Upload
others
View
16
Download
0
Embed Size (px)
Citation preview
SSC - Communication and Networking
SSC - Web applications and developmentIntroduction and Java Servlet (II)
Shan He
School for Computational ScienceUniversity of Birmingham
Module 06-19321: SSC
SSC - Communication and Networking
Outline
Outline of Topics
Servlet Configuration
Two examples of servlets
Java severlet RequestDispatcher interface
Java severlet Session Management
SSC - Communication and Networking
Servlet Configuration
Java Web App Directory Layout
I A Java web application requires its resources (servlets, JSP’setc.) organised in a standardized way
I The Root Directory: all files that should be accessible in yourweb application, including images, html files, etc.
I The WEB-INF Directory: meta information directory notaccessible from a browser
I web.xml: contains information about the web application,which is used by the Java web server / servlet container inorder to properly deploy and execute the web application
I classes sub-directory: contains all compiled Java classes thatare part of your web application.
I lib sub-directory: contains all JAR files used by your webapplication.
SSC - Communication and Networking
Servlet Configuration
Java Web App Directory Layout
MyServlet
META-INF
WEB-INF
classes
lib
welcome.jsp
Index.html
web.xml
myservlet.class
Javamail.jar
SSC - Communication and Networking
Servlet Configuration
Annotation Type WebServlet
I Java servlet is not accessible if you don’t configure yourservlet container
I You need to tell your servlet container:I what servlets to deploy,I what URL’s to map the servlets to
I This is done by web.xml: web application deploymentdescriptor
SSC - Communication and Networking
Servlet Configuration
Configuring and Mapping a Servlet
I Step 1: configure the servlet to set the servlet name, and towrite the class name of the servlet:<servlet>
<servlet-name> myservlet </servlet-name>
<servlet-class> MyServlet.myservlet </servlet-class>
</servlet>
I Step 2: map the servlet to a URL or URL pattern:<servlet-mapping>
<servlet-name>myservlet</servlet-name>
<url-pattern>*.html</url-pattern>
</servlet-mapping>
e.g., all URL’s ending in .html are sent to myservlet
SSC - Communication and Networking
Servlet Configuration
Servlet 3.0 AnnotationsI Enables declarative-style programming: simply annotating the
class with appropriate annotations, e.g., @WebServlet
I Make deployment descriptors (web.xml) optional for a webapplication (but you still need it for welcome page)
I Example:@WebServlet(
urlPatterns = {"*.html"
})public class myservlet extends HttpServlet {
or simply@WebServlet("*.html")
public class myservlet extends HttpServlet {I Click here to read more about Servlet 3.0 Annotations
SSC - Communication and Networking
Two examples of servlets
Two examples of servlets
I To illustrate servlet configuration and the interactionsbetween sevelet and webpages
I One uses doGet and the other uses doPost
SSC - Communication and Networking
Java severlet RequestDispatcher interface
What is a RequestDispatcher interface
I RequestDispatcher interface: “Defines an object thatreceives requests from the client and sends them to anyresource (such as a servlet, HTML file, or JSP file) on theserver”.
I Enables your servlet to “call” other servlet, HTML file, or JSPfile and also pass the request and response
I Essentially a RequestDispatcher object is created by theservelt container by wrapper around a server resource locatedat a particular path or given by a particular name.
I Two methods in the RequestDispatcher interface:
I forward() : Forwards a request from a servlet to anotherresource on the server.
I include() : Includes the content of a resource in theresponse.
SSC - Communication and Networking
Java severlet RequestDispatcher interface
Difference between forward() and include()
I forward() : control is transferred to the next resource youare calling, the next resource will send response to the clientbrowser
I include() : current servlet retains its control but includesthe response sent back by the called resource
SSC - Communication and Networking
Java severlet RequestDispatcher interface
forward() method
Servlet 1 Servlet 2
Response
Response
Request
forward
Generate response
Send response to the browser
SSC - Communication and Networking
Java severlet RequestDispatcher interface
include() method
Servlet 1 Servlet 2
Final Response
Response
Request
include
Response to be included in Servlet 1
Send to the browser
SSC - Communication and Networking
Java severlet Session Management
What is a session and why use it?
I Session: a conversation between client and server and it canconsists of multiple request and response between them
I HTTP protocol and Web Servers are stateless: for web serverevery request is a new request, even it is the same requestfrom the same client
I Web applications sometimes require the client information toprocess the request accordingly:
I Example 1: After login with your correct authenticationcredential, how does the server remember you have logged in?
I Example 2: When you add an entry to your cart, how does theserver know what you have added earlier?
I We need to make the server “remember what the user enteredbefore”.
SSC - Communication and Networking
Java severlet Session Management
Session ID
I Session ID: a piece of data that is used in HTTP to identify asession
I Client store the session ID, while the server associate that IDwith other client information such as a user name
I Steps:I Step 1: Client start a session, e.g., requests a pageI Step 2: Server allocates a random session ID upon the request
also store the user informationI Step 3: Session ID is then communicated back to the clientI Step 4: If the client sends subsequent requests, it also sends
back the same session IDI Step 5: The server decide whether the session has “expired”I Step 6: If not expired, the server associates the user
information with that session ID and response to the requests
SSC - Communication and Networking
Java severlet Session Management
How to associate user information with ID
I Three typical ways of associate user information with ID:I Hidden form fields: a unique hidden field in the HTML of
which the server can set its value to the session ID and keeptrack of the session
I Drawback 1: form with the hidden field must be submittedevery time when the request is made from client to server.
I Drawback 2: Not secure: hacker can get the hidden field valuefrom the HTML source and use it to hack the session.
I Cookies: a small piece of information that is sent from theserver and stored in the client’s browser. When client makefurther request, it adds the cookie to the request header andwe can utilize it to keep track of the session
I URL Rewriting: Appends a session identifier parameter withevery request and response to keep track of the session.
SSC - Communication and Networking
Java severlet Session Management
How to associate user information using cookies?
Set Cookie: SESSIONID=24D6442B89D1B65FECF1C
8D9FC2232D0
Client ServerLoginPost
Username=GWBushPassword=1+1=3
Login successful?1. Create session ID2. Return session ID in a cookie3. Store session ID in a database
Database
Session IDUsernameCreatedTimeExpiredTimeLassAccessTime
Lookup session IDSession still valid?
Cookie: SESSIONID=24D6442B89D1B65FECF1C
8D9FC2232D0
Content for GWBush
SSC - Communication and Networking
Java severlet Session Management
How to use sessions in Servlet?I Java Sevlet session management provides functions to:
I Transmit the session ID from server to client and vice versa;I Select stored session IDs;I Store associated objects/data with each session and check for
session expiry.
I The Java Sevlet session management can use HttpSession
class, which essentially uses cookies, or directly use Cookie
class, or URL rewritingI HttpSession class provides methods to manage Sessions:
I getSession(true) : create a new session object
I getSession() : returns the session object associated with
the current requestI setAttribute / getAttribute : storing/retrieve
information in a sessionI invalidate() : discarding completed or abandoned sessions