SSC - Web applications and development Introduction and Java Servlet (II)

(1)

SSC - Communication and Networking

SSC - Web applications and development

Introduction and Java Servlet (II)

Shan He

School for Computational Science University of Birmingham

(2)

SSC - Communication and Networking Outline

Outline of Topics

Servlet Configuration

Two examples of servlets

Java severlet RequestDispatcher interface

(3)

SSC - Communication and Networking Servlet Configuration

Java Web App Directory Layout

I A Java web application requires its resources (servlets, JSP’s

etc.) organised in a standardized way

I The Root Directory: all files that should be accessible in your web application, including images, html files, etc.

I The WEB-INF Directory: meta information directory not

accessible from a browser

I web.xml: contains information about the web application, which is used by the Java web server / servlet container in order to properly deploy and execute the web application

I classes sub-directory: contains all compiled Java classes that are part of your web application.

I lib sub-directory: contains all JAR files used by your web application.

(4)

Java Web App Directory Layout

MyServlet META-INF WEB-INF classes lib welcome.jsp Index.html web.xml myservlet.class Javamail.jar

(5)

Annotation Type WebServlet

I Java servlet is not accessible if you don’t configure your servlet container

I You need to tell your servlet container:

I what servlets to deploy,

I what URL’s to map the servlets to

I This is done by web.xml: web application deployment

(6)

Configuring and Mapping a Servlet

I Step 1: configure the servlet to set the servlet name, and to

write the class name of the servlet: <servlet>

<servlet-name> myservlet </servlet-name>

<servlet-class> MyServlet.myservlet </servlet-class> </servlet>

I Step 2: map the servlet to a URL or URL pattern:

<servlet-mapping>

<servlet-name>myservlet</servlet-name> <url-pattern>*.html</url-pattern> </servlet-mapping>

(7)

Servlet 3.0 Annotations

I Enables declarative-style programming: simply annotating the

class with appropriate annotations, e.g., @WebServlet

I Make deployment descriptors (web.xml) optional for a web

application (but you still need it for welcome page)

I Example:

@WebServlet( urlPatterns = { "*.html"

})

public class myservlet extends HttpServlet { or simply

@WebServlet("*.html")

public class myservlet extends HttpServlet {

(8)

SSC - Communication and Networking Two examples of servlets

Two examples of servlets

I To illustrate servlet configuration and the interactions between sevelet and webpages

(9)

SSC - Communication and Networking Java severlet RequestDispatcher interface

What is a RequestDispatcher interface

I _{RequestDispatcher} interface: “Defines an object that

receives requests from the client and sends them to any resource (such as a servlet, HTML file, or JSP file) on the server”.

I Enables your servlet to “call” other servlet, HTML file, or JSP

file and also pass the request and response

I Essentially a RequestDispatcher object is created by the

servelt container by wrapper around a server resource located at a particular path or given by a particular name.

I Two methods in the RequestDispatcher interface:

I _{forward() : Forwards a request from a servlet to another}

resource on the server.

I _{include() : Includes the content of a resource in the}

(10)

Difference between forward() and include()

I forward() : control is transferred to the next resource you

are calling, the next resource will send response to the client browser

I _{include() : current servlet retains its control but includes}

(11)

forward()

method

Servlet 1 Servlet 2 Response Response Request forward Generate response Send response to the browser

(12)

include()

method

Servlet 1 Servlet 2 Final Response Response Request include Response to be included in Servlet 1 Send to the browser

(13)

SSC - Communication and Networking Java severlet Session Management

What is a session and why use it?

I Session: a conversation between client and server and it can

consists of multiple request and response between them

I HTTP protocol and Web Servers are stateless: for web server

every request is a new request, even it is the same request from the same client

I Web applications sometimes require the client information to

process the request accordingly:

I Example 1: After login with your correct authentication credential, how does the server remember you have logged in?

I Example 2: When you add an entry to your cart, how does the server know what you have added earlier?

I We need to make the server “remember what the user entered

(14)

Session ID

I Session ID: a piece of data that is used in HTTP to identify a

session

I Client store the session ID, while the server associate that ID with other client information such as a user name

I Steps:

I Step 1: Client start a session, e.g., requests a page

I Step 2: Server allocates a random session ID upon the request also store the user information

I Step 3: Session ID is then communicated back to the client

I Step 4: If the client sends subsequent requests, it also sends back the same session ID

I Step 5: The server decide whether the session has “expired”

I Step 6: If not expired, the server associates the user

(15)

How to associate user information with ID

I Three typical ways of associate user information with ID:

I Hidden form fields: a unique hidden field in the HTML of which the server can set its value to the session ID and keep track of the session

I Drawback 1: form with the hidden field must be submitted every time when the request is made from client to server. I Drawback 2: Not secure: hacker can get the hidden field value

from the HTML source and use it to hack the session. I Cookies: a small piece of information that is sent from the

server and stored in the client’s browser. When client make further request, it adds the cookie to the request header and we can utilize it to keep track of the session

I URL Rewriting: Appends a session identifier parameter with every request and response to keep track of the session.

(16)

How to associate user information using cookies?

Set Cookie: SESSIONID=24D644 2B89D1B65FECF1C 8D9FC2232D0 Client Server Login Post Username=GWBush Password=1+1=3 Login successful? 1. Create session ID 2. Return session ID in a cookie 3. Store session ID in a database

Database Session ID Username CreatedTime ExpiredTime LassAccessTime Lookup session ID Session still valid? Cookie:

SESSIONID=24D644 2B89D1B65FECF1C 8D9FC2232D0

(17)

How to use sessions in Servlet?

I Java Sevlet session management provides functions to:

I Transmit the session ID from server to client and vice versa;

I Select stored session IDs;

I Store associated objects/data with each session and check for session expiry.

I The Java Sevlet session management can use HttpSession

class, which essentially uses cookies, or directly use Cookie

class, or URL rewriting

I HttpSession class provides methods to manage Sessions:

I getSession(true) : create a new session object

I getSession() : returns the session object associated with the current request

I _{setAttribute / getAttribute : storing/retrieve}

information in a session