unit-3 wt notes

8/12/2019 Unit-3 Wt Notes

1/31

UNIT III

Host Objects : Browsers and the DOM-Introduction to the Document Object Model DOM Historyand Le els-Intrinsic ! ent Handlin"-Modi#yin" !lement $tyle-The Document Tree-DOM ! entHandlin"-%ccommodatin" Noncom&liant Browsers 'ro&erties o# window-(ase $tudy) $er er-$ide'ro"rammin": *a a $er lets- %rchitecture -O er iew-% $er elet-+eneratin" Dynamic (ontent-Li#e(ycle- 'arameter Data-$essions-(oo,ies- U L ewritin"-Other (a&abilities-Data $tora"e $er lets

and (oncurrency-(ase $tudy- elated Technolo"ies)

Document Object Model:

Introduction:

The Document Object Model is a &lat#orm- and lan"ua"e-neutral inter#ace that will allow &ro"ramsand scri&ts to dynamically access and u&date the content. structure and style o# documents)

/hen we see a document usin" a browser. DOM &resents documents as a hierarchy o# HTML or0ML objects in the document) This hierarchy structure ma,es it &ossible #or &ro"rammers or

browsers to access and delete. add. or edit their content. attributes and style)

The DOM ma,es it &ossible #or &ro"rammers to write a&&lications which wor, &ro&erly on all browsers and ser ers and on all &lat#orms)

/hat is DOM1

The DOM is a /2( 3/orld /ide /eb (onsortium4 standard)

The DOM de#ines a standard #or accessin" documents li,e 0ML and HTML:

5The /2( Document Object Model 3DOM4 is a &lat#orm and lan"ua"e-neutral inter#ace that allows &ro"rams and scri&ts to dynamically access and u&date the content. structure. and style o# adocument)5

The DOM is se&arated into 2 di##erent &arts 6 le els:

(ore DOM - standard model #or any structured document 0ML DOM - standard model #or 0ML documents

HTML DOM - standard model #or HTML documents


2/31

DOM History

The DOM ori"inated as a s&eci#ication to allow *a a$cri&t scri&ts and *a a &ro"rams to be

&ortable amon" /eb browsers)

5Dynamic HTML5 was the immediate ancestor o# the Document Object Model. and it wasori"inally thou"ht o# lar"ely in terms o# browsers)

Howe er. when the DOM /or,in" +rou& was #ormed at /2(. it was also joined by endors

in other domains. includin" HTML or 0ML editors and document re&ositories)

$e eral o# these endors had wor,ed with $+ML be#ore 0ML was de elo&ed7 as a result. the

DOM has been in#luenced by $+ML +ro es and the HyTime standard)

$ome o# these endors had also de elo&ed their own object models #or documents in order to

&ro ide an %'I #or $+ML60ML editors or document re&ositories. and these object models ha e alsoin#luenced the DOM)

The /orld /ide /eb (onsortium 3/2(4 de elo&ed the /2( Document Obeject Model in

res&onse to the de elo&ment o# arious &ro&rietary models #or HTML. &articularly those used in

/eb Browsers)

/2( be"an de elo&ment o# the DOM in mid-899 s) %lthou"h the /2( ne er &roduced a

s&eci#ication #or DOM . it was nonetheless a &artially documented model and was included in the

s&eci#ication o# HTML;) By October 899uired ando&tional modules)

To claim to su&&ort a le el. an a&&lication must im&lement all the re>uirements o# the

claimed le el and le els below it) %s o# = ?. Le el 8. Le el =. and some modules o# Le el 2 are

/2( ecommendations which means they ha e reached their #inal #orm)


3/31

DOM Le el 8 $&eci#ications

Document Object Model Le el 8 is a &lat#orm- and lan"ua"e-neutral inter#ace that allows

&ro"rams and scri&ts to dynamically access and u&date the content. structure and style o# documents)

The Document Object Model &ro ides a standard set o# objects #or re&resentin" HTML and0ML documents. a standard model o# how these objects can be combined. and a standard inter#ace

#or accessin" and mani&ulatin" them)

@endors can su&&ort the DOM as an inter#ace to their &ro&rietary data structures and %'Is.

and content authors can write to the standard DOM inter#aces rather than &roduct-s&eci#ic %'Is. thus

increasin" intero&erability on the /eb)

The "oal o# the DOM s&eci#ication is to de#ine a &ro"rammatic inter#ace #or 0ML and

HTML)

The DOM Le el 8 s&eci#ication is se&arated into two &arts:

(ore and HTML )

The (ore DOM Le el 8 section &ro ides a low-le el set o# #undamental inter#aces that can

re&resent any structured document. as well as de#inin" eAtended inter#aces #or re&resentin" an 0ML

document)

These eAtended 0ML inter#aces need not be im&lemented by a DOM im&lementation that

only &ro ides access to HTML documents7 all o# the #undamental inter#aces in the (ore section must

be im&lemented)

% com&liant DOM im&lementation that im&lements the eAtended 0ML inter#aces is re>uired

to also im&lement the #undamental (ore inter#aces. but not the HTML inter#aces)

The HTML Le el 8 section &ro ides additional. hi"her-le el inter#aces that are used with the

#undamental inter#aces de#ined in the (ore Le el 8 section to &ro ide a more con enient iew o# an

HTML document)

% com&liant im&lementation o# the HTML DOM im&lements all o# the #undamental (ore

inter#aces as well as the HTML inter#aces)


4/31

DOM Le el = $&eci#ications

The Document Object Model Le el = s&eci#ication re#lects cross-industry a"reement on a

standard %'I 3%&&lications 'ro"rammin" Inter#ace4 #or mani&ulatin" documents and data throu"h a

&ro"rammin" lan"ua"e 3such as *a a4)

(reated and de elo&ed by the /2( Document Object Model 3DOM4 /or,in" +rou&. this

s&eci#ication eAtends the &lat#orm- and lan"ua"e-neutral inter#ace to access and u&date dynamically

a document s content. structure. and style #irst described by the DOM Le el 8 ecommendation)

The DOM Le el = &ro ides a standard set o# objects #or re&resentin" !Atensible Mar,u&

Lan"ua"e 30ML4 documents and data. includin" names&ace su&&ort. a style sheet &lat#orm which

adds su&&ort #or ($$ 8 and =. a standard model o# how these objects may be combined. and a

standard inter#ace #or accessin" and mani&ulatin" them)

DOM Le el 8 was desi"ned #or HTML ;) and 0ML 8) ) /ith DOM Le el =. authors can

ta,e #urther ad anta"e o# the eAtensibility o# 0ML)

$im&ly &ut. anywhere you use 0ML. you can now use the DOM to mani&ulate it) The

standard DOM inter#ace ma,es it &ossible to write so#tware 3similar to &lu"-ins4 #or &rocessin"

customiCed ta"-sets in a lan"ua"e- and &lat#orm-inde&endent way)

% standard %'I ma,es it easier to de elo& modules that can be re-used in di##erent

a&&lications) DOM Le el = &ro ides su&&ort #or 0ML names&aces. eAtendin" and im&ro in" the

0ML &lat#orm)

%s more sites mo e to 0ML #or content deli ery. DOM Le el = emer"es as a critical tool #or

de elo&in" dynamic /eb content)

The DOM de#ines a standard %'I that allows authors to write &ro"rams that wor, without

chan"es across tools and browsers #rom di##erent endors)

But beyond this. it &ro ides a uni#orm way to &roduce &ro"rams that wor, across a ariety o#

di##erent de ices. so all may bene#it #rom dynamically "enerated content)


5/31

The DOM Le el = (ascadin" $tyle $heet 3($$4 %'I ma,es it &ossible #or a scri&t author to

access and mani&ulate style in#ormation associated with contents. while &reser in" accessibility)

In web de elo&ment. (ascadin" $tyle $heets 3($$4 is a stylesheet lan"ua"e used to describe

the &resentation o# a document written in a mar,u& lan"ua"e)

Its most common a&&lication is to style web &a"es written in HTML and 0HTML. but the

lan"ua"e can be a&&lied to any ,ind o# 0ML document. includin" $@+ and 0UL)

($$ is used by both the authors and readers o# web &a"es to de#ine colors. #onts. layout. and

other as&ects o# document &resentation)

It is desi"ned &rimarily to enable the se&aration o# document content 3written in HTML or a

similar mar,u& lan"ua"e4 #rom document &resentation 3written in ($$4)

This se&aration can im&ro e content accessibility. &ro ide more #leAibility and control in thes&eci#ication o# &resentational characteristics. and reduce com&leAity and re&etition in the structural

content)

($$ can also allow the same mar,u& &a"e to be &resented in di##erent styles #or di##erent

renderin" methods. such as on-screen. in &rint. by oice 3when read out by a s&eech-based browser

or screen reader4 and on Braille-based. tactile de ices) ($$ s&eci#ies a &riority scheme to determine

which style rules a&&ly i# more than one rule matches a"ainst a &articular element)

In this so-called cascade. &riorities or wei"hts are calculated and assi"ned to rules. so that theresults are &redictable)

DOM Le el 2 $&eci#ications

The Document Object Model ! ents Le el 2. a &lat#orm- and lan"ua"e-neutral inter#ace that

allows &ro"rams and scri&ts to dynamically access and u&date the content. structure and style o#

documents)

The "oal o# the DOM Le el 2 ! ents s&eci#ication is to eA&and u&on the #unctionality

s&eci#ied in the DOM Le el = ! ent $&eci#ication)


6/31

The s&eci#ication does this by addin" new inter#aces which are com&limentary to the

inter#aces de#ined in the DOM Le el = ! ent $&eci#ication as well as addin" new e ent sets to those

already de#ined)

This s&eci#ication re>uires the &re iously desi"ned inter#aces in order to be #unctional) It is

not desi"ned to be standalone)

These inter#aces are not desi"ned to su&ercede the inter#aces already &ro ided but instead to

add to the #unctionality contained within them)

DOM ! ents allow e ent-dri en &ro"rammin" lan"ua"es li,e *a a$cri&t. *$cri&t.

!(M%$cri&t. @B$cri&t and *a a to re"ister arious e ent handlers6listeners on the element nodes

inside a DOM tree. e)") HTML. 0HTML. 0UL and $@+ documents) (ommon6/2( e ents that

can be "enerated by most element nodes:

Mouse e ents

eyboard e ents

HTML #rame6object e ents

HTML #orm e ents

User inter#ace e ents

Mutation e ents 3noti#ication o# any chan"es to the structure o# a document4

DOM Tree

DOM de#ines a lo"ical tree-structure #or an 0ML document) The basic buildin" bloc, o# the

tree-structure is a node)

Nodes are "eneric containers that hold in#ormation about the elements. attributes. content.

comments and &rocessin" instructions that are stored in an 0ML document) %n 0ML document can

be iewed as a sin"le node that contains all the other nodes)


7/31

(onsider the #ollowin" code sni&&et:

EhtmlFEheadFEtitleFThis is $han,arE6titleF

E6headFEbody b"colotGredFEh8F$han,arE6h8FE&FDOM TreeE6&FE6bodyFE6htmlF

This code is re&resented by usin" 0ML DOM. as shown below:

Di##erence between $%0 and DOM-

$%0 is read only . DOM is read and write both) $%0 is #orward only where as DOM can access both was #orward as well as bac,wards)

$%0 is an e ent based &arser. but DOM is not)

$%0 &arses the #ile as it reads where as the DOM loads the #ile into memory to &arse the #ile)

$%0 does not ha e memory constraints where as the DOM has memory constraints as Aml#ile is loaded into the memory to &arse the #ile)


8/31

%d anta"es o# HTML DOM-

obust %'I #or DOM tree) elati ely sim&le to modi#y the data structure and eAtract data )

Disad anta"es o# HTML DOM-

$tores the entire document in memory) %s DOM was written #or any lan"ua"e. method namin" con entions don t #ollow standard

ja a &ro"rammin" con entions

Handling events with the DOM

There are two basic ways o# assi"nin" an e ent handler) The #irst. most used. and certainly obtrusi etechni>ue is embeddin" it directly into the HTML mar,u&. while the second is just includin" thee ent handler within the own &iece o# *a a$cri&t code) De#initely. this last one is the recommendeda&&roach. since it allows us to maintain the HTML and the *a a$cri&t &ieces residin" in di##erentlayers. ma,in" the code much more #leAible and &ortable)

Let s illustrate the #irst a&&roach. insertin" the e ent handler inside its own HTML ta". a&&endin" itas a re"ular attribute:

Ea hre#G5htt&:66www)de articles)com5 titleG5O&ens lin, in a new window5onclic,G5window)o&en3 htt&:66www)de articles)com 47return #alse75F(lic, here #or "reat /ebDe elo&ment articlesE6aF

In the abo e eAam&le. we e embedded the e ent handler alon" with the *a a$cri&t code to beeAecuted) %s we can see. the HTML mar,u& is rather dirty usin" the inline a&&roach) Now. let sim&lement the same #unctionality. this time by insertin" the e ent handler within the *a a$cri&tcode) Li,e this:

Escri&t lan"ua"eG5ja ascri&t5F

o&enLin,G#unction34

ar de lin,Gdocument)"et!lementById3 de lin, 47

de lin,)onclic,G#unction34


9/31

window)o&en3 htt&:66www)de articles)com 47

return #alse7

J

J

window)onloadGo&enLin,7

E6scri&tF

%nd rewritin" the HTML mar,u&. in the #ollowin" manner:

Ea hre#G5htt&:66www)de articles)com5 titleG5O&ens lin, in a new window5 idG5de lin,5F(lic, here#or "reat /eb De elo&ment articlesE6aF

%n eA&lanation is in order here) In this second eAam&le. we e built a com&letely se&arate scri&t.inserted the 5onclic,5 e ent handler within the 5o&enLin,345 #unction. and then eAecuted the scri&twhen the &a"e is loaded 3utiliCin" 5onload5. another e ent handler4) Note how we ha e dynamicallyattached a new #unction to the lin,. without the need o# declarin" the #unction name) Undoubtedly.this last techni>ue is much better and cleaner than the #irst one)

Now we e "ras&ed the "eneral conce&t #or assi"nin" e ent handlers) Ha in" eA&lained the twocon entional ways to assi"n e ent handlers. let s "o one ste& #urther and learn a little more about themanner the DOM handles e ents)

Understanding the DOM event flow: Event Capture and Event Bubble

Detectin" e ents and assi"nin" the &ro&er e ent handlers with the DOM is really astrai"ht#orward &rocess. introducin" a new manner #or doin" this)

/hat s more. the two con entional a&&roaches &re iously described are &er#ectly su&&ortedand alid)

Kor a com&lete understandin" o# assi"nin" e ent handlers with the DOM. it s really necessary#irst to eA&lain the way that e ents are handled within its conteAt)

Let s assume we re re&resentin" an eAtremely common situation. where the user &asses themouse o er a re"ular lin, &resent in a /eb document) Krom a user s &oint o# iew. the &rocessconsists o# just ho erin" on the lin, and that s all)


10/31

'eriod) On the other hand. #or the DOM. thin"s are more com&leA and technical. "eneratin" a seto# &rocesses that in ol es two &hases. called ! ent (a&turin" and ! ent Bubblin" res&ecti ely)

%ccordin" to the &re ious eAam&le. when a user is &assin" the mouse o er the lin,. these are thee ents that ta,e &lace. in the #ollowin" order:

The user mo es the mouse o er the document)

The user mo es the mouse o er any ta" containin" the tar"et EaF element)

The user mo es the mouse o er the s&eci#ic tar"et EaF element)

The two &rocesses &rior to reachin" the tar"et EaF element are de#ined as ta,in" &lace at thee ent ca&turin" &hase) Once the e ent has reached the tar"et. it tra els bac, in the #ollowin" way:

The user mo es the mouse o er any ta" containin" the tar"et EaF element)

The user mo es the mouse o er the document)

The two last ste&s in ol e the e ent bubblin" &hase)

%s we can see. the com&lete &rocess. includin" the two &hases. is >uite len"thy. and considerablydi##erent #rom a user s &oint o# iew) In order to clari#y this eA&lanation. here are a cou&le o#dia"rams that show the entire e ent. as inter&reted by theDOM:


11/31

The abo e ima"es illustrate the e ent ca&turin" and the e ent bubble &hases. accordin" to themodel im&lemented by the /2(DOM) %s we ll see shortly. there are si"ni#icant di##erences

between the way that today s browsers su&&ort e ent bubblin" and e ent ca&turin")

nline and s!ripted event handlers into a!tion

Indeed. inline e ent handlers ha e been in use #or a lon" time) %s a&&lications became morecom&leA. a clear need de elo&ed to im&lement HTML and *a a$cri&t code in di##erent layers)

%lthou"h basic. it s >uite use#ul to demonstrate how e ent &hases are handled with inline

e ent handlers) Here s is a sam&le o# this:

Edi idG5testdi 5 onclic,G5alert3 eactin" to ! ent bubble &hase 475F

E&FEa hre#G5 5F(lic, here acti ate the alert methodE6aFE6&F

E6di F

In the &re ious eAam&le. we e attached the 5onclic,5 e ent handler to the Edi F element.instead o# assi"nin" it directly to the lin,)

Howe er. i# we re usin" a browser that su&&orts e ent bubble. by just clic,in" on the EaFelement. the e ent will tra erse the &ara"ra&h. reachin" the Edi F element and #irin" u& the 5alert5

boA)

Howe er. since messin" u& HTML with *a a$cri&t is not recommended. the sam&le mi"ht berewritten as #ollows:

Escri&t lan"ua"eG5ja ascri&t5F

ar di Gdocument)"et!lementById3 testdi 47

di )onclic,G#unction34

alert3 eactin" to ! ent bubble &hase 47

J

E6scri&tF


12/31

%nd the HTML would be reduced to this:

Edi idG5testdi 5F

E&FEa hre#G5 5F(lic, here acti ate the alert methodE6aFE6&F

E6di F

Kor both cases. the result is the same. but the last one is de#initely the way to "o. since we remo edthe inline e ent handler #rom the HTML)

%t this &oint. we e &layin" around with some core de#initions. eA&lainin" di##erenttechni>ues #or assi"nin" e ent handlin" that ha e been in use #or a lon" time. ho&e#ully as areminder #or choosin" the ri"ht method when we re dealin" with e ent handlers nowadays)

In the browser arena. not so sur&risin"ly. Nestca&e and Microso#t came u& with di##erentconclusions #or e ent handlin") Netsca&e s a&&roach was ori"inally based in the ca&ture &hase.establishin" that any e ent should be handled when the e ent was tra ersin" the /eb document."oin" throu"h all o# the containin" elements. until reachin" the tar"et)

On the other hand. Microso#t branched to the e ent bubble direction. s&eci#yin" that e entsshould ta,e &recedence at the bubble &hase)

%s we can see. the two models are radically o&&osed) Netsca&e ; only su&&orts e ent

ca&turin". while Internet !A&lorer only su&&orts e ent bubblin") MoCilla. O&era and on>uerorsu&&ort both a&&roaches)

Older ersions o# O&era and i(ab su&&ort neither) /e ll see more e ent handlin" browserim&lementations in more detail shortly) %s an introductory &rocess. it s more than enou"h)

Traditional ways of assigning event handlers

Let s #irst re iew 3#or most o# us. at least4 the = common and con entional ways o# settin" u&an e ent handler- ia HTML. or scri&tin") In both cases. a #unction or code is attached at the end.

which is eAecuted when the handler detects the s&eci#ied e ent)

84 @ia HTML. usin" attributes

/e can de#ine an e ent handler directly inside the rele ant HTML ta". by embeddin" it as aattribute) % &iece o# *a a$cri&t is also included to tell the browser to &er#orm somethin" when thee ent occurs) Kor eAam&le.
http://www.javascriptkit.com/dhtmltutors/domevent1.shtmlhttp://www.javascriptkit.com/dhtmltutors/domevent1.shtmlhttp://www.javascriptkit.com/dhtmltutors/domevent1.shtmlhttp://www.javascriptkit.com/dhtmltutors/domevent1.shtml


13/31

Ea hre#G5htt&:66#reewareja a)com5 onMouseo erG5window)statusG (lic, here #or *a a a&&lets 7returntrue5 onMouseoutG5window)statusG 5FKreewareja a)comE6aF

Demo:

Here the e ent handler 3onMouseo er4 is directly added inside the desired element 3%4. alon" withthe *a a$cri&t to eAecute)

=4 @ia scri&tin"

ou can also assi"n and set u& e ent handlers to elements usin" scri&tin". and inside yourscri&t ) This allows #or the e ent handlers to be dynamically set u&. without ha in" to mess aroundwith the HTML codes on the &a"e)

/hen settin" u& e ent handlers #or an element directly inside your scri&t. the code to eAecute#or the e ents must be de#ined inside a #unction)

*ust loo, at the below. which does the same thin" as abo e. but with the e ent handlerde#ined usin" scri&tin":

Ea IDG5test5 hre#G5htt&:66#reewareja a)com5FKreewareja a)comE6aF

Escri&t ty&eG5teAt6ja ascri&t5F

#unction chan"estatus34window)statusG5(lic, here #or *a a a&&lets5return trueJ

#unction chan"ebac,status34window)statusGJ

document)"et!lementById35test54)onmouseo erGchan"estatusdocument)"et!lementById35test54)onmouseoutGchan"ebac,status

E6scri&tF
http://www.javascriptkit.com/dhtmltutors/domevent1.shtmlhttp://www.javascriptkit.com/dhtmltutors/domevent1.shtmlhttp://www.javascriptkit.com/dhtmltutors/domevent1.shtmlhttp://www.javascriptkit.com/dhtmltutors/domevent1.shtml


14/31

! ent Handlers:

onclic,: Use this to in o,e *a a$cri&t u&on clic,in" 3a lin,. or #orm boAes4

onload: Use this to in o,e *a a$cri&t a#ter the &a"e or an ima"e has #inished loadin")

onmouseo er: Use this to in o,e *a a$cri&t i# the mouse &asses by some lin,

onmouseout: Use this to in o,e *a a$cri&t i# the mouse "oes &ass some lin,

onunload: Use this to in o,e *a a$cri&t ri"ht a#ter someone lea es this &a"e)

%ccommodatin" Non-(om&liant Browser

This is used chec, the browser com&atibility mode and dis&lay the web &a"e based on thecom&atibility)

I# there is no &ossibility to dis&lay the web &a"e in s&eci#ied #ormat then the &a"e itsel# shows error

messa"e indicatin" that the browser you are usin" is not su&&orted by the current &a"e use s&eci#ied browser to dis&lay the web &a"e)

!Aam&le:

This is 6www)ildashboard)com site is s&eci#ically desi"ned #or Internet !A&lorer 3I!4)

i# we try to o&en this website in KireKoA3KK4 then you will "et error messa"e)

Our %&&lication detected that you are usin" browser other than I! and abo e) This website has been desi"ned to best #it with Internet eA&lorer ) and abo e)

our browser Detail :Ty&e G Kire#oA2) )8?


15/31

Name G Kire#oA@ersion G 2) )8?

Major @ersion G 2

Minor @ersion G )'lat#orm G /inNTIs Beta G KalseIs (rawler G KalseIs %OL G KalseIs /in8 G KalseIs /in2= G True$u&&orts Krames G True$u&&orts Tables G True$u&&orts (oo,ies G True$u&&orts @B$cri&t G Kalse$u&&orts *a a$cri&t G 8);$u&&orts *a a %&&lets G True$u&&orts %cti e0 (ontrols G Kalse

Dete!ting Host Ob"e!ts

% #amous eAam&le o# this s&eci#ication allowance 3ta,en to a &er erse eAtreme4 is the case o# hostobjects in Internet !A&lorer that are im&lemented as %cti e0 objects) $im&ly e aluatin" theirmethods 3as well as some &ro&erties4 will cause an eAce&tion to be thrown)

ar el G document)create!lement3 di 47ar &arent G el)o##set'arent7 66 I! throws an eAce&tion here

i# 3window)eAternal PP window)eAternal)addKa orite4

66 Thou"h the method eAists. I! will ne er "et here

window)alert3 Kound itQ 47J else window)alert3 No such object or method 47J


16/31

*a a $cri&t Browser Detection

Edi idG5eAam&le5FE6di F

Escri&t ty&eG5teAt6ja ascri&t5F

tAt G 5E&FBrowser (odeName: 5 R na i"ator)a&&(odeName R 5E6&F57tAtRG 5E&FBrowser Name: 5 R na i"ator)a&&Name R 5E6&F57tAtRG 5E&FBrowser @ersion: 5 R na i"ator)a&&@ersion R 5E6&F57tAtRG 5E&F(oo,ies !nabled: 5 R na i"ator)coo,ie!nabled R 5E6&F57tAtRG 5E&F'lat#orm: 5 R na i"ator)&lat#orm R 5E6&F57tAtRG 5E&FUser-a"ent header: 5 R na i"ator)user%"ent R 5E6&F57

document)"et!lementById35eAam&le54)innerHTMLGtAt7

E6scri&tF

#erver$#ide %rogra&&ing

Introduction to *a a $er lets

$er let: a ja a &ro"ram that runs within the web ser er)

Bi" a&&lets re>uire lon" download time%&&lets do not ha e access to all the system resources$er er-side *a a sol es &roblems that a&&lets #ace

o (ode eAecuted on the ser er side and only the results sent to cliento $er lets can access le"acy a&&lications and data sources

$er lets are "eneric eAtensions to *a a-enabled ser ers$er lets are secure. &ortable. and easy to use re&lacement #or (+I$er let is a dynamically loaded module that ser ices re>uests #rom a /eb ser er $er lets are eAecuted within the *a a @irtual Machine

Because the ser let is runnin" on the ser er side. it does not de&end on browser com&atibility

$er let %rchitecture

Two &ac,a"es ma,e u& the ser let architecture ja aA)ser let(ontains "eneric inter#aces and classes that are im&lemented and eAtended by all ser lets


17/31

ja aA)ser let)htt&(ontains classes that are eAtended when creatin" HTT'-s&eci#ic ser lets

The heart o# ser let architecture is the inter#ace class ja aA)ser let)$er letIt &ro ides the #ramewor, #or all ser letsDe#ines #i e basic methods Sinit. ser ice. destroy. "et$er let(on#i" and "et$er letIn#o

ead eA&licit data sent by client 3#orm data4ead im&licit data sent by client 3re>uest headers4

+enerate the results$end the eA&licit data bac, to client 3HTML4$end the im&licit data to client3status codes and res&onse headers4


18/31

Li#e (ycle o# $er let

The li#e cycle o# a ser let is controlled by the container in which the ser let has been de&loyed)/hen a re>uest is ma&&ed to a ser let. the container &er#orms the #ollowin" ste&s)

8) I# an instance o# the ser let does not eAist. the /eb container a) Loads the ser let class)

b) (reates an instance o# the ser let class)

c) InitialiCes the ser let instance by callin" the init method)

=) In o,es the service method. &assin" a re>uest and res&onse object)

$er let Li#e (ycle Methods

The #ollowin" are the li#e cycle methods o# a ser let instance:

init34 ser ice34

destroy34

/e will loo, into the each method in detail)

init34

This method is called once #or a ser let instance) /hen #irst time ser let is called. ser let containercreates instance o# that ser let and loaded into the memory) Kuture re>uests will be ser ed by thesame instance without creatin" the new instance) $er let by de#ault multithreaded a&&lication)init34method is used #or inilialiCin" ser let ariables which are re>uired to be &assed #rom the de&loymentdescri&tor web)Aml) $er let(on#i" is &assed as the &arameter to init34 method which stores all the

alues con#i"ured in the web)Aml) It is more con enient way to initialiCe the ser let)

ser ice34

This method is called #or the each re>uest) This is the entry &oint #or the e ery ser let re>uest andhere we ha e to write our businesslo"ic or any other &rocesses) This method ta,esHtt&$er let e>uest and Htt&$er letres&onse as the &arameters) It is not mandatory to write thismethod. normally de elo&ers are interested in writin" do+et34 or do'ost34 methods which is byde#ault called #rom the ser ice34 method) I# you o erride ser ice34. it is your re&onsibility to call the


19/31

a&&ro&riate methods) I# you are not o erridden the ser ice34 method. based on the ty&es o# there>uest the methods will be called)

destroy34

This method will be called once #or a instance) It is used #or releasin" any resources used by theser let instance) Most o# the times it could be database connections. Kill IO o&erations. etc) destroy34is called by the container when it is remo in" the instance #rom the ser let container) $er letinstance is deleted or "arba"e collected by the container only when the web ser er issues shut downor the instance is not used #or a lon" time)

$er lets $te& by $te&

Hello (lient$er let)ja a

8: im&ort ja a)io) 7 =: im&ort ja aA)ser let) 7 2: im&ort ja aA)ser let)htt&) 7


20/31

;: ?: &ublic class Hello(lient$er let eAtends Htt&$er let : : &rotected oid do+et3Htt&$er let e>uest re>.


21/31

In line 88 we use a method o# the Htt&$er let es&onse object to set the content ty&e o# theres&onse that we are "oin" to send) %ll res&onse headers must be set be#ore a 'rint/riter or$er letOut&ut$tream is re>uested to write body data to the res&onse)

88: res)set(ontentTy&e35teAt6html547

In line 8= we re>uest a 'rint/riter object to write teAt to the res&onse messa"e)

8=: 'rint/riter out G res)"et/riter347

In lines 82 and 8; we use the 'rint/riter to write the teAt o# ty&e teAt6html 3as s&eci#ied throu"hthe content ty&e4)

82: out)&rintln35EHTMLFEH!%DFETITL!FHello (lientQE6TITL!F5R8;: 5E6H!%DFEBOD FHello (lientQE6BOD FE6HTMLF547

The 'rint/riter "ets closed in line 8? when we are #inished writin" to it)

8?: out)close347

This line is included #or com&leteness) It is not strictly necessary) The /eb $er er closes the'rint/riter or $er letOut&ut$tream automatically when a ser ice call returns) %n eA&licit call toclose34 is use#ul when you want to do some &ost-&rocessin" a#ter the res&onse to the client has

been #ully written) (allin" close34 tells the /eb $er er that the res&onse is #inished and theconnection to the client may be closed as well)

In lines 8< throu"h =8 we o erride the "et$er letIn#o34 method which is su&&osed to returnin#ormation about the $er let. e)") the $er let name. ersion. author and co&yri"ht notice) This isnot re>uired #or the #unction o# the Hello(lient$er let but can &ro ide aluable in#ormation tothe user o# a $er let who sees the returned teAt in the administration tool o# the /eb $er er)

8


22/31

'ortability$ince ser lets are written in *a a. they are &lat#orm inde&endent

obustness!rror handlin". +arba"e collector to &re ent &roblems with memory lea,sLar"e class library Snetwor,. #ile. database. distributed object com&onents. security. etc)!Atensibility(reatin" new subclasses that suite your needsInheritance. &olymor&hism. etc)$ecurity$ecurity &ro ided by the ser er as well as the *a a $ecurity Mana"er !liminates &roblems associated with eAecutin" c"i scri&ts usin" o&eratin" system VshellsW'ower#ul$er lets can directly tal, to web ser er Kacilitates database connection &oolin". session trac,in" etc)(on enient'arsin" and decodin" HTML #orm data. readin" and settin" HTT' headers. handlin" coo,ies.etc)

Methods in Htt&$er let

There are methods &resent in the Htt&$er let)do+et34)do'ost34do'ut34)doTrace34doDelete34

doHead34doO&tions34

i) do+et

&rotected oid do+et3 Htt&$er let e>uest re>. Htt&$er let es&onse res&4 throws $er let!Ace&tion . IO!Ace&tion

'er#orms the HTT' +!T o&eration7 the de#ault im&lementation re&orts an HTT'

B%DX !YU!$T error) O erridin" this method to su&&ort the +!T o&eration alsoautomatically su&&orts the H!%D o&eration) 3H!%D is a +!T that returns no body in theres&onse7 it just returns the re>uest H!%Der #ields)4

$er let writers who o erride this method should read any data #rom the re>uest. set entityheaders in the res&onse. access the writer or out&ut stream. and. #inally. write any res&onsedata) The headers that are set should include content ty&e. and encodin") I# a writer is to beused to write res&onse data. the content ty&e must be set be#ore the writer is accessed) In
http://download.oracle.com/docs/cd/E17802_01/products/products/servlet/2.1/api/javax.servlet.http.HttpServletRequest.html#_top_http://download.oracle.com/docs/cd/E17802_01/products/products/servlet/2.1/api/javax.servlet.http.HttpServletResponse.html#_top_http://download.oracle.com/docs/cd/E17802_01/products/products/servlet/2.1/api/javax.servlet.ServletException.html#_top_http://download.oracle.com/docs/cd/E17802_01/products/products/servlet/2.1/api/javax.servlet.http.HttpServletRequest.html#_top_http://download.oracle.com/docs/cd/E17802_01/products/products/servlet/2.1/api/javax.servlet.http.HttpServletResponse.html#_top_http://download.oracle.com/docs/cd/E17802_01/products/products/servlet/2.1/api/javax.servlet.ServletException.html#_top_


23/31

"eneral. the ser let im&lementor must write the headers be#ore the res&onse data because theheaders can be #lushed at any time a#ter the data starts to be written)

$ettin" content len"th allows the ser let to ta,e ad anta"e o# HTT' 5connection ,ee& ali e5)I# content len"th can not be set in ad ance. the &er#ormance &enalties associated with notusin" ,ee& ali es will sometimes be a oided i# the res&onse entity #its in an internal bu##er)

!ntity data written #or a H!%D re>uest is i"nored) $er let writers can. as a sim&le &er#ormance o&timiCation. omit writin" res&onse data #or H!%D methods) I# no res&onse datais to be written. then the content len"th #ield must be set eA&licitly)

The +!T o&eration is eA&ected to be sa#e: without any side e##ects #or which users mi"ht beheld res&onsible) Kor eAam&le. most #orm >ueries ha e no side e##ects) e>uests intended tochan"e stored data should use some other HTT' method) 3There ha e been cases o#si"ni#icant security breaches re&orted because web-based a&&lications used +!Tina&&ro&riately)4

The +!T o&eration is also eA&ected to be idem&otent: it can sa#ely be re&eated) This is not

>uite the same as bein" sa#e. but in some common eAam&les the re>uirements ha e the sameresult) Kor eAam&le. re&eatin" >ueries is both sa#e and idem&otent 3unless &ayment isre>uiredQ4. but buyin" somethin" or modi#yin" data is neither sa#e nor idem&otent)

'arameters: re> - Htt&$er let e>uest that enca&sulates the re>uest to the ser let res& - Htt&$er let es&onse that enca&sulates the res&onse #rom the ser let

Throws: IO!Ace&tion i# detected when handlin" the re>uest

Throws: $er let!Ace&tion

i# the re>uest could not be handled

$yntaA o# Usin" do+et

&ublic oid do+et 3Htt&$er let e>uest re>uest.Htt&$er let es&onseres&onse4throws $er let!Ace&tion. IO!Ace&tion

)))ser let code "oes here)))J

ii) do'ost

&rotected oid do'ost3 Htt&$er let e>uest re>. Htt&$er let es&onse res&4 throws $er let!Ace&tion . IO!Ace&tion 'er#orms the HTT' 'O$T o&eration7 the de#ault im&lementation re&orts an HTT'

B%DX !YU!$T error) $er let writers who o erride this method should read any data #romthe re>uest 3#or eAam&le. #orm &arameters4. set entity headers in the res&onse. access the
http://download.oracle.com/docs/cd/E17802_01/products/products/servlet/2.1/api/javax.servlet.ServletException.html#_top_http://download.oracle.com/docs/cd/E17802_01/products/products/servlet/2.1/api/javax.servlet.http.HttpServletRequest.html#_top_http://download.oracle.com/docs/cd/E17802_01/products/products/servlet/2.1/api/javax.servlet.http.HttpServletResponse.html#_top_http://download.oracle.com/docs/cd/E17802_01/products/products/servlet/2.1/api/javax.servlet.ServletException.html#_top_http://download.oracle.com/docs/cd/E17802_01/products/products/servlet/2.1/api/javax.servlet.ServletException.html#_top_http://download.oracle.com/docs/cd/E17802_01/products/products/servlet/2.1/api/javax.servlet.http.HttpServletRequest.html#_top_http://download.oracle.com/docs/cd/E17802_01/products/products/servlet/2.1/api/javax.servlet.http.HttpServletResponse.html#_top_http://download.oracle.com/docs/cd/E17802_01/products/products/servlet/2.1/api/javax.servlet.ServletException.html#_top_


24/31

writer or out&ut stream and. #inally. write any res&onse data usin" the ser let out&ut stream)The headers that are set should include content ty&e. and encodin") I# a writer is to be used towrite res&onse data. the content ty&e must be set be#ore the writer is accessed) In "eneral. theser let im&lementor must write the headers be#ore the res&onse data because the headers can

be #lushed at any time a#ter the data starts to be written) I# HTT'68)8 chun,ed encodin" is used 3that is. i# the trans#er-encodin" header is &resent4.

then the content-len"th header should not be set) Kor HTT'68)8 communications that do notuse chun,ed encodin" and HTT' 8) communications. settin" content len"th allows theser let to ta,e ad anta"e o# HTT' 5connection ,ee& ali e5) Kor just such communications. i#content len"th can not be set. the &er#ormance &enalties associated with not usin" ,ee& ali eswill sometimes be a oided i# the res&onse entity #its in an internal bu##er)

This method does not need to be either 5sa#e5 or 5idem&otent5) O&erations re>uested throu"h'O$T can ha e side e##ects #or which the user can be held accountable) $&eci#ic eAam&lesincludin" u&datin" stored data or buyin" thin"s online)

'arameters:

re> - Htt&$er let e>uest that enca&sulates the re>uest to the ser let res& - Htt&$er let es&onse that enca&sulates the res&onse #rom the ser letThrows: IO!Ace&tion

i# detected when handlin" the re>uestThrows: $er let!Ace&tion


$yntaA o# Usin" do'ost

&ublic oid do'ost 3Htt&$er let e>uest re>uest.Htt&$er let es&onse

res&onse4throws $er let!Ace&tion. IO!Ace&tion

)))ser let code "oes here)))J

iii) do'ut

&rotected oid do'ut3 Htt&$er let e>uest re>. Htt&$er let es&onse res&4 throws $er let!Ace&tion . IO!Ace&tion 'er#orms the HTT' 'UT o&eration7 the de#ault im&lementation re&orts an HTT'

B%DX !YU!$T error) The 'UT o&eration is analo"ous to sendin" a #ile ia KT') $er let writers who o erride this method must res&ect any (ontent- headers sent with the

re>uest) 3These headers include content-len"th. content-ty&e. content-trans#er-encodin".content-encodin". content-base. content-lan"ua"e. content-location. content-MD?. andcontent-ran"e)4 I# the subclass cannot honor a content header. then it must issue an errorres&onse 3? 84 and discard the re>uest) Kor more in#ormation. see the HTT' 8)8 K( )
http://download.oracle.com/docs/cd/E17802_01/products/products/servlet/2.1/api/javax.servlet.ServletException.html#_top_http://download.oracle.com/docs/cd/E17802_01/products/products/servlet/2.1/api/javax.servlet.http.HttpServletRequest.html#_top_http://download.oracle.com/docs/cd/E17802_01/products/products/servlet/2.1/api/javax.servlet.http.HttpServletResponse.html#_top_http://download.oracle.com/docs/cd/E17802_01/products/products/servlet/2.1/api/javax.servlet.ServletException.html#_top_http://info.internet.isi.edu/in-notes/rfc/files/rfc2068.txthttp://download.oracle.com/docs/cd/E17802_01/products/products/servlet/2.1/api/javax.servlet.ServletException.html#_top_http://download.oracle.com/docs/cd/E17802_01/products/products/servlet/2.1/api/javax.servlet.http.HttpServletRequest.html#_top_http://download.oracle.com/docs/cd/E17802_01/products/products/servlet/2.1/api/javax.servlet.http.HttpServletResponse.html#_top_http://download.oracle.com/docs/cd/E17802_01/products/products/servlet/2.1/api/javax.servlet.ServletException.html#_top_http://info.internet.isi.edu/in-notes/rfc/files/rfc2068.txt


25/31

This method does not need to be either 5sa#e5 or 5idem&otent5) O&erations re>uested throu"h'UT can ha e side e##ects #or which the user can be held accountable) %lthou"h not re>uired.ser let writers who o erride this method may wish to sa e a co&y o# the a##ected U I intem&orary stora"e)

'arameters: re> - Htt&$er let e>uest that enca&sulates the re>uest to the ser let res& - Htt&$er let es&onse that enca&sulates the res&onse #rom the ser letThrows: IO!Ace&tion i# detected when handlin" the re>uestThrows: $er let!Ace&tion i# the re>uest could not be handled

i ) doTrace

&rotected oid doTrace3 Htt&$er let e>uest re>.

Htt&$er let es&onse res&4 throws $er let!Ace&tion . IO!Ace&tion 'er#orms the HTT' T %(! o&eration7 the de#ault im&lementation o# this method causes ares&onse with a messa"e containin" all o# the headers sent in the trace re>uest) This method isnot ty&ically o erridden)



Throws: $er let!Ace&tion


) doDelete

&rotected oid doDelete3 Htt&$er let e>uest re>. Htt&$er let es&onse res&4 throws $er let!Ace&tion . IO!Ace&tion

'er#orms the HTT' D!L!T! o&eration7 the de#ault im&lementation re&orts an HTT'B%DX !YU!$T error) The D!L!T! o&eration allows a client to re>uest a U I to beremo ed #rom the ser er)

This method does not need to be either 5sa#e5 or 5idem&otent5) O&erations re>uested throu"hD!L!T! can ha e side-e##ects #or which users may be held accountable) %lthou"h notre>uired. ser let writers who subclass this method may wish to sa e a co&y o# the a##ectedU I in tem&orary stora"e)

http://download.oracle.com/docs/cd/E17802_01/products/products/servlet/2.1/api/javax.servlet.ServletException.html#_top_http://download.oracle.com/docs/cd/E17802_01/products/products/servlet/2.1/api/javax.servlet.http.HttpServletRequest.html#_top_http://download.oracle.com/docs/cd/E17802_01/products/products/servlet/2.1/api/javax.servlet.http.HttpServletRequest.html#_top_http://download.oracle.com/docs/cd/E17802_01/products/products/servlet/2.1/api/javax.servlet.http.HttpServletResponse.html#_top_http://download.oracle.com/docs/cd/E17802_01/products/products/servlet/2.1/api/javax.servlet.ServletException.html#_top_http://download.oracle.com/docs/cd/E17802_01/products/products/servlet/2.1/api/javax.servlet.ServletException.html#_top_http://download.oracle.com/docs/cd/E17802_01/products/products/servlet/2.1/api/javax.servlet.http.HttpServletRequest.html#_top_http://download.oracle.com/docs/cd/E17802_01/products/products/servlet/2.1/api/javax.servlet.http.HttpServletResponse.html#_top_http://download.oracle.com/docs/cd/E17802_01/products/products/servlet/2.1/api/javax.servlet.ServletException.html#_top_http://download.oracle.com/docs/cd/E17802_01/products/products/servlet/2.1/api/javax.servlet.ServletException.html#_top_http://download.oracle.com/docs/cd/E17802_01/products/products/servlet/2.1/api/javax.servlet.ServletException.html#_top_http://download.oracle.com/docs/cd/E17802_01/products/products/servlet/2.1/api/javax.servlet.http.HttpServletRequest.html#_top_http://download.oracle.com/docs/cd/E17802_01/products/products/servlet/2.1/api/javax.servlet.http.HttpServletResponse.html#_top_http://download.oracle.com/docs/cd/E17802_01/products/products/servlet/2.1/api/javax.servlet.ServletException.html#_top_http://download.oracle.com/docs/cd/E17802_01/products/products/servlet/2.1/api/javax.servlet.ServletException.html#_top_http://download.oracle.com/docs/cd/E17802_01/products/products/servlet/2.1/api/javax.servlet.http.HttpServletRequest.html#_top_http://download.oracle.com/docs/cd/E17802_01/products/products/servlet/2.1/api/javax.servlet.http.HttpServletResponse.html#_top_http://download.oracle.com/docs/cd/E17802_01/products/products/servlet/2.1/api/javax.servlet.ServletException.html#_top_


26/31


Throws: $er let!Ace&tion i# the re>uest could not be handled

$essions

The basic &remise o# sessions is that only a session ID is stored on the client) On the ser er. thatID is associated with other 5real world5 in#ormation such as a user name. sho&&in" cart etc)

3This is a di##erence com&ared to usin" 5raw5 coo,ies to store in#ormation such as a user nameon the client)4 HTT' sessions ty&ically o&erate is as #ollows:

when a client #irst re>uests a &a"e where we need to start a session 3e)") the 5lo"in5 &a"e4. ourser er allocates a random session ID7

that session ID is then communicated bac, to the client7

whene er the client subse>uently re>uests a &a"e #rom our ser er 3or rele ant &ath #rom ourser er4. it sends bac, the same session ID7

on the ser er. we can associate in#ormation with that session ID7

on the ser er. we can e entually decide that the session has 5eA&ired5. and6or &ro ide the userwith a means to manually tell our ser er to 5eA&ire5 the session)

HTT' is the stateless &rotocol: it &ro ides no way #or the ser er to reco"niCe that a se>uenceo# re>uests are all #rom the same client)

'ri acy ad ocates may consider this the #eature. but it causes &roblems because many web a&&lications aren t stateless)

$ession Trac,in"
http://download.oracle.com/docs/cd/E17802_01/products/products/servlet/2.1/api/javax.servlet.ServletException.html#_top_http://www.javamex.com/tutorials/servlets/cookies.shtmlhttp://www.javamex.com/tutorials/servlets/cookies.shtmlhttp://www.academictutorials.com/servlets/servlets-session.asphttp://www.academictutorials.com/servlets/servlets-session.asphttp://www.academictutorials.com/servlets/servlets-session.asphttp://download.oracle.com/docs/cd/E17802_01/products/products/servlet/2.1/api/javax.servlet.ServletException.html#_top_http://www.javamex.com/tutorials/servlets/cookies.shtmlhttp://www.academictutorials.com/servlets/servlets-session.asphttp://www.academictutorials.com/servlets/servlets-session.asphttp://www.academictutorials.com/servlets/servlets-session.asp


27/31

To su&&ort the so#tware that needs ,ee& trac, o# the state. *a a $er let technolo"y &ro ides an %'I#or mana"in" sessions and allows se eral mechanisms #or im&lementin" sessions)

$ession trac,in" is a "reat thin") ! ery user can be associated with a ja aA)ser let)htt&)Htt&$essionobject that ser lets can use to store or retrie e in#ormation about that user)

%ny set o# arbitry can be sa ed by the *a a objects in a session object)

Kor eAam&le. a user s session object &ro ides a con enient location #or a ser let to store the user ssho&&in" cart contents)

Methods to Tra!' the #ession

There are #our ty&es o# techni>ues used in ser let to handle the session which are as #ollows:

8)U L ewrittin"

=)Hidden Korm Kieds

2)Htt& $ession

;)$ecure $oc,et Layer3$$L4

()U*L *ewritting

ou can a&&end some eAtra data on the end o# the each U L that identi#ies the session. and theser er can associate that session identi#ier with data it has stored about that session only) This is alsoan eAcellent solution. and e en has ad anta"e that it wor,s with the browsers that don t su&&ortcoo,ies or where the user has disabled coo,ies) Howe er. it has most o# same &roblems as coo,ies.namely that the ser er-side &ro"ram has a lot o# strai"ht#orward but tedious &rocessin" to do) Inaddition. you ha e to be ery care#ul that e ery U L returned to user 3e en ia indirect means li,eLocation #ields in ser er redirects4 has the eAtra in#ormation a&&ended) %nd. i# the user lea essession and comes bac, ia a boo,mar, or lin,. the session in#ormation can be lost)

+)Hidden ,or& ,ieds

HTML #orms ha e an entry that loo,s li,e #ollowin": Ein&ut ty&eG5hidden5 nameG5session5alueG5)))5F) This means that. when the #orm is submitted. the s&eci#ied name and alue are included

in +!T or 'O$T data) This can be used to store in#ormation about the session) Howe er. it has the
http://www.oxxus.net/java-hosting.htmhttp://www.academictutorials.com/servlets/servlets-session.asphttp://www.oxxus.net/java-hosting.htmhttp://www.academictutorials.com/servlets/servlets-session.asp


28/31

major disad anta"e that it only wor,s i# e ery &a"e is dynamically "enerated. since the whole &ointis that each session has the uni>ue identi#ier)

-)Http #ession

The Htt&$ession inter#ace is im&lemented by the ser ices to &ro ide an association between anHTT' client and HTT' ser er) This association. or session. &ersists o er multi&le connection and6orre>uests durin" a "i en time &eriod) $essions are used to maintain the state and user identity acrossmulti&le &a"e re>uests)

% session can be maintained either by usin" the coo,ies or by U L rewritin") To eA&ose whether theclient su&&orts coo,ies. Htt&$ession de#ines the is(oo,ie$u&&ortDetermined method and anisUsin"(oo,ies method)

Htt&$ession de#ines the methods which store these ty&es o# data:

$tandard session &ro&erties. such as an identi#ier #or the session. and the conteAt #or thesession)

%&&lication layer data. accessed usin" this inter#ace and stored usin" the dictionary-li,einter#ace)

.)#e!ure #o!'et Layer/##L0The $ecure $oc,ets Layer &rotocol. or $$L. sits between a&&lication-le el &rotocol 3in this caseHTT'4 and the low-le el trans&ort &rotocol 3#or the Internet. almost eAclusi ely T('6I'4) It handlesthe details o# the security mana"ement usin" &ublic ,ey cry&to"ra&hy to encry&t all client6ser ercommunication) $$L was introduced by Netsca&e with Netsca&e Na i"ator 8) It has since becomethe de #acto standard #or the secure online communications and #orms the basis o# he Trans&ortLayer $ecurity 3TL$4 &rotocol currently under de elo&ment by the Internet !n"ineerin" Tas, Korce)

$$L @ersion =) . the ersion #irst to "ain the wides&read acce&tance. includes su&&ort #or ser ercerti#icates only) It &ro ides the authentication o# the ser er. con#identiality. and inte"rity) Here s

how it wor,s:

% user connects to the secure site usin" the HTT'$ 3HTT' &lus $$L4 &rotocol) 3 ou candetect sites usin" the HTT'$ &rotocol because their U Ls be"in with htt&s: instead o# htt&:)4

The ser er si"ns its &ublic ,ey with its &ri ate ,ey and sends it bac, to browser)

The browser uses ser er s &ublic ,ey to eri#y that the same &erson who si"ned the ,ey


29/31

actually owns it)

The browser chec, to see whether a trusted certi#icate authority si"ned the ,ey) I# one didn t.the browser as,s the user i# the ,ey can be trusted and &roceeds as directed)

The client "enerates a symmetric 3 D!$4 ,ey #or session. which is encry&ted with the ser er s &ublic ,ey and sent bac, to the ser er) This new ,ey is used to encry&t all the subse>uent

transactions) The symmetric ,ey is used because o# hi"h com&utational cost o# &ublic ,eycry&tosystems)

Coo'ies

(oo,ies are small bits o# teAtual in#ormation that the /eb ser er sends to the browser and that the browser returns unchan"ed when isitin" the same /eb site or domain later

ou can use HTT' coo,ies to store in#ormation about a sho&&in" session. and each subse>uentconnection can loo, u& the current session and then eAtract in#ormation about that session #romsome location on the ser er machine) This is an eAcellent alternati e. and is the most widely useda&&roach) Howe er. e en thou"h ser lets ha e a hi"h-le el and easy-to-use inter#ace to coo,ies .

there are still a number o# relati ely tedious details that need to be handled: !Atractin" the coo,ie that stores the session identi#ier #rom the other coo,ies 3there may be

many. a#ter all4. $ettin" an a&&ro&riate eA&iration time #or the coo,ie 3sessions interru&ted by =; hours

&robably should be reset4. and

%ssociatin" in#ormation on the ser er with the session identi#ier 3there may be #ar too muchin#ormation to actually store it in the coo,ie. &lus sensiti e data li,e credit card numbersshould ne er "o in coo,ies4)

1dvantages of using Coo'ies

By ha in" the ser er read in#ormation it sent the client &re iously. the site can &ro ide isitors withthe number o# con eniences:

Identi#yin" the user durin" an e-commerce session) Many on-line stores use the 5 sho&&in"
http://www.apl.jhu.edu/~hall/java/Servlet-Tutorial/Servlet-Tutorial-Cookies.htmlhttp://www.academictutorials.com/servlets/servlets-cookie.asphttp://www.apl.jhu.edu/~hall/java/Servlet-Tutorial/Servlet-Tutorial-Cookies.htmlhttp://www.academictutorials.com/servlets/servlets-cookie.asp


30/31

cart 5 meta&hor in which the user selects an item. adds it to his sho&&in" cart. then continuessho&&in") $ince HTT' connection is closed a#ter each &a"e is sent. when the user select anew item #or his cart. how does the store ,now that he is the same user that &ut the &re iousitem in his cart1 (oo,ies are the "ood way o# accom&lishin" this) In #act. this is so use#ul thatser let ha e an %'I s&eci#ically #or this. and ser let authors don t need to mani&ulate coo,iesdirectly to ma,e use o# it)

% oidin" username and &assword) Many lar"e sites re>uire you to re"ister in order to usetheir ser ice. but it is incon enient to remember the username and &assword) (oo,ies are the"ood alternati e #or low-security sites) /hen a user re"isters. a coo,ie is sent with a uni>ueuser ID) /hen the client reconnects at the later date. the user ID is returned. the ser er loo,sit u&. determines it belon"s to the re"istered user. and doesn t re>uire an eA&licit usernameand &assword)

(ustomiCin" a site) Many 5&ortal5 sites let you customiCe the loo, o# main &a"e) They usecoo,ies to remember what you wanted. so that you "et that result initially #or the neAt time)I ll "i e an eAam&le li,e this later in this section o# the tutorial)

Kocusin" ad ertisin") The search en"ine char"e their customers much more #or dis&layin"5directed5 ads than 5random5 ads) That is. i# you do a search on 5 *a a $er lets 5. a search sitecan char"e much more #or an ad #or the ser lets de elo&ment en ironment than an ad #or anon-line tra el a"ent) On the other hand. i# the search had been 5Bali Hotels5. the situationwould be the re ersed) The &roblem is that they ha e to show a random ad when you #irstarri e and ha en t yet &er#ormed the search. as well as when you search on somethin" thatdoesn t match any ad cate"ories) (oo,ies let them remember 5Oh. that s the &erson who wassearchin" #or such and such &re iously5 and dis&lays an a&&ro&riate 3read 5hi"h &riced54 adinstead o# a random 3read 5chea&54 one)

Creating Coo'ies

% (oo,ie is created by callin" (oo,ie constructor. which ta,es two strin": the coo,ie name and thecoo,ie alue

The #ollowin" eAam&le describes how to create a coo,ie

(oo,ie user(oo,ie G new (oo,ie35user5. 5uid8=2;547 res&onse)add(oo,ie3user(oo,ie47

U L ewritin"

U L ewritin" can be used in &lace where we don t want to use coo,ies)

It is used to maintain the session) /hene er the browser sends a re>uest then it is alwaysinter&reted as a new re>uest because htt& &rotocol is a stateless &rotocol as it is not &ersistent)

/hene er we want that out re>uest object to stay ali e till we decide to end the re>uest objectthen. there we use the conce&t o# session trac,in")
http://www.academictutorials.com/servlets/servlets-cookie.asphttp://www.academictutorials.com/servlets/servlets-cookie.asphttp://www.academictutorials.com/servlets/servlets-cookie.asphttp://www.academictutorials.com/servlets/servlets-cookie.asphttp://www.academictutorials.com/servlets/servlets-cookie.asphttp://www.academictutorials.com/servlets/servlets-cookie.asp


31/31

In session trac,in" #irstly a session object is created when the #irst re>uest "oes to the ser er)Then ser er creates a to,en which will be used to maintain the session)

The to,en is transmitted to the client by the res&onse object and "ets stored on the clientmachine) By de#ault the ser er creates a coo,ie and the coo,ie "et stored on the client machine)

unit-3 wt notes

Documents