servlets dbi - representation and management of data on the web
TRANSCRIPT
Servlets
DBI - Representation and Management of Data on the Web
Java and Web Pages
• Java was introduced to embed greater interactivity into Web pages
• Java has accomplished this through the use of applets
• Applets add functionality to Web pages• For example,
– Adding games to Web pages– Adding graphics– etc.
About Java Applets
• Java applets are programs that are embedded directly into Web pages
• We add the <applet code=“…”> tag to the HTML page
• When a browser loads a Web page, the applet byte-code is downloaded to the client box and executed by the browser
Problems with Applets
• Three main problems are– Accessing files and databases (security
restrictions)– Compatibility – Bandwidth
• The bandwidth problem:– as your applets grow in size, the download time
becomes unacceptable
Compatibility Problems
• Applets are also faced with compatibility problems
• In order to run an applet, you need to have a compatible browser
• If a customer doesn't have a compatible browser, she will not be presented with proper content
• Thin clients do not support the all Java API
We Tried So Far
Running applications on the client
Instead, We …
Move to the server
The Solution
• Server-side Java solves some of the problems that applets face:– There are no compatibility problems with code
execution
– There are no issues with long download time
– Server Java only sends the client small packets of information that it can understand (mainly HTML)
• Java servlets are one of the options for server-side Java
Servlets
• Servlets most common usages:– 1. Used to extend Web servers– 2. Used as replacement for CGI that is
• secure, portable, and easy-to-use
• A servlet is a dynamically loaded module that services requests from a Web server
• A servlet runs entirely inside the Java Virtual Machine
• Servlet does not depend on browser compatibility
Execution of a Java Servlet
Sending a request andreceiving aresponse
Example of Using Servlets
Developing e-commerce store fronts:a. A Servlet can build an on-line catalog from
databaseb. The Servlets can present the catalog using
dynamic HTMLc. A customer fills out order and submits it to
the servletd. The Servlet processes the order and submits
the result to the database
Alternatives to Java Servlets
I. CGI
II. Proprietary server APIs
III. Server side JavaScript
IV. Microsoft Active Server Pages
• All above are viable solutions, but each has their own set of problems
CGI
• Common Gateway Interface (CGI): Scripts generate Web pages or other files dynamically by processing form data and returning documents based on form values or other data
Servlets Versus CGI
• Platform Independence – servlets work on any servlet-enabled server
• Single process that handles many requests
• Written in Java• Faster to Run
• Not platform independent
• Work order: get request, open process, shut down
• Not persistent – reestablish resources each time
• Each request requires new CGI process
CGI
Servlet
Servlets Give
• Portability
• The power of Java
• Efficiency since using a single process
• Safety – strong typing differently from scripts
• “Clean”, object oriented code
• Integration with the server
HTML Forms
• Interactive HTML
• Composed of input elements (buttons, text fields, check boxes) with <form> tag
• On Submission, browser packages user input and sends to server
• Server passes information to supporting application that formats reply (HTML page)
The <input> Tag
• Inside a form, INPUT tags define fields for data entry
• Standard input types include: buttons, checkboxes, password field, radio buttons, text fields, image-buttons, text areas, pull-down menus,
• They all associate a single (string) value with a named parameter
The <form> Tag
• <form> …</form> comprise single form
• Two Special Attributes: – action – the name of the processing server – method – the method to pass parameters to
server
Form Parameters
• action attribute give URL of application that receives and processes form’s data (cgi-bin)<form action=“http://www.cs.huji.ac.il/~dbi/cgi-bin/update”>…</form>
• enctype attribute to change encryption• method attribute sets the method by which
data sent to server (HTTP methods)
HTTP Methods
• POST: – Data sent in two steps– Designed for Posting information
• Browser contacts server• Sends data
• GET: – Contacts server and sends data in single step– Appends data to action URL separated by question
mark– Designed to get information
Other Methods
• HEAD: Client sees only header of response to determine size, etc…
• PUT: Place documents directly on server
• DELETE: Opposite of PUT
• TRACE: Debugging aid returns to client contents of its request
• OPTIONS: what options available on server
Example<HTML>…<form method=GET
action=“http://www.cs.huji.ac.il/~dbi/cgi-bin/update”>…
</form>…</HTML>
http://www.cs.huji.ac.il/~dbi/cgi-bin/update?x=19&y=104
<html> <head> <title>Book Review</title> </head>
<body> <H1>Book Review</H1> <form action=/cgi-bin/bookreview.pl method=POST> What is your first name? <input type=text name=fname>
<BR><BR>Check if you are planning to write a servlet <input type=checkbox name=writeservlet>
<BR><BR>What was your favorite chapter so far?<BR> <BR>Chp. 1<input type=radio name=favchap value=1> <BR>Chp. 2<input type=radio name=favchap value=2> <BR>Chp. 3<input type=radio name=favchap value=3> <BR>Chp. 4<input type=radio name=favchap value=4> <BR>Chp. 5<input type=radio name=favchap value=5> <BR>Chp. 6<input type=radio name=favchap value=6> <BR><BR><input type=submit><input type=reset> </form> </body></html>
A Book Review Example
Book Review
What is your first name?
Check if you are planning to write a servlet
What was your favorite chapter so far?
Chp. 1
Chp. 2
Chp. 3
Chp. 4
Chp. 5
Chp. 6
Su b m itRe s e t
#!/usr/bin/perl
require "cgilib.pl";
print "Content-type: text/html\n\n";
%dataDict = ();
&readData(*data);&parseData(*data,*dataDict);
$fName = $dataDict{"fname"};$chp = $dataDict{"favchap"};$writeServlet = $dataDict{"writeservlet"};
print "<HTML>";print "<TITLE>Book Review Response</TITLE>";print $fName;print ", thank you for your feedback.<BR>";print "Your favorite chapter so far is chapter ";print $chp;print ".<BR>";print "<HR>";print "You are ";
($writeServlet ne "") || print "not ";
print "planning to write a servlet.";
print "</HTML>";
Instead, We Write
<form action=http://localhost:8080/servlet/BookReviewServlet method=POST>
for calling a servlet
import java.io.*;import javax.servlet.*;import javax.servlet.http.*;
public class BookReviewServlet extends HttpServlet{ // Write a response to the client. public void doPost(HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException { /*
Set the "content type" header of the response so that the browser knows we are sending HTML and not just raw text. If you don't do this then the HTML tags will not be interpreted. Try commenting out this line to see what happens.*/res.setContentType("text/html");
//Get the response's PrintWriter to return text to the client.PrintWriter toClient = res.getWriter();
String fName = req.getParameter("fname");String chp = req.getParameter("favchap");String writeServlet = req.getParameter("writeservlet");
// Respond to client with a thank youtoClient.println("<HTML>");toClient.println("<TITLE>Book Review Response</TITLE>");toClient.print(fName);toClient.println(", thank you for your feedback.<BR>");toClient.print("Your favorite chapter so far is chapter ");toClient.println(chp + ".<BR>");toClient.println("<HR>");toClient.println("You are ");if(writeServlet == null)
toClient.print("not ");toClient.println("planning to write a servlet.");
toClient.println("</HTML>");
// Close the writer; the response is done.toClient.close();
}}
BookReviewServlet extends HttpServletdoPost for handling a POST request
More on Server-side Technologies
• Server-side Includes: – Extension to HTML – Server-side scripting – Embedding code in HTML documents
• Java Server Pages: – JavaServer Pages technology uses XML-like tags and
scriptlets written in the Java programming language to encapsulate the logic that generates the content for the page
– Dynamic data in web page– JSP compiled to Servlet
Servlet Package
• javax.servlet• Servlet interface defines methods that
manage servlet and its communication with clients
• Client Interaction: When it accepts call, receives two objects– ServletRequest– ServletResponse
Architecture
Hello World Example
import java.io.*;import java.util.*;import javax.servlet.*;import javax.servlet.http.*;
public class HelloWorldServlet extends GenericServlet{ public void service(ServletRequest request,
ServletResponse response)throws ServletException, IOException
{PrintWriter out;
response.setContentType("text/html");
out = response.getWriter();
out.println("<HTML><HEAD><TITLE>");out.println("Hello World");out.println("</TITLE></HEAD><BODY>");out.println("<H1>Hello World</H1>");out.println("</BODY></HTML>");
out.close(); }}
Hello World Example
import java.io.*;import javax.servlet.*;import javax.servlet.http.*;public class HelloWorld extends HttpServlet{
public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException{
res.setContentType("text/html");PrintWriter out = res.getWriter();
out.println("<HTML>");out.println("<HEAD><TITLE>Hello World</TITLE></HEAD>");out.println("<BODY>");out.println("<BIG>Hello World</BIG>");out.println("</BODY></HTML>");
}}
The Servlet Interface
• All servlets must implement the Servlet interface– void init(ServletConfig config)
• called every time the servlet is instantiated– void service(ServletRequest req, ServletResponse res)• ServletRequest: parameters from the client• ServletResponse: contains an output stream used to return
information to the client
• needs to be thread-safe since multiple requests can be handled concurrently
• not called until init() has finished execution
The Servlet Interface
– void destroy()• called by the servlet engine when it removes the
servlet
• should free any resources (i.e. files or database connections) held by the servlet
– String getServletInfo()• Returns version and copyright information
The HttpServlet Interface
• Implements Servlet • Receives requests and sends responses to a web
browser• Methods to handle different types of HTTP
requests:– doGet() handles GET requests– doPost() handles POST requests– doPut() handles PUT requests– doDelete() handles DELETE requests
Handling HttpServlet Requests
• service() method not usually overridden– doXXX() methods handle the different request
types
• Needs to be thread-safe or must run on a STM (SingleThreadModel) Servlet Engine– multiple requests can be handled at the same
time
HttpServlet Request Handling
GET request
service()
HttpServlet subclass
response
doGet()
doPost()
Web Server
POST request
response
ServletRequest Interface
• Encapsulates communication from client to server– parameters passed by client,
– protocol used by client,
– names of remote host, and server
• ServletInputStream for data transfer from client to server using HTTP POST and PUT
• HttpServletRequest access HTTP header info
ServletRequest Interface
public abstract int getContentLength() public abstract String getContentType()
public abstract String getProtocol() public abstract String getScheme()
public abstract String getServerName() public abstract int getServerPort() public abstract String getRemoteAddr() public abstract String getRemoteHost()
public abstract String getParameter(String name) public abstract String[] getParameterValues(String name) public abstract Enumeration getParameterNames() public abstract Object getAttribute(String name)
HttpServletRequest Interface
public String getMethod()public String getRequestURI()
public Enumeration getHeaderNames()public String getHeader(String name)public int getIntHeader(String name)public long getDateHeader(String name)
public Cookie[] getCookies()public HttpSession getSession(boolean create)public String getRequestedSessionId()public boolean isRequestedSessionIdValid()public boolean isRequestedSessionIdFromCookie()public boolean isRequestedSessionIdFromUrl()
ServletResponse Interface
• Methods for replying to client
• Set content length and MIME type of reply
• ServletOutputStream and a Writer to send data
• HttpServletResponse protocol specific
ServletResponse Interface
public void setContentLength(int len)public void setContentType(String type)
public ServletOutputStream getOutputStream() throws IOException
public PrintWriter getWriter() throws IOExceptionpublic String getCharacterEncoding()
HttpServletResponse Interface
public void sendError(int sc, String msg) throws IOExceptionpublic void sendError(int sc) throws IOExceptionpublic void setStatus(int sc, String sm)public void setStatus(int sc)
public boolean containsHeader(String name)public void setHeader(String name,String value)public void setIntHeader(String name, int value)public void setDateHeader(String name, long date)
public void sendRedirect(String location) throws IOException
public void addCookie(Cookie cookie)public String encodeUrl(String url)public String encodeRedirectUrl(String url)
HTTP Specifics
• MIME: Multipurpose Internet Mail Extension to identify file type
• GET/POST/PUT: Ways that browser sends form data to the server
• Persistent Sessions
• Cookies
public class SimpleServlet extends HttpServlet {
/** * Handle the HTTP GET method by building a simple web page. */
public void doGet (HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
PrintWriter out; String title = "Simple Servlet Output";
// set content type and other response header fields first response.setContentType("text/html");
// then write the data of the response out = response.getWriter();
out.println("<HTML><HEAD><TITLE>"); out.println(title); out.println("</TITLE></HEAD><BODY>"); out.println("<H1>" + title + "</H1>"); out.println("<P>This is output from SimpleServlet."); out.println("</BODY></HTML>"); out.close(); }
}
You Do The Following• Subclass HttpServlet• Override doGet()• User Request encapsulated in HttpServletRequest object
• Response encapsulated in HttpServletResponse object
• Use output stream from HttpServletResponse
Interacting with Clients
• Requests and Responses
• Header Data
• Get Requests
• Post Requests
• Threading
• Servlet Descriptions
• Handle requests through service method (calls doGet())
• HttpServletRequest Objects– getParameter returns value of named parameter
– getParameterValues if more than one value
– getParameterNames for names of parameters
– getQueryString for HTTP GET returns string of raw data from client. Must parse.
– HTTP POST, PUT, DELETE Requests• Text: getReader returns BufferedReader• Binary: getInputStream returns
ServletInputStream
• HttpServletResponse Object– getWriter returns a Writer for text
– getOutputStream returns ServletOutputStream for binary
– Set header data before above IO set
– setContentType in header
Response Type
• Response type does not have to be a text
• You can, for example, setContent(“image/gif”)
and send a stream of bits of an image
• You can also return an HTML form that calls your servlet again as a response to a user action
An Example
<HTML><HEAD><TITLE>Introductions</TITLE></HEAD><BODY><FORM METHOD=GET ACTION="/servlet/Hello">
If you don't mind me asking, what is your name?<INPUT TYPE=TEXT NAME="name"><P><INPUT TYPE=SUBMIT></FORM></BODY></HTML>
import java.io.*;import javax.servlet.*;import javax.servlet.http.*;
public class Hello extends HttpServlet {
public void doPost(HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException {
doGet(req, res);}
public void doGet(HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException {
// Set the Content-Type header res.setContentType("text/html");
// Return early if this is a HEAD if (req.getMethod().equals("HEAD")) return;
// Proceed otherwise PrintWriter out = res.getWriter(); String name = req.getParameter("name"); out.println("<HTML>"); out.println("<HEAD><TITLE>Hello, " + name +
"</TITLE></HEAD>"); out.println("<BODY>"); out.println("Hello, " + name); out.println("</BODY></HTML>"); }}
Using the <SERVLET> Tag
• It is a server-side tag that is written in the HTML document
• The web server is configured to replace the tag with the output from the invoked servlet
• Many times, for servlets to recognize such files, they are files that end with “.shtml”
<HTML><HEAD><title>Mountain View Public Access Bank Account Query
Service</title></HEAD><BODY><h1>Bank Server</h1><hr><form action="/Bank/SecondPage.shtml" method="GET">Which account do you want to find out about ?<input type="text" name="Person"><input type="submit" value="Send"></form><hr><small>All information subject to change without notice
and probably quite inaccurate.</small></BODY></HTML>
The Servlet is not invoked directly
<HTML><HEAD><title>Mountain View Public Access Bank Account
Query Service</title></HEAD><BODY><h1>Bank Server</h1><hr><SERVLET CODE = bank.servlets.AccountSummary><PARAM NAME = "DriverName" VALUE =
"sun.jdbc.odbc.JdbcOdbcDriver"><PARAM NAME = "DatabaseURL" VALUE =
"jdbc:odbc:AccountsDatabase"><PARAM NAME = "Account" VALUE = "SYSDBA" ><PARAM NAME = "Password" VALUE = "masterkey">Your server doesn't support the servlet tag. </SERVLET> <hr>
<SERVLET CODE = bank.servlets.AccountTransactions><PARAM NAME = "DriverName" VALUE =
"sun.jdbc.odbc.JdbcOdbcDriver"><PARAM NAME = "DatabaseURL" VALUE =
"jdbc:odbc:AccountsDatabase"><PARAM NAME = "Account" VALUE = "SYSDBA" ><PARAM NAME = "Password" VALUE = "masterkey">Your server doesn't support the servlet tag. </SERVLET><form action="/Bank/SecondPage.shtml" method="GET">Which account do you want to find out about ?<input type="text" name="Person"><input type="submit" value="Send"></form> <hr><small>All information subject to change without notice
and probably quite inaccurate.</small></BODY></HTML> SecondPage.shtml
public abstract class BankAccountSSIRoot extends HttpServlet { public void doPost(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
_driverName = request.getParameter("DriverName"); _databaseURL = request.getParameter("DatabaseURL"); _account = request.getParameter("Account"); _password = request.getParameter("Password"); PrintWriter output; try { output = new PrintWriter(response.getOutputStream(), true); } catch (Exception e){ log("Couldn't get Printwriter for request"); return; } String person = request.getParameter("Person"); if (null==person){ logError(output, "Please enter a person's name"); } else{ printAccountData(person, output); } return; }
Servlet can’t tell the difference between SERVLET tag parameters and form parameters
Class.forName(_driverName); return DriverManager.getConnection(
_databaseURL,_account, _password);
Servlets Package in UML
HttpUtils
Object
HttpSessionBindingListener
HttpSessionContextHttpSession
0..*
0..*
0..*
0..*
11..*
HttpServletResponse
Cookie 10..*
HttpServletRequest
1
0..*
1
1
1
11
0..*1
0..*
0..*
0..*
0..*
0..*
1..* 1
1
1
ServletConfig
HttpServlet
1
1
1
1
GenericServlet ServletContext1
1
Second Lecture
A Search Engine Choice Example
• Taken from a tutorial by Marty Hall
• http://www.apl.jhu.edu/~hall/java/Servlet-Tutorial/
• SearchEngines.java
• SearchSpec.java
• SearchEngines.html
Servlet Life Cycle
• No main() method!
• Server loads and initializes servlet
• servlet handles client requests
• server removes servlet
• Servlet can remain loaded to handle additional requests
• Incur startup costs only once
Life Cycle Schema
Starting and Destroying Servlets
• Initialization: – Servlet’s init(ServletConfig) method– Create I/O to intensive resources (database)– Initialization parameters are server specific– Seen in servletrunner properties file
• Destroying: – destroy() method– make sure all service threads complete
ServletConfig
• When a servlet is created, it can have a set of initialization parameters (just like applets or command line args to an application)– How these parameters are set is web-server
specific (you need to configure the web server)
• ServletConfig lets the Servlet get at this initial configuration information
public ServletContext getServletContext()public String getInitParameter(String name)public Enumeration getInitParameterNames()
package database;
import java.io.*;import javax.servlet.*;
/** * This is a simple example of a Generic Servlet. Other servlets * call its public methods; it does not accept calls from clients. */public class BookDBServlet extends GenericServlet {
private BookstoreDB books;
public void init(ServletConfig config) throws ServletException { // Store the ServletConfig object and log the initialization super.init(config);
// Load the database to prepare for requests books = new BookstoreDB(); }
public void destroy() { // Allow the database to be garbage collected books = null; }
public void service(ServletRequest req, ServletResponse res)throws ServletException, IOException {
throw new UnavailableException( this, "This servlet does not accept client requests."); }
public BookDetails getBookDetails(String bookId) { return books.getBookDetails(bookId); }
public BookDetails[] getBooksSortedByTitle() { return books.getBooksSortedByTitle(); }
public int getNumberOfBooks() { return books.getNumberOfBooks(); }
public String getServletInfo() { return "The BookDB servlet manages the bookstore database. " + "It is called by other servlets, not directly by a user."; }}
Servlet Threads
• Applying a service method for each client request• The server usually only calls destroy() after all
service threads complete• Need to keep track of threads currently running• Wait for long-running threads to complete• Have long-running threads poll for shutdown
Example – Counting Threadspublic ShutdownExample extends HttpServlet { private int serviceCounter = 0; ... //Access methods for serviceCounter protected synchronized void enteringServiceMethod()
{serviceCounter++;
} protected synchronized void leavingServiceMethod()
{serviceCounter--;
} protected synchronized int numServices() {
return serviceCounter; }}
Maintaining the Count
protected void service(HttpServletRequest req, HttpServletResponse
resp) throws ServletException, IOException
{enteringServiceMethod();
try { super.service(req, resp); } finally { leavingServiceMethod(); }}
Notifying a Shutdown
public ShutdownExample extends HttpServlet { private boolean shuttingDown; ... //Access methods for shuttingDown protected setShuttingDown(boolean flag) {
shuttingDown = flag; } protected boolean isShuttingDown() {
return shuttingDown; }}
A Destroy Example
public void destroy() {
/* Check to see whether there are still * service methods running, * and if there are, tell them to stop. */ if (numServices() > 0) { setShuttingDown(true);
}
/* Wait for the service methods to stop. */ while(numServices() > 0) {
try { Thread.sleep(interval); } catch (InterruptedException e) {} } }
“Listening” to a Shutdown
public void doPost(...) { ...
for(i = 0; ((i < numberOfThingsToDo) && !isShuttingDown()); i++) {
try {partOfLongRunningOperation(i);
} catch (InterruptedException e) {} } }
SingelThreadModel
• SingleThreadModel is a marker interface– No methods
– Tells servlet engines about lifecycle expectations
• Ensure that no two threads will execute concurrently the service method of that servlet
• This is guaranteed by maintaining a pool of servlet instances for each such servlet, and dispatching each service call to a free servlet
SingleThreadModel
• SingleThreadModel let you break servlet functionality into multiple methods
• Can rely on “instance state” being uncorrupted by other requests
• Can’t rely on singletons (static members) or persistent instance state between connections– The same client making the same request, can get
different instances of your servlet
Servlets Chaining
• Servlets cooperate to create content• Multiple servlets in a chain
– request parameters supplied to first servlet– output piped to successive servlets– last servlet in chain sends output to client
• Two ways to direct server to use chains:– configure server to handle certain URLs with
explicitly-specified chains– configure server to direct certain content types to
specific servlets before output
Example – Removing blink Tags
import java.io.*;import javax.servlet.*;import javax.servlet.http.*;public class Deblink extends HttpServlet{
public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException{
// get the incoming typeString contentType = req.getContentType();// nothing incoming, nothing to doif (contentType == null) return;// set outgoing type to be incoming typeres.setContentType(contentType);
PrintWriter out = res.getWriter();
BufferedReader in = req.getReader();
String line = null;
while ((line = in.readLine()) != null)
{
line = replace(line, ”<BLINK>", "");
line = replace(line, ”</BLINK>", "");
out.println(line);
}
} // end doGet()
public void doPost(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException
{
doGet(req, res);
} // end doPost()
private String replace(String line, String oldString, String newString)
{
int index = 0;
while ((index = line.indexOf(oldString, index)) = 0)
{
// Replace the old string with the new string // (inefficiently)
line = line.substring(0, index)
+ newString
+ line.substring(index
+ oldString.length());
index += newString.length();
}
return line;
} // end replace()
} // end Deblink
Servlet Chaining Can be Used to
• Quickly change appearance of a page, group of pages, or type of content– suppress <BLINK> tags
– translate into a different language
• Display section of page in special format– <SQL> tag - print results of query
• Support obscure data types– serve up unsupported image formats as GIF or JPEG
Session Tracking
• HTTP is a stateless protocol– many web applications (i.e. shopping carts) are not
– need to keep track of each user’s state (i.e. items in the shopping cart)
• Common techniques– user authorization
– hidden form fields
– URL rewriting
– persistent cookies
Hidden Form Fields
• Hidden fields are just another type of input tag for a form
• The receiving web server can’t tell the difference between a user entered value and a hidden form field value
<INPUT TYPE = hidden NAME = “DefaultBGColor”VALUE = “Green” >
URL Encoding
• Basically, a way to store lots of name value pairs as arguments after a URL– End result is a url that looks like a “GET” URL
• If you want to embed a link in a response, and want the link to reflect the session-id, use either (from HttpServletResponse)
• These encode the session id as ?name=value on the end of the url
public String encodeUrl(String url)public String encodeRedirectUrl(String url)
Tracking with HttpSession
• Servlets have built-in session tracking• Every user has a HttpSession object
– store and retrieve user information
• i.e. shopping cart contents, database connections
• Retrieve the user’s session:public HttpSession HttpServletRequest.getSession (boolean create)
– if the user has no valid session,
• a new one is created if create is true; • null is returned if create is false
Session Tracking API
• Add data to a sessionpublic void HttpSession.putValue(String name,
Object value)
– value must implement Serializable interface– replaces any object that is bound in the session
with the same name
• Retrieve data from a sessionpublic Object HttpSession.getValue(String name)
– returns null if no object is bound to the name
More on Tracking API
• Retrieve the name of all session objectspublic String[] HttpSession.getValueNames()
– returns an empty array if no bindings
• Remove a value from the sessionpublic void HttpSession.removeValue(String name)
– does nothing if no object is bound
• These methods throw an IllegalStateException if the session is invalid
Hit Count using Session Trackingimport java.io.*;import javax.servlet.*;import javax.servlet.http.*;public class SessionTracker extends HttpServlet{
public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException
{res.setContentType("text/html");PrintWriter out = res.getWriter();
HttpSession session = req.getSession(true);
Integer count = (Integer)session.getValue("tracker.count");
if (count == null)count = new Integer(1);
else count = new Integer(count.intValue() + 1);
Hit Count using Session Trackingsession.putValue("tracker.count", count); out.println("<HTML><HEAD><TITLE>SessionTracker</TITLE></HEAD>");
out.println("<BODY><H1>Session Tracking Demo</H1>");
out.println("You've visited this page " + count + ((count.intValue() == 1) ? " time." : " times."));
out.println("<P>");
out.println("<H2>Here is your session data:</H2>");String[] names = session.getValueNames();for (int i = 0; i < names.length; i++){out.println(names[i] + ": " + session.getValue(names[i]) + "<BR>");
}out.println("</BODY></HTML>");
}}
Cookies
• Usages:– Identifying a user during an e-commerce (or
other) session– Avoiding user-name and password– Customizing a site– Focusing advartising
Cookies• Cookies are state information that gets passed
back and forth between the web server and browser in HTTP headers– A response header
– A request header
• You create cookies and then add them to the HttpServletResponse (or get them from the HttpServletRequest)
Set-Cookie: NAME=VALUE; expires=DATE; path=PATH; domain=DOMAIN_NAME; secure
Cookie: NAME=VALUE; NAME2=VALUE2; NAME3=VALUE3...
public void addCookie(Cookie cookie) public Cookie[] getCookies()
Limitations on Cookies
• Must be set before any HMTL is generated. – Neither servlets embedded using the SERVLET tag,
nor chained servlets, can set a cookie
– They can still access cookie values
• Name isn’t unique– Uniqueness enforced on (Name, Domain, Path)
• Most applicable cookie of each name (best match) is returned
• Only name, value, and version are returned
More Limitations
• Limited to 20 cookies per server/ domain
• Limited to 300 cookies per user
• A 4KB size limit per cooky
• Cookies expire:
A Lasting Cookyimport javax.servlet.http.*;public class LongLivedCookie extends
Cookie { public static final int SECONDS_PER_YEAR =
60*60*24*365; public LongLivedCookie(String name, String
value) { super(name, value); setMaxAge(SECONDS_PER_YEAR); }
}
javax.servlet.Http.Cookie
public void setComment(String purpose)public void setDomain(String pattern)public void setMaxAge(int expiry)public void setPath(String uri)public void setSecure(boolean flag)public void setValue(String newValue)public void setVersion(int v)public String getValue()public int getVersion()public String getName()
public String getComment()public String getPath()public int getMaxAge()public String getDomain()public boolean getSecure()
Pointless to call these because browser doesn’t send them
Comment is used if client individually approves cookies
Secure means, practically, “only send if SSL is being used”
Note that you can’t change a cookies name
Cookie Defaults
• Max Age – if not set, cookie will expire when browser is closed
• Domain/Path – together, they specify where the cookie is valid – A cookie created in response to the request
defaults to http://www.cs.huji.ac.il/~dbi/home/index.html
domain: www.cs.huji.ac.il/path: ~dbi/home/
Note that
• Cookies do not pose a security threat
• They do pose a privacy threat
Servlet Communication
• To service a request, the servlet may need to get resources from:– databases– other servlets – HTML pages (or other files)– objects shared among servlets at the same
server– and so on
Getting a Resource
• There are two ways to get a resource:– With a HTTP request– Using a RequestDispatcher object
Getting a Request Dispatcherpublic class BookStoreServlet extends HttpServlet {
public void service (HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
// Get the dispatcher; it gets the main page to the user
RequestDispatcher dispatcher = getServletContext().getRequestDispatcher( "/bookstore/bookstore.html"); ...
} }
Resources that are not Available
• To deal with resources that are not available you should do:
if (dispatcher == null) { // No dispatcher means the html file can not be
delivered response.sendError(response.SC_NO_CONTENT);
}
Forwarding Requestpublic class BookStoreServlet extends HttpServlet {
public void service (HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
... // Get or start a new session for this user HttpSession session = request.getSession(); // Send the user the bookstore's opening
page dispatcher.forward(request, response);
... }
}
Include
• Forwarding a request cannot be used to service requests partially
• We should use include() of resources
ServletContext
• For sharing resources among servlets, we use ServletContext
– Server-specific attributes (name-value pairs, much like System.properties) and server configuration information
– Ability to find other servlets
public Servlet getServlet(String name) throws ServletException
public Enumeration getServlets()public Enumeration getServletNames()
public void log(String msg)public void log(Exception exception, String msg)
public String getRealPath(String path)public String getMimeType(String file)public String getServerInfo()
public Object getAttribute(String name)public void setAttribute(String name,
Object object)public void removeAttribute(string name)public Enumeration getAttributeNames();
public class CatalogServlet extends HttpServlet { public void init() throws ServletException { BookDBFrontEnd bookDBFrontEnd =
... if (bookDBFrontEnd == null) {
getServletContext().setAttribute( "examples.bookstore.database.
BookDBFrontEnd",
BookDBFrontEnd.instance()); }
} ...
}
With getAttribute() the values are taken and used by otherservlets
Servers
• JavaServer Web Development Kit (JSWDK) – By Sun
– the official reference implementation of the servlet 2.1 and JSP 1.0 specifications
• Tomcat– By Apache
– Tomcat is the official reference implementation of the servlet 2.2 and JSP 1.1 specifications
Tomcat
• Configuring:– A file “web.xml” (called Web application
deployment descriptor) holds the configuration information
– There are •<servlet> and •<servlet-mapping>
elements in the file
The <servlet> Element
• The Servlet Element– establishes a mapping between a servlet name and the
fully-qualified name of the servlet class:
<servlet>
<servlet-name>catalog</servlet-name>
<servlet-class>CatalogServlet</servlet-class>
</servlet>
Determining the Servlet
• When a request is received by Tomcat it must determine which servlet should handle it
• You designate that certain paths (called aliases) map to a specific servlet with the servlet-mapping element
The Mapping of URLs And Servlets
• A context root is a path that gets mapped to the document root of the servlet application
• If your application's context root is /bookstore, then a request URL such as http://hostname:8000/bookstore/catalog will send the request to the servlet named catalog within the bookstore context
Example
<servlet-mapping>
<servlet-name>
catalog
</servlet-name>
<url-pattern>
/catalog
</url-pattern>
</servlet-mapping>
Start-up File
• The server startup file is TOMCAT_HOME/conf/server.xml
• It holds configuration information– Server host (default localhost)– server port (default 8080)– etc
Calling Servlets From a Browser
• Context-root corresponds to the subdirectory of TOMCAT_HOME/webapps where you have installed your application
• Servlet-name corresponds to the name you have given your servlet
http://machine-name:port/Context-root/Servlet-name
Online Bookstore
package cart;
import java.util.*;import database.BookDetails;
public class ShoppingCart { Hashtable items = null; int numberOfItems = 0;
public ShoppingCart() { items = new Hashtable(); }
public void add(String bookId, BookDetails book) { if(items.containsKey(bookId)) { ShoppingCartItem scitem = (ShoppingCartItem)items.get(bookId); scitem.incrementQuantity(); } else { ShoppingCartItem newItem = new ShoppingCartItem(book); items.put(bookId, newItem); }
numberOfItems++; }
public void remove(String bookId) { if(items.containsKey(bookId)) { ShoppingCartItem scitem = (ShoppingCartItem)items.get(bookId); scitem.decrementQuantity();
if(scitem.getQuantity() <= 0) items.remove(bookId);
numberOfItems--; } }
public Enumeration getItems() { return items.elements(); }
protected void finalize() throws Throwable { items.clear(); }
public int getNumberOfItems() { return numberOfItems; }
public void clear() { items.clear(); numberOfItems = 0; }}
package cart;
public class ShoppingCartItem { Object item; int quantity;
public ShoppingCartItem(Object anItem) { item = anItem; quantity = 1; }
public void incrementQuantity() { quantity++; }
public void decrementQuantity() { quantity--; }
public Object getItem() { return item; }
public int getQuantity() { return quantity; }}
package database;
public class BookDetails { private String bookId = null; private String title = null; private String firstName = null; private String surname = null; private float price = 0.0F; private int year = 0; private String description = null;
public BookDetails(String bookId, String surname, String firstName, String title, float price, int year, String description) { this.bookId = bookId; this.title = title; this.firstName = firstName; this.surname = surname; this.price = price; this.year = year; this.description = description; }
public String getTitle() { return title; }
public float getPrice() { return price; }
public int getYear() { return year; }
public String getDescription() { return description; }
public String getBookId() { return this.bookId; }
public String getFirstName() { return this.firstName; }
public String getSurname() { return this.surname; }}
package database;
import java.util.*;
/** * Sets up the database with the appropriate things for our bookstore. */
class BookStoreDB {
/* The database hashtable and dbByTitle vector are filled with * 10 objects of type BookDetails. The hashtable is pretending to * be a database; the vector is pretending to be a view of the * database. */ private Hashtable database; private BookDetails[] dbByTitle; private final int numberOfBooks = 10;
public BookStoreDB () { BookDetails book; database = new Hashtable(); dbByTitle = new BookDetails[numberOfBooks];
book = new BookDetails("201", "Duke", "", "My Early Years: Growing up on *7", (float)10.75, 1995, "What a cool book"); database.put(new Integer(201), book); dbByTitle[5] = book;
book = new BookDetails("202", "Jeeves", "", "Web Servers for Fun and Profit", (float)10.75, 1996, "What a cool book"); database.put(new Integer(202), book); dbByTitle[8] = book;
book = new BookDetails("203", "Masterson", "Webster", "Servlets: A Web Developers Dream Come True", (float)17.75, 1995, "What a cool book"); database.put(new Integer(203), book); dbByTitle[7] = book;
book = new BookDetails("204", "RealGood", "Coad", "Moving from C++ to the Java(tm) ProgrammingLanguage", (float)10.75, 1996, "What a cool book"); database.put(new Integer(204), book); dbByTitle[4] = book;
book = new BookDetails("205", "Novation", "Kevin", "From Oak to Java: The Revolution of a Language", (float)10.75, 1998, "What a cool book"); database.put(new Integer(205), book); dbByTitle[1] = book;
book = new BookDetails("206", "Gosling", "James", "Oak Intermediate Bytecodes", (float)10.75, 1998, "What a cool book"); database.put(new Integer(206), book); dbByTitle[6] = book;
book = new BookDetails("207", "Thrilled", "Ben", "The Green Project: Programming for ConsumerDevices", (float)10.75, 1998, "What a cool book"); database.put(new Integer(207), book); dbByTitle[2] = book;
book = new BookDetails("208", "Duke", "", "100% Pure: Making Cross Platform Deployment aReality", (float)10.75, 1998, "What a cool book"); database.put(new Integer(208), book); dbByTitle[9] = book;
book = new BookDetails("209", "Tru", "Itzal", "Duke: A Biography of the Java Evangelist", (float)10.75, 1998, "What a cool book"); database.put(new Integer(209), book); dbByTitle[0] = book;
book = new BookDetails("210", "Sidence", "Cohen", "I Think Not: Duke's Likeness to the FederationInsignia", (float)10.75, 1998, "What a cool book"); database.put(new Integer(210), book); dbByTitle[3] = book; }
BookDetails getBookDetails(String bookId) { Integer key = new Integer(bookId);
return (BookDetails)database.get(key); }
BookDetails[] getBooksSortedByTitle() { return dbByTitle; }
package database;
import java.io.*;
/** * Object that gets information from the Duke's Bookstore database. */public class BookDBFrontEnd {
private BookStoreDB books; private static BookDBFrontEnd onlyInstance = null;
/* Private no-args constructor */ private BookDBFrontEnd() { init(); }
/** Static factory method that makes a single instance of this * class. */ public static BookDBFrontEnd instance () { if (onlyInstance == null) onlyInstance = new BookDBFrontEnd();
return onlyInstance; }
/** Initialize the book database, and store it in this. */ public void init() { // Load the database to prepare for requests books = new BookStoreDB(); }
/** Set the database to null so that it can be garbage collected. */ public void destroy() { books = null; }
/** Return information about the book associated with the given * book identifier. */ public BookDetails getBookDetails(String bookId) { return books.getBookDetails(bookId); }
/** Return information about all the books in the bookstore. * Sort the books into alphabetical order using their title * as the key. */ public BookDetails[] getBooksSortedByTitle() { return books.getBooksSortedByTitle(); }
/** Return the number of books in the bookstore database. */ public int getNumberOfBooks() { return books.getNumberOfBooks(); }}
Handling Get Requests
import java.io.*;import javax.servlet.*;import javax.servlet.http.*;import database.*;import cart.*;
/** * This is a simple example of an HTTP Servlet. It responds to the GET * and HEAD methods of the HTTP protocol. This servlet calls other * servlets. */public class BookDetailServlet extends HttpServlet {
//Get Servlet specific configuration information public void init() throws ServletException { //getServletContext() retrieves information about servlet engine
//getAttribute() returns servlet engine attribute with given nameBookDBFrontEnd bookDBFrontEnd =
(BookDBFrontEnd)getServletContext().getAttribute( "examples.bookstore.database.BookDBFrontEnd");
if (bookDBFrontEnd == null) { getServletContext().setAttribute( "examples.bookstore.database.BookDBFrontEnd", BookDBFrontEnd.instance()); } }
public void doGet (HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // Get the user's session and shopping cart HttpSession session = request.getSession(true); ShoppingCart cart = (ShoppingCart)session.getValue(session.getId());
// If the user has no cart, create a new one if (cart == null) { cart = new ShoppingCart(); session.putValue(session.getId(), cart); }
// set content-type header before accessing the Writer response.setContentType("text/html"); PrintWriter out = response.getWriter();
// then write the response out.println("<html>" + "<head><title>Book Description</title></head>" +
"<body bgcolor=\"#FFFFFF\">" + "<center>" + "<hr> <br> " + "<h1>" + "<font size=\"+3\" color=\"red\">Duke's </font>" + "<font size=\"+3\"color=\"purple\">Bookstore</font>" + "</h1>" + "</center>" + "<br> <hr> <br> ");
//Get the identifier of the book to display String bookId = request.getParameter("bookId"); if (bookId != null) {
// and the information about the book BookDBFrontEnd frontEnd = (BookDBFrontEnd)getServletContext().getAttribute( "examples.bookstore.database.BookDBFrontEnd"); BookDetails bd = frontEnd.getBookDetails(bookId);
//Print out the information obtained out.println("<h2>" + bd.getTitle() + "</h2>" +
" By <em>" + bd.getFirstName() + ", " + bd.getSurname() + "</em> " + "(" + bd.getYear() + ")<br> <br>" +
"<h4>Here's what the critics say: </h4>" + "<blockquote>" + bd.getDescription() + "</blockquote>" +
"<h4>Our price: $" + bd.getPrice() + "</h4>" +
"<center>" + "<p><a href=\"" + "/servlet/catalog?Buy=" + bookId + "\"> Add this item to your shoppingcart.</a></p>" + "</center>"); } out.println("</body></html>"); out.close(); }
public String getServletInfo() { return "The BookDetail servlet returns information about" + "any book that is available from the bookstore."; }}
Handling Post Requests
import java.io.*;import javax.servlet.*;import javax.servlet.http.*;import cart.ShoppingCart;
/** * An HTTP servlet that responds to the POST method of the HTTPprotocol. * It clears the shopping cart, thanks the user for the order, * and resets the page to the BookStore's main page. */
public class ReceiptServlet extends HttpServlet {
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException { // Get the user's session and shopping cart HttpSession session = request.getSession(true); ShoppingCart cart = (ShoppingCart)session.getValue(session.getId());
// If the user has no cart, create a new one if (cart == null) { cart = new ShoppingCart(); session.putValue(session.getId(), cart); }
// Payment received -- invalidate the session session.invalidate();
// set content type header before accessing the Writer response.setContentType("text/html"); PrintWriter out = response.getWriter();
// then write the response out.println("<html>" + "<head><title> Receipt </title>" + "<meta http-equiv=\"refresh\" content=\"4; url=" + "http://" + request.getHeader("Host") + "/servlet/bookstore;\">" + "</head>" +
"<body bgcolor=\"#FFFFFF\">" + "<center>" + "<hr> <br> " + "<h1>" + "<font size=\"+3\" color=\"red\">Duke's </font>" + "<font size=\"+3\"color=\"purple\">Bookstore</font>" + "</h1>" + "</center>" + "<br> <hr> <br> ");
out.println("<h3>Thank you for purchasing your books from us "+ request.getParameter("cardname") + "<p>Please shop with us again soon!</h3>" +
"<p><i>This page automatically resets.</i>" +
"</body></html>"); out.close(); }
public String getServletInfo() { return "The Receipt servlet clears the shopping cart, " + "thanks the user for the order, and resets the " + "page to the BookStore's main page."; }}
Servlet Descriptions
• To allow server to display information about servlet
• getServletInfo
public class BookStoreServlet extends HttpServlet { ... public String getServletInfo() {
return "The BookStore servlet returns the " + "main web page for Duke's Bookstore.";
} }