1 Servlets and HTML Form Data Parts of this presentation was provided by www.coreservlets.com Vijayan Sugumaran Department of DIS Oakland University Rochester,

Slides:



Advertisements
Similar presentations
Chapter 6 Server-side Programming: Java Servlets
Advertisements

Servlets, JSP and JavaBeans Joshua Scotton.  Getting Started  Servlets  JSP  JavaBeans  MVC  Conclusion.
1 Servlets Based on Notes by Dave Hollinger & Ethan Cerami Also, the Online Java Tutorial by Sun.
Introduction to Servlets Based on: Hall, Brown, Core Servlets and JavaServer Pages.
J.Sant Servlets Joseph Sant Sheridan Institute of Technology.
Objectives Ch. D - 1 At the end of this chapter students will: Know the general architecture and purpose of servlets Understand how to create a basic servlet.
Servlets Stoney Jackson
10-Jun-15 Servlets. 2 Servers A server is a computer that responds to requests from a client Typical requests: provide a web page, upload or download.
An introduction to Java Servlet Programming
18-Jun-15 JSP Java Server Pages Reference: Tutorial/Servlet-Tutorial-JSP.html.
JSP Java Server Pages Reference:
Core Servlets Chapter 3 Link for Core Servlets code: om/archive/ om/archive/
1 CS6320 – Servlet Structure and Lifecycle L. Grewe.
Servlets Replace Common Gateway Interface Scripts Extend Server Functionality Modules (software components) Like applets to browsers No GUI.
Introduction to Java Servlets Vijayan Sugumaran School of Business Administration Oakland University Note: Some of the slides were imported from
13-Jul-15 Servlets. 2 Servers A server is a computer that responds to requests from a client Typical requests: provide a web page, upload or download.
Java Server and Servlet CS616 Team 9 Kim Doyle, Susan Kroha, Arunima Palchowdhury, Wei Xu.
Server Side Programming Web Information Systems 2012.
Servlets Compiled by Dr. Billy B. L. Lim. Servlets Servlets are Java programs which are invoked to service client requests on a Web server. Servlets extend.
Servlets. Our Project 3-tier application Develop our own multi-threaded server Socket level communication.
A Servlet’s Job Read explicit data sent by client (form data) Read implicit data sent by client (request headers) Generate the results Send the explicit.
Java Servlets and JSP.
Java Servlets. What Are Servlets? Basically, a java program that runs on the server Basically, a java program that runs on the server Creates dynamic.
Gayle J Yaverbaum, PhD Professor of Information Systems Penn State Harrisburg.
Introduction to Web App Development Allen Day. Notes This is a training NOT a presentation Please ask questions
Introduction Servlets and JSP Celsina Bignoli
1 Databases & Web-based Applications JDBC & Java Servlets A. Benabdelkader ©UvA, 2002/2003.
Servlets. - Java technology for Common Gateway Interface (CGI) programming. - It is a Java class that dynamically extends the function of a web server.
Java support for WWW Babak Esfandiari (sources: Qusay Mahmoud, Roger Impey, textbook)
CSC 2720 Building Web Applications
J2EE training: 1 Course Material Usage Rules PowerPoint slides for use only in full-semester, for-credit courses at degree-granting.
SKT-SSU IT Training Center Servlet and JSP. Chapter Three: Servlet Basics.
111 Java Servlets Dynamic Web Pages (Program Files) Servlets versus Java Server Pages Implementing Servlets Example: F15 Warranty Registration Tomcat Configuration.
J2EE training: 1 Course Material Usage Rules PowerPoint slides for use only in full-semester, for-credit courses at degree-granting.
CMPUT 391 – Database Management Systems Department of Computing Science University of Alberta CMPUT 391 Database Management Systems Web based Applications,
Web Server Programming 1. Nuts and Bolts. Premises of Course Provides general introduction, no in-depth training Assumes some HTML knowledge Assumes some.
Servlet Lifecycle Lec 28. Servlet Life Cycle  Initialize  Service  Destroy Time.
Chapter 3 Servlet Basics. 1.Recall the Servlet Role 2.Basic Servlet Structure 3.A simple servlet that generates plain text 4.A servlet that generates.
Java Servlets. Servlets When we run small Java programs within a browser these are referred to as Applets... And when we run small Java programs within.
Java Servlets & Java Server Pages Lecture July 2013.
Slides © Marty Hall, book © Sun Microsystems Press 1 Handling the Client Request: Form Data Core Servlets & JSP book:
20-Nov-15introServlets.ppt Intro to servlets. 20-Nov-15introServlets.ppt typical web page – source Hello Hello.
S ERVLETS Hits Counter 21-Nov-15. S ERVLETS - H ITS C OUNTER Many times you would be interested in knowing total number of hits on a particular page of.
Java Servlets and Java Server Pages Norman White Stern School of Business.
Middleware 3/29/2001 Kang, Seungwoo Lee, Jinwon. Description of Topics 1. CGI, Servlets, JSPs 2. Sessions/Cookies 3. Database Connection(JDBC, Connection.
CSI 3125, Preliminaries, page 1 SERVLET. CSI 3125, Preliminaries, page 2 SERVLET A servlet is a server-side software program, Responds oriented other.
1 Introduction to Servlets. Topics Web Applications and the Java Server. HTTP protocol. Servlets 2.
Introduction to Servlets Allen Day. Notes This is a training NOT a presentation Please ask questions Prerequisites.
CS320 Web and Internet Programming Introduction to Java Servlets Chengyu Sun California State University, Los Angeles.
CSI 3125, Preliminaries, page 1 SERVLET. CSI 3125, Preliminaries, page 2 SERVLET A servlet is a server-side software program, written in Java code, that.
Configuration Web Server Tomcat - Install JDK Install Tom cat Configure Tom cat for running Servlet C:\Program Files\Apache Software Foundation\Tomcat.
©SoftMoore ConsultingSlide 1 Overview of Servlets and JavaServer Pages (JSP)
HTTP protocol Java Servlets. HTTP protocol Web system communicates with end-user via HTTP protocol HTTP protocol methods: GET, POST, HEAD, PUT, OPTIONS,
S ERVLETS Form Data 19-Mar-16. F ORM P ROCESSING You must have come across many situations when you need to pass some information from your browser to.
CS320 Web and Internet Programming Introduction to Java Servlets Chengyu Sun California State University, Los Angeles.
Distributed Web Systems Java Servlets Lecturer Department University.
Introduction to Servlets
Servlets.
Servlet Fudamentals.
Java Servlets By: Tejashri Udavant..
Introduction to Java Servlets
Servlets Hits Counter 20-Jul-18.
Servlet.
Servlets and Java Server Pages
Servlets.
Servlet APIs Every servlet must implement javax.servlet.Servlet interface Most servlets implement the interface by extending one of these classes javax.servlet.GenericServlet.
Web Search Interfaces.
Servlets 7-Apr-19.
Basic servlet structure
Servlets: Servlet / Web Browser Communication I
Presentation transcript:

1 Servlets and HTML Form Data Parts of this presentation was provided by Vijayan Sugumaran Department of DIS Oakland University Rochester, MI 48309

2 Generating HTML  Set the Content-Type header  Use response.setContentType  Output HTML  Be sure to include the DOCTYPE  Use an HTML validation service    If your servlets are behind a firewall, you can run them, save the HTML output, and use a file upload form to validate.

3 A Servlet That Generates HTML public class HelloWWW extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); PrintWriter out = response.getWriter(); String docType = "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 " + "Transitional//EN\">\n"; out.println(docType + " \n" + " Hello WWW \n" + " \n" + " Hello WWW \n" + " "); }

4 The Servlet Life Cycle  init  Executed once when the servlet is first loaded. Not called for each request.  service  Called in a new thread by server for each request. Dispatches to doGet, doPost, etc. Do not override this method!  doGet, doPost  Handles GET, POST, etc. requests.  Override these to provide desired behavior.  destroy  Called when server deletes servlet instance. Not called after each request.

5 Initializing Servlets  Common in real-life servlets  E.g., initializing database connection pools.  Use ServletConfig.getInitParameter to read initialization parameters  Set init parameters in web.xml (ver 2.2/2.3)  …/WEB-INF/web.xml  Many servers have custom interfaces to create web.xml  It is common to use init even when you don’t read init parameters  See modification date example in Core Servlets and JavaServer Pages Chapter 2

6 A Servlet That Uses Initialization Parameters public class ShowMessage extends HttpServlet { private String message; private String defaultMessage = "No message."; private int repeats = 1; public void init() throws ServletException { ServletConfig config = getServletConfig(); message = config.getInitParameter("message"); if (message == null) { message = defaultMessage; } try { String repeatString = config.getInitParameter("repeats"); repeats = Integer.parseInt(repeatString); } catch(NumberFormatException nfe) {} }

7 ShowMessage Servlet (Continued) public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); PrintWriter out = response.getWriter(); String title = "The ShowMessage Servlet"; out.println(ServletUtilities.headWithTitle(title)+ " \n" + " " + title + " "); for(int i=0; i<repeats; i++) { out.println(message + " "); } out.println(" "); }

8 Setting Init Parameters ...\WEB-INF\web.xml  tomcat_install_dir\webapps\examples\WEB -INF\web.xml ShowMsg ShowMessage message Shibboleth repeats 5

9 ShowMessage Result

10 Debugging Servlets  Use print statements; run server on desktop  Integrated debugger in IDE  Look at the HTML source  Return error pages to the client  Plan ahead for missing or malformed data  Use the log file  log("message") or log("message", Throwable)  Look at the request data separately.  See EchoServer at  Look at the response data separately  See WebClient at  Stop and restart the server

11 Handling the Client Request: Form Data

12 The Role of Form Data  Example URL at online travel agent   Names come from HTML author; values usually come from end user  Parsing form (query) data in traditional CGI  Read the data one way (QUERY_STRING) for GET requests, another way (standard input) for POST requests  Chop pairs at ampersands, then separate parameter names (left of the equal signs) from parameter values (right of the equal signs)  URL decode values (e.g., "%7E" becomes "~")  Need special cases for omitted values (param1=val1&param2=&param3=val3) and repeated parameters (param1=val1&param2=val2&param1=val3)

13 Creating Form Data: HTML Forms A Sample Form Using GET A Sample Form Using GET First name: Last name:

14 Aside: Installing HTML Files  Tomcat  install_dir\webapps\examples\Form.html or  install_dir\webapps\examples\SomeDir\Form.html  JRun  install_dir\servers\default\default-app\Form.html or  install_dir\servers\default\default-app\SomeDir\Form.html  URL  or 

15 HTML Form: Initial Result

16 HTML Form: Submission Result (Data Sent to EchoServer)

17 Sending POST Data A Sample Form Using POST A Sample Form Using POST <FORM ACTION=" METHOD="POST"> First name: Last name:

18 Sending POST Data

19 Reading Form Data In Servlets  request.getParameter("name")  Returns URL-decoded value of first occurrence of name in query string  Works identically for GET and POST requests  Returns null if no such parameter is in query  request.getParameterValues("name")  Returns an array of the URL-decoded values of all occurrences of name in query string  Returns a one-element array if param not repeated  Returns null if no such parameter is in query  request.getParameterNames()  Returns Enumeration of request params

20 An HTML Form With Three Parameters First Parameter: Second Parameter: Third Parameter:

21 Reading the Three Parameters public class ThreeParams extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); PrintWriter out = response.getWriter(); String title = "Reading Three Request Parameters"; out.println(ServletUtilities.headWithTitle(title) + " \n" + " " + title + " \n" + " \n" + " param1 : " + request.getParameter("param1") + "\n" + " param2 : " + request.getParameter("param2") + "\n" + " param3 : " + request.getParameter("param3") + "\n" + " \n" + " "); }}

22 Reading Three Parameters: Result

23 Reading All Parameters public class ShowParameters extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); PrintWriter out = response.getWriter(); String title = "Reading All Request Parameters"; out.println(ServletUtilities.headWithTitle(title) + " \n" + " " + title + " \n" + " \n" + " Parameter Name Parameter Value(s)");

24 Reading All Parameters (cont) Enumeration paramNames = request.getParameterNames(); while(paramNames.hasMoreElements()) { String paramName = (String)paramNames.nextElement(); out.print(" " + paramName + "\n "); String[] paramValues = request.getParameterValues(paramName); if (paramValues.length == 1) { String paramValue = paramValues[0]; if (paramValue.length() == 0) out.println(" No Value "); else out.println(paramValue);

25 Reading All Parameters (cont) } else { out.println(" "); for(int i=0; i<paramValues.length; i++) { out.println(" " + paramValues[i]); } out.println(" "); } out.println(" \n "); } public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doGet(request, response); }

26 Result of ShowParameters Servlet  Note that order of parameters in Enumeration does not match order they appeared in Web page

27 Posting Service: Front End  Gathers resumé formatting and content information

28 Posting Service: Back End  Previews result or stores resumé in database

29 Posting Service: Servlet Code private void showPreview(HttpServletRequest request, PrintWriter out) { String headingFont = request.getParameter("headingFont"); headingFont = replaceIfMissingOrDefault(headingFont, "");... String name = request.getParameter("name"); name = replaceIfMissing(name, "Lou Zer"); String title = request.getParameter("title"); title = replaceIfMissing(title, "Loser"); String languages = request.getParameter("languages"); languages = replaceIfMissing(languages, " None "); String languageList = makeList(languages); String skills = request.getParameter("skills"); skills = replaceIfMissing(skills, "Not many, obviously.");... }  Point: always explicitly handle missing or malformed query data

30 Filtering Strings for HTML- Specific Characters  You cannot safely insert arbitrary strings into servlet output  can cause problems anywhere  & and " can cause problems inside of HTML attributes  You sometimes cannot manually translate  The string is derived from a program excerpt or another source where it is already in some standard format  The string is derived from HTML form data  Failing to filter special characters from form data makes you vulnerable to cross-site scripting attack  

31 Filtering Code (ServletUtilities.java) public static String filter(String input) { StringBuffer filtered = new StringBuffer(input.length()); char c; for(int i=0; i<input.length(); i++) { c = input.charAt(i); if (c == '<') { filtered.append("<"); } else if (c == '>') { filtered.append(">"); } else if (c == '"') { filtered.append("""); } else if (c == '&') { filtered.append("&"); } else { filtered.append(c); } return(filtered.toString()); }

32 Servlet That Fails to Filter public class BadCodeServlet extends HttpServlet { private String codeFragment = "if (a<b) {\n" + " doThis();\n" + "} else {\n" + " doThat();\n" + "}\n"; public String getCodeFragment() { return(codeFragment); }

33 Servlet That Fails to Filter (Continued) public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); PrintWriter out = response.getWriter(); String title = "The Java 'if' Statement"; out.println(ServletUtilities.headWithTitle(title) + " \n" + " " + title + " \n" + " \n" + getCodeFragment() + " \n" + "Note that you must use curly braces\n" + "when the 'if' or 'else' clauses contain\n" + "more than one expression.\n" + " "); }

34 Servlet That Fails to Filter (Result)

35 Servlet That Properly Filters public class FilteredCodeServlet extends BadCodeServlet { public String getCodeFragment() { return(ServletUtilities.filter(super.getCodeFragment())); }

36 Summary  Query data comes from HTML forms as URL- encoded name/value pairs  Servlets read data by calling request.getParameter("name")  Results in value as entered into form, not as sent over network. I.e. not URL-encoded.  Always check for missing or malformed data  Special case: query data that contains special HTML characters  Need to be filtered if query data will be placed into resultant HTML page

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.