560 likes | 575 Views
Dynamic Web programming with Servlets. Gal Shachor. Agenda. Servlets – What and Why? My first servlet The Servlet API Form processing Session state We did not talk about…. Servlets. What are they? Why do we need them. What Are Servlets Anyway?.
E N D
Dynamic Web programming with Servlets Gal Shachor
Agenda • Servlets – What and Why? • My first servlet • The Servlet API • Form processing • Session state • We did not talk about…
Servlets What are they? Why do we need them
What Are Servlets Anyway? • A Servlet is a Java class that extends the web server's service capabilities. • When the client sends a request to the server the. Server can forward the request to a Servlet and let it handle the request. • Servlets provide open, cross-server and OS APIs. • Servlets have a clean design; This leads to simplicity. • Servlets live inside a Servlet Container.
What Is a Servlet Container • Sometimes called a Servlet Engine. • Similar to what an OS is for processes • The Servlet Container provides Servlets with the environment, configuration and runtime needed to support the Servlet APIs: • Load the Servlets. • Initialize the Servlets. • Execute the Servlets. • Destroy the Servlets. • Servlets do not have a main… The container have it…
Who Backs Servlets? • Servlets are backed by "anybody but Microsoft." • There is Servlets support for virtually all common servers (including Microsoft's). • Supporting Servlets can be done in one of two ways: • Supporting the Servlet APIs in the web-server level • Adding a Servlet-Container add-on to the web-server.
Why Servlets? • Because we needed them! • Servlets where invented on 1996. Back then the competing technologies where: • CGI – Too slow, not scalable in any important aspect • Server APIs – Too complex • Microsoft ASP – Beta version, slow, only NT • Live wire – Only Netscape servers • The community needed a cross-server, cross-platform web server API => Servlets where invented • Huge success
My first servlet Hello World
HelloWorld Servlet – The code package com.hrl.sample; import java.io.*; import javax.servlet.ServletException; import javax.servlet.http.*; publicclass HelloWorld extends HttpServlet { publicvoid doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { resp.setContentType("text/html"); final PrintWriter out = resp.getWriter(); out.println("<html><body>"); out.println("<h1>Hello World (With Servlet Accent)</h1>"); out.println("</body></html>"); } }
HelloWorld Servlet – Output HTTP/1.1 200 OK Server: WebSphere Application Server/5.0 Content-Type: text/html Content-Language: iw-IL Connection: close <html><body> <h1>Hello World (With Servlet Accent)</h1> </body></html>
HelloWorld Servlet – Observations • The Servlet class extends the base class HttpServlet • In a short while we will see that HttpServlet is a base class for practically all servlets • The servlet logic is implemented in a method named doGet() • Handles the HTTP GET method • doPost, doHead… are also available • Called from the service method • To be discussed soon
HelloWorld Servlet – Observations • The Servlet uses request and response objects when serving a users’ request • HTTP (and as a result also HTTP Servlets) follows the request-response paradigm • The HTTP request and response objects are encapsulated by a matching Java objects • The Servlet outputs raw HTML content • Generates it on the fly • The Servlet manipulates the HTTP headers • But the container adds some more
The Servlet APIs (Cont.) • Several versions: • 1.0 – initial supported version (mid 1997). • 2.0 – First "real" version (beginning of 1998). • 2.1 – Mostly fixes and refinements for 2.0 (January, 1999) but also preliminary application services. • 2.2 – Important version (December 1999) with application definitions. • 2.3 – Listeners and Filters were added. This is the version that we are learning. • 2.4 – The future
What’s in the APIs • The Servlet APIs defines: • A servlet lifecycle – how a servlet is created, used and destroyed. • A programmer interface – how a servlet looks like to the container and how the container looks like to the servlet. • The Servlet APIs is what the programmer should care about
The Servlet Life-Cycle • The Servlet life-cycle defines: • How a Servlet is initialized. • How a Servlet is serving users and how many times. • How a Servlet is destroyed. • Concurrency management (multi-threading considerations).
Servlet Instantiation • The container instantiates a new Servlet in two occasions: • A user request service from a Servlet that was not instantiated yet. • The Servlet is in the list of startup Servlets and the container is starting. • A Servlet is instantiated in the following manner: • The container loads the Servlet’s class. • Using Class.newInstance() the container instantiates a new instance of the Servlet.
Servlet Initialization • After the instantiation, the container initializes the Servlet. • The container casts the new instance to a Servlet object and initializes it by calling an init() method. • If initialization fail the Servlet creation fail and the new instance is garbage collected. • The Servlet initialization is done in a single threaded manner.
Service Phase • After the Servlet initialization, the container can ask the Servlet to serve incoming requests. • The container will call the Servlet’s service() method. • A Servlet may handle many concurrent requests. • By different threads, all of them running in the same service methods. • The service method should be thread safe. • Multithreading • By default the servlet need to be multithread safe! • One may instruct the container to make the servlet “multithread safe” by insuring that no two thread will execute on a single servlet instance • By making the Servlet class implement the SingleThreadModel interface (deprecated)
Servlet Destruction • A container may destroy the Servlet because: • It wants to preserve resources (this is not common). • The container is shutting down. • In both cases the container will call the Servlet’s destroy() method. • Note that this means that a certain Servlet will usually stay “alive” for a very long time and is going to serve many users. • After the destruction the Servlet is garbage collected.
How Many Servlet Instances? • Usually, the number of servlet instances should be 1! • “In the default case of a servlet not implementing SingleThreadModel and not hosted in a distributed environment, the servlet container must use only one instance of a servlet class per servlet definition.” • “In the case of a servlet that implements the SingleThreadModel interface, the servlet container may instantiate multiple instances of that servlet so that it can handle a heavy request load while still serializing requests to a single instance.” • Taken from the Servlet API 2.3 specification.
The Servlet APIs • Defines the APIs to the services that the Servlet Container provides to the Servlet • Request/Response interfaces • Session State services • Environment services (configuration, application), etc. • Defines the Servlet life-cycle and service semantics from the Servlet Container point of view • Initialization/Destruction/Service • Threading models
The Servlet APIs Packages • Two packages: • javax.servlet - General Servlet related definitions • javax.servlet.http - HTTP related extension for the "general" Servlets • Since we only deal with Web (HTTP) related Servlets we will cover and mix both of them.
The Servlet Interface • Defines the Servlet life-cycle APIs • init(ServletConfig cfg) • Initializes the Servlet. • service(ServletRequest req, ServletResponse res) • Carries out a single request from the client. • destroy() • Cleans up whatever resources are being held (e.g., memory, file handles, threads) and makes sure that any persistent state is synchronized with the Servlet's current in-memory state. • Defines also two misc’ methods (getServletConfig(), getServletInfo()) • Implemented by base classes
GenericServlet, HttpServlet • GenericServlet is an abstract (service is not provided) implementation of the Servlet interface and, for convenience, the ServletConfig interface. Servlet developers typically subclass GenericServlet, or its descendent HttpServlet (see shortly). • Implements all Servlet interface methods but service • HttpServlet extends GenericServlet and adds HTTP specific functionality. • HttpServlet adds the following methods: • service(HttpServletRequest, HttpServletResponse) • This is an HTTP-specific version of the Servlet.service method, which accepts HTTP specific parameters. • doXXX(HttpServletRequest, HttpServletResponse) • Performs the HTTP XXX operation (where operation can be DELETE/GET/POST/PUT/TRACE); the default implementation reports an HTTP BAD_REQUEST error.
ServletConfig • The Servlet developer uses the ServletConfig object to get Servlet related information. • getInitParameter(String name) • Returns a string containing the value of the named initialization parameter, or null if the parameter does not exist. • getInitParameterNames() • Returns the names of the Servlet's initialization parameters as an enumeration of strings. • getServletContext() • Returns the context for the Servlet. • getServletName() • Returns the Servlet name.
ServletContext • The Servlet developer uses the ServletContext object to get server related (application) information and services. • getMimeType(String file) • Returns the mime type of the specified file. • getRealPath(String path) • Applies alias rules to the specified virtual path and returns the corresponding real path. • log(String msg, Throwable t)/ log(String msg) • Write the stacktrace and the given message string to the Servlet log file.
ServletRequest, HttpServletRequest • Reading stream data sent in the request: • getContentLength() • Returns the size of the request entity data, or -1 if not known. • getContentType() • Returns the MIME Type of the request entity data, or null if not known. • getInputStream() • Returns an input stream for reading binary data in the request body. • getReader() • Returns a buffered reader for reading text in the request body.
ServletRequest, HttpServletRequest • Methods to obtain user sent form parameters: • getParameter(String name) • Returns a string containing the lone value of the specified parameter, or null if the parameter does not exist. • getParameterNames() • Returns the parameter names for this request as an enumeration of strings, or an empty enumeration if there are no parameters or the input stream is empty. • getParameterValues(String name) • Returns the values of the specified parameter for the request as an array of strings, or null if the named parameter does not exist.
ServletRequest, HttpServletRequest • Methods to obtain user and server addresses: • getRemoteAddr() • Returns the IP address of the agent that sent the request. • getRemoteHost() • Returns the fully qualified host name of the agent that sent the request. • getServerName() • Returns the host name of the server that received the request. • getServerPort() • Returns the port number on which this request was received.
ServletRequest, HttpServletRequest • Methods to get headers information: • getHeaderNames(), getHeader(String) • Gets the value of the specified requested header. • Methods to get HTTP request information: • getRequestURI() • Gets, from the first line of the HTTP request, the part of this request's URI that is to the left of any query string. • getQueryString() • Gets any query string that is part of the HTTP request URI. • getMethod() • Gets the HTTP method (for example, GET, POST, PUT) with which this request was made.
ServletResponse, HttpServletResponse • Sending the response: • setContentLength(int length), setContentType(String type) • Sets the content length and type for this response. • getOutputStream() • Returns an output stream for writing binary response data. • getWriter() • Returns a print writer for writing formatted text responses. • addXXXHeader/setXXXHeader() • Adds or set a named HTTP header. The header value can be a string, int or date. For example addIntHeader() or setHeader(). • setStatus(int status) • Sets the status code for this response.
ServletResponse, HttpServletResponse • To manipulate the response buffer: • setBufferSize(int size)/getBufferSize() • Set and get the size of the response buffer. • flushBuffer() • Forces any content in the buffer to be written to the client. • isCommitted() • Return true if data was written to the user. • reset() • Reset the content of the response buffer.
Submitting a Form • Form parameters constructs a list of named values • Form parameters can be obtained using the HttpServletRequest methods: • getParameterNames() • Returns the parameter names for this request as an enumeration of strings. • getParameter(String name) • Returns a string containing the lone value of the specified parameter, or null if the parameter does not exist. • getParameterMap() • Returns a java.util.Map with the parameters for this request
Form Processing Servlet • Executed by submitting a Form • Prints all the submitted Form parameters as a response
FormServlet Servlet – The code package com.hrl.sample; import java.io.*; import javax.servlet.ServletException; import javax.servlet.http.*; publicclass FormServlet extends HttpServlet { publicvoid doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { doGet(req, resp); } publicvoid doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { resp.setContentType("text/html"); final PrintWriter out = resp.getWriter(); out.println("<html><body>"); out.println("<h1>Form Parameters:</h1>"); // Continue on next slide … } }
FormServlet Servlet – The code // Started on previous slide out.println("<table>"); out.println("<tr> <th> Name </th> <th> Value </th> </tr>"); final Enumeration names = req.getParameterNames(); while(names.hasMoreElements()) { final String name = (String)names.nextElement(); final String value = req.getParameter(name); out.println("<tr> <td> " + name + " </td> <td> " + value + " </td> </tr>"); } out.println("</table>"); out.println("</body></html>"); } }
FormServlet – Observations • Reading the posted Form parameters is easy (as it should be) • We implement both doGet() and doPost() • The two HTTP methods used for sending Forms • The value of the “submit” button is submitted as well
Session state Keeping track
What is Session State • We want to save short-term state on behalf of the user: • Shopping cart. • Authentication information. • HTTP is stateless: • How can we keep state? • Enter HTTP based user session state • Cookies • Session State APIs
Cookies • The first session state solution was cookies, a special set of HTTP headers with special semantics: • The server can set a cookie in the client's browser by using the set-cookie header. • The client will then send the cookie back to the server on the following requests using the cookie header. • The value of a cookie header needs to be an alphanumeric value. • But Cookies are bad: • Not enough abstraction -> hard to use. • Need to manually parse a cookie. • Not secure enough, data is passing back and forth. • Limited in size (~100byte). • Uses are afraid of cookies
Session State – The Servlets Way • The Servlet container is tracking the user • Several tracking tools (not only cookies) • Allows the servlets to associate data with the user • Allows for variable QoS for the session state • The container exposes APIs to access the session data • HttpSession • HttpServletRequest.getSession()
HttpSession • Represents a single user session. • Exposes the following methods: • Object getAttribute(String name) • Get a stored value from the session. • Enumeration getAttributeNames() • Get the named of the stored values. • removeAttribute(String name) • Remove a values from the session. • setAttribute(String name, Object value) • Set a value in the session.
HttpSession • Exposes the following methods: • setMaxInactiveInterval(int interval), int getMaxInactiveInterval() • Set and get the max inactivity interval that the session can have • long getCreationTime(), getLastAccessedTime() • Get the time the session was created/last accessed. • String getId() • Get the id used for this session. • invalidate() • Dispose the session. • boolean isNew() • Was this session created now, and did arrive to the user (yet).
Session State Method in HttpServletRequest • HttpSession getSession() • If a session is associated with the current request, this method will return it. • HttpSession getSession(boolean create) • Return a session that is associated with the current request. If the session does not exists, create new session. • …
Session Counter Servlet • Counts the number of per-user hits on the servlet • Prints some of the session meta data
SessionServlet – The code package com.hrl.sample; import java.io.*; import javax.servlet.ServletException; import javax.servlet.http.*; publicclass SessionServlet extends HttpServlet { publicvoid doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { // Get the session object final HttpSession session = req.getSession(true); resp.setContentType("text/html"); final PrintWriter out = resp.getWriter(); // Continue on next slide … } }