java web hosting at cern
DESCRIPTION
Java web hosting at CERN. Computing Seminar, 1 November 2005. Michał Kwiatek, IT-DES. What we’ll be doing. A few words about servlets and JSPs How to deploy them at CERN Scope, SLA and architecture of J2EE Public Service Some „advanced” examples. What is a JSP?. - PowerPoint PPT PresentationTRANSCRIPT
Java web hosting at CERNComputing Seminar, 1 November
2005
Michał Kwiatek, IT-DES
Michał Kwiatek, IT-DES 2
What we’ll be doing
• A few words about servlets and JSPs
• How to deploy them at CERN• Scope, SLA and architecture of
J2EE Public Service• Some „advanced” examples
Michał Kwiatek, IT-DES 3
What is a JSP?
<%@ page contentType="text/html;charset=iso-8859-1" %><html><header><title>Age example</title></header><body><h1>Age example</h1><%
String yearString = request.getParameter("year");int year;if (yearString==null || yearString.equals("")) {
out.print("Please specify your year of birth using year parameter");} else {
try {year = new Integer(yearString).intValue();%>You are <%=2005-year%> years old.<%
} catch (NumberFormatException e) {%><font color="red">Year of birth incorrect!</font><
%}
}%><%--static inclusion--%><%@ include file="footer.html" %></body></html>
Michał Kwiatek, IT-DES 4
JSP implicit variables
• request• session• application• response• out
Michał Kwiatek, IT-DES 5
What is a servlet?
• A java class that lives inside web container to serve client requests
• extends javax.servlet.http.HttpServlet• defining one or more of the following methods:
– doGet – doPost– doPut– doDelete– service– init– destroy
Note: the same servlet object will be usedsimultaneously to serve many request!
Michał Kwiatek, IT-DES 6
Your servlets should be thread-safe!
package ch.cern.example;import ...public class ServletA extends HttpServlet {
SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss"
);
public void service (HttpServletRequest request, HttpServletResponse response) {
response.write("Current date and time is: ");response.write(sdf.format(new Date()));
}}
Javadoc: Date formats are not synchronized. It is recommended
to create separate format instances for each thread. If
multiple threads access a format concurrently, it must be synchronized externally.
Michał Kwiatek, IT-DES 7
JSP is a servlet!
JSP
servet class source code
compiled servet class
translation
compilation
<%@ page laguage="java"%><html><body><%! int count=0 %>Welcome, you are visitor
number<%=++count%></body></html>
Declaration!
package ch.cern.example;import ...public class MyServlet extends HttpServlet {int count = 0;public void service (HttpServletRequest request, HttpServletResponse
response) {response.write("<html><body>Welcome, you are visitor number"+(++count)+"</body></html>");}
}
Michał Kwiatek, IT-DES 8
Did you make a nice jack’o lantern?
Michał Kwiatek, IT-DES 9
There’s more to JSP than just the pages
• Object-oriented programming• Java libriaries, java beans• Custom tag libraries• Model-View-Controler model• Java Server Faces• It is vendor and platform
independent
Michał Kwiatek, IT-DES 10
How to deploy them at CERN?
• Go to CERN Web Service:http://webservices.web.cern.ch/WebServices/
• Choose „java web application (servlet/jsp)” as site type
Michał Kwiatek, IT-DES 11
So what is this WAR file?
• WAR file is simply a zip archive with a specific structure
• jar files go to WEB-INF/lib• classes go to
WEB-INF/classes• Application configuration
files• The rest is regular web
content• Use your IDE or Ant to
package your application
jdbc_example.war
WEB-INF
META-INF
context.xml *)
classes
lib
web.xml
...
index.jsp
...
some.html
*) context.xml file is tomcat-specific
Michał Kwiatek, IT-DES 12
J2EE Public Service
• server-side infrastructure for deployment of java (servlet/jsp) web applications provided by IT-DES
• we provide:– servlet/JSP container– support for deployment– backup, monitoring
• we don’t provide:– an EJB container– support for development– telnet/ssh/ftp access to the servers
• SLA: aimed for medium-sized, non-critical applications; full support within CERN working hours; the support outside working hours is provided on best effort basis.
Michał Kwiatek, IT-DES 13
„Standard” approach
servlet containter
Machine 2 pro
xy
web applications
servlet containter
Machine 1
web applications
!
Michał Kwiatek, IT-DES 14
J2EE Public Service - approach
pro
xy
Machine 1
servlet containers and applications
Machine 2
servlet containers and applications
!
Michał Kwiatek, IT-DES 15
J2EE Public Server architecture
not configured, meant for hosting user applications
in the same way as j2eeps03
j2eeps01.cern.ch j2eeps02.cern.ch j2eeps03.cern.ch j2eeps04.cern.ch j2eeps05.cern.ch
jpsmanager.cern.ch j2eeps.cern.ch
ithp01.cern.ch ithp02.cern.ch ithp03.cern.ch ithp04.cern.ch ithp05.cern.ch
jpss
tun
nel 4)
(ld
ap c
onne
ctio
n to
CE
RN
’s A
ctiv
e D
irect
ory)
tomcat running prod-
jpsmanager 3)
(used by app owners for managing
their applications)
jpsmanager httpd 1)
(httpd in front of tomcats
running dev and prod
jpsmanager)
tomcat running
dev-jpsmanager 2)
jpss
tun
nel 4)
(ld
ap c
onne
ctio
n to
CE
RN
’s A
ctiv
e D
irect
ory)
Apache20ModProxyModJK 5)
(apache httpd in front of tomcats
running user applications)
jpss
tun
nel 4)
(ld
ap c
onne
ctio
n to
CE
RN
’s A
ctiv
e D
irect
ory)
tomcat running prod-
jpsmanager 3)
(used by app owners to
check logs)
tomcat running prod-
jpsmanager 3)
(used by app owners to
check logs)
idle, meant for hosting user applications
in the same way as j2eeps03
Symetrical, passwordless ssh/scp connectivity
web authors’ requests
web readers’ requests
container(tomcat)running
user app 6)
container(tomcat)running
user app 6)
container(tomcat)running
user app 6)
• software used:– Apache
Tomcat 5.5– JDK 1.5– Apache
httpd 2.0– jpsmanager
• The architecture is open!
Michał Kwiatek, IT-DES 16
Guess what!
• JDBC drivers to oracle are preinstalled (thin)• 3 usage scenarios
Michał Kwiatek, IT-DES 17
JDBC
Connection conn = null; Statement stmt = null; ResultSet rset = null;try {
Class.forName("oracle.jdbc.driver.OracleDriver");conn = DriverManager.getConnection(url, user,
password);stmt = conn.createStatement();rset = stmt.executeQuery(query);...
} catch(SQLException e) {...
} finally {try { rset.close(); } catch(Exception e) { }try { stmt.close(); } catch(Exception e) { }try { conn.close(); } catch(Exception e) { }
}
1. Basic example
2. Connection pooling
Michał Kwiatek, IT-DES 18
JDBC (cont’d)
// in Servlet, JSP, or simply a class:Connection conn = null; Statement stmt = null; ResultSet rset = null;try {
Context initContext = new InitialContext();Context envContext =
(Context)initContext.lookup("java:/comp/env");DataSource ds =
(DataSource)envContext.lookup("jdbc/devdb");conn = ds.getConnection();stmt = conn.createStatement();rset = stmt.executeQuery(query);...
} catch(SQLException e) {...
} finally {try { rset.close(); } catch(Exception e) { }try { stmt.close(); } catch(Exception e) { }try { conn.close(); } catch(Exception e) { }
}
3. Connection pooling & JNDI (1/2)
Michał Kwiatek, IT-DES 19
JDBC (cont’d)
// in META-INF/context.xml:<Context>
<Resource name="jdbc/devdb" auth="Container"type="javax.sql.DataSource"
driverClassName="oracle.jdbc.driver.OracleDriver"
url="jdbc:oracle:thin:@oradev.cern.ch:10521:D" username="XXXXX"
password="XXXXX" maxActive="10" maxIdle="5"
/></Context>
// in WEB-INF/web.xml:<resource-ref> ... </resource-ref>
3. Connection pooling & JNDI (2/2)
Michał Kwiatek, IT-DES 20
Authentication/authorisation
• Authentication:– my identity can be
confirmed using my CERN id card
• Authorisation– using my identity
and additional information (did I attend
the security course?) the system will let me into the Computer Centre or not
Michał Kwiatek, IT-DES 21
How to do it NICEly?
• method for authentication and authorisation– is provided by the container– uses existing mechanisms
• this method is NICE:– NICE login and password to
authenticate– NICE groups to authorise (CERN
Department/Group structure, or some project-specific groups)
Michał Kwiatek, IT-DES 22
NICE authentication
NICE authentication is set up by default• in WEB-INF/web.xml you specify which
areas of your application require authentication
• you also specify which groups of users are authorized to access these areas
• you can define these groups (and their members) at https://www.cern.ch/WinServices/Services/GroupManager/
• from your application, you may check who is logged on using:
request.getUserPrincipal()
Michał Kwiatek, IT-DES 23
Resources
• http://j2ee-public-service.web.cern.ch/j2ee-public-service/– sla.html– faq.html– technical.html
• chapter 9, "Developing secure web applications" from SCWCD Exam Study Kit by Hanumant Deshmukh and Jignesh Malavia.
• http://tomcat.apache.org/tomcat-5.5-doc/jndi-datasource-examples-howto.html
• http://jakarta.apache.org/commons/dbcp/• http://ws.apache.org/axis/java/index.html• j2ee tutorial:
http://java.sun.com/j2ee/1.4/docs/tutorial/doc/index.html
Michał Kwiatek, IT-DES 24
Questions?