EE448: Server-Side Development - PowerPoint PPT Presentation

1 / 37
About This Presentation
Title:

EE448: Server-Side Development

Description:

Title: PowerPoint Presentation Author: David Molloy Last modified by: David Molloy Created Date: 2/4/2003 10:44:24 AM Document presentation format – PowerPoint PPT presentation

Number of Views:166
Avg rating:3.0/5.0
Slides: 38
Provided by: DavidMo170
Category:

less

Transcript and Presenter's Notes

Title: EE448: Server-Side Development


1
EE448 Server-Side Development
Lecturer David Molloy Time Tuesdays
3pm-5pm Notes http//wiki.eeng.dcu.ie/ee448
Mailing List ee448_at_list.dcu.ie
2
Session Tracking
  • Session tracking is the capability of the server
    to maintain the current
  • state of a single clients sequential requests
  • HTTP is stateless -gt how do you keep track of
    client request sequences?
  • Sites such as those with shopping carts need
    this capability
  • Why not simply use the clients IP address as
    identification? Xterm,
  • proxy servers, multiple browsers etc.
  • Therefore, we get client to introduce itself as
    it makes each request.
  • Client provides a unique identifier that lets
    the server identify it.
  • Several different ways of managing session
    tracking
  • - User Authorization
  • - Hidden Form Fields
  • - URL Rewriting
  • - Persistent Cookies
  • - Session Tracking API

3
User Authorization
  • Most application/web servers have some built
    in-system for user
  • authorization
  • Apache user authorization used to access module
    notes
  • Tomcat provides functionality to require clients
    to login
  • Example Tomcat Manager Application
  • String name req.getRemoteUser() // after
    authorization

Easy to Implement Works if user accesses the
site from an alternate machine or browser
  • Users must pre-register for A/C
  • Users must always log in each time
  • Cant simultaneously maintain more
  • than one session at same site
  • Unsuitable for anonymous session
  • tracking

4
Hidden Form Fields
  • One of the simplest methods for session tracking
  • Use standard form fields, which are not
    displayed to the client
  • Parameters passed back to server, when form is
    submitted
  • ltINPUT TYPEhidden NAME"user" value"molloyda"gt
  • No different between a hidden and visible field
    (at server end!)
  • Work through example hidden_example.html
  • http//localhost8080/student/hidden_example.ht
    ml
  • We pass information from Form to Form -gt
    effectively session tracking
  • Shopping cart this way would pass user id,
    quantities and item ids
  • from form to form

5
Hidden Form Fields
Advantages
Easy to Implement Supported by all popular
browsers Users need not log in (server can
generate unique IDs)
Disadvantages
  • As quantity of information increases, process
    becomes tedious
  • (unless persistent information is kept on
    server, and ID only passed)
  • Only functions for series of forms (static pages
    break the process)
  • Browser shutdown/changing will break the process

6
URL ReWriting
  • Every local URL the user might click is
    dynamically modified, or
  • rewritten to include extra information
  • Typically, only a unique session ID is passed
    (256 characters max)
  • Different ways of passing the extra information
  • Original http//serverport/context/servle
    t/ServletName
  • http//serverport/context/servlet/ServletN
    ame/ABCD1234 (path)
  • http//serverport/context/servlet/ServletN
    ame?sessionidABCD1234
  • (parameter)
  • Path information method works for both GET and
    POST
  • Extra Parameter method does not work for POST
    method
  • Work through

7
URL Rewriting
Advantages
Easy to Implement Supported by all popular
browsers Users need not log in (server can
generate unique IDs) URL rewriting works for
all dynamically created documents (not just
forms!)
Disadvantages
  • Only small quantities of information can be
    rewritten into URLs
  • (therefore would need server-side persistence)
  • Typically, URL rewriting does not work for
    static documents
  • Browser shutdown breaks the process
  • Can be very tedious and need to be careful to
    find all links etc.

8
Persistent/Non Persistent Cookies
  • Cookie a simple piece of information stored on
    the client, on behalf
  • of the server
  • When a browser receives a cookie, it saves the
    cookie on the local hard
  • drive. Expiry for the cookie can be set -gt
    otherwise deleted at
  • browser shutdown
  • Each subsequent visit to the same site, browser
    sends cookie back to
  • the server with each request
  • Cookie can be used to store a user ID
  • Cookies -gt Security Issues? Few k bytes
    non-executable
  • Cookies not part of original HTTP specification
    -gt introducted in
  • Netscape and have become a de-facto standard

9
Persistent/Non-Persistent Cookies
  • Servlet API provides javax.servlet.http.Cookie
    for using cookies
  • public Cookie (String name, String value)
  • public void HttpServletResponse.addCookie(Coo
    kie cookie)
  • Example
  • Cookie cookie new Cookie("userid",
    "david_molloy832")
  • cookie.setMaxAge(7200) // 2 hour expiry
  • res.addCookie(cookie)
  • Servlet retrieves cookies by calling the
    getCookies() method
  • Cookie cookies req.getCookies()
  • if (cookies ! null)
  • for (int i0 ilt cookies.length i)
  • String name cookiesi.getName()
  • String value cookiesi.getValue()

10
Persistent Cookies
Advantages
Efficient and simple way of session tracking
Exist even if browsers and/or servers are
shutdown/restarted Users need not log on
(server can generate Ids) Works for all
documents/pages even static HTML Cookes are
customizable and powerful
Disadvantages
  • Major problem is that clients sometimes
    configure browsers to
  • refuse cookies (for security concerns)
  • If client refuses cookies, you must fall back on
    another solution

11
Session Tracking API
  • Fortunately, the Servlet API has built-in
    support for session tracking
  • Session tracking should be supported by any web
    server that
  • supports servlets
  • To create a new session, you use the
    HttpServletRequest objects
  • getSession() method
  • public HttpSession HttpServletRequest.getSessi
    on(boolean create)
  • Eg.
  • HttpSession session req.getSession(true)
  • Method returns the current session associated
    with the user making
  • the request.
  • If the user has no current valid session, this
    method creates one
  • if create is set as true, or returns null if
    create is false

12
Session Tracking API
  • HttpSession object has five methods we are
    concerned with
  • - public void setAttribute(String name, Object
    value)
  • Binds a name/value pair to store in the
    current session
  • If the name exists, then it is replaced
  • Note You can store an object, rather than
    just a String!
  • - public Object getAttribute(String name)
  • Used to get an object stored in the session
  • - public Enumeration getAttributeNames()
  • Returns an Enumeration of all the current
    bound names
  • stored in the session
  • - public void removeAttribute(String name)
  • Allows the removal of an object from the
    session
  • - public void invalidate()
  • Can manually invalidate their session and
    all information

13
Session Tracking API
  • Demonstrate the SessionCount servlet
  • Sessions have a limited lifespan (purposefully!)
  • Automatic or manual invalidation (such as
    logouts)
  • When a user accesses a site, that user is
    assigned a new HttpSession
  • object and a unique session ID.
  • Session ID is unique and identifies the user
  • The session ID is saved on the client in a
    cookie or sent as part of a
  • rewritten URL
  • Every server that supports servlets should
    implement at least
  • cookie-based session tracking (using
    persistent cookies)
  • Most servers support session tracking based on
    URL rewriting also

14
Session Tracking API
Advantages
Very efficient and simple way to implement
session tracking Session information can
persist (server specific) even with server
shutdown/restart Users need not log on (server
generates unique IDs) Works for all
documents/pages, including static HTML
Standardized and included in J2EE Sessions can
be set to time-out at user configurable times
Objects stored rather than just strings
Disadvantages
  • Restricted to one browser and tracking lost if
    browser shuts down
  • or crashes
  • - Slightly more difficult if clients have cookies
    disabled

15
JavaServer Pages (JSPs)
  • Allow web developers and designers to develop
    and maintain
  • platform-independent, dynamic web pages for
    business systems
  • User interface is seperated from content
    generation
  • Designers can alter overall page layout without
    altering the
  • underlying dynamic content
  • JSPs make use of XML-like tags and scriptlets
    written in Java
  • to generate dynamic content
  • JSP like an inside-out servlet!
  • Work through Hello World example

16
JavaServer Pages (JSPs)
  • Hello World Example
  • ltHTMLgt
  • ltHEADgt
  • ltTITLEgtJSP Hello World Examplelt/TITLEgt
  • lt/HEADgt
  • ltBODYgt
  • ltH1gt
  • lt out.println("Hello World!") gt
  • lt/H1gt
  • lt/BODYgt
  • lt/HTMLgt

17
Behind the Scenes
  • JSP page is executed by a JSP engine/container,
    such as Tomcat
  • JSP is actually just a servlet that is mapped to
    .jsp
  • JSP Container receives requests to a JSP and
    generates response
  • When server receives a request it recognises the
    .jsp extension
  • and begins special handling
  • First time JSP is requested, it is compiled into
    a servlet object
  • and stored in memory -gt output of servlet sent
    back to user

18
Behind the Scenes
  • Subsequent calls to the JSP in the server cache
    increases the
  • speed of response
  • First call to JSP includes the time necessary
    for the server to
  • create and compile the background servlet
  • If the .jsp file has not changed since previous
    request, the
  • server invokes the previously compiled servlet
    object
  • Provide an example of a JSP error

19
Web Application Structure
  • JSP pages share the Write Once, Run Anywhere
    characteristic
  • of Java technology -gt typically packaged
    within the WAR

20
Features of JSP Pages
  • Java Based benefit from all of the Java
    language benefits
  • Reusable - O/S, platform independent, can write
    JSPs as components
  • and reuse in different ways for different
    functionality
  • Seperation of Business Logic and Presentation
    web designers can
  • edit and work on HTML while leaving dynamic
    content alone
  • Large Community Support JSPs are based on a
    broad spectrum of
  • industry input and support
  • Platform Independent write once, run anywhere
  • Ease of Development non-programmers can use
    simple JSP specific
  • code for simple tasks, especially by using
    JavaBeans
  • Portability JSPs are part of the Web
    Application Structure, so can be
  • ported easily to alternate application servers

21
JSPs JavaBeans
  • JavaBeans is a portable, platform-independent
    component model
  • written in Java
  • JavaBeans are small, reusable, software
    components
  • They deliver functionality to various
    applications that need such
  • functionality
  • A JavaBean component can be run anywhere
  • Eg. On a client within an AWT component or
    within a JSP on a server
  • JavaBeans are based on the concept of
    components, but are not
  • regarded as such by J2EE (it recognises
    EJBs)
  • JavaBeans are intraprocess components that live
    at one location,
  • such as GUI components, buttons, tables etc.
    small grained
  • application pieces
  • Enterprise JavaBeans are interprocess components
    that live in

22
JavaBeans Examples
  • GUI software components such as push buttons or
    more complicated
  • like spreadsheets
  • Individual components can be nested and
    arbitrarily complex
  • Eg. A calculator JavaBean could be built from
    button JavaBeans etc.

23
Sample JavaBean
package dave public class SimpleBean
private String message "No message
specified" public String getMessage()
return(message) public void
setMessage(String message) this.message
message
24
JSP using JavaBean
  • JavaBean has no main method. To use it we use
    the ltjspuseBeangt
  • tag, as follows
  • ltHTMLgt
  • ltHEADgt
  • ltTITLEgtReusing JavaBeans in JSPlt/TITLEgt
  • lt/HEADgt
  • ltBODYgt
  • ltCENTERgt
  • ltjspuseBean id"test" class"dave.SimpleBean"
    /gt
  • ltjspsetProperty name"test" property"message"
    value"Hello World!" /gt ltH1gtMessage
    ltjspgetProperty name"test" property"message"
    /gt lt/H1gt
  • lt/CENTERgt
  • lt/BODYgt
  • lt/HTMLgt

25
JSP Syntax
  • HTML Comments
  • lt!-- This is a comment --gt
  • Hidden Comments
  • lt-- This is a comment not visible to the client
    --gt
  • JSP Directives
  • Used to define and set attributes that apply
    to the entire JSP page
  • include
  • page
  • taglib

26
JSP Syntax
  • 1. include Directive
  • Used to instruct the JSP container to insert
    text into a JSP page at
  • translation time
  • Included file can be a HTML file, JSP file, text
    file, or a Java code file
  • lt_at_ include filefileName gt
  • eg.
  • lt_at_ include fileDateTime.jsp gt
  • Work through example DateTime.jsp /
    JSPInclude.jsp

27
JSP Syntax
  • 2. page Directive
  • Page directive is used to define one or more
    attributes for the whole
  • JSP page.
  • Can be placed anywhere in the JSP file and still
    apply
  • There are a number of separate page directive
    attributes
  • import specifies in a comma-seperated list, the
    Java
  • packages that the JSP file should import
  • lt_at_ page importjava.util., java.sql.
    gt
  • session can be set to true if the client must
    join a session
  • in order to use the JSP page
  • lt_at_ page sessiontrue gt

28
  • contentType defines the MIME type for the
    response. Can
  • use any valid types supported by the JSP
    container.
  • Defaults to text/html
  • lt_at_ page contentTypetext/html gt
  • extends the fully qualified name of the
    superclass of this
  • JSP
  • lt_at_ page extendsClassName gt
  • languageScripting Language
  • Multiple scripting languages may be used in
    JSP files if
  • supported. The default value is Java.

29
  • 3. taglib Directive
  • Taglib directive supported since JSP Version 1.1
  • Allows JSP authors to define their own tags
  • lt_at_ taglib gt directive declares that the JSP
    file uses custom tags,
  • names the tag library that defines them and
    specifies their prefix
  • Not concerned with taglib any further in this
    module

30
Scripting Elements
  • JSP scripting elements allow Java code to be
    inserted into the
  • servlet that will be generated from the
    defined JSP page
  • 3 types of scripting elements
  1. Declarations
  2. Scriptlets
  3. Expressions

31
Declarations
  • JSP declaration allows definition of methods or
    variables
  • Declared variables and methods have class scope
    and are available
  • throughout the JSP page
  • Variable declarations must be made before you
    use them in your
  • JSP file
  • Syntax lt! Declaration gt
  • Examples

lt! String testString Hello World! gt lt!
int x,y,z gt lt! int count 0 gt
32
Scriptlets
  • Scriptlets provide the ability to directly
    insert code into an HTML
  • document.
  • Scriptlets can contain any code that is valid
    based on the language
  • specified in the language directive
  • Java code in our module only
  • A scriptlet is a block of Java code embedded in
    the service() method
  • of a compiled servlet
  • -gt The code is executed on every clients
    request for the JSP
  • Any number of scriptlets can appear within a JSP
    page
  • Syntax
  • lt javacode gt

33
Scriptlets
Eg. ltHTMLgt ltHEADgt ltTITLEgtJSP Scriptlet
Examplelt/TITLEgt lt/HEADgt ltBODYgt lt
out.println("Your address is "
request.getRemoteAddr()) gt lt/BODYgt lt/HTMLgt
  • View the output in Scriptlet.jsp

34
Scriptlets
  • There are four implicit variables automatically
    available to a JSP file
  • 1. request reference to the HttpServletRequest
    object
  • 2. response reference to the
    HttpServletResponse object
  • 3. in reference to the BufferedReader object
    that is part of
  • the client request
  • 4. out reference to the PrintWriter object
    sent to the client
  • Allows us in particular to handle client
    interaction

35
Scriptlets
  • Example of form interaction

ltHTMLgt ltHEADgt ltTITLEgtJSP Form Examplelt/TITLEgt
lt/HEADgt ltBODYgt lt out.println("Your value for
parameter A " request.getParameter("a"))
out.println("ltBRgtYour value for parameter B
" request.getParameter("b")) gt lt/BODYgt
lt/HTMLgt
  • Demonstrate SimpleForm.jsp w/o/with parameters

36
Expressions
  • Expression element contains an expression that
    is valid in the
  • scripting language used
  • They are like single-line scriptlets
  • An expression is a tag, that will be replaced by
    the value of the
  • evaluated expression
  • Value is evaluated, converted to a string, and
    inserted where the
  • expression occurs in the JSP file
  • Syntax
  • lt expression gt
  • Example

The current time is lt new java.util.Date() gt
Your IP address is lt request.getRemoteAddr()
gt ltnumber1 " multiplied by " number2 "
gives " number1number2gt
37
Examples
  • Work through examples from notes

JSP Database Connectivity
  • JSP applications like servlets connect to
    databases using JDBC
  • Covered later in the module
Write a Comment
User Comments (0)
About PowerShow.com