often used for testing hypertext links for validity, accessibility, and recent modification.

PUT Method - The PUT method requests that the enclosed entity be stored under the supplied Request-URI

Safe Methods (Idempotent Methods)

GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval. These methods ought to be considered "safe“

Idempotent Methods : A sequence that never has side effects is idempotent. The side-effects of N > 0 identical requests is the same as for a single request.

POST method is not Idempotent.

6

A Web browser issues an HTTP GET request when:

The user selects a link in the current HTML page.

The user enters a URL in the Location field or the Address field.

In a GET request, parameters are appended to the URL, starting with “?”. Each parameter is a key/value pair and separated by an ampersand “&”.

Caching Static GET Requests

One of the interesting things about the GET method is that it can be considered conditional if the HTTP request also contains one of these optional header fields:

•If-Modified-Since

•If-Unmodified-Since

•If-Match

•If-None-Match

•If-Range

These fields express certain conditions about the object being requested. Based on how the conditions evaluate, a local copy of the object may be sufficient and the original won't have to be retransferred. Thus, a cached version of the object can be used. This is an important aspect of the GET method because it directly affects overall server-side application load, available network bandwidth, and network latency

7

The HTTP standard views the POST request as the way to create the requested entity on the server, as a subordinate of the request URI. Upon a POST request, the server can simply respond with an acknowledgment (HTTP 200 or 204) and provide no other data. Or it can indicate that the entity has been created (HTTP 201) and provide information corresponding to this creation.

In post request the parameters are sent through body, hence there will not be any limitation like GET,

because GET sends parameters through request line.

8

The first line of a Response message is the Status-Line, Header information consisting of the protocol version followed by a numeric status code and its associated textual phrase. No Carriage Return(CR) or Line Feed(LF) is allowed except in the final CRLF sequence.

Status-Line = HTTP-Version SPACE Status-Code SPACE Reason-Phrase CRLF

9

Status Code:

1xx: Informational - Request received, continuing process

2xx: Success - The action was successfully received, understood, and accepted

3xx: Redirection - Further action must be taken in order to complete the request

4xx: Client Error - The request contains bad syntax or cannot be fulfilled

5xx: Server Error - The server failed to fulfill an apparently valid request

Refer : http://www.w3.org/Protocols/rfc2616/rfc2616-sec6.html for complete list

10

Answers:

1) a.GET b. POST c.POST d. GET

2) 80

3) TRUE

11

Answers)

4) a) TRUE b) FALSE

5) Both are TRUE

6) 3XX

12

Handling HTTP requests for interactive sessions - What typically happens here is that an interactive client (i.e., a user with a Web browser) communicates with a Web server, asking it to process its HTTP request. The Web server responds as appropriate. The communication is synchronous, and a logical "session" often involves more than one roundtrip, either because users have temporarily navigated somewhere else or, more likely, because the application simply presents its logical operations over a series of Web pages (i.e., the notion of a shopping cart).

In general, there are two ways to handle incoming HTTP requests. One is to deliver a static response – specifically to attempt to locate and return the object identified in the request as if it were a file located on the server side. Static objects include predefined HTML pages and JPEG or GIF images. These requests are the kind that Web servers are designed to serve quickly and that don’t require communication with any server-side application system.

13

Dynamic responses are necessary when the requested data is constantly changing and/or is a function of the request parameters. Dynamic responses can be generated using server side programs.

ASP : Active Server Pages ( Microsoft Technology to serve dynamic content)

CGI : Common Gateway interface. It is a specification for interfacing external applications with information servers, such as HTTP Web servers.

JSP: Java Server Pages

14

Tomcat is an example of Web container, which can be configured with Apache web server application to serve dynamic content written using Servlet and JSP Technology.

ChilliSoft is an example of ASP interpreter (Helper Application), which can be configured with Apache web server to serve dynamic content written using ASP Technology.

Code running on helper application (container) generated output at request processing phase.

15

Use Firefox along with the Firebug plugin.

16

17

A cluster is a set of server nodes that cooperates to provide a more scalable and fault-tolerant server.

To external clients, a cluster appears as. a single server that services requests with a single point of entry

18

JEE is a specification, it is not tied to one vendor; it supports cross-platform development.

The Java Programming Language Platforms

There are four platforms of the Java programming language:

1) Java Platform, Standard Edition (Java SE)

2) Java Platform, Enterprise Edition (Java EE)

3) Java Platform, Micro Edition (Java ME)

4) Java FX

Refer: http://download.oracle.com/javaee/6/firstcup/doc/gkhoy.html#gcrkk

Tiered Applications

In a multi-tiered application, the functionality of the application is separated into isolated functional areas, called tiers. Typically, multi-tiered applications have a client tier, a middle tier, and a data tier (often called the enterprise information systems tier).

Refer: http://download.oracle.com/javaee/6/firstcup/doc/gcrky.html

Scalability refers to the capability of a system to increase total throughput under an increased load when resources (typically hardware) are added. 19

Web Application Technologies:

Java Servlet: Java programming language classes that dynamically process requests and construct responses, usually for HTML pages.

Java Server Pages: Text-based documents that are compiled into servlets and define how dynamic content can be added to static pages, such as HTML pages.

Java Server Faces technology: A user-interface component framework for web applications that allows you to include UI components (such as fields and buttons) on a page, convert and validate UI component data, save UI component data to server-side data stores, and maintain component state.

Enterprise Application Technologies:

Enterprise Java Beans (EJB): EJB is a component architecture that allows developers to write scalable enterprise applications.

Java Message Service (JMS): JMS allows for asynchronous distributed object communications.

Java Transaction API(JTA) : JTA specifications allow for reliable distributed transaction support.

Java Mail: Java Mail service allows you to send e-mail messages in a platform-independent from your java programs.

Connector Architecture: Connectors help in integrating with mainframe systems running high-end transactions as well as ERP (Enterprise Resource Planning) systems.

Java Persistence API: JPA is a specification for O/RM frameworks.20

Web Services Technologies:

On the JEE platform, it is possible to deploy a Web application that provides a Web service implemented by JAX-RPC.

A JEE application or component can also be a client to other Web services. Applications access XML registries through the Java API for XML Registries (JAXR).

Management and Security Technologies:

Security: The Java Authorization Contract for Containers (JACC) is a set of security contracts defined for the JEE containers. Based on the client’s identity, the containers restrict access to the container’s resources and services.

Web container-managed (JEE) security that is provided by application servers, such as WebSphere Application Server or Apache Tomcat.

Application-managed (custom) security that is written in the application.

21

JEE server provides underlying services in the form of a container for every component type.

Because you do not have to develop these services yourself, you are free to concentrate on solving the business problem at hand.

Containers are the interface between a component and the low-level platform-specific functionality that supports the component.

Before a Web, enterprise bean, or application client component can be executed, it must be assembled into a JEE application and deployed into its container.

Web container : Manages the execution of JSP page and Servlet components for JEE applications. Web components and their container run on the J2EE server.

Enterprise JavaBeans (EJB) container

Manages the execution of enterprise beans for J2EE applications. Enterprise beans and their container run on the JEE server.

JEE Servers (partial list) : Apache, Jetty, WebSphere, GlassFish, Jboss, WebLogic.

22

Security: The Java EE security model lets you configure a web component (Servlet/JSP) or enterprise bean(EJB) so that system resources are accessed only by authorized users.

Session Management: Web servers have no short-term memory. As soon as they send you a response, they forget who you are. The next time you make a request, they don’t recognize you. The Web container and EJB Containers provide mechanisms to store the conversational state of a client.

Dispatching: JEE server takes care of parsing the URL of the incoming HTTP requests, dispatching them to the correct JEE Engine’s module for processing, and returning the generated responses back to the client.

Load Balancing: A JEE server can handle more load than its own ability by distributing the request workload among multiple servers, thereby increasing the overall throughput of the system. Fault Tolerance is the ability of the server to redirect a client to another working instance of the server in the event of a failure.

Thread Allocation: Whenever a client makes a request, the JEE server creates a Thread (or picks the thread from its pool) and schedules it. Application developer need not write any concurrency handling code, he just has to handle only data corruption which might occur in concurrent execution.

23

The Web Container is responsible for creating a thread for every servlet’s request.

The Web Container controls the life and death of servlet’s. It takes care of loading the classes, instantiating and invoking servlet’s methods.

The Web Container and EJB Container supports declarative security that is specified when the application is deployed.

A Component developer can concentrate only on the required presentation and business logic.

24

25

Answers:

1) WebSphere, Jboss, WebLogic, etc

2) Tomcat is a Servlet Engine [Web Container], Apache Http Server is a Web Server. You can configure different container’s *Tomcat/ASP engine+ to execute on the web server.

3) http

4) RMI

26

Answers:

5) JEE component is a self-contained functional software unit that is assembled into a J2EE application and interfaces with other application components

6) Apache

7) Cache server

8) Enterprise Server

27

28

29

30