1 Uploading Files with Servlets Read more about the FileUpload APIFileUpload API.

Slides:



Advertisements
Similar presentations
Java Server Pages (JSP)
Advertisements

 2002 Prentice Hall. All rights reserved. Chapter 9: Servlets Outline 9.1 Introduction 9.2 Servlet Overview and Architecture Interface Servlet and.
1 Servlets: Leftover Odds and Ends (Most apply to JSPs as well, duh….) Representation and Management of Data on the Internet, 2007 CS Department, HUJI.
Objectives Ch. D - 1 At the end of this chapter students will: Know the general architecture and purpose of servlets Understand how to create a basic servlet.
Servlets Stoney Jackson
WEB1P servintro1 Introduction to servlets and JSP Dr Jim Briggs.
An introduction to Java Servlet Programming
1 Servlets Part 2 Representation and Management of Data on the Web.
1 Servlet/JSP Miscellaneous Representation and Management of Data on the Web.
18-Jun-15 JSP Java Server Pages Reference: Tutorial/Servlet-Tutorial-JSP.html.
Liang, Introduction to Java Programming, Sixth Edition, (c) 2005 Pearson Education, Inc. All rights reserved Chapter 34 Servlets.
JSP Java Server Pages Reference:
2/16/2004 Dynamic Content February 16, /16/2004 Assignments Due – Message of the Day Part 1 Due – Reading and Warmup Work on Message of the Day.
27-Jun-15 Directories and DDs. 2 Web apps A web application is basically a web site that: “Knows who you are”--it doesn’t just give you static pages,
1 Servlets: Leftover Odds and Ends (Most apply to JSPs as well, duh….)
Comp2513 Java Servlet Basics Daniel L. Silver, Ph.D.
Chapter 4 Servlets Concept of Servlets (What, Why, and How) Servlet API Third-party tools to run servlets Examples of Using Servlets HTML tag with GET.
Servlets. Our Project 3-tier application Develop our own multi-threaded server Socket level communication.
SE-2840 Dr. Mark L. Hornick1 Java Servlet-based web apps Servlet Architecture.
CSCI 6962: Server-side Design and Programming History and Background.
Java Servlets and JSP.
Java Servlets. What Are Servlets? Basically, a java program that runs on the server Basically, a java program that runs on the server Creates dynamic.
Gayle J Yaverbaum, PhD Professor of Information Systems Penn State Harrisburg.
1 Servlet How can a HTML page, displayed using a browser, cause a program on a server to be executed?
Servlets. - Java technology for Common Gateway Interface (CGI) programming. - It is a Java class that dynamically extends the function of a web server.
Java support for WWW Babak Esfandiari (sources: Qusay Mahmoud, Roger Impey, textbook)
CSC 2720 Building Web Applications
Chapter 5 Java Servlets. Objectives Explain the nature of a servlet and its operation Use the appropriate servlet methods in a web application Code the.
J2EE training: 1 Course Material Usage Rules PowerPoint slides for use only in full-semester, for-credit courses at degree-granting.
111 Java Servlets Dynamic Web Pages (Program Files) Servlets versus Java Server Pages Implementing Servlets Example: F15 Warranty Registration Tomcat Configuration.
Chapter 7 Java Server Pages. Objectives Explain how the separation of concerns principle applies to JSP Describe the operation and life-cycle of a JSP.
Web Server Programming 1. Nuts and Bolts. Premises of Course Provides general introduction, no in-depth training Assumes some HTML knowledge Assumes some.
Java Servlets. Servlets When we run small Java programs within a browser these are referred to as Applets... And when we run small Java programs within.
Java Servlets & Java Server Pages Lecture July 2013.
Java Servlets Lec 27. Creating a Simple Web Application in Tomcat.
20-Nov-15introServlets.ppt Intro to servlets. 20-Nov-15introServlets.ppt typical web page – source Hello Hello.
Java Servlet API CGI / HTTP Concepts Java Servlet API.
JavaServer Page by Antonio Ko. Overview ► Introduction ► What is a servlet? ► What can servlets do? ► Servlets Vs JSP ► Syntax ► Samples ► JavaBean ►
JSP Pages. What and Why of JSP? JSP = Java code imbedded in HTML or XML –Static portion of the page is HTML –Dynamic portion is Java Easy way to develop.
Middleware 3/29/2001 Kang, Seungwoo Lee, Jinwon. Description of Topics 1. CGI, Servlets, JSPs 2. Sessions/Cookies 3. Database Connection(JDBC, Connection.
CSI 3125, Preliminaries, page 1 SERVLET. CSI 3125, Preliminaries, page 2 SERVLET A servlet is a server-side software program, Responds oriented other.
1 Introduction to Servlets. Topics Web Applications and the Java Server. HTTP protocol. Servlets 2.
Advanced Java Session 6 New York University School of Continuing and Professional Studies.
Introduction to Servlets. Introduction Servlet is a language to develop the server side applications, and it is also server side component. It can develop.
Access control 2/18/2009. TOMCAT Security Model Declarative Security:  the expression of application security external to the application, and it allows.
COMP9321 Web Application Engineering Semester 2, 2015 Dr. Amin Beheshti Service Oriented Computing Group, CSE, UNSW Australia Week 3 1COMP9321, 15s2, Week.
Vakgroep Informatietechnologie – Onderzoeksgroep (naam) Web Centric Design of Distributed Software.
Slide 1 Web Application Security ©SoftMoore Consulting.
©SoftMoore ConsultingSlide 1 Overview of Servlets and JavaServer Pages (JSP)
Java and the Web CSE 3330 Southern Methodist University.
HTTP protocol Java Servlets. HTTP protocol Web system communicates with end-user via HTTP protocol HTTP protocol methods: GET, POST, HEAD, PUT, OPTIONS,
CSC 2720 Building Web Applications File Upload using Apache Commons – FileUpload.
Introduction To HTML Dr. Magdi AMER. HTML elements.
Bayu Priyambadha, S.Kom. Static content  Web Server delivers contents of a file (html) 1. Browser sends request to Web Server 3. Web Server sends HTML.
S ERVLETS Form Data 19-Mar-16. F ORM P ROCESSING You must have come across many situations when you need to pass some information from your browser to.
Introduction to Servlets
Java Servlets By: Tejashri Udavant..
Course Outcomes of Advanced Java Programming AJP (17625, C603)
Java Servlets.
Sessions.
Chapter 26 Servlets.
Servlets and Java Server Pages
Servlets: Leftover Odds and Ends (Most apply to JSPs as well, duh….)
Java Servlets and JSP.
Servlets Servlets are modules that extend the functionality of a “java-enabled” web-server They normally generate HTML code and web content dynamically.
Servlets Servlets are modules that extend the functionality of a “java-enabled” web-server They normally generate HTML code and web content dynamically.
Directories and DDs 25-Apr-19.
Directories and DDs 21-Jul-19.
Directories and DDs 14-Sep-19.
Presentation transcript:

1 Uploading Files with Servlets Read more about the FileUpload APIFileUpload API

2 Handling Uploads with Package Commons FileUpload Commons FileUpload is a package of Apache for handling uploaded files in the Servlet side Files are sent in the body of post requests Using this package, uploaded files are temporarily written into the memory or the disk (depending on the file size) You can set the size threshold beyond which files are written to disk This is not a configuration parameter in web.xml but a part of the API as we’ll see in the next slides

3 Handling Uploads with Package Commons FileUpload Servlets read the file from the disk or memory In Tomcat, the default temporary directory is $CATALINA_BASE/temp/ However, you can specify a temporary directory of your own (e.g., /tmp ) What if a very big file is uploaded? -You can define the maximal size of uploaded files -Exception is thrown for larger files

4 Example 1 Upload Files and Parameters <form action="upload1" method="post" enctype="multipart/form-data"> File: upload1.html Sends the client the uploaded file This is the right encoding type for files uploading

5 import org.apache.commons.fileupload.disk.*; import org.apache.commons.fileupload.servlet.*; import org.apache.commons.fileupload.*; public class Upload1 extends HttpServlet { public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { DiskFileItemFactory factory = new DiskFileItemFactory(); //factory.setRepository(new File("/tmp")); factory.setSizeThreshold(1000); ServletFileUpload upload = new ServletFileUpload(factory); upload.setSizeMax(60000); Upload1.java Sets the repository directory Sets the memory vs. disk threshold (bytes) Sets the maximum file size (bytes). Bigger files generate exceptions

6 try { List items = upload.parseRequest(request); Iterator it = items.iterator(); FileItem item = (FileItem) it.next(); response.setContentType(item.getContentType()); response.setContentLength((int)item.getSize()); InputStream is = item.getInputStream(); OutputStream os = response.getOutputStream(); byte[] buffer = new byte[4096]; int read = -1; while((read=is.read(buffer))>=0) os.write(buffer,0,read); } catch (FileUploadException exp) { response.setContentType("text/html"); PrintWriter out = response.getWriter(); out.println(" Error : " + exp.getMessage() + " "); }}} Upload1.java In our exmaple, we expect a single parameter We use an Output stream and not the out PrintWriter

7 Example 2 Upload Files and Parameters <form action="upload2" method="post" enctype="multipart/form-data"> Parameter x: File: Parameter y: upload2.html Mixed parameter types

8 List items = upload.parseRequest(request); Iterator it = items.iterator(); out.println(" "); while (it.hasNext()) { FileItem item = (FileItem) it.next(); if (item.isFormField()) out.println(" Field : " + item.getFieldName() + " = " + item.getString() + " "); else out.println(" File " + ": parameter name: " + item.getFieldName() + ", file name: " + item.getName() + ", file size: " + item.getSize() + " bytes, file type: " + item.getContentType() + " "); } out.println(" "); Upload2.java This time we use a loop since there’re several parameters

9 Example 3 The latter example reflected a common design problem: combining complex HTML code and Java code in a Servlet or a JSP -Java code for processing parameters and uploaded files -HTML code for generating the (dynamic) response An accepted solution is to process the parameters in a Servlet, and forward the request to a JSP for generating the response -Attributes can be sent to the JSP The next example also uses JSTL

10 JSTL JSTL stands for JSP Standard Tag Library This is a regular tag library that can be imported to your page, like the ones we created in the past This library includes some standard actions that are common in JSP, like iteration and conditions over EL expressions, parsing/manipulation of XML and database access More details can be found in Sun's J2EE Tut.Sun's J2EE Tut

11 Example 3 Upload Files and Parameters <form action="upload3" method="post" enctype="multipart/form-data"> Parameter x: File: Parameter y: upload3.html

12 List formParams = new LinkedList(); List files = new LinkedList(); List items = upload.parseRequest(request); Iterator it = items.iterator(); while (it.hasNext()) { FileItem item = (FileItem) it.next(); if (item.isFormField())formParams.add(item); else files.add(item); } request.setAttribute("formParams",formParams); request.setAttribute("files",files); this.getServletContext().getRequestDispatcher ("/WEB-INF/jsp/upload3.jsp").forward(request,response); Upload3.java We’ll store parameters and fileitems in those lists Attach the lists to the request

13 Submitted Parameters Submitted Parameters: Parameter : name: ${item.fieldName}, value: ${item.string} File : name: ${item.name}, length: ${item.size}, size: type:${item.contentType} /WEB-INF/jsp/upload3.jsp

14 A Question What is the advantage of redirecting to JSP pages that are under WEB-INF? -Pages under the WEB-INF are not accessible -You can make sure no one invokes the JSP directly -You can hide the implementation

15 Programmatic Security with Servlets

16 Programmatic-Security Methods Servlet API contains several accessories for handling programmatic security: - getRemoteUser() - isUserInRole(String role) - getAuthType() These are all methods of HttpServletRequest To enable user authentication (even for public URLs), provide a link to some protected page Returns the authenticated user or null if none exists

17 An Example: Security Constraints in web.xml Firm People /login.html employees managers web.xml Roles, some users and their roles are defined in /conf/tomcat-users.xml Some secured resources Roles that can view those resources

18 FORM /login /login?fail=fail managers employees web.xml An Example: Security Constraints in web.xml Roles used in this application (recommended but not a necessity)

19 public class FirmServlet extends HttpServlet { public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { res.setContentType("text/html"); PrintWriter out = res.getWriter(); out.println(" Firm "); out.println(" Hello. "); String username = req.getRemoteUser(); if(username==null) { out.println(" "); out.println(" Login "); out.println(" "); return; } FirmServlet Returns the authenticated user or null if none exists

20 if(req.isUserInRole("employees")) { out.println(" "); out.print(" Welcome Employee " + username + "! "); } if(req.isUserInRole("managers")) { out.println(" "); out.print(" Executive average salary: 42764NIS! "); } out.print(" Log Out "); out.println(" "); } FirmServlet

21 public class LoginServlet extends HttpServlet { public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { res.setContentType("text/html"); PrintWriter out = res.getWriter(); out.println(" Login "); if(req.getParameter("fail")!=null) out.print(" Login Failed. Try Again. "); out.println(" " + " Login: " + " Password: " + " " + " "); } LoginServlet.java Notice that though this code contains no getSession() calls, the server tries to put session-cookie as a part of the FORM authorization

22 public void doPost(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { this.doGet(req,res); } LoginServlet.java Login LoginServlet Login /login web.xml

23 public class EndSession extends HttpServlet { public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { HttpSession session = req.getSession(false); if(session!=null) session.invalidate(); res.sendRedirect("firm"); } EndSession.java EndSession EndSession /endsession web.xml Tomcat’s session implementation saves the user details in the session but not as attributes. Recovering this data is done by calling the mentioned request methods, but of course invalidating the session leads to logout

24 Logged On You are logged on! Back to the firm page. login.html

25 Managing User Authentication with Tomcat

26 A Reminder create table users ( username varchar(30) not null primary key, pass varchar(30) not null ); create table users_roles ( username varchar(30) not null, role varchar(30) not null, primary key (username,role), foreign key (username) references users(username) );

27 In tomcat-base/conf/server.xml <Realm className="org.apache.catalina.realm.JDBCRealm" driverName="oracle.jdbc.driver.OracleDriver" connectionURL= userTable="users" userNameCol="username" userCredCol="pass" userRoleTable="users_roles" roleNameCol="role"/>

28 User Tables What if we do not have one table that stores usernames and passwords? What if we only have one role for the all users? What if we wanted the above information to be stored in several tables (e.g., users and administrators)? The idea is to use views rather than real tables

29 Creating Views create view up as (select username u, pass p from users union select u,p from admin); create view ur as (select username u, 'myRole' r from users union select u, 'admin' r from admin); Unifies the user/password data from 2 tables Default role for “simple” users Default role for “admin” users

30 Fixing server.xml <Realm className="org.apache.catalina.realm.JDBCRealm" driverName="oracle.jdbc.driver.OracleDriver" connectionURL= userTable="up" userNameCol="u" userCredCol="p" userRoleTable="ur" roleNameCol="r"/>