SSC - Web applications and development Introduction and ...szh/teaching/ssc/... · SSC - Communication and Networking Servlet Con guration Servlet 3.0 Annotations I Enables declarative-style

SSC - Communication and Networking

SSC - Web applications and developmentIntroduction and Java Servlet (II)

Shan He

School for Computational ScienceUniversity of Birmingham

Module 06-19321: SSC


Outline

Outline of Topics

Servlet Configuration

Two examples of servlets

Java severlet RequestDispatcher interface

Java severlet Session Management



Java Web App Directory Layout

I A Java web application requires its resources (servlets, JSP’setc.) organised in a standardized way

I The Root Directory: all files that should be accessible in yourweb application, including images, html files, etc.

I The WEB-INF Directory: meta information directory notaccessible from a browser

I web.xml: contains information about the web application,which is used by the Java web server / servlet container inorder to properly deploy and execute the web application

I classes sub-directory: contains all compiled Java classes thatare part of your web application.

I lib sub-directory: contains all JAR files used by your webapplication.



Java Web App Directory Layout

MyServlet

META-INF

WEB-INF

classes

lib

welcome.jsp

Index.html

web.xml

myservlet.class

Javamail.jar



Annotation Type WebServlet

I Java servlet is not accessible if you don’t configure yourservlet container

I You need to tell your servlet container:I what servlets to deploy,I what URL’s to map the servlets to

I This is done by web.xml: web application deploymentdescriptor



Configuring and Mapping a Servlet

I Step 1: configure the servlet to set the servlet name, and towrite the class name of the servlet:<servlet>

<servlet-name> myservlet </servlet-name>

<servlet-class> MyServlet.myservlet </servlet-class>

</servlet>

I Step 2: map the servlet to a URL or URL pattern:<servlet-mapping>

<servlet-name>myservlet</servlet-name>

<url-pattern>*.html</url-pattern>

</servlet-mapping>

e.g., all URL’s ending in .html are sent to myservlet



Servlet 3.0 AnnotationsI Enables declarative-style programming: simply annotating the

class with appropriate annotations, e.g., @WebServlet

I Make deployment descriptors (web.xml) optional for a webapplication (but you still need it for welcome page)

I Example:@WebServlet(

urlPatterns = {"*.html"

})public class myservlet extends HttpServlet {

or simply@WebServlet("*.html")

public class myservlet extends HttpServlet {I Click here to read more about Servlet 3.0 Annotations

http://docs.oracle.com/javaee/6/api/javax/servlet/annotation/WebServlet.html




I To illustrate servlet configuration and the interactionsbetween sevelet and webpages

I One uses doGet and the other uses doPost



What is a RequestDispatcher interface

I RequestDispatcher interface: “Defines an object thatreceives requests from the client and sends them to anyresource (such as a servlet, HTML file, or JSP file) on theserver”.

I Enables your servlet to “call” other servlet, HTML file, or JSPfile and also pass the request and response

I Essentially a RequestDispatcher object is created by theservelt container by wrapper around a server resource locatedat a particular path or given by a particular name.

I Two methods in the RequestDispatcher interface:

I forward() : Forwards a request from a servlet to anotherresource on the server.

I include() : Includes the content of a resource in theresponse.



Difference between forward() and include()

I forward() : control is transferred to the next resource youare calling, the next resource will send response to the clientbrowser

I include() : current servlet retains its control but includesthe response sent back by the called resource



forward() method

Servlet 1 Servlet 2

Response

Response

Request

forward

Generate response

Send response to the browser



include() method

Servlet 1 Servlet 2

Final Response

Response

Request

include

Response to be included in Servlet 1

Send to the browser



What is a session and why use it?

I Session: a conversation between client and server and it canconsists of multiple request and response between them

I HTTP protocol and Web Servers are stateless: for web serverevery request is a new request, even it is the same requestfrom the same client

I Web applications sometimes require the client information toprocess the request accordingly:

I Example 1: After login with your correct authenticationcredential, how does the server remember you have logged in?

I Example 2: When you add an entry to your cart, how does theserver know what you have added earlier?

I We need to make the server “remember what the user enteredbefore”.



Session ID

I Session ID: a piece of data that is used in HTTP to identify asession

I Client store the session ID, while the server associate that IDwith other client information such as a user name

I Steps:I Step 1: Client start a session, e.g., requests a pageI Step 2: Server allocates a random session ID upon the request

also store the user informationI Step 3: Session ID is then communicated back to the clientI Step 4: If the client sends subsequent requests, it also sends

back the same session IDI Step 5: The server decide whether the session has “expired”I Step 6: If not expired, the server associates the user

information with that session ID and response to the requests



How to associate user information with ID

I Three typical ways of associate user information with ID:I Hidden form fields: a unique hidden field in the HTML of

which the server can set its value to the session ID and keeptrack of the session

I Drawback 1: form with the hidden field must be submittedevery time when the request is made from client to server.

I Drawback 2: Not secure: hacker can get the hidden field valuefrom the HTML source and use it to hack the session.

I Cookies: a small piece of information that is sent from theserver and stored in the client’s browser. When client makefurther request, it adds the cookie to the request header andwe can utilize it to keep track of the session

I URL Rewriting: Appends a session identifier parameter withevery request and response to keep track of the session.



How to associate user information using cookies?

Set Cookie: SESSIONID=24D6442B89D1B65FECF1C

8D9FC2232D0

Client ServerLoginPost

Username=GWBushPassword=1+1=3

Login successful?1. Create session ID2. Return session ID in a cookie3. Store session ID in a database

Database

Session IDUsernameCreatedTimeExpiredTimeLassAccessTime

Lookup session IDSession still valid?

Cookie: SESSIONID=24D6442B89D1B65FECF1C

8D9FC2232D0

Content for GWBush



How to use sessions in Servlet?I Java Sevlet session management provides functions to:

I Transmit the session ID from server to client and vice versa;I Select stored session IDs;I Store associated objects/data with each session and check for

session expiry.

I The Java Sevlet session management can use HttpSession

class, which essentially uses cookies, or directly use Cookie

class, or URL rewritingI HttpSession class provides methods to manage Sessions:

I getSession(true) : create a new session object

I getSession() : returns the session object associated with

the current requestI setAttribute / getAttribute : storing/retrieve

information in a sessionI invalidate() : discarding completed or abandoned sessions

Documents

SSC - Web applications and development Introduction and ...szh/teaching/ssc/... · SSC - Communication and Networking Servlet Con guration Servlet 3.0 Annotations I Enables declarative-style