Servlets DBI - Representation and Management of Data on the Web

Java and Web Pages Java was introduced to embed greater interactivity into Web pages Java has accomplished this through the use of applets Applets add functionality to Web pages For example, –Adding games to Web pages –Adding graphics –etc.

About Java Applets Java applets are programs that are embedded directly into Web pages We add the tag to the HTML page When a browser loads a Web page, the applet byte-code is downloaded to the client box and executed by the browser

Problems with Applets Three main problems are –Accessing files and databases (security restrictions) –Compatibility –Bandwidth The bandwidth problem: –as your applets grow in size, the download time becomes unacceptable

Compatibility Problems Applets are also faced with compatibility problems In order to run an applet, you need to have a compatible browser If a customer doesn't have a compatible browser, she will not be presented with proper content Thin clients do not support the all Java API

We Tried So Far Running applications on the client

Instead, We … Move to the server

The Solution Server-side Java solves some of the problems that applets face: –There are no compatibility problems with code execution –There are no issues with long download time –Server Java only sends the client small packets of information that it can understand (mainly HTML) Java servlets are one of the options for server-side Java

Servlets Servlets most common usages: –1. Used to extend Web servers –2. Used as replacement for CGI that is secure, portable, and easy-to-use A servlet is a dynamically loaded module that services requests from a Web server A servlet runs entirely inside the Java Virtual Machine Servlet does not depend on browser compatibility

Execution of a Java Servlet Sending a request and receiving a response

Example of Using Servlets Developing e-commerce store fronts: a.A Servlet can build an on-line catalog from database b.The Servlets can present the catalog using dynamic HTML c.A customer fills out order and submits it to the servlet d.The Servlet processes the order and submits the result to the database

Alternatives to Java Servlets I.CGI II.Proprietary server APIs III.Server side JavaScript IV.Microsoft Active Server Pages All above are viable solutions, but each has their own set of problems

CGI Common Gateway Interface (CGI): Scripts generate Web pages or other files dynamically by processing form data and returning documents based on form values or other data

Servlets Versus CGI Platform Independence – servlets work on any servlet-enabled server Single process that handles many requests Written in Java Faster to Run Not platform independent Work order: get request, open process, shut down Not persistent – reestablish resources each time Each request requires new CGI process CGI Servlet

Servlets Give Portability The power of Java Efficiency since using a single process Safety – strong typing differently from scripts “Clean”, object oriented code Integration with the server

HTML Forms Interactive HTML Composed of input elements (buttons, text fields, check boxes) with tag On Submission, browser packages user input and sends to server Server passes information to supporting application that formats reply (HTML page)

The Tag Inside a form, INPUT tags define fields for data entry Standard input types include: buttons, checkboxes, password field, radio buttons, text fields, image- buttons, text areas, pull-down menus, They all associate a single (string) value with a named parameter

The Tag … comprise single form Two Special Attributes: –action – the name of the processing server –method – the method to pass parameters to server

Form Parameters action attribute give URL of application that receives and processes form’s data (cgi-bin) … enctype attribute to change encryption method attribute sets the method by which data sent to server (HTTP methods)

HTTP Methods POST: –Data sent in two steps –Designed for Posting information Browser contacts server Sends data GET: –Contacts server and sends data in single step –Appends data to action URL separated by question mark –Designed to get information

Other Methods HEAD: Client sees only header of response to determine size, etc… PUT: Place documents directly on server DELETE: Opposite of PUT TRACE: Debugging aid returns to client contents of its request OPTIONS: what options available on server

Example … <form method=GET action=“ … …

A Book Review Example

Instead, We Write <form action= method=POST> for calling a servlet

BookReviewServlet extends HttpServlet doPost for handling a POST request

More on Server-side Technologies Server-side Includes: –Extension to HTML –Server-side scripting –Embedding code in HTML documents Java Server Pages: –JavaServer Pages technology uses XML-like tags and scriptlets written in the Java programming language to encapsulate the logic that generates the content for the page –Dynamic data in web page –JSP compiled to Servlet

Servlet Package javax.servlet Servlet interface defines methods that manage servlet and its communication with clients Client Interaction: When it accepts call, receives two objects –ServletRequest –ServletResponse

Architecture

Hello World Example

import java.io.*; import javax.servlet.*; import javax.servlet.http.*; public class HelloWorld extends HttpServlet { public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { res.setContentType("text/html"); PrintWriter out = res.getWriter(); out.println(" "); out.println(" Hello World "); out.println(" "); out.println(" Hello World "); out.println(" "); } }

The Servlet Interface All servlets must implement the Servlet interface –void init(ServletConfig config) called every time the servlet is instantiated –void service(ServletRequest req, ServletResponse res) ServletRequest : parameters from the client ServletResponse : contains an output stream used to return information to the client needs to be thread-safe since multiple requests can be handled concurrently not called until init() has finished execution

The Servlet Interface –void destroy() called by the servlet engine when it removes the servlet should free any resources (i.e. files or database connections) held by the servlet –String getServletInfo() Returns version and copyright information

The HttpServlet Interface Implements Servlet Receives requests and sends responses to a web browser Methods to handle different types of HTTP requests: –doGet() handles GET requests –doPost() handles POST requests –doPut() handles PUT requests –doDelete() handles DELETE requests

Handling HttpServlet Requests service() method not usually overridden –doXXX() methods handle the different request types Needs to be thread-safe or must run on a STM (SingleThreadModel) Servlet Engine –multiple requests can be handled at the same time

HttpServlet Request Handling GET request service() HttpServlet subclass response doGet() doPost() Web Server POST request response

ServletRequest Interface Encapsulates communication from client to server –parameters passed by client, –protocol used by client, –names of remote host, and server ServletInputStream for data transfer from client to server using HTTP POST and PUT HttpServletRequest access HTTP header info

ServletRequest Interface public abstract int getContentLength() public abstract String getContentType() public abstract String getProtocol() public abstract String getScheme() public abstract String getServerName() public abstract int getServerPort() public abstract String getRemoteAddr() public abstract String getRemoteHost() public abstract String getParameter(String name) public abstract String[] getParameterValues(String name) public abstract Enumeration getParameterNames() public abstract Object getAttribute(String name)

HttpServletRequest Interface public String getMethod() public String getRequestURI() public Enumeration getHeaderNames() public String getHeader(String name) public int getIntHeader(String name) public long getDateHeader(String name) public Cookie[] getCookies() public HttpSession getSession(boolean create) public String getRequestedSessionId() public boolean isRequestedSessionIdValid() public boolean isRequestedSessionIdFromCookie() public boolean isRequestedSessionIdFromUrl()

ServletResponse Interface Methods for replying to client Set content length and MIME type of reply ServletOutputStream and a Writer to send data HttpServletResponse protocol specific

ServletResponse Interface public void setContentLength(int len) public void setContentType(String type) public ServletOutputStream getOutputStream() throws IOException public PrintWriter getWriter() throws IOException public String getCharacterEncoding()

HttpServletResponse Interface public void sendError(int sc, String msg) throws IOException public void sendError(int sc) throws IOException public void setStatus(int sc, String sm) public void setStatus(int sc) public boolean containsHeader(String name) public void setHeader(String name,String value) public void setIntHeader(String name, int value) public void setDateHeader(String name, long date) public void sendRedirect(String location) throws IOException public void addCookie(Cookie cookie) public String encodeUrl(String url) public String encodeRedirectUrl(String url)

HTTP Specifics MIME: Multipurpose Internet Mail Extension to identify file type GET/POST/PUT: Ways that browser sends form data to the server Persistent Sessions Cookies

public class SimpleServlet extends HttpServlet { /** * Handle the HTTP GET method by building a simple web page. */ public void doGet (HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { PrintWriter out; String title = "Simple Servlet Output"; // set content type and other response header fields first response.setContentType("text/html"); // then write the data of the response out = response.getWriter(); out.println(" "); out.println(title); out.println(" "); out.println(" " + title + " "); out.println(" This is output from SimpleServlet."); out.println(" "); out.close(); } }

You Do The Following Subclass HttpServlet Override doGet() User Request encapsulated in HttpServletRequest object Response encapsulated in HttpServletResponse object Use output stream from HttpServletResponse

Interacting with Clients Requests and Responses Header Data Get Requests Post Requests Threading Servlet Descriptions

Handle requests through service method (calls doGet() ) HttpServletRequest Objects –getParameter returns value of named parameter –getParameterValues if more than one value –getParameterNames for names of parameters –getQueryString for HTTP GET returns string of raw data from client. Must parse. –HTTP POST, PUT, DELETE Requests Text: getReader returns BufferedReader Binary: getInputStream returns ServletInputStream

HttpServletResponse Object –getWriter returns a Writer for text –getOutputStream returns ServletOutputStream for binary –Set header data before above IO set –setContentType in header

Response Type Response type does not have to be a text You can, for example, setContent(“image/gif”) and send a stream of bits of an image You can also return an HTML form that calls your servlet again as a response to a user action

An Example Introductions If you don't mind me asking, what is your name?

import java.io.*; import javax.servlet.*; import javax.servlet.http.*; public class Hello extends HttpServlet { public void doPost(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { doGet(req, res); }

public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { // Set the Content-Type header res.setContentType("text/html"); // Return early if this is a HEAD if (req.getMethod().equals("HEAD")) return; // Proceed otherwise PrintWriter out = res.getWriter(); String name = req.getParameter("name"); out.println(" "); out.println(" Hello, " + name + " "); out.println(" "); out.println("Hello, " + name); out.println(" "); } }

Using the Tag It is a server-side tag that is written in the HTML document The web server is configured to replace the tag with the output from the invoked servlet Many times, for servlets to recognize such files, they are files that end with “.shtml”

Mountain View Public Access Bank Account Query Service Bank Server Which account do you want to find out about ? All information subject to change without notice and probably quite inaccurate. The Servlet is not invoked directly

Mountain View Public Access Bank Account Query Service Bank Server Your server doesn't support the servlet tag.

Your server doesn't support the servlet tag. Which account do you want to find out about ? All information subject to change without notice and probably quite inaccurate. SecondPage.shtml

public abstract class BankAccountSSIRoot extends HttpServlet { public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { _driverName = request.getParameter("DriverName"); _databaseURL = request.getParameter("DatabaseURL"); _account = request.getParameter("Account"); _password = request.getParameter("Password"); PrintWriter output; try { output = new PrintWriter(response.getOutputStream(), true); } catch (Exception e){ log("Couldn't get Printwriter for request"); return; } String person = request.getParameter("Person"); if (null==person){ logError(output, "Please enter a person's name"); } else{ printAccountData(person, output); } return; } Servlet can’t tell the difference between SERVLET tag parameters and form parameters Class.forName(_driverName); return DriverManager.getConnection( _databaseURL, _account, _password);

Servlets Package in UML HttpUtils Object HttpSessionBindingListener HttpSessionContext HttpSession 0..* 1 1..* HttpServletResponse Cookie 1 0..* HttpServletRequest 1 0..* * ServletConfig HttpServlet GenericServletServletContext 1 1

Second Lecture

A Search Engine Choice Example Taken from a tutorial by Marty Hall Tutorial/ Tutorial/ SearchEngines.java SearchSpec.java SearchEngines.html

Servlet Life Cycle No main() method! Server loads and initializes servlet servlet handles client requests server removes servlet Servlet can remain loaded to handle additional requests Incur startup costs only once

Life Cycle Schema

Starting and Destroying Servlets Initialization: –Servlet’s init(ServletConfig) method –Create I/O to intensive resources (database) –Initialization parameters are server specific –Seen in servletrunner properties file Destroying: –destroy() method –make sure all service threads complete

ServletConfig When a servlet is created, it can have a set of initialization parameters (just like applets or command line args to an application) –How these parameters are set is web-server specific (you need to configure the web server) ServletConfig lets the Servlet get at this initial configuration information public ServletContext getServletContext() public String getInitParameter(String name) public Enumeration getInitParameterNames()

Servlet Threads Applying a service method for each client request The server usually only calls destroy() after all service threads complete Need to keep track of threads currently running Wait for long-running threads to complete Have long-running threads poll for shutdown

Example – Counting Threads public ShutdownExample extends HttpServlet { private int serviceCounter = 0;... //Access methods for serviceCounter protected synchronized void enteringServiceMethod() { serviceCounter++; } protected synchronized void leavingServiceMethod() { serviceCounter--; } protected synchronized int numServices() { return serviceCounter; }

Maintaining the Count protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { enteringServiceMethod(); try { super.service(req, resp); } finally { leavingServiceMethod(); }

Notifying a Shutdown public ShutdownExample extends HttpServlet { private boolean shuttingDown;... //Access methods for shuttingDown protected setShuttingDown(boolean flag) { shuttingDown = flag; } protected boolean isShuttingDown() { return shuttingDown; }

A Destroy Example public void destroy() { /* Check to see whether there are still * service methods running, * and if there are, tell them to stop. */ if (numServices() > 0) { setShuttingDown(true); } /* Wait for the service methods to stop. */ while(numServices() > 0) { try { Thread.sleep(interval); } catch (InterruptedException e) {} }

“Listening” to a Shutdown public void doPost(...) {... for(i = 0; ((i < numberOfThingsToDo) && !isShuttingDown()); i++) { try { partOfLongRunningOperation(i); } catch (InterruptedException e) {} }

SingelThreadModel SingleThreadModel is a marker interface –No methods –Tells servlet engines about lifecycle expectations Ensure that no two threads will execute concurrently the service method of that servlet This is guaranteed by maintaining a pool of servlet instances for each such servlet, and dispatching each service call to a free servlet

SingleThreadModel SingleThreadModel let you break servlet functionality into multiple methods Can rely on “instance state” being uncorrupted by other requests Can’t rely on singletons (static members) or persistent instance state between connections –The same client making the same request, can get different instances of your servlet

Servlets Chaining Servlets cooperate to create content Multiple servlets in a chain –request parameters supplied to first servlet –output piped to successive servlets –last servlet in chain sends output to client Two ways to direct server to use chains: –configure server to handle certain URLs with explicitly- specified chains –configure server to direct certain content types to specific servlets before output

Example – Removing blink Tags import java.io.*; import javax.servlet.*; import javax.servlet.http.*; public class Deblink extends HttpServlet { public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { // get the incoming type String contentType = req.getContentType(); // nothing incoming, nothing to do if (contentType == null) return; // set outgoing type to be incoming type res.setContentType(contentType);

PrintWriter out = res.getWriter(); BufferedReader in = req.getReader(); String line = null; while ((line = in.readLine()) != null) { line = replace(line, ” ", ""); out.println(line); } } // end doGet() public void doPost(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { doGet(req, res); } // end doPost()

private String replace(String line, String oldString, String newString) { int index = 0; while ((index = line.indexOf(oldString, index)) = 0) { // Replace the old string with the new string // (inefficiently) line =line.substring(0, index) + newString + line.substring(index + oldString.length()); index += newString.length(); } return line; } // end replace() } // end Deblink

Servlet Chaining Can be Used to Quickly change appearance of a page, group of pages, or type of content –suppress tags –translate into a different language Display section of page in special format – tag - print results of query Support obscure data types –serve up unsupported image formats as GIF or JPEG

Session Tracking HTTP is a stateless protocol –many web applications (i.e. shopping carts) are not –need to keep track of each user’s state (i.e. items in the shopping cart) Common techniques –user authorization –hidden form fields –URL rewriting –persistent cookies

Hidden Form Fields Hidden fields are just another type of input tag for a form The receiving web server can’t tell the difference between a user entered value and a hidden form field value <INPUT TYPE = hidden NAME = “DefaultBGColor” VALUE = “Green” >

URL Encoding Basically, a way to store lots of name value pairs as arguments after a URL –End result is a url that looks like a “GET” URL If you want to embed a link in a response, and want the link to reflect the session-id, use either (from HttpServletResponse ) These encode the session id as ?name=value on the end of the url public String encodeUrl(String url) public String encodeRedirectUrl(String url)

Tracking with HttpSession Servlets have built-in session tracking Every user has a HttpSession object –store and retrieve user information i.e. shopping cart contents, database connections Retrieve the user’s session: public HttpSession HttpServletRequest.getSession (boolean create) –if the user has no valid session, a new one is created if create is true ; null is returned if create is false

Session Tracking API Add data to a session public void HttpSession.putValue(String name, Object value) –value must implement Serializable interface –replaces any object that is bound in the session with the same name Retrieve data from a session public Object HttpSession.getValue(String name) –returns null if no object is bound to the name

More on Tracking API Retrieve the name of all session objects public String[] HttpSession.getValueNames() –returns an empty array if no bindings Remove a value from the session public void HttpSession.removeValue(String name) –does nothing if no object is bound These methods throw an IllegalStateException if the session is invalid

Hit Count using Session Tracking import java.io.*; import javax.servlet.*; import javax.servlet.http.*; public class SessionTracker extends HttpServlet { public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { res.setContentType("text/html"); PrintWriter out = res.getWriter(); HttpSession session = req.getSession(true); Integer count = (Integer)session.getValue("tracker.count"); if (count == null) count = new Integer(1); else count = new Integer(count.intValue() + 1);

Hit Count using Session Tracking session.putValue("tracker.count", count); out.println(" SessionTracker "); out.println(" Session Tracking Demo "); out.println("You've visited this page " + count + ((count.intValue() == 1) ? " time." : " times.")); out.println(" "); out.println(" Here is your session data: "); String[] names = session.getValueNames(); for (int i = 0; i < names.length; i++) { out.println(names[i] + ": " + session.getValue(names[i]) + " "); } out.println(" "); }

Cookies Usages: –Identifying a user during an e-commerce (or other) session –Avoiding user-name and password –Customizing a site –Focusing advartising

Cookies Cookies are state information that gets passed back and forth between the web server and browser in HTTP headers –A response header –A request header You create cookies and then add them to the HttpServletResponse (or get them from the HttpServletRequest ) Set-Cookie: NAME=VALUE; expires=DATE; path=PATH; domain=DOMAIN_NAME; secure Cookie: NAME=VALUE; NAME2=VALUE2; NAME3=VALUE3... public void addCookie(Cookie cookie) public Cookie[] getCookies()

Limitations on Cookies Must be set before any HMTL is generated. –Neither servlets embedded using the SERVLET tag, nor chained servlets, can set a cookie –They can still access cookie values Name isn’t unique –Uniqueness enforced on (Name, Domain, Path) Most applicable cookie of each name (best match) is returned Only name, value, and version are returned

More Limitations Limited to 20 cookies per server/ domain Limited to 300 cookies per user A 4KB size limit per cooky Cookies expire:

A Lasting Cooky import javax.servlet.http.*; public class LongLivedCookie extends Cookie { public static final int SECONDS_PER_YEAR = 60*60*24*365; public LongLivedCookie(String name, String value) { super(name, value); setMaxAge(SECONDS_PER_YEAR); }

javax.servlet.Http.Cookie public void setComment(String purpose) public void setDomain(String pattern) public void setMaxAge(int expiry) public void setPath(String uri) public void setSecure(boolean flag) public void setValue(String newValue) public void setVersion(int v) public String getValue() public int getVersion() public String getName() public String getComment() public String getPath() public int getMaxAge() public String getDomain() public boolean getSecure() Pointless to call these because browser doesn’t send them Comment is used if client individually approves cookies Secure means, practically, “only send if SSL is being used” Note that you can’t change a cookies name

Cookie Defaults Max Age – if not set, cookie will expire when browser is closed Domain/Path – together, they specify where the cookie is valid –A cookie created in response to the request defaults to domain: path: ~dbi/home/

Note that Cookies do not pose a security threat They do pose a privacy threat

Servlet Communication To service a request, the servlet may need to get resources from: –databases –other servlets –HTML pages (or other files) –objects shared among servlets at the same server –and so on

Getting a Resource There are two ways to get a resource: –With a HTTP request –Using a RequestDispatcher object

Getting a Request Dispatcher public class BookStoreServlet extends HttpServlet { public void service (HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // Get the dispatcher; it gets the main page to the user RequestDispatcher dispatcher = getServletContext().getRequestDispatcher( "/bookstore/bookstore.html");... }

Resources that are not Available To deal with resources that are not available you should do: if (dispatcher == null) { // No dispatcher means the html file can not be delivered response.sendError(response.SC_NO_CONTENT); }

Forwarding Request public class BookStoreServlet extends HttpServlet { public void service (HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {... // Get or start a new session for this user HttpSession session = request.getSession(); // Send the user the bookstore's opening page dispatcher.forward(request, response);... }

Include Forwarding a request cannot be used to service requests partially We should use include() of resources

ServletContext For sharing resources among servlets, we use ServletContext –Server-specific attributes (name-value pairs, much like System.properties) and server configuration information –Ability to find other servlets

public Servlet getServlet(String name) throws ServletException public Enumeration getServlets() public Enumeration getServletNames() public void log(String msg) public void log(Exception exception, String msg) public String getRealPath(String path) public String getMimeType(String file) public String getServerInfo() public Object getAttribute(String name) public void setAttribute(String name, Object object) public void removeAttribute(string name) public Enumeration getAttributeNames();

public class CatalogServlet extends HttpServlet { public void init() throws ServletException { BookDBFrontEnd bookDBFrontEnd =... if (bookDBFrontEnd == null) { getServletContext().setAttribute( "examples.bookstore.database. BookDBFrontEnd", BookDBFrontEnd.instance()); }... } With getAttribute() the values are taken and used by other servlets

Servers JavaServer Web Development Kit (JSWDK) –By Sun –the official reference implementation of the servlet 2.1 and JSP 1.0 specifications Tomcat –By Apache –Tomcat is the official reference implementation of the servlet 2.2 and JSP 1.1 specifications

Tomcat Configuring: –A file “web.xml” (called Web application deployment descriptor) holds the configuration information –There are and elements in the file

The Element The Servlet Element –establishes a mapping between a servlet name and the fully-qualified name of the servlet class: catalog CatalogServlet

Determining the Servlet When a request is received by Tomcat it must determine which servlet should handle it You designate that certain paths (called aliases) map to a specific servlet with the servlet-mapping element

The Mapping of URLs And Servlets A context root is a path that gets mapped to the document root of the servlet application If your application's context root is /bookstore, then a request URL such as will send the request to the servlet named catalog within the bookstore context

Example catalog /catalog

Start-up File The server startup file is TOMCAT_HOME/conf/server.xml It holds configuration information –Server host (default localhost) –server port (default 8080) –etc

Calling Servlets From a Browser Context-root corresponds to the subdirectory of TOMCAT_HOME/webapps where you have installed your application Servlet-name corresponds to the name you have given your servlet name

Online Bookstore

Handling Get Requests

Handling Post Requests

Servlet Descriptions To allow server to display information about servlet getServletInfo public class BookStoreServlet extends HttpServlet {... public String getServletInfo() { return "The BookStore servlet returns the " + "main web page for Duke's Bookstore."; }