Server-side Programming: Java Servlets CSI 3140 WWW Structures, Techniques and Standards.

Slides:



Advertisements
Similar presentations
Chapter 6 Server-side Programming: Java Servlets
Advertisements

Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 10 Servlets and Java Server Pages.
Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.
1 Servlets Based on Notes by Dave Hollinger & Ethan Cerami Also, the Online Java Tutorial by Sun.
 2002 Prentice Hall. All rights reserved. Chapter 9: Servlets Outline 9.1 Introduction 9.2 Servlet Overview and Architecture Interface Servlet and.
Servlets and a little bit of Web Services Russell Beale.
Liang, Introduction to Java Programming, Sixth Edition, (c) 2005 Pearson Education, Inc. All rights reserved Chapter 34 Servlets.
Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved Chapter 6 Server-side Programming:
Python and Web Programming
CGI Programming: Part 1. What is CGI? CGI = Common Gateway Interface Provides a standardized way for web browsers to: –Call programs on a server. –Pass.
Servlets Compiled by Dr. Billy B. L. Lim. Servlets Servlets are Java programs which are invoked to service client requests on a Web server. Servlets extend.
SE-2840 Dr. Mark L. Hornick1 Java Servlet-based web apps Servlet Architecture.
Java Servlets. What Are Servlets? Basically, a java program that runs on the server Basically, a java program that runs on the server Creates dynamic.
Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides) Chapter 6 Server-side Programming: Java Servlets CSI3140 WWW Structures,
Gayle J Yaverbaum, PhD Professor of Information Systems Penn State Harrisburg.
Java Server Pages B.Ramamurthy. Topics for Discussion 8/20/20152 Inheritance and Polymorphism Develop an example for inheritance and polymorphism JSP.
Sys Prog & Scripting - HW Univ1 Systems Programming & Scripting Lecture 15: PHP Introduction.
1 Lecture 10 Server-side Programming: Java Servlets.
FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA1 Part 4 Web technologies: HTTP, CGI, PHP,Java applets)
Comp2513 Forms and CGI Server Applications Daniel L. Silver, Ph.D.
Chapter 5 Java Script And Forms JavaScript, Third Edition.
JavaScript, Fourth Edition
Chapter 8 Cookies And Security JavaScript, Third Edition.
JAVA SERVER PAGES. 2 SERVLETS The purpose of a servlet is to create a Web page in response to a client request Servlets are written in Java, with a little.
Chapter 3 Servlet Basics. 1.Recall the Servlet Role 2.Basic Servlet Structure 3.A simple servlet that generates plain text 4.A servlet that generates.
Session tracking There are a number of problems that arise from the fact that HTTP is a "stateless" protocol. In particular, when you are doing on- line.
16-Oct-15 JSP Implicit Objects. 2 JSP Implicit Objects are the Java objects that the JSP Container makes available to developers in each page and developer.
Lecture 8 – Cookies & Sessions SFDV3011 – Advanced Web Development 1.
JavaScript, Fourth Edition Chapter 5 Validating Form Data with JavaScript.
Website Development with PHP and MySQL Saving Data.
Chapter 6 Server-side Programming: Java Servlets
1 © Netskills Quality Internet Training, University of Newcastle HTML Forms © Netskills, Quality Internet Training, University of Newcastle Netskills is.
STATE MANAGEMENT.  Web Applications are based on stateless HTTP protocol which does not retain any information about user requests  The concept of state.
XHTML & Forms. PHP and the WWW PHP and HTML forms – Forms are the main way users can interact with your PHP scrip Typical usage of the form tag in HTML.
Java server pages. A JSP file basically contains HTML, but with embedded JSP tags with snippets of Java code inside them. A JSP file basically contains.
Server-side Programming The combination of –HTML –JavaScript –DOM is sometimes referred to as Dynamic HTML (DHTML) Web pages that include scripting are.
SE-2840 Dr. Mark L. Hornick1 Servlet Threads and Sessions.
Copyright © 2002 ProsoftTraining. All rights reserved. Java Servlets.
1 Java Servlets l Servlets : programs that run within the context of a server, analogous to applets that run within the context of a browser. l Used to.
Middleware 3/29/2001 Kang, Seungwoo Lee, Jinwon. Description of Topics 1. CGI, Servlets, JSPs 2. Sessions/Cookies 3. Database Connection(JDBC, Connection.
Servlets.
CSI 3125, Preliminaries, page 1 SERVLET. CSI 3125, Preliminaries, page 2 SERVLET A servlet is a server-side software program, Responds oriented other.
 Previous lessons have focused on client-side scripts  Programs embedded in the page’s HTML code  Can also execute scripts on the server  Server-side.
CSI 3125, Preliminaries, page 1 SERVLET. CSI 3125, Preliminaries, page 2 SERVLET A servlet is a server-side software program, written in Java code, that.
©SoftMooreSlide 1 Introduction to HTML: Forms ©SoftMooreSlide 2 Forms Forms provide a simple mechanism for collecting user data and submitting it to.
8 Chapter Eight Server-side Scripts. 8 Chapter Objectives Create dynamic Web pages that retrieve and display database data using Active Server Pages Process.
©SoftMooreSlide 1 Session Tracking with Servlets.
UMass Lowell Computer Science Java and Distributed Computing Prof. Karen Daniels Fall, 2000 Lecture 21 Java Servlets Wed. 11/22/00 based on material.
ITM © Port,Kazman 1 ITM 352 Cookies. ITM © Port,Kazman 2 Problem… r How do you identify a particular user when they visit your site (or any.
Java Programming: Advanced Topics 1 Building Web Applications Chapter 13.
Bayu Priyambadha, S.Kom. Static content  Web Server delivers contents of a file (html) 1. Browser sends request to Web Server 3. Web Server sends HTML.
Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.
PHP: Further Skills 02 By Trevor Adams. Topics covered Persistence What is it? Why do we need it? Basic Persistence Hidden form fields Query strings Cookies.
Net-centric Computing Servlets & JSP. Lecture Outline  Tracking Sessions  Cookies  Examples  JSP  Differences between JSP and Servlets  JSP Constructs.
Distributed Web Systems Cookies and Session Tracking Lecturer Department University.
Lecture 10 Server-side Programming: Java Servlets
Servlets.
Sessions Many interactive Web sites spread user data entry out over several pages: Ex: add items to cart, enter shipping information, enter billing information.
Chapter 6 Server-side Programming: Java Servlets
Server-side Programming: Java Servlets
Chapter 6 Server-side Programming: Java Servlets
Sessions.
Chapter 26 Servlets.
Servlet APIs Every servlet must implement javax.servlet.Servlet interface Most servlets implement the interface by extending one of these classes javax.servlet.GenericServlet.
Sessions Many interactive Web sites spread user data entry out over several pages: Ex: add items to cart, enter shipping information, enter billing information.
Chapter 6 Server-side Programming: Java Servlets
Lecture 5: Functions and Parameters
Server-side Programming: Java Servlets
PHP-II.
Presentation transcript:

Server-side Programming: Java Servlets CSI 3140 WWW Structures, Techniques and Standards

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides2 Server-side Programming  The combination of HTML JavaScript DOM is sometimes referred to as Dynamic HTML (DHTML)  Web pages that include scripting are often called dynamic pages (vs. static)

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides3 Server-side Programming  Similarly, web server response can be static or dynamic Static: HTML document is retrieved from the file system and returned to the client Dynamic: HTML document is generated by a program in response to an HTTP request  Java servlets are one technology for producing dynamic server responses Servlet is a class instantiated by the server to produce a dynamic response

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides4 Servlet Overview

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides5 Servlet Overview 1.When server starts it instantiates servlets 2.Server receives HTTP request, determines need for dynamic response 3.Server selects the appropriate servlet to generate the response, creates request/response objects, and passes them to a method on the servlet instance 4.Servlet adds information to response object via method calls 5.Server generates HTTP response based on information stored in response object

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides6 Hello World! Servlet

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides7 Hello World! Servlet All servlets we will write are subclasses of HttpServlet

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides8 Hello World! Servlet Server calls doGet() in response to GET request

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides9 Hello World! Servlet Interfaces implemented by request/response objects

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides10 Hello World! Servlet Production servlet should catch these exceptions

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides11 Hello World! Servlet  JWSDP Tomcat server exception handling: Stack trace appended to logs/jwsdp_log.*.txt HTML document returned to client may (or may not) contain partial stack trace  Servlet output to System.out.print(), printStackTrace(), etc. is appended to logs/launcher.server.log

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides12 Hello World! Servlet First two things done by typical servlet; must be in this order

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides13 Hello World! Servlet

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides14 Hello World! Servlet HTML generated by calling print() or println() on the servlet’s PrintWriter object

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides15 Hello World! Servlet Good practice to explicitly close the PrintWriter when done

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides16 Servlets vs. Java Applications  Servlets do not have a main() The main() is in the server Entry point to servlet code is via call to a method ( doGet() in the example)  Servlet interaction with end user is indirect via request/response object APIs Actual HTTP request/response processing is handled by the server  Primary servlet output is typically HTML

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides17 Running Servlets  Simple way to run a servlet (better later): 1. Compile servlet (make sure that JWSDP libraries are on path) 2. Copy.class file to shared/classes directory 3. (Re)start the Tomcat web server 4. If the class is named ServletHello, browse to

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides18 Dynamic Content

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides19 Dynamic Content

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides20 Dynamic Content

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides21 Dynamic Content  Potential problems: Assuming one instance of servlet on one server, but Many Web sites are distributed over multiple servers Even a single server can (not default) create multiple instances of a single servlet Even if the assumption is correct, this servlet does not handle concurrent accesses properly We’ll deal with this later in the chapter

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides22 Servlet Life Cycle  Servlet API life cycle methods init() : called when servlet is instantiated; must return before any other methods will be called service() : method called directly by server when an HTTP request is received; default service() method calls doGet() (or related methods covered later) destroy() : called when server shuts down

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides23 Servlet Life Cycle Example life cycle method: attempt to initialize visits variable from file

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides24 Servlet Life Cycle Exception to be thrown if initialization fails and servlet should not be instantiated

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides25 Parameter Data  The request object (which implements HttpServletRequest ) provides information from the HTTP request to the servlet  One type of information is parameter data, which is information from the query string portion of the HTTP request Query string with one parameter

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides26 Parameter Data  Parameter data is the Web analog of arguments in a method call:  Query string syntax and semantics

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides27 Parameter Data  Query string syntax and semantics Multiple parameters separated by & Order of parameters does not matter All parameter values are strings Value of arg is empty string

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides28 Parameter Data  Parameter names and values can be any 8-bit characters  URL encoding is used to represent non- alphanumeric characters:  URL decoding applied by server to retrieve intended name or value Value of arg is ‘a String’

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides29 Parameter Data  URL encoding algorithm

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides30 Parameter Data

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides31 Parameter Data

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides32 Parameter Data

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides33 Parameter Data Must escape XML special characters in all user-supplied data before adding to HTML to avoid cross-site scripting attacks

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides34 Parameter Data  Cross-site scripting Attacker Blogging Web site Comment containing element Document containing attacker’s comment (and script) Victim

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides35 Parameter Data Also need to escape quotes within attribute values.

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides36 Parameter Data

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides37 Parameter Data  A form automatically generates a query string when submitted Parameter name specified by value of name attributes of form controls Parameter value depends on control type Value for checkbox specified by value attribute

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides38 Parameter Data

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides39 Parameter Data username lifestory boxgroup1 (values same as labels) doit

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides40 Parameter Data  Query string produced by browser (all one line): Checkbox parameters have same name values; only checked boxes have corresponding parameters

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides41 Parameter Data  GET vs. POST method for forms: GET: Query string is part of URL Length of query string may be limited Recommended when parameter data is not stored but used only to request information (e.g., search engine query)  The URL can be bookmarked or ed and the same data will be passed to the server when the URL is revisited

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides42 Parameter Data Browser content copyright 2004 Google, Inc. Used by permission.

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides43 Parameter Data  GET vs. POST method for forms: POST: Query string is sent as body of HTTP request Length of query string is unlimited Recommended if parameter data is intended to cause the server to update stored data Most browsers will warn you if they are about to resubmit POST data to avoid duplicate updates

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides44 Parameter Data

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides45 Parameter Data  GET vs. POST in a Web application: According to the HTTP 1.1 specification (RFC 2616): In particular, the convention has been established that the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval A consequence of this is that “web accelerators” might pre- fetch your GET-based URL, with possible disastrous consequences if you actually use GET for processing. (note that because of this, accelerators such as Google’s won’t pre-fetch GET-based URLs with parameters)

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides46 Sessions  Many interactive Web sites spread user data entry out over several pages: Ex: add items to cart, enter shipping information, enter billing information  Problem: how does the server know which users generated which HTTP requests? Cannot rely on standard HTTP headers to identify a user

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides47 Sessions

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides48 Sessions Server sends back new unique session ID when the request has none

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides49 Sessions Client that supports session stores the ID and sends it back to the server in subsequent requests

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides50 Sessions Server knows that all of these requests are from the same client. The set of requests is known as a session.

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides51 Sessions And the server knows that all of these requests are from a different client.

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides52 Sessions Returns HttpSession object associated with this HTTP request. Creates new HttpSession object if no session ID in request or no object with this ID exists Otherwise, returns previously created object

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides53 Sessions Boolean indicating whether returned object was newly created or already existed.

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides54 Sessions Incremented once per session

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides55 Sessions Three web pages produced by a single servlet

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides56 Sessions

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides57 Sessions,,,

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides58 Sessions,,, Session attribute is a name/value pair

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides59 Sessions,,, Session attribute will have null value until a value is assigned

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides60 Sessions,,, Generate sign-in form if session is new or signIn attribute has no value, weclome-back page otherwise.

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides61 Sessions Sign-in form Welcome-back page

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides62 Sessions Second argument (“Greeting”) used as action attribute value (relative URL)

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides63 Sessions Form will be sent using POST HTTP method ( doPost() method will be called)

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides64 Sessions Text field containing user name is named signIn

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides65 Sessions …

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides66 Sessions … Retrieve signIn parameter value

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides67 Sessions … Normal processing: signIn parameter is present in HTTP request

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides68 Sessions … Generate HTML for response

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides69 Sessions Thank-you page Must escape XML special characters in user input

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides70 Sessions … Assign a value to the signIn session attribute

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides71 Sessions  Session attribute methods: setAttribute(String name, Object value) : creates a session attribute with the given name and value Object getAttribute(String name) : returns the value of the session attribute named name, or returns null if this session does not have an attribute with this name

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides72 Sessions … Error processing (return user to sign-in form)

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides73 Sessions  By default, each session expires if a server- determined length of time elapses between a session’s HTTP requests Server destroys the corresponding session object  Servlet code can: Terminate a session by calling invalidate() method on session object Set the expiration time-out duration (secs) by calling setMaxInactiveInterval(int)

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides74 Cookies  A cookie is a name/value pair in the Set- Cookie header field of an HTTP response  Most (not all) clients will: Store each cookie received in its file system Send each cookie back to the server that sent it as part of the Cookie header field of subsequent HTTP requests

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides75 Cookies Tomcat sends session ID as value of cookie named JSESSIONID

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides76 Cookies Cookie-enabled browser returns session ID as value of cookie named JSESSIONID

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides77 Cookies  Servlets can set cookies explicitly Cookie class used to represent cookies request.getCookies() returns an array of Cookie instances representing cookie data in HTTP request response.addCookie(Cookie) adds a cookie to the HTTP response

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides78 Cookies Cookies are expired by client (server can request expiration date)

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides79 Cookies

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides80 Cookies Return array of cookies contained in HTTP request

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides81 Cookies Search for cookie named COUNT and extract value as an int

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides82 Cookies

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides83 Cookies Send replacement cookie value to client (overwrites existing cookie)

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides84 Cookies Should call addCookie() before writing HTML

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides85 Cookies Privacy issues Client Web site providing requested content HTTP request to intended site HTTP response: HTML document including ad Web site providing banner ads HTTP request for ad image Image plus Set-Cookie in response: third-party cookie

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides86 Web site providing requested content Cookies Privacy issues Client Second Web site providing requested content HTTP request to 2nd intended site HTTP response: HTML document including ad Web site providing banner ads HTTP request for ad image plus Cookie (identifies user) Image Based on Referer, I know two Web sites that this user has visited

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides87 Cookies Privacy issues  Due to privacy concerns, many users block cookies Blocking may be fine-tuned. Ex: Mozilla allows Blocking of third-party cookies Blocking based on on-line privacy policy  Alternative to cookies for maintaining session: URL rewriting

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides88 URL Rewriting Tomcat adds session ID within HTML document to all URL’s referring to the servlet Session ID = 4235

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides89 URL Rewriting Subsequent request will contain session ID in the URL of the request Session ID = 4235

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides90 URL Rewriting Next response must again add session ID to all URL’s Session ID = 4235

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides91 URL Rewriting  Original (relative) URL: href=“URLEncodedGreeting”  URL containing session ID: href=“URLEncodedGreeting;jsessionid=0157B9E85”  Path parameter is treated differently than query string parameter Ex: invisible to getParameter() Path parameter

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides92 URL Rewriting  HttpServletResponse method encodeURL() will add session id path parameter to argument URL Relative URL of servlet Original servlet Servlet using URL rewriting

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides93 URL Rewriting  Must rewrite every servlet URL in every document  Security issues Web site using URL rewriting User A URL with session ID 7152

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides94 URL Rewriting  Must rewrite every servlet URL in every document  Security issues Web site using URL rewriting User A User B URL URL with session ID 7152

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides95 URL Rewriting  Must rewrite every servlet URL in every document  Security issues Web site using URL rewriting User A URL with session ID 7152 User B URL Visit Web site with session ID 7152

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides96 More Servlet Methods

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides97 More Servlet Methods

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides98 More Servlet Methods

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides99 More Servlet Methods  Response buffer All data sent to the PrintWriter object is stored in a buffer When the buffer is full, it is automatically flushed: Contents are sent to the client (preceded by header fields, if this is the first flush) Buffer becomes empty Note that all header fields must be defined before the first buffer flush

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides100 More Servlet Methods

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides101 More Servlet Methods  In addition to doGet() and doPost(), servlets have methods corresponding to other HTTP request methods doHead() : automatically defined if doGet() is overridden doOptions(), doTrace() : useful default methods provided doDelete(), doPut() : override to support these methods

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides102 Data Storage  Almost all web applications (servlets or related dynamic web server software) store and retrieve data Typical web app uses a data base management system (DBMS) Another option is to use the file system Not web technologies, so beyond our scope  Some Java data storage details provided in Appendices B (file system) and C (DBMS)  One common problem: concurrency

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides103 Concurrency

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides104 Concurrency  Tomcat creates a separate thread for each HTTP request  Java thread state saved: Which statement to be executed next The call stack: where the current method will return to, where that method will return to, etc. plus parameter values for each method The values of local variables for all methods on the call stack

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides105 Concurrency  Some examples of values that are not saved when a thread is suspended: Values of instance variables (variables declared outside of methods) Values of class variables (variables declared as static outside of methods) Contents of files and other external resources

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides106 Concurrency // Output HTML document

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides107 Concurrency

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides108 Concurrency  Java support thread synchronization Only one synchronized method within a class can be called at any one time Only one thread at at time can call doGet()

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides109 Concurrency

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides110 Concurrency  Web application with multiple servlet classes and shared resource:

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides111 Concurrency  Solution: create a shared class with synchronized static methods called by both servlets CounterFileCounterReaderCounterWriter readAndReset()incr() File

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides112 Common Gateway Interface  CGI was the earliest standard technology used for dynamic server-side content  CGI basics: HTTP request information is stored in environment variables (e.g., QUERY_STRING, REQUEST_METHOD, HTTP_USER_AGENT) Program is executed, output is returned in HTTP response

Guy-Vincent Jourdan :: CSI 3140 :: based on Jeffrey C. Jackson’s slides113 Common Gateway Interface  Advantage: Program can be written in any programming language (Perl frequently used)  Disadvantages: No standard for concepts such as session May be slower (programs normally run in separate processes, not server process)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.