Servlets lecture2

CS3002CS3002

Lecture 10 / Slide Lecture 10 / Slide 11

CS3002

Software Technologies

Lecture 10

CS3002CS3002


Agenda

� Error/Exception Handling in Servlets

� Session Tracking in Servlets

� Redirecting, Forwarding and Including Requests in

Servlets

� HTTP Tunneling using Servlets

� JDBC with Servlets

CS3002CS3002


Error Handling

� When a Servlet comes across an Error or Exception, the following things are to be done

� Make sure that it causes minimum harm to the server

� Report to the client

� Log it in a log file for the server administrator

� Reporting to the client can be done using the sendError() method of HttpServletResponse

CS3002CS3002


Error Handling - logging

� The error can also be logged in a log file using the log

method of GenericServlet

� The log file can be found in CATALINA_HOME\logs

� The name of the log file can be specified in server.xml

� Eg:

� Log file :-

� C:\Program Files\Apache Software Foundation\Tomcat

6.0\logs\localhost.<date>.log

� date:-2009-03-12

CS3002CS3002


Configuring Error Pages

� We can configure the web application using web.xml

to customize an error page

� Now, 404.html will be displayed whenever the status

code is 404

<error<error<error<error----page>page>page>page><error<error<error<error----code>code>code>code>

404404404404</error</error</error</error----code>code>code>code><location><location><location><location>

/404.html/404.html/404.html/404.html</location></location></location></location>

</error</error</error</error----page>page>page>page>

CS3002CS3002


Error Handling

� Ex: ErrorHandlingServlet

� ErrorHandlingServletForm.html

� 404.html

CS3002CS3002


Exception Handling

� Any exception that is thrown by the Servlet and not

handled by itself will be handled by its container

� The container handles the exception in a container

specific way

� Servlets that are designed to work on multiple

containers cannot depend on this

� Such Servlets require their own exception handling

techniques

CS3002CS3002


Exception Handling

� However, Servlets can propagate only ServletException,

IOException and unchecked exceptions to the container

because of the way in which the methods are declared

� The service method can throw ServletException and

IOException,

� The init method can throw ServletException

� The destroy method cannot throw any exception

� Any other exception is to be handled by the Servlet itself

CS3002CS3002


ServletException

� If we want the container to handle other exceptions as well, the Servlet may catch the actual exception and throw ServletException in turn

try{try{try{try{//Some statements//Some statements//Some statements//Some statements

}}}}catch(IOExceptioncatch(IOExceptioncatch(IOExceptioncatch(IOException exception){exception){exception){exception){

throw new throw new throw new throw new ServletExceptionServletExceptionServletExceptionServletException();();();();}}}}

CS3002CS3002


ServletException� The class ServletException is having a method

getRootCause() that returns a Throwable object that will

tell the container the root cause of the ServletException

� For example, in the above code snippet, IOException is

the root cause

CS3002CS3002


UnavailableException� A Servlet may be unavailable permanently or temporarily

� Servlets that cannot recover from an error are

permanently unavailable

� Servlets that cannot handle the requests for some time, for

example due to insufficient disk space, can continue

giving service once the administrator has cleared some

disk space

� Such Servlets are temporarily unavailable

� The class UnavailableException which is a sub class of

ServletException will help the programmer to

communicate these to the container

CS3002CS3002


UnavailableException

� The class UnavailableException has two constructors

� The one-argument constructor

UnavailableException(String message) is used to create

a permanent UnavailableException, where message is

the explanation

� The two-argument constructor

UnavailableException(String message, int seconds) is

used to create a temporary UnavailableException,

where message is the explanation and seconds is the

estimated number of seconds, the Servlet is unavailable

CS3002CS3002


UnavailableException� If the unavailable time cannot be estimated, usually a

positive integer is given

� If the Servlet is throwing a permanent

UnavailableException from the init or service method, the

container will try to create a new instance of the Servlet to

handle further requests as the current object will be

permanently unavailable

� If the attempt to create a new instance fails, the client will

get an error message

CS3002CS3002


UnavailableException� If the Servlet is throwing a temporary UnavailableException from

the service method, the container will handle further requests using

SC_SERVICE_UNAVAILABLE (503) status code till the Servlet

is available

� The methods isPermanent() and getUnavailableSeconds() of

UnavailableException can be used by the container to check

whether the Servlet is unavailable permanently and if not, the

duration of unavailability

� If the Servlet is throwing a temporary UnavailableException from

the init method, the container will handle it just like it handles a

permanent UnavailableException by trying to create a new instance

of the Servlet for handling further requests

CS3002CS3002


Configuring Exception Pages

� Just like error pages, we can configure Exception

pages also to generate customized messages

� Now, ExceptionPage.html will be displayed,

whenever ServletException is thrown by the

Servlet

<<<<errorerrorerrorerror----page>page>page>page><exception<exception<exception<exception----type>type>type>type>

javax.servlet.ServletExceptionjavax.servlet.ServletExceptionjavax.servlet.ServletExceptionjavax.servlet.ServletException</exception</exception</exception</exception----type>type>type>type><location><location><location><location>

////ExceptionPage.htmlExceptionPage.htmlExceptionPage.htmlExceptionPage.html</location></location></location></location>

</</</</errorerrorerrorerror----page>page>page>page>

CS3002CS3002


Configuring Exception Pages

� Ex: ExceptionHandlingSerlvet.java

� ExceptionPage.html

CS3002CS3002


Cookies� A cookie is some information the web server sends to the browser

� The browser will accept this information and stores it

� This information can be read back later by the web server

� The class Cookie in the package javax.servlet.http will help to create a cookie

� The class Cookie has a constructor that takes two String objects as parameters – name and value

Cookie c = new Cookie c = new Cookie c = new Cookie c = new Cookie(Cookie(Cookie(Cookie(““““UserNameUserNameUserNameUserName””””, , , , ““““abcabcabcabc””””););););

CS3002CS3002


Cookies� The method addCookie(Cookie) of HttpServletResponsecan be used to add a Cookie

� The method getCookies() of HttpServletRequest will return an array of Cookies that were stored earlier by this domain

� The methods getName() and getValue() of the Cookie class can be used to get the name and value of the Cookie

� The method setMaxAge(int) can be used to specify the maximum age of a Cookie in seconds

� By default, a Cookie will be deleted when the browser is closed

� Any how, some browsers may not support Cookies or want to block Cookies and so this may not work in all cases

CS3002CS3002


Cookies

� Ex: CookieServlet

� CookieServletForm.html

� Ex:ReadCookieServlet

CS3002CS3002


Sessions

� HTTP is a stateless protocol - All by itself, a request will not tell the server which client is making the request

� In some cases, a Servlet may want to know the specific client that asks for a service

� When a Servlet that takes care of an online shopping site gets a request for adding an item to the shopping cart, it should know which client is asking for the item

� From the time of accessing any one page in the application, till logging out, we may want to know the requests made by a client

� This is called Session Tracking

CS3002CS3002


Session Tracking

� A session starts, whenever a client accesses any one

page in the application

� A session will end, if the client is not responding for a

predefined period of time

� By calling appropriate methods, the programmer can

also end the session when the client logs out

CS3002CS3002


Session Tracking

� In session tracking whenever a client sends a request to the

server then server creates a unique id for that request and sends

back the unique id to the client along with the response object,

now whenever a client sends a request to the server it also sends

a unique id with it so that the server can know from where the

request is coming.

� After the end of a session, if the client accesses a page in the

application again, it will be considered as a new session

� Since the protocol by itself is not tracking the sessions, the web

server has to take care of that

� There are several ways in which a web server can track sessions

CS3002CS3002


Cookies

� Cookies can be used for session tracking

� The server can store some information regarding the

session, like the user name, in a cookie and this can be

used to identify a request from a particular client

� But this technique may not work always, as the client

can disable cookies in her machine

CS3002CS3002


Hidden Fields

� Hidden fields that store some information about a session can be used in the FORM tags

� Since the field is hidden, the user will not see it on the screen

� But when the form is submitted, the server will get this information and can track the session

� The disadvantage is that it will work only for forms

CS3002CS3002


Hidden Fields

� Ex: HiddenFieldServlet

� HiddenFieldServletForm.html

� Ex: WelcomeHiddenFieldServlet

� HelloHiddenFieldServlet

CS3002CS3002


Authentication

� HTTP provides built in authentication support for

taking care of the security issues

� Some resources can be protected with the help of

authentication

� This can be used for session tracking also

� We can configure the server to use Authentication

� So the user will be asked to login with a username and

password

CS3002CS3002


Authentication

� Once the user has logged in, the browser will

automatically send the username and password to all

other pages of the site the user visits

� The user name is available to Servlet through the

method getRemoteUser() of HttpServletRequest

� The Servlet can use this name to track the Session

� But using authentication just for session tracking is not

a good idea

� If we are using authentication to solve some security

issues, we do not have to think about any other session

tracking mechanisms

CS3002CS3002


The HttpSession interface

� Each web server will have an internal mechanism for tracking sessions that would relieve the web application developer from some tasks in session tracking

� Mostly web servers depend on Cookies for session tracking

� Servlet API has an interface called HttpSession, through which a Servlet can communicate with the web server for finding the details of a session

CS3002CS3002



� HttpSession makes session tracking very easy

� The Servlet programmer need not be bothered about

the internal mechanism used by the web server, as

HttpSession standardizes the way in which Servlet

talks to the web server for session tracking

� The getSession() method of HttpServletRequest will

return HttpSession object for the current session

CS3002CS3002



� The method getID() will return a unique String that

will can be used for identifying a session

� The method setAttribute(String, Object) will help to

store any Object that is represented by a String name as

a session data

� The method getAttribute(String) will return the Object

stored using the setAttribute method

CS3002CS3002



� Ex: SessionTrackingServlet

CS3002CS3002



� The method setMaxInactiveInterval(int) can be used to specify the time in seconds between the client requests before the session is invalidated

� If a negative number is passed to the method setMaxInactiveInterval, the session will never time out

� The method getMaxInactiveInterval() can be used to get the interval set by setMaxInactiveInterval

� The method invalidate() is used to invalidate a session and is usually called when the client logs out

CS3002CS3002


URL Rewriting

� If the server is internally using a Cookie for session tracking, application will not work properly with a browser where Cookies are disabled

� URL rewriting is another way in which we can implement session tracking

� The URL for a page is rewritten to include some information about the session

� Thus some information can be passed to all the pages in an application to track the session

CS3002CS3002


URL Rewriting� The method encodeURL(String url) of

HttpServletResponse will return a re-written URL that

contains some session information also

� For example, encodeURL(HelloWorldServlet) may

return the following string

�

HelloWorldServlet;jsessionid=86106952376F852D6D206E0

FB87E6571

� The unique value of the attached URLParameter

jsessionid will be used for session tracking

� The disadvantage of URL rewriting is that each URL

should be rewritten

CS3002CS3002


URL Rewriting

� Ex: URLRewritingServletForm.html

� URLRewritingServlet

� Ex: WelcomeURLRewritingServlet

� HelloURLRewritingSerlvet

CS3002CS3002


Redirecting a Request

� A Servlet can redirect a client to use another URL

� This may be done in the following cases

� if the page has moved

� for load balancing

� if the user comes to a wrong page violating a sequence

required by the business logic

� for redirecting the client to a customized error page

CS3002CS3002


Redirecting a Request

� The method sendRedirect(String url) of HttpServletResponse will redirect the

client to the specified URL

� When we want that someone else (other servlet or jsp)should handle the

response of our servlet, then there we should use sendRedirect() method.

� The servlet sends the status code to the browser

� Again the browser makes a new request, but with the name of that servlet

which can now handle the request and the result will be displayed to you by

the browser. The URL will have the address of the new servlet.

� The method encodeRedirectURL(String url) will rewrite the URL to include

the session information also, in case cookies are disabled in the client

� So, the URL that is to be redirected should always pass through the

encodeRedirectURL method

CS3002CS3002


Redirecting a URL

� Ex: Login.html

� SetSessionServlet

� RedirectTestServlet

CS3002CS3002


Forwarding a Request

� A request can also be forwarded to another URL

� Unlike Redirect, the client will never know about the

redirection

� Ex: ForwardTestServlet

� RequestDispatcher requestDispatcher =

request.getRequestDispatcher("PresentationServlet");

requestDispatcher.forward(request,response);

CS3002CS3002


Forwarding a Request� Forwarding is used when two or more Servlets share

some work

� One Servlet can do some processing, store the result in

an Object and store it as an attribute of the request

object using the setAttribute(String name, Object

object) method of HttpServletRequest

� This Servlet can forward the request to the second

Servlet

� As both of them are using the same request object, the

attribute set by the first Servlet can be retrieved by the

second Servlet using the getAttribute(String name)

method of HttpServletRequest

CS3002CS3002


Forwarding a Request

� Ex: BusinessLogicServletForm.html

� BusinessLogicServlet

� PresentationServlet

CS3002CS3002


Including a Request

� A Servlet can include the output of another Servlet in

its response

� Unlike forward, the calling Servlet retains the control

and can write into the response before and after the

output of the called Servlet

� RequestDispatcher requestDispatcher =

request.getRequestDispatcher("IncludeMeServlet");

requestDispatcher.include(request, response);

CS3002CS3002


Including a Request

� Ex: IncludeTestServlet

� IncludeMeServlet

CS3002CS3002


HTTP Tunneling

� Most of the corporate networks will be protected

behind a firewall

� The client will be able to directly contact only the

firewall

� The firewall will most often block the ftp access

� Usually the only exposed port will be 80 and

acceptable protocol will be HTTP

� This would prevent even a legitimate user from

accessing other services like ftp for transferring data

CS3002CS3002


HTTP Tunneling

� HTTP Tunneling is a technique to overcome this

difficulty

� Transferring bytes of data using the HTTP protocol

through port number 80 is called HTTP Tunneling

� A Servlet can be programmed to read/write bytes of

data from/to the client with the help of Input/Output

Streams

� A Java Object that is Serializable also can be

transferred to the client side using HTTP Tunneling

CS3002CS3002


HTTP Tunneling

� Ex: TunnelServlet

� TunnelServletClient

� Ex: TunnelObjectServlet

� TunnelObjectServletClient

CS3002CS3002


JDBC

� Most of the web applications require a database connection

� Servlets can make JDBC connections and access a database

� Assume a Servlet that should display the names of all customers from the customer table of MySql test database� In which method will you open the connection?

� In which method will you execute the query?

� In which method will you close the connection?

CS3002CS3002


JDBC

� Ex: EmployeeServlet

CS3002CS3002


Transactions� A simple web application can follow the previous

model

� In some web applications, we may want to do

some atomic transactions

� On success, we want to commit or else rollback

� The model in the previous example will not work

here

try{try{try{try{connection.setAutoCommit(falseconnection.setAutoCommit(falseconnection.setAutoCommit(falseconnection.setAutoCommit(false););););//Transactions//Transactions//Transactions//Transactionsconnection.commitconnection.commitconnection.commitconnection.commit();();();();

}}}}catch(Exceptioncatch(Exceptioncatch(Exceptioncatch(Exception exception){exception){exception){exception){

connection.rollbackconnection.rollbackconnection.rollbackconnection.rollback()()()()}}}}

CS3002CS3002


Connection Pooling� We require separate Connection objects for each client

which are created, opened, used and closed in the

service method itself

� Since opening a connection for each client is time

consuming, it is better to have a pool of open

connections from which we can pick a free connection

object for each client

� This will increase the performance, as a new

Connection object is not created and opened for each

request, and at the same time, a different Connection

object is available for each client

� This technique is called Connection Pooling

CS3002CS3002


Summary

� In this module, we have learned the following

� Error/Exception Handling in Servlets

� Session Tracking in Servlets

� Redirecting Forwarding and Including Requests in Servlets

� HTTP Tunneling using Servlets

� JDBC with Servlets

Technology

Servlets lecture2