COMP9321 Web Applications Engineering:
Java Servlets
Service Oriented Computing Group, CSE, UNSW
Week 2
Different Layers in an Application
Different solutions for each layer
Presentation Layer
I JSP, XSLT, CSS, HTML
Business logic
I Java classes
Data Access Layer
I Data Access Objects
Data Store
I RDBMS, OODBMS, XML Database
MVC pattern
Browser JSP (View) JavaBean (Model) Data request response Server Servlet (Controller) Container request 1 2 3 5 4Java Servlets
A Java technology for generating dynamic content.
Used to process HTTP request and generate HTTP response. Servlets are executed by a servlet container
Servlet containers are web server extensions (eg., Apache Tomcat) that provide servlet functionality.
http://java.sun.com/products/servlet/index.jsp Web Browser <FORM> <INPUT> parameters... </INPUT> </FORM> Web Server Servlet Container Servlet classes DB HTTP Request (URL + data) HTTP Response: HTML (+javascript) request response (content produced from servlet)
Java Servlets
A Java technology for generating dynamic content.
Used to process HTTP request and generate HTTP response.
Servlets are executed by a servlet container
Servlet containers are web server extensions (eg., Apache Tomcat) that provide servlet functionality.
http://java.sun.com/products/servlet/index.jsp Web Browser <FORM> <INPUT> parameters... </INPUT> </FORM> Web Server Servlet Container Servlet classes DB HTTP Request (URL + data) HTTP Response: HTML (+javascript) request response (content produced from servlet)
Java Servlets
A Java technology for generating dynamic content.
Used to process HTTP request and generate HTTP response. Servlets are executed by a servlet container
Servlet containers are web server extensions (eg., Apache Tomcat) that provide servlet functionality.
http://java.sun.com/products/servlet/index.jsp Web Browser <FORM> <INPUT> parameters... </INPUT> </FORM> Web Server Servlet Container Servlet classes DB HTTP Request (URL + data) HTTP Response: HTML (+javascript) request response (content produced from servlet)
Java Servlets
A Java technology for generating dynamic content.
Used to process HTTP request and generate HTTP response. Servlets are executed by a servlet container
Servlet containers are web server extensions (eg., Apache Tomcat) that provide servlet functionality.
http://java.sun.com/products/servlet/index.jsp Web Browser <FORM> <INPUT> parameters... </INPUT> </FORM> Web Server Servlet Container Servlet classes DB HTTP Request (URL + data) HTTP Response: HTML (+javascript) request response (content produced from servlet)
Java Servlets
A Java technology for generating dynamic content.
Used to process HTTP request and generate HTTP response. Servlets are executed by a servlet container
Servlet containers are web server extensions (eg., Apache Tomcat) that provide servlet functionality.
http://java.sun.com/products/servlet/index.jsp Web Browser <FORM> <INPUT> parameters... </INPUT> </FORM> Web Server Servlet Container Servlet classes DB HTTP Request (URL + data) HTTP Response: HTML (+javascript) request response (content produced from servlet)
Tomcat Web container structure
bin (star/stop the server), common/lib (shared libraries, Tomcat-wide) conf (server configuration files)
webapps (Web application base directory)
The structure of a Web Application Archive (.war): simple.war\ index.html WEB-INF\ lib classes\myFirstServlet.class web.xml
To access the Web app:
http://localhost:8080/simple/index.html
Making servlets available in the Web container
1 Create the standard Web application directory structure 2 Write a servlet
3 Compile
4 Write a deployment descriptor (web.xml)
5 Package all up into an archive file and name it appname.war 6 Copy the war file into $CATALINA HOME/webapps
7 The server detects the application and makes it available to the users:
http://localhost:8080/appname/
There are tools developed designed to assist the programmers with the series of tasks involved in writing Web applications.
e.g., Ant tasks for Tomcat, Eclipse Web Tools Platform (WTP)
How the Container handles a request
((HeadFirst) p.42)Web Server Machine
Container Client HTTP Request HttpServletRequest HttpServletResponse Container Client Servlet Container Client Servlet thread request response Servlet Servlet Servlet
How the Container handles a request
((HeadFirst) p.42) Container Client Servlet thread request response Container Servlet thread response Container Servlet thread request response service() service() doGet() Generated Content HTTP Response Generated ContentYour Servlet inherits ”lifecycle” methods
service(ServletRequest, ServletResponse) init(ServletConfig) destroy() getServletConfig() getServletInfo() <<interface>> Servlet service(ServletRequest, ServletResponse) init(ServletConfig) destroy() getServletConfig() getServletInfo() getInitParameter(String) getInitParameterNames() getServletContext() log(String) GenericServlet service(ServletRequest, ServletResponse) service(HttpServletRequest, HttpServletResponse) doGet(HttpServletRequest, HttpServletResponse) doPost(HttpServletRequest, HttpServletResponse) doHead(HttpServletRequest, HttpServletResponse) doPut(HttpServletRequest, HttpServletResponse) doOptions(HttpServletRequest, HttpServletResponse) HttpServlet doGet(HttpServletRequest,HttpServletResponse) myBusinessMethod() MyServlet javax.servlet.* javax.servlet.http.*A typical Servlet looks like this
package com.comp9321;
import java.io.*; import javax.servlet.*; import javax.servlet.http.*;
public class OneServlet extends HttpServlet {
public void doGet (HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException {
res.setContentType("text/html"); PrintWriter out = res.getWriter();
java.util.Date today = new java.util.Date();
out.println("<HTML><BODY><H1>OneServlet says it is now: "); out.println(today + "</H1></BODY></HTML>");
out.close();
} }
Note: Nomain()- the container calls the servlet methods like doGet() through
service()... How does the container know which servlet to call?
Servlet Names
A servlet may have three names
I Name that the client uses
I Name that used at deployment time
I Actual class name (i.e., OneServlet.class)
All these names are declared and mapped in the deployment descriptor (web.xml)
Mapping servlet names improves your app’s flexibility and security in web.xml <web-app xmlns="http://java.sun.com/xml/ns/j2ee" ... <servlet> <servlet-name>OneServlet</servlet-name> <servlet-class>com.comp9321.OneServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>OneServlet</servlet-name> <url-pattern>/oneservlet</url-pattern> </servlet-mapping> ...
URL to the servlet - http://localhost:8080/myApplication/oneservlet
A Lifecycle of a Servlet
The Web container controls the lifecycle of a servlet class
Container
Web Container Servlet Class Servlet Object
100101 000001 1010 10 000101 initia lised initia lised load class Instantiate servlet init() service() destroy() handle client requests (doXX())
Servlet’s Life
((HeadFirst) p.99)lifecycle calls
When it’s called What it’s for Override
it? init() Container calls init() after the
servlet instance is created but before the serlvet can service client’s requests
Gives you a chance to ini-tialise your servlet before han-dling any requests
No*
service() When the first client request comes in, the container starts a new thread and calls ser-vice() method
This one looks at the re-quest and determines the HTTP method and invokes the matching doXX() on the servlet
No.
doXX() The service() method invokes appropriate doXX()
This is where your Servlet code begins. This is the method that is responsible for whatever the servlet is sup-posed to be doing
Always
* Maybe ... (e.g., getting a database connection), but not always
Why care about this initialisation details?
(HeadFirst) p.104Once the servlet is initialised, the servlet gets access to two important objects:
A ServletConfig object:
I One ServletConfig object per servlet
I Use it to pass deploy-time information to the servlet (any info. that you do not want to hard-code into the servlet)
I Use it to access the ServletContext
I Parameters are configured in the deployment descriptor
A ServletContext
I One ServletContext per Web application (they should have named it AppContext)
I Use it to access parameters that are Web application-wide
I Use it as a kind of application bulletin-board, where you can put up
info (called attributes) that other parts of the application can access
I Use it to get server info, including the name and version of the container, etc.
Why care about this initialisation details?
(HeadFirst) p.104 does not exist Servlet (initialised) init(ServletConfig) service() destroy() constructorBy the time servlet is running doXX(), it's got
a ServletConfig
ServletConfig
Servlet A Servlet B Servlet C
JSP A ServletContext ServletConfig ServletConfig ServletConfig App.-Wide params Servlet-Wide params
ServletConfig: Passing servlet configuration information
The Web container can pass some configuration information (eg., initial parameters) for individual servlets .... in web.xml:
<web-app> <servlet> <servlet-name>DemoServlet</servlet-name> <servlet-class>com.comp9321.ConfigDemoServlet</servlet-class> <init-param> <param-name>WebMaster</param-name> <param-value>Helen Paik</param-value> </init-param> <init-param> <param-name>WebMasterEmail</param-name> <param-value>hpaik@webmaster.com</param-value> </init-param> </servlet> <servlet> <servlet-name>SecondDemoServlet</servlet-name> <servlet-class>com.comp9321.NextDemoServlet</servlet-class> <init-param> <param-name>language</param-name> <param-value>Italian</param-value> </init-param> </servlet> </web-app>
Who’s responsible for what?
Container or Servlet
Creates the request and response objects? Calls the service() method?
Adds HTML content to the response object?
Has a name that matches the <servlet-class>element in the DD? Has a reference to the response objects?
Finds the URLs in the DD?
Starts a new thread to handle requests? Setting the content type of the response?
The difference between GET and POST
GET /myapp/selectBeerTaste.do?colour=dark&taste=malty HTTP/1.1 HOST:www.cse.unsw.edu.au
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US
Accept: text/xml, application/xml, application/xhtml+xml, text/html, video/x-mng, image/png Accept-Language: en-us
Connection: Keep-alive
POST /myapp/selectBeerTaste.do HTTP/1.1 HOST:www.cse.unsw.edu.au
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US
Accept: text/xml, application/xml, application/xhtml+xml, text/html, video/x-mng, image/png Accept-Language: en-us
Connection: Keep-alive
colour=dark&taste=malty
New Empty Line BODY (payload)
The difference between GET and POST
Sensitive data should NOT be used with GET
I GET’s parameter data shows up in the browser’s input bar
POST cannot be bookmarked
I If you want to let users specify search parameters and save it for later, cannot use POST
GET is supposed to be used for getting things - information retrieval POST is supposed to be used for sending data to be processed -update or change something on the server
Servlet
Servlet
DB POST
GET
Servlet uses the POST data to update the database Sends back a response
with a generated HTML page
Sends back a response with a generated HTML page
What determines whether the browser sends GET/POST
POST
<A HREF="http://www.cse.unsw.edu.au/myapp/index.html>click here</A> GET
<form method="POST" action="SelectBeer.do"> Select Beer<p> <option>light <option>amber <option>dark </select> <center> <input type="Submit"> </center> </form> <form action="SelectBeer.do"> Select Beer<p> <option>light <option>amber <option>dark </select> <center> <input type="Submit"> </center> </form> GET
What if I want to support both GET and POST? public void doPost( ...) throws { doGet(request, response) }
(HeadFirst) p.117
ServletRequest & ServletResponse Interfaces
getAttribute(String) getContentLength() getParameterNames() getParameter() // Many more methods ...
<<interface>> javax.servlet.ServletRequest getContextPath() getCookies() getHeader(String) getQueryString() getSession() //Many more methods
<<interface>>
javax.servlet.http.HttpServletRequest
getButfferSize() setContentType() getWriter()
// Many more methods ...
<<interface>> ServletResponse addCookies() addHeader() encodeRedirectURL() sendError() ...
//Many more methods
<<interface>>
javax.servlet.http.HttpServletResponse
The container implements HttpServletRequest and HttpServletRequest
All you should care about is when servlet is called the service() passes two objects that implements the two to your servlet
HttpServletRequest, HttpServletResponse
The service() method invokes appropriate doXXX() method when the servlet receives an HTTP request.
Typically, your (http) servlet code would have the following structure:
import java.io.*; import javax.servlet.*; import javax.servlet.http.*;
public class MyServlet extends HttpServlet {
public void doGet(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException {
// your code to generate response ... }
public void doPost(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException {
// your code to generate response ... }
HTTP request method determines whether doGet() or doPost() runs.
A simple servlet that generates a text message
import java.io.*;import javax.servlet.*; import javax.servlet.http.*;
public class StaticServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
response.setContentType("text/html"); PrintWriter out = response.getWriter(); out.println("<HTML>"); out.println("<BODY>"); out.println("<HEAD>"); out.println("<TITLE>Static Servlet</TITLE>"); out.println("</HEAD>"); out.println("<body>"); out.println("<CENTER><H1>Hello folks!</H1></CENTER>"); out.println("</BODY>"); out.println("</HTML>"); } }
When you do not want to process the response yourself
if (worksForMe) { // handle the request } else { response.sendRedirect("http://www.cse.unsw.edu.au/myapp/newServlet"); } Redirection (sendRedirect()) Type in a URL Redirect Servlet The servlet decides that the request should go
to a different URL
The servlet calls sendRedirect(aString) on the response new URL (status code 301 and location) Sends request
for the new URL Another
Servlet final response
(HeadFirst) p.134-136
Request Dispatching
You may want to:
include the output from another servlet
delegate (forward) the request processing to another servlet include a static HTML content
You can use methods in the RequestDispatcherinterface:
include: to include content from another resource
public void include(HttpServletRequest req, HttpServletResponse res)
forward: forward a request to another servlet
public void forward(HttpServletRequest req, HttpServletResponse res)
Request Dispatching
You may want to:
include the output from another servlet
delegate (forward) the request processing to another servlet include a static HTML content
You can use methods in the RequestDispatcherinterface: include: to include content from another resource
public void include(HttpServletRequest req, HttpServletResponse res)
forward: forward a request to another servlet
public void forward(HttpServletRequest req, HttpServletResponse res)
Forwarding a request to another servlet
Using include():
The called servlet can only alter the body of the response, and not the headers.
The path information of the request also continues to reflect the original request location.
Using forward():
no content may have been committed to the client (eg., flushBuffer()) the called servlet can adjust the headers as well as the body of the response (content produced up to the forward call is cleared from the buffer).
The path information of the request is altered to reflect the location of the called servlet, and no further output can occur after returning from a forward call (the output is committed upon returning from the call).
Forwarding a request to another servlet
Using include():
The called servlet can only alter the body of the response, and not the headers.
The path information of the request also continues to reflect the original request location.
Using forward():
no content may have been committed to the client (eg., flushBuffer()) the called servlet can adjust the headers as well as the body of the response (content produced up to the forward call is cleared from the buffer).
The path information of the request is altered to reflect the location of the called servlet, and no further output can occur after returning from a forward call (the output is committed upon returning from the call).
Attributes and Sharing Attributes
An attribute is an object bound to one of the following objects:
I ServletContext (web-app wide object!)
I HttpServletRequest
I HttpSession
an attribute is simply a name/value pair - name is a String and attribute is an Object.
Think of it an object pinned onto a board. Somebody sticks it on the board so that others can get it ...
Bulletin Board Attributes Customer Helen Course COMP9321 Choice DarkColour Servlet A Servlet B Servlet C Servlet D
Who has access to the board and how long does it live?
Context Attributes AdminEmail xx@xxxx ConcurrentUsers 42 Servlet DB Connection Servlet read JSP read write read readEveryone in the application has access Session Attributes UserName Helen Shopping Cart A Servlet Servlet JSP read write read
Accessible to only those with access to a specific HttpSession Request Attributes OptionChoice Dark Beer Servlet JSP read write
Accessible to only those with access to a specific (Http)ServletRequest
(HeadFirst, p.187)
Attributes API
(HeadFirst, p. 189) getInitParameters(String) getInitParameterNames() getAttribute(String) setAttribute(String, Object) removeAttribute(String) getAttributeNames() getMajorVersion() getServletInfo() // Many more methods ...<<interface>> ServletContext getContextType() getParameter() getAttribute(String) setAttribute(String, Object) removeAttribute(String) getAttributeNames() // Many more methods ...
<<interface>> ServletRequest
//Nothing related to attributes here ... <<interface>> HttpServletRequest setMaxInactiveInterval() getLastAccessedTime() getAttribute(String) setAttribute(String, Object) removeAttribute(String) getAttributeNames() // Many more methods ...
<<interface>> HttpSession
Context
Request
Session
Attributes are not parameters
(HeadFirst, p. 186)Attributes Parameters
Types
Context (Web App.) Request,
Session
context init params request params, servlet init params
Method to set setAttribute(String name, Object value)
In DD and via client input ...
Return type Object String
Method to get getAttribute(String name) getInitParameters(String name)
no such thing as Session parameters
Object returned from getAttribute() has to be casted.
Request attributes and Request dispatching
We use request attributes when you want some other component of the application take over all or part of your request.
// code in doGet()
String postcode = getPostcode(request.parameter("suburb"); request.setAttribute("pc", postcode);
RequestDispatcher view =
request.getRequestDispatcher("DisplayPostcode.jsp"); view.forward(request, response);
// the JSP will use the attribute pc to access the postcode.
There is no reason to use context or session attributes, since it only applies to this request (so request scope is enough).
Managing the user state
In most web applications:
The user needs to have continuousone-on-one interactions with the application. The user builds up “data” which may have to be shared across multiple pages in the application.
eg., Think of a shopping cart or a flight booking ...
Managing the user state
A problem in HTTP request/response:
Web applications need to maintain a user + his/her data.
HTTP is a stateless protocol.
I A single request/response
I Nothing is remembered ’between requests’ from the same user
It is a programmer’s responsibility:
The term “session” is used to represent the data associated with one user while s/he navigates around a Web applicaiton.
A web application may concurrently host several sessions (i.e., multiple users).
Session Management
Thread c (HeadFirst) p.226 Web container Beer Servlet Thread a Data for Diane Request to recommend a Dark BeersetAttribute(): Stores "Dark Beer" for Diane request 1.
request 2.
response: What price range?
response: What price range?
Web container Thread b Data for Diane Selects "Expensive" response: Guiness response: Guiness Diane Beer Servlet request 1. Request to recommend a Wheat Beer
Data for Terri
Diane
Terri
response: What price range?
response: What price range?
How does the container know who the client is?
The client needs a unique Session ID
Web container ID#4123 Session request, dark setAttribute(): Stores "Dark Beer" for Diane request 1. request 2. response, ID#4123 Web container ID#4123 Session request, Expensive, ID#4123
response, ID#4123 Diane request 1. request, wheat Diane Terri new! - generate an ID new! - generate ID request, ID#4123 HttpServletRequest existing ID! ID#5555 Session setAttribute(): Stores "Wheat Beer" for Terri response, ID#5555
Session Management
There are a number of ways to deal with sessions. The basic idea:
When a user request comes in, besides sending the response, the container also sends an identifier
the identifier is recorded by the server
When the container receives a request with the same identifier, it can treat the request as belonging to the same user
There are four techniques available: Without the container’s help:
I URL rewriting
I HTML hidden fields
I Cookies
With the container’s help:
I HTTP Session objects
URL Rewriting
In this method, you append a token or identifier of the session to the URL of the next servlet (or resource).
http://myserver:port/COMP9321/nextservlet?userId=22987600 (inside nextservlet)
request.getParameter("userId"); You need to consider several things:
URL cannot be longer than 2,000 characters
Special characters such as &, ? or spaces should be encoded The values you pass can be seen in the URL
HTML hidden fields
A token or identifier is passed as the value for an HTML hidden field in a form.
<FORM METHOD=POST ACTION="/nextservletl">
<INPUT TYPE="hidden" NAME="token" VALUE="990088"> <INPUT TYPE="hidden" NAME="allowed" VALUE="true"> <INPUT TYPE="submit" NAME="Continue">
(inside nextservlet)
request.getParameter("token"); request.getParameter("allowed");
URL cannot be seen by the user
but you still can read them from viewing the HTML source. an HTML form is always required in every page
Cookies
A cookie is a small data item that was introduced to maintain HTTP state by Netscape around 1994.
A cookie is created by the server and sent to a browser inside a header. It is subsequently used by the server
The browser does not interpret cookies
Cookies are kept in the browser’s memory, or can be written to a file for future references
Eg., Inside a cookie file
Set-Cookie: username="joe"; path="/"; domain="www.comp9321.com"; expires="2003-06-01 00:00:00GMT"; version=0
Cookies
In servlet programming, a cookie is represented by the Cookie class in the javax.servlet.http package.
Cookie c1 = new Cookie("myCookie", "secret"); You then can add the cookie to the HTTP response using the addCookie method of the HttpServletResponse interface: response.addCookie(c1);
Note that because cookies are carried in the request and response headers, you must not add a cookie after an output has been written to the HttpServletResponse object.
setDomain() getDomain() setMaxAge()
getMaxAge() setPath() getPath()
getName() setValue()
HTTP Sessions with JSESSIONID cookie
The most convenient way of managing sessions is through theSession object, represented by thejavax.servlet.http.HttpSession interface For each user, the container creates an HttpSession object to be associated with that user
The HttpSession object acts like a Hashtable into which you can store any number of key/object pairs (called HttpSession Attributes) An HttpSession object relies on a cookie or URL rewriting to send a token to the client.
The token is usually a unique number called the session identifier (JSESSIONID). This session identifier is used to associate a user with a Session object in the server.
HTTP Sessions Interface
Web container HTTP/1.1 200 OK Set-Cookie: JSESSIONID=0AAB6C8DE415 Content-Type: text/html Content-Lengh: 397Date: Wed, 19 Nov 2005 03:25:40 GMT Server: Apache 1.1 Connection: close <html> ... </html> Request Set Cookie Web container POST /select/BeerPriceRange HTTP/1.1 Host: www.cse.unsw.edu.au User-Agent: Mozilla 5.0 Cookie: JSESSION=0AAB6C8DE415 Accept: next/xml,application/xml,application/xhtml Accept-Language: en-us Next Request
An example of using HttpSession object: the scenario
Issue Welcome Start Session Display Choices Add Choice to Journey Show Journey so far Close Session Welcome Servlet Create a Journey objectfor the user
Menu Servlet Control Servlet Enough Servlet
The Journey Object
In a Journey object, a record of the user’s proposed travel destinations is maintained.
import java.util.*;
import java.io.Serializable;
public class Journey implements Serializable {
private Vector Places;
public Journey() { Places = new Vector(); }
public Iterator getPlaces() { return this.Places.iterator(); }
public boolean addPlace(String place) { return Places.add(place); }
public String toString() { return "Journey to "; } }
Using a Journey Object
The following segment of code:
1 initialises a new Journey object,
2 adds VIC then NSW then QLD to the journey, 3 then (iii) print out the all the places on the route.
Journey jny = new Journey(); jny.addPlace("VIC"); jny.addPlace("NSW"); jny.addPlace("QLD"); Iterator i = jny.getPlaces(); while (i.hasNext()) System.out.println("- "+ i.next());
How session tracking works ...
User Travel-Application WelcomeServlet MenuServlet ControlServlet EnoughServlet request response request response (sessID=50) request (sessID=50) response (sessID=50) request (sessID=50) response SessionTable s25 s29 s36 s50(In the servlet container)
new entry for the new user
SessionData s25 s29 s36 "JourneyFlag" "Queue" "Patron" s50 "JourneyFlag" id attribute address SA WA jny obj Memory jny2 obj user1 user2 user3 user4
When Cookie is disabled by the client ...
The container uses URL rewriting as a fall back method.
public class MenuServlet extends HttpServlet { public void doPost (HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {
res.setContentType("text/html"); PrintWriter out = res.getWriter(); HttpSession session = req.getSession(); out.println("<HTML><BODY>");
out.println("<A HREF=" + response.encodeURL("/ControlerServlet") + ">Next Page</A>"); out.println("</BODY></HTML>");
encodeURL() adds the extra sessionID info to the given URL (e.g., http:// ... /ControlerServlet;JSESSIONID=AJKN88809) you need to use encodeURL for all URLs.
Getting rid of Sessions
Three ways a session can die: It times out
You can call invalidate() on the session object
The application goes down (e.g., crashed or undeployed) Configuring session timeout in DD (in minutes)
<web-app ...> <servlet> ... </servlet> <session-config> <session-timeout>15</session-timeout> </session-config> </web-app>
Setting session timeout for a specific session (in seconds)
session.setMaxInactiveInterval(20*60);
Servlets ...
Web Browser <FORM> <INPUT> parameters... </INPUT> </FORM> Web Server Servlet Container Servlet classes DB HTTP Request (URL + data) HTTP Response: HTML (+javascript) request response (content produced from servlet)Is Java-based technology for generating dynamic HTTP content. A servlet lifecycle is managed by Servlet Container
Follows the request/response paradigm
Implements methods (eg., doGet()) to processHTTP requests Session tracking using HttpSession objects