Cooperation between applets and servlets

1
Cooperation between applets and servlets
2
Applets

• Applets runs on the clientsside, the servlet on
  the server side
• Suitable for presentations and logic that belongs
  on the client, for example
• Advanced graphics or animation
• Special GUI controls (eg. WYSIWYG editor)
• Problem how does applets and servlets communicate

3
Constraints

• Applets runs in a sandbox,therefore limitations.
• Can only contact the network resource from which
  the applet originated.
• The applet can therefore only retreive
  information from its home.

4
Technique 1 control the applet from the server
5
Technique configurable applet
lthtmlgt ltheadgt lttitlegtDrawing applet
examplellt/titlegt lt/headgt ltbodygt ltapplet
width"300" height"200"
codedrawing.class"gt ltparam namedrawing"
value"0-255-255-255-0-0
5-0-0-300-200-0
0-255-0-0-0-0
1-18-18-188-288-0
1-20-10-400-10-0
5-45-29-22-23-3frode
4-200-30-0-0-my name is frode"gt lt/appletgt
lt/bodygt lt/htmlgt
6
The Applet
import java.util. import java.awt. import
java.applet. public class drawing extends
Applet String drawing public void
init() // retreive drawing parameters
from the server drawing getParameter(drawin
g") public void paint(Graphics g)
parseTegning(g)
7
public void parseDrawing(Graphics g) //
retreive all commands StringTokenizer
commands new StringTokenizer(drawing,"")
while (commands.hasMoreElements())
try int op, arg1, arg2, arg3
0, arg4 0 String arg5 ""
String fullcommand commands.nextToken() //
tokenize the command StringTokenizer
parts new StringTokenizer(fullcommand,"-")
op Integer.parseInt(parts.nextToken())
arg1 Integer.parseInt(parts.nextToken())
arg2 Integer.parseInt(parts.nextToken())
arg3 Integer.parseInt(parts.nextToken())
arg4 Integer.parseInt(parts.nextToken(
)) arg5 parts.nextToken()
draw(g,op,arg1,arg2,arg3,arg4,arg5)
catch (Exception e) // Syntax errors
that occur in command input are ignored in this
example
8
public void draw(Graphics g,int op,int a1, int
a2,int a3,int a4,String a5) switch
(op) case 0 g.setColor(new
Color(a1,a2,a3)) break case
1 g.drawLine(a1,a2,a3,a4) break
case 2 g.drawOval(a1,a2,a3,a4)
break case 3 g.drawRect(a1,a2,a3,a4)
break case 4
g.drawString(a5,a1,a2) break
case 5 g.fillRect(a1,a2,a3,a4)
break case 6 g.fillOval(a1,a2,a3,a4)
break
9
Technique 2 the applet contact the server
10
lthtmlgt ltheadgt lttitlegtDrawing applet
examplelt/titlegt lt/headgt ltbodygt ltapplet
width"300" height"200"
code"dynamicdrawing.class"gt ltparam
namesource"
value"/drawing.jsp"gt lt/appletgt
lt/bodygt lt/htmlgt
Functionality user clicks And the text follows
11
drawing.jsp
lt response.setHeader(drawing",
"1-10-10-100-100-01-100-10-20-200-04-"
request.getParameter("x")"-"request.getParamete
r("y") "-0-0-Hi here I am") gt
12
public void init() kilde
getParameter(source") contactServer(-1,-1)
addMouseListener(this) public void
contactServer(int x,int y) try
URL server new URL(getCodeBase().getProtoco
l(),
getCodeBase().getHost(),
getCodeBase().getPort(),
source"?x"x"y"y) URLConnection
connection tjener.openConnection()
connection.setUseCaches(false) drawing
connection.getHeaderField(drawing")
catch (Exception e)
Runtime.getRuntime().gc() public void
mouseClicked(MouseEvent h)
contactServer(h.getX(),h.getY()) repaint()

13
Filtering og filters
14
request
client
filter
filter
Servlet JSP-page
response
filter
filter
15
Application areas

• Catch requests and inspect contect and
  http-headers
• Catch and modify requests before they reach the
  actual resource (servlet or jsp-page)
• Catch responses from resource and inspect content
  and http-headers
• Catch and modify responses from resources

16
Examples

• Compression filters
• Encryption filters
• Image conversion filters
• Log and account filters
• Security and autentication filters
• XSLT transformation filters

17
Example 1Catch and block requests
18
package filter import javax.servlet. import
javax.servlet.http. import java.io. public
class IEfilter implements Filter private
FilterConfig filterConfig public void
setFilterConfig(final FilterConfig filterConfig)
this.filterConfig filterConfig
public void doFilter(final ServletRequest
request, final
ServletResponse response,
FilterChain chain) throws IOException,
ServletException HttpServletRequest req
(HttpServletRequest)request
HttpServletResponse res (HttpServletResponse)re
sponse String browser req.getHeader(
"User-Agent" ) System.out.println(Before if
check "browser) if ( nettleser.indexOf("IE")
-1 ) request.setAttribute("filte
rcheck", Approved by frode's filter")
chain.doFilter(request, response)
svar.sendError(res.SC_FORBIDDEN) public
void init(FilterConfig c)
this.filterConfig c public void
destroy() this.filterConfig null

19
lt?xml version"1.0" encoding"ISO-8859-1"?gt lt!DO
CTYPE web-app PUBLIC "-//Sun Microsystems,
Inc.//DTD Web Application 2.3//EN"
"http//java.sun.com/dtd/web-app_2_3.dtd"gt ltweb-a
ppgt ltfiltergt
ltfilter-namegtMSblockerlt/filter-namegt
ltfilter-classgtfilter.IEfilterlt/filter-classgt
lt/filtergt ltfilter-mappinggt
ltfilter-namegtMSblockerlt/filter-namegt
lturl-patterngt.jsplt/url-patterngt
lt/filter-mappinggt lt/web-appgt
20
Example 2Filter chaining avoid html
injectionModifying request
lth1gt
lthigt
21
lt?xml version"1.0" encoding"ISO-8859-1"?gt lt!DOC
TYPE web-app PUBLIC "-//Sun Microsystems,
Inc.//DTD Web Application 2.3//EN"
"http//java.sun.com/dtd/web-app_2_3.dtd"gt ltweb-a
ppgt ltfiltergt ltfilter-namegtltFilterlt/fil
ter-namegt ltfilter-classgtfilter.SensureFilterCon
figlt/filter-classgt ltinit-paramgt
ltparam-namegtfindlt/param-namegt
ltparam-valuegtlt!CDATAltgtlt/param-valuegt
lt/init-paramgt ltinit-paramgt
ltparam-namegtreplacelt/param-namegt
ltparam-valuegtampltlt/param-valuegt
lt/init-paramgt lt/filtergt ltfiltergt
ltfilter-namegtgtFilterlt/filter-namegt
ltfilter-classgtfilter.SensureFilterConfiglt/filte
r-classgt ltinit-paramgt
ltparam-namegtfindlt/param-namegt
ltparam-valuegtlt!CDATAgtgtlt/param-valuegt
lt/init-paramgt ltinit-paramgt
ltparam-namegtreplacelt/param-namegt
ltparam-valuegtlt!CDATAgtgtlt/param-valuegt
lt/init-paramgt lt/filtergt
22
ltfiltergt ltfilter-namegtampFilterlt/filter
-namegt ltfilter-classgtfilter.SensureFilterConfig
lt/filter-classgt ltinit-paramgt
ltparam-namegtfindlt/param-namegt
ltparam-valuegtlt!CDATAgtlt/param-valuegt
lt/init-paramgt ltinit-paramgt
ltparam-namegtreplacelt/param-namegt
ltparam-valuegtlt!CDATAampgtlt/param-valuegt
lt/init-paramgt lt/filtergt ltfiltergt
ltfilter-namegtquotFilterlt/filter-namegt
ltfilter-classgtfilter.SensureFilterConfiglt/filte
r-classgt ltinit-paramgt
ltparam-namegtfindlt/param-namegt
ltparam-valuegtlt!CDATA"gtlt/param-valuegt
lt/init-paramgt ltinit-paramgt
ltparam-namegtreplacelt/param-namegt
ltparam-valuegtlt!CDATAquotgtlt/param-valuegt
lt/init-paramgt lt/filtergt
23
ltfilter-mappinggt ltfilter-namegtampFilterlt/filte
r-namegt lturl-patterngt.jsplt/url-patterngt
lt/filter-mappinggt ltfilter-mappinggt
ltfilter-namegtltFilterlt/filter-namegt
lturl-patterngt.jsplt/url-patterngt lt/filter-mapp
inggt ltfilter-mappinggt ltfilter-namegtgtFilterlt/
filter-namegt lturl-patterngt.jsplt/url-pat
terngt lt/filter-mappinggt ltfilter-mappinggt
ltfilter-namegtquotFilterlt/filter-namegt
lturl-patterngt.jsplt/url-patterngt lt/filter-mapp
inggt lt/web-appgt
24
The Filter
25
package filter import javax.servlet. import
javax.servlet.http. import java.io. import
java.util. import filter.SensureWrapperConfig
public class SensureFilterConfig implements
Filter private FilterConfig filterConfig
private String find, replace public void
setFilterConfig(final FilterConfig filterConfig)
this.filterConfig filterConfig
public void doFilter(final ServletRequest
request, final
ServletResponse response,
FilterChain chain) throws IOException,
ServletException SensureWrapperConfig
req new SensureWrapperConfig((HttpServletRequest
)request,
find,
replace)
chain.doFilter(req,response) public void
init(FilterConfig c) this.filterConfig
c find filterConfig.getInitParameter("fin
d") replace filterConfig.getInitParameter(
replace") public void destroy()
this.filterConfig null
26
We need a wrapper

• Because a request cannot be modified once it is
  created (read only)

27
package filter import javax.servlet. import
javax.servlet.http. import java.io. import
java.util. // This class is reading and
mofifying the parameter list public class
SensureWrapperConfig extends HttpServletRequestWra
pper private String find, replace public
SensureWrapperConfig(HttpServletRequest req)
super(spørsmål) public
SensureWrapperConfig(HttpServletRequest req,
String find,
String replace)
super(req) this.find find
this.replace replace public String
getParameter(String param) String value
super.getParameter(param) value
value.replaceAll(find,replace) return
value
28
Example 3Modify the response
ltbodygt
ltheadgt ltlink rel"stylesheet" href"style.css"
type"text/css"/gt lt/headgt ltbodygt
29
ltweb-appgt ltfiltergt ltfilter-namegtpostFil
terlt/filter-namegt ltfilter-classgtfilter.BodyFilt
erlt/filter-classgt ltinit-paramgt
ltparam-namegtfindlt/param-namegt
ltparam-valuegtlt!CDATAltbodygtgtlt/param-valuegt
lt/init-paramgt ltinit-paramgt
ltparam-namegtreplacelt/param-namegt
ltparam-valuegtlt!CDATA ltheadgt
ltlink rel"stylesheet" href"style.css"
type"text/css"/gt lt/headgt
ltbodygt gtlt/param-valuegt
lt/init-paramgt lt/filtergt ltfilter-mappinggt
ltfilter-namegtpostFilterlt/filter-namegt
lturl-patterngt.jsplt/url-patterngt lt/filter-mapp
inggt lt/web-appgt
30
The Filter
31
import filter.BodyWrapper public class
BodyFilter implements Filter private
FilterConfig filterConfig private String find,
replace public void setFilterConfig(final
FilterConfig filterConfig)
this.filterConfig filterConfig public
void doFilter(final ServletRequest request,
final ServletResponse response,
FilterChain chain)
throws IOException, ServletException
OutputStream out response.getOutputStream()
KroppsWrapper res new KroppsWrapper((HttpServle
tResponse)response) chain.doFilter(request,
res) String body new String(svar.getData())
body body.replaceAll(find,replace)
out.write(body.getBytes()) out.close()
public void init(FilterConfig c)
this.filterConfig c find
filterConfig.getInitParameter("find")
replace filterConfig.getInitParameter(replace")
public void destroy()
this.filterConfig null
32
The Wrapper
33
Part 1
package filter import javax.servlet. import
java.io. public class BodyStream extends
ServletOutputStream private
DataOutputStream stream public
BodyStream(OutputStream output)
stream new DataOutputStream(output)
public void write(int b) throws IOException
stream.write(b) public void
write(byte b) throws IOException
stream.write(b) public void
write(byte b, int off, int len) throws
IOException stream.write(b, off,
len)
package filter import javax.servlet. import
javax.servlet.http. import java.io. import
filter.BodyStream public class BodyWrapper
extends HttpServletResponseWrapper private
ByteArrayOutputStream output private int
contentLength private String contentType
private FilterConfig filterConfig private
String find, replace public KroppsWrapper(HttpS
ervletResponse res) super(res)
output new ByteArrayOutputStream()
public byte getData() return
output.toByteArray() public
ServletOutputStream getOutputStream()
return new KroppsStream(output)
34
public void setContentLength(int length)
this.contentLength length
super.setContentLength(length) public
int getContentLength() return
contentLength public void
setContentType(String type)
this.contentType type super.setContentType(
type) public String getContentType()
return contentType public
PrintWriter getWriter() return new
PrintWriter(getOutputStream(), true)
Part 2
35
Have a nice weekend