WEB TECHNOLOGIES
A COMPUTER SCIENCE PERSPECTIVE
JEFFREY C. JACKSON
Chapter 6
Server-side Programming:
Java Servlets
Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved. 0-13-185603-0
� Server-side Programming
• The combination of
– HTML
– JavaScript
– DOM
is sometimes referred to as Dynamic HTML
(DHTML)
• Web pages that include scripting are often
called dynamic pages (vs. static)
Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
� Server-side Programming
• Similarly, web server response can be
static or dynamic
– Static: HTML document is retrieved from the
file system and returned to the client
– Dynamic: HTML document is generated by a
program in response to an HTTP request
• Java servlets are one technology for
producing dynamic server responses
– Servlet is a Java class instantiated by the
server to produce a dynamic response
Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
� Servlet Overview
Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
� Servlet Overview
1. When server starts, it instantiates servlets
2. Server receives HTTP request, determines
need for dynamic response
3. Server selects the appropriate servlet to
generate the response, creates
request/response objects, and passes them to
a method on the servlet instance
4. Servlet adds information to response object via
method calls
5. Server generates HTTP response based on
information stored in response object
Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
�Hello World! Servlet
Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
�Hello World! Servlet
All servlets we will write
are subclasses of
HttpServlet
Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
�Hello World! Servlet
Server calls doGet() in response to GET request
Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
�Hello World! Servlet
Interfaces implemented by request/response objects
Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
�Hello World! Servlet
Production servlet should
catch these exceptions
Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
� Servlets vs. Java Applications
• Servlets do not have a main()
– The main() is in the server
– Entry point to servlet code is via call to a
method (doGet() in the example)
• Servlet interaction with end user is indirect
via request/response object APIs
– Actual HTTP request/response processing is
handled by the server
• Primary servlet output is typically HTML
Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
� Running Servlets
• Simple way to run a servlet (better later):
1. Compile servlet (make sure that JWSDP
libraries are on path)
2. Copy .class file to shared/classes
directory
3. (Re)start the Tomcat web server
4. If the class is named ServletHello,
browse to
http://localhost:8080/servlet/ServletHello
Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
� Dynamic Content
Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
� Dynamic Content
Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
� Dynamic Content
Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
� Servlet Life Cycle
• Servlet API life cycle methods
– init(): called when servlet is instantiated;
must return before any other methods will be
called
– service(): method called directly by server
when an HTTP request is received; default
service() method calls doGet() (or
related methods covered later)
– destroy(): called when server shuts down
Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
� Parameter Data
• GET vs. POST for the method attribute of forms:
– GET:
– Choosing GET as the "method" will append all of the data to the URL
and it will show up in the URL bar of your browser.
– The amount of information you can send back using a GET is restricted
as URLs can only be 1024 characters.
– Recommended when parameter data is not stored or updated on the
server, but used only to request information (e.g., search engine query)
Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
� Parameter Data
• GET vs. POST method for forms:
– POST:
• Query string is sent as body of HTTP request
• Length of query string is unlimited
• Recommended if parameter data is intended to
cause the server to update stored data
• Most browsers will warn you if they are about to
resubmit POST data to avoid duplicate updates
Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
� Sessions
• Many interactive Web sites spread user data entry out over several
pages:
– Ex: add items to cart, enter shipping information, enter billing
information
• Problem: how does the server know which users generated which
HTTP requests?
– Cannot rely on standard HTTP headers to identify a user
• A session can be defined as a server-side storage of information
that is desired to persist throughout the user's interaction with the
web site or web application.
•
Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
� Sessions
Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
� Sessions
Server sends back
new unique
session ID when
the request has
none
Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
� Sessions
Client that supports
session stores the
ID and sends it
back to the server
in subsequent
requests
Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
� Sessions
Server knows
that all of these
requests are
from the same
client. The
set of requests
is known as a
session.
Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
� Sessions
And the server
knows that all
of these
requests are
from a different
client.
Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
� Sessions
Three web
pages produced
by a single servlet
Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
� Sessions
Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
� Sessions
Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
� Sessions
Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
� Sessions
Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
� Sessions
• How to get the HttpSession object ?
• The HttpServletRequest interface provides two methods to get the object of
HttpSession:
• public HttpSession getSession():Returns the current session associated
with this request, or if the request does not have a session, creates one.
• public HttpSession getSession(boolean create):Returns the current
HttpSession associated with this request or, if there is no current session
and create is true, returns a new session.
Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
� Commonly used methods of HttpSession interface
• public String getId():Returns a string containing the unique identifier
value.
• public long getCreationTime():Returns the time when this session was
created, measured in milliseconds since midnight January 1, 1970 GMT.
• public long getLastAccessedTime():Returns the last time the client
sent a request associated with this session, as the number of milliseconds
since midnight January 1, 1970 GMT.
• public void invalidate():Invalidates this session then unbinds any
objects bound to it.
• setMaxInactiveInterval(int )Returns the maximum time
interval, in seconds, that the servlet container will keep this session open
between client accesses.
Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
� Cookies
• A cookie is a name/value pair in the Set-Cookie header field of an HTTP response.
• A HTTP cookie (also called web cookie, Internet cookie, browser cookie or
simply cookie), is a small piece of data sent from a website and stored in a
user's web browser while the user is browsing that website.
• Every time the user loads the website, the browser sends the cookie back to the
server to notify the website of the user's previous activity.
• Cookies were designed to be a reliable mechanism for websites to
remember stateful information (such as items in a shopping cart) or to record the
user's browsing activity (including clicking particular buttons, logging in, or recording
which pages were visited by the user as far back as months or years ago)
• .
• Without cookies, websites and their servers have no memory. A cookie, like a key,
enables swift passage from one place to the next.
• Without a cookie every time you open a new web page the server where that page is
stored will treat you like a completely new visitor.
Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
� Cookies
Tomcat sends
session ID as value
of cookie named
JSESSIONID
Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
� Cookies
Cookie-enabled
browser returns
session ID as value
of cookie named
JSESSIONID
Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
� Cookies
• Servlets can set cookies explicitly
– Cookie class used to represent cookies
– request.getCookies() returns an array of
Cookie instances representing cookie data in
HTTP request
– response.addCookie(Cookie) adds a
cookie to the HTTP response
Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
� Cookies
Cookies are expired by
client (server can request
expiration date)
Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
� Cookies
Privacy issues
HTTP request to
intended site Web site
providing
requested
HTTP response:
content
HTML document
Client
including ad <img>
HTTP request for
ad image
Image
plus Set-Cookie Web site
in response: providing
third-party cookie banner
ads
Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
� Cookies
Privacy issues
Second
HTTP request to 2nd Web site
intended site providing
Web site requested
providing content
requested
HTTP response:
content
HTML document
Client
including ad <img>
HTTP request for
ad image plus Cookie (identifies user)
Image Based on
Web site
providing Referer, I know two
banner Web sites that
ads this user has
visited
Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
� Cookies
Privacy issues
• Due to privacy concerns, many users
block cookies
– Blocking may be fine-tuned. Ex: Mozilla
allows
• Blocking of third-party cookies
• Blocking based on on-line privacy policy
• Alternative to cookies for maintaining
session: URL rewriting
Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
� Data Storage
• Almost all web applications (servlets or related
dynamic web server software) store and retrieve
data
– Typical web app uses a data base management
system (DBMS)
– Another option is to use the file system
– Not web technologies, so beyond our scope
• Some Java data storage details provided in
Appendices B (file system) and C (DBMS)
• One common problem: concurrency
Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
� Common Gateway Interface
• The common gateway interface (CGI) is a standard way for a Web server to pass a Web user's
request to an application program and to receive data back to forward to the user.
• When the user requests a Web page (for example, by clicking on a highlighted word or entering
a Web site address), the server sends back the requested page. However, when a user fills out a
form on a Web page and sends it in, it usually needs to be processed by an application program.
• The Web server typically passes the form information to a small application program that
processes the data and may send back a confirmation message. This method or convention for
passing data back and forth between the server and the application is called the common
gateway interface (CGI). It is part of the Web's Hypertext Transfer Protocol (HTTP).
Dr. Thomas Tran – CSI3140 Lecture Notes (based on Dr. Jeffrey Jackson’s slides)
