Slides © Marty Hall, book © Sun Microsystems Press 1 Handling the Client Request: Form Data Core Servlets & JSP book:

Slides:



Advertisements
Similar presentations
 2002 Prentice Hall. All rights reserved. Chapter 9: Servlets Outline 9.1 Introduction 9.2 Servlet Overview and Architecture Interface Servlet and.
Advertisements

Server Side Programming Common Gateway Interface (CGI): Scripts generate Web pages or other files dynamically by processing form data and returning documents.
Introduction to Servlets Based on: Hall, Brown, Core Servlets and JavaServer Pages.
J.Sant Servlets Joseph Sant Sheridan Institute of Technology.
Objectives Ch. D - 1 At the end of this chapter students will: Know the general architecture and purpose of servlets Understand how to create a basic servlet.
Servlets Stoney Jackson
10-Jun-15 Servlets. 2 Servers A server is a computer that responds to requests from a client Typical requests: provide a web page, upload or download.
WEB1P servintro1 Introduction to servlets and JSP Dr Jim Briggs.
An introduction to Java Servlet Programming
18-Jun-15 JSP Java Server Pages Reference: Tutorial/Servlet-Tutorial-JSP.html.
JSP Java Server Pages Reference:
Servlets. A form The HTML source Chapter 1 Please enter your name and password then press start Name: Password: In Netbeans you can graphically create.
27-Jun-15 Directories and DDs. 2 Web apps A web application is basically a web site that: “Knows who you are”--it doesn’t just give you static pages,
Servlets Replace Common Gateway Interface Scripts Extend Server Functionality Modules (software components) Like applets to browsers No GUI.
Core Servlets chapter 4 Processing data. Some background on html forms Use form tag. …. Form’s Action attribute specifies handler (the address of a servlet.
1 Servlets and HTML Form Data Parts of this presentation was provided by Vijayan Sugumaran Department of DIS Oakland University Rochester,
Slides © Marty Hall, book © Sun Microsystems Press 1 Handling the Client Request: HTTP Request Headers Core Servlets & JSP.
Servlets Compiled by Dr. Billy B. L. Lim. Servlets Servlets are Java programs which are invoked to service client requests on a Web server. Servlets extend.
Servlets. Our Project 3-tier application Develop our own multi-threaded server Socket level communication.
A Servlet’s Job Read explicit data sent by client (form data) Read implicit data sent by client (request headers) Generate the results Send the explicit.
CSCI 6962: Server-side Design and Programming History and Background.
Java Servlets and JSP.
Java Servlets. What Are Servlets? Basically, a java program that runs on the server Basically, a java program that runs on the server Creates dynamic.
Gayle J Yaverbaum, PhD Professor of Information Systems Penn State Harrisburg.
Introduction Servlets and JSP Celsina Bignoli
1 Databases & Web-based Applications JDBC & Java Servlets A. Benabdelkader ©UvA, 2002/2003.
Slides © Marty Hall, book © Sun Microsystems Press 1 Including Files & Applets in JSP Documents Core Servlets & JSP book:
Servlets. - Java technology for Common Gateway Interface (CGI) programming. - It is a Java class that dynamically extends the function of a web server.
Java support for WWW Babak Esfandiari (sources: Qusay Mahmoud, Roger Impey, textbook)
J2EE training: 1 Course Material Usage Rules PowerPoint slides for use only in full-semester, for-credit courses at degree-granting.
SKT-SSU IT Training Center Servlet and JSP. Chapter Three: Servlet Basics.
111 Java Servlets Dynamic Web Pages (Program Files) Servlets versus Java Server Pages Implementing Servlets Example: F15 Warranty Registration Tomcat Configuration.
COMP 321 Week 7. Overview HTML and HTTP Basics Dynamic Web Content ServletsMVC Tomcat in Eclipse Demonstration Lab 7-1 Introduction.
J2EE training: 1 Course Material Usage Rules PowerPoint slides for use only in full-semester, for-credit courses at degree-granting.
J2EE training: 1 Course Material Usage Rules PowerPoint slides for use only in full-semester, for-credit courses at degree-granting.
Web Server Programming 1. Nuts and Bolts. Premises of Course Provides general introduction, no in-depth training Assumes some HTML knowledge Assumes some.
Slides © Marty Hall, book © Sun Microsystems Press 1 JSP Scripting Elements Core Servlets & JSP book:
Chapter 3 Servlet Basics. 1.Recall the Servlet Role 2.Basic Servlet Structure 3.A simple servlet that generates plain text 4.A servlet that generates.
Mark Dixon 1 09 – Java Servlets. Mark Dixon 2 Session Aims & Objectives Aims –To cover a range of web-application design techniques Objectives, by end.
Java Servlets & Java Server Pages Lecture July 2013.
Java Servlets Lec 27. Creating a Simple Web Application in Tomcat.
Saving Client State Session Tracking: Maintain state about series of requests from same client over time Using Cookies: Clients hold small amount of their.
20-Nov-15introServlets.ppt Intro to servlets. 20-Nov-15introServlets.ppt typical web page – source Hello Hello.
Slides © Marty Hall, book © Sun Microsystems Press 1 Handling Cookies Core Servlets & JSP book: More.
JSP Pages. What and Why of JSP? JSP = Java code imbedded in HTML or XML –Static portion of the page is HTML –Dynamic portion is Java Easy way to develop.
Slides © Marty Hall, book © Sun Microsystems Press 1 Using JavaBeans with JSP Core Servlets & JSP book:
CSI 3125, Preliminaries, page 1 SERVLET. CSI 3125, Preliminaries, page 2 SERVLET A servlet is a server-side software program, Responds oriented other.
1 Introduction to Servlets. Topics Web Applications and the Java Server. HTTP protocol. Servlets 2.
Mark Dixon 1 11 – Java Servlets. Mark Dixon 2 Session Aims & Objectives Aims –To cover a range of web-application design techniques Objectives, by end.
Introduction to Servlets Allen Day. Notes This is a training NOT a presentation Please ask questions Prerequisites.
Slides © Marty Hall, book © Sun Microsystems Press 1 Session Tracking Core Servlets & JSP book: More.
©SoftMoore ConsultingSlide 1 Overview of Servlets and JavaServer Pages (JSP)
Introduction To HTML Dr. Magdi AMER. HTML elements.
How CGI and Java Servlets are Run By David Stein 14 November 2006.
 Java Server Pages (JSP) By Offir Golan. What is JSP?  A technology that allows for the creation of dynamically generated web pages based on HTML, XML,
S ERVLETS Form Data 19-Mar-16. F ORM P ROCESSING You must have come across many situations when you need to pass some information from your browser to.
Distributed Web Systems Java Servlets Lecturer Department University.
Introduction to Servlets
Introduction Servlets and JSP
Java Servlets By: Tejashri Udavant..
JDBC & Servlet CSE 4504/6504 Lab.
Servlets and Java Server Pages
Servlets.
Handling FORM Data using Servlets
Web Search Interfaces.
Web Search Interfaces by Ray Mooney
Directories and DDs 25-Apr-19.
Directories and DDs 21-Jul-19.
Servlets: Servlet / Web Browser Communication I
Directories and DDs 14-Sep-19.
Presentation transcript:

Slides © Marty Hall, book © Sun Microsystems Press 1 Handling the Client Request: Form Data Core Servlets & JSP book: More Servlets & JSP book: Servlet and JSP Training Courses: courses.coreservlets.com

Form Data2 Agenda Why form data is important Processing form data in traditional CGI Processing form data in servlets Reading individual request parameters Reading all request parameters Real-life servlets: handling malformed data Filtering HTML-specific characters

Form Data3 The Role of Form Data Example URL at online travel agent – –Names come from HTML author; values usually come from end user Parsing form (query) data in traditional CGI –Read the data one way (QUERY_STRING) for GET requests, another way (standard input) for POST requests –Chop pairs at ampersands, then separate parameter names (left of the equal signs) from parameter values (right of the equal signs) –URL decode values (e.g., "%7E" becomes "~") –Need special cases for omitted values (param1=val1&param2=&param3=val3) and repeated parameters (param1=val1&param2=val2&param1=val3)

Form Data4 Creating Form Data: HTML Forms A Sample Form Using GET A Sample Form Using GET First name: Last name: See CSAJSP Chapter 16 for details on forms

Form Data5 Aside: Installing HTML Files Tomcat –install_dir\webapps\ROOT\Form.html or –install_dir\webapps\ROOT\SomeDir\Form.html JRun –install_dir\servers\default\default-app\Form.html or –install_dir\servers\default\default-app\SomeDir\Form.html URL – or – Custom Web applications –Use a different directory with the same structure as the default Web app –Use directory name in URL ( –See Chapter 4 of More Servlets & JSP for details.

Form Data6 HTML Form: Initial Result

Form Data7 HTML Form: Submission Result (Data Sent to EchoServer)

Form Data8 Sending POST Data A Sample Form Using POST A Sample Form Using POST <FORM ACTION=" METHOD="POST"> First name: Last name:

Form Data9 Sending POST Data

Form Data10 Reading Form Data In Servlets request.getParameter("name") –Returns URL-decoded value of first occurrence of name in query string –Works identically for GET and POST requests –Returns null if no such parameter is in query request.getParameterValues("name") –Returns an array of the URL-decoded values of all occurrences of name in query string –Returns a one-element array if param not repeated –Returns null if no such parameter is in query request.getParameterNames() –Returns Enumeration of request params

Form Data11 Handling Input in Multiple Languages Use server's default character set String firstName = request.getParameter("firstName"); Convert from English (Latin-1) to Japanese String firstNameWrongEncoding = request.getParameter("firstName"); String firstName = new String(firstNameWrongEncoding.getBytes(), "Shift_JIS"); Accept either English or Japanese request.setCharacterEncoding("JISAutoDetect"); String firstName = request.getParameter("firstName");

Form Data12 An HTML Form With Three Parameters First Parameter: Second Parameter: Third Parameter:

Form Data13 Reading the Three Parameters public class ThreeParams extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); PrintWriter out = response.getWriter(); String title = "Reading Three Request Parameters"; out.println(ServletUtilities.headWithTitle(title) + " \n" + " " + title + " \n" + " \n" + " param1 : " + request.getParameter("param1") + "\n" + " param2 : " + request.getParameter("param2") + "\n" + " param3 : " + request.getParameter("param3") + "\n" + " \n" + " "); }}

Form Data14 Reading Three Parameters: Result

Form Data15 Reading All Parameters public class ShowParameters extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); PrintWriter out = response.getWriter(); String title = "Reading All Request Parameters"; out.println(ServletUtilities.headWithTitle(title) + " \n" + " " + title + " \n" + " \n" + " Parameter Name Parameter Value(s)");

Form Data16 Reading All Parameters (Continued) Enumeration paramNames = request.getParameterNames(); while(paramNames.hasMoreElements()) { String paramName = (String)paramNames.nextElement(); out.print(" " + paramName + "\n "); String[] paramValues = request.getParameterValues(paramName); if (paramValues.length == 1) { String paramValue = paramValues[0]; if (paramValue.length() == 0) out.println(" No Value "); else out.println(paramValue);

Form Data17 Reading All Parameters (Continued) } else { out.println(" "); for(int i=0; i<paramValues.length; i++) { out.println(" " + paramValues[i]); } out.println(" "); } out.println(" \n "); } public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doGet(request, response); }

Form Data18 Result of ShowParameters Servlet –Note that order of parameters in Enumeration does not match order they appeared in Web page

Form Data19 A Resumé Posting Service Dilbert used with permission of United Syndicates Inc.

Form Data20 Posting Service: Front End Gathers resumé formatting and content information

Form Data21 Posting Service: Back End Previews result or stores resumé in database

Form Data22 Point: Check for Missing Data Textfield was not in HTML form at all –request.getParameter returns null Textfield was empty when form was submitted –Request.getParameter returns an empty String Example Check String value = request.getParameter("someName"); if ((value != null) && (!value.equals("")) { … }

Form Data23 Posting Service: Servlet Code private void showPreview(HttpServletRequest request, PrintWriter out) { String headingFont = request.getParameter("headingFont"); headingFont = replaceIfMissingOrDefault(headingFont, "");... String name = request.getParameter("name"); name = replaceIfMissing(name, "Lou Zer"); String title = request.getParameter("title"); title = replaceIfMissing(title, "Loser"); String languages = request.getParameter("languages"); languages = replaceIfMissing(languages, " None "); String languageList = makeList(languages); String skills = request.getParameter("skills"); skills = replaceIfMissing(skills, "Not many, obviously.");... } Point: always explicitly handle missing or malformed query data

Form Data24 Filtering Strings for HTML- Specific Characters You cannot safely insert arbitrary strings into servlet output – can cause problems anywhere –& and " can cause problems inside of HTML attributes You sometimes cannot manually translate –The string is derived from a program excerpt or another source where it is already in some standard format –The string is derived from HTML form data Failing to filter special characters from form data makes you vulnerable to cross-site scripting attack – –

Form Data25 Filtering Code (ServletUtilities.java) public static String filter(String input) { StringBuffer filtered = new StringBuffer(input.length()); char c; for(int i=0; i<input.length(); i++) { c = input.charAt(i); if (c == '<') { filtered.append("<"); } else if (c == '>') { filtered.append(">"); } else if (c == '"') { filtered.append("""); } else if (c == '&') { filtered.append("&"); } else { filtered.append(c); } return(filtered.toString()); }

Form Data26 Servlet That Fails to Filter public class BadCodeServlet extends HttpServlet { private String codeFragment = "if (a<b) {\n" + " doThis();\n" + "} else {\n" + " doThat();\n" + "}\n"; public String getCodeFragment() { return(codeFragment); }

Form Data27 Servlet That Fails to Filter (Continued) public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); PrintWriter out = response.getWriter(); String title = "The Java 'if' Statement"; out.println(ServletUtilities.headWithTitle(title) + " \n" + " " + title + " \n" + " \n" + getCodeFragment() + " \n" + "Note that you must use curly braces\n" + "when the 'if' or 'else' clauses contain\n" + "more than one expression.\n" + " "); }

Form Data28 Servlet That Fails to Filter (Result)

Form Data29 Servlet That Properly Filters public class FilteredCodeServlet extends BadCodeServlet { public String getCodeFragment() { return(ServletUtilities.filter(super.getCodeFragment())); }

Form Data30 Summary Query data comes from HTML forms as URL-encoded name/value pairs Servlets read data by calling request.getParameter("name") –Results in value as entered into form, not as sent over network. I.e. not URL-encoded. Always check for missing or malformed data –Missing: null or empty string –Special case: query data that contains special HTML characters Need to be filtered if query data will be placed into resultant HTML page

Slides © Marty Hall, book © Sun Microsystems Press 31 Questions? Core Servlets & JSP book: More Servlets & JSP book: Servlet and JSP Training Courses: courses.coreservlets.com

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.