Introduction to Web App Development

quicksandwalleyeInternet και Εφαρμογές Web

31 Οκτ 2013 (πριν από 3 χρόνια και 9 μήνες)

80 εμφανίσεις

Introduction to Web App Development

Allen Day

Notes


This is a training
NOT

a presentation


Please ask questions


https://tech.lds.org/wiki/Java_Stack_Training


Prerequisites


Basic Java and HTML skills.


Installed
LDSTech

IDE (or other equivalent).


Installed App Server (such as Tomcat).

Overview


Basic Web App Architecture


HTTP


CGI Overview


Understanding the role of servlets


Maven Project Directory Structure


Servlet Life Cycle


Event Listeners


Servlet Filters


Servlet Response (Redirect, Request Dispatch)

Basic Web App Architecture

Request

WWW Browser

Web Server

Response

Basic Web App Architecture

Request

WWW Browser

Web Server

Response

HTTP

Request

WWW Browser

Web Server

Response

HTTP

HTTP Request Methods


GET


POST


HEAD


TRACE


PUT


DELETE


OPTIONS


CONNECT

GET Method


Simple


The total amount of characters in a GET is
limited.


The data you send with the GET is appended to
the URL, so whatever you send is exposed.

POST Method


Used for complex requests, such as form
submissions.


Parameters are stored in the body.

CGI Overview

1. Submit Form

WWW Browser

Web Server

Application Server

2. Call CGI

3. CGI Program’s response

4. CGI Program’s response

CGI Process Form

use
strict;

main();

sub main ()

{

my $query;

read
( STDIN, $query, $ENV{CONTENT_LENGTH} );

my
@
param

= split( /&/, $query );

my %pairs = ();

foreach

my $item ( @
param

)

{

my ($key, $value) = split( /=/, $item );

$key =~
tr
/+/ /;

$value =~
tr
/+/ /;

$key =~ s/%([A
-
F
\
d]{2})/
chr
(hex($1))/
ieg
;

$value =~ s/%([A
-
F
\
d]{2})/
chr
(hex($1))/
ieg
;

$
pairs{$key} = $value;

}

my
$name = $pairs{name};

my $email = $pairs{email};

my $machine = $ENV{REMOTE_HOST
};


print
( STDOUT "
Content
-
Type:text
/html
\
r
\
n" );

print( STDOUT "Status: 200 Ok
\
r
\
n" );

print( STDOUT "
\
r
\
n" );

print( STDOUT <<HTML );

<html>

<head> <title>Form example output</title> </head>

<body>

<h1>welcome</h1>

<
hr
>

<p> Hi <
em
>$name</
em
> of <
em
>$email</
em
> from machine <
em
>$machine</
em
> </p>

<
hr
>

</body>

</html>

HTML

}


CGI Issues


M
ay
intentionally or unintentionally leak information
about the host system that will help hackers break in
.


Scripts may be vulnerable to attacks in which the
remote user tricks them into executing commands.


Susceptible to Buffer overflows.


Insufficient input validation.


Each call to a CGI script runs as a separate process
.


Simultaneous CGI requests cause the CGI script to be
copied and loaded into memory as many times as there
are requests
.



Servlet Overview

Client

Servlet Container

Web Server

Request

Response

Advantages of Servlets


Efficient


Convenient


Powerful


Portable


Inexpensive


Secure


Mainstream


Advantages of Servlets


Servlets stay loaded and client requests for a Servlet
resource are handled as separate
threads

of a single
running Servlet.


A servlet can be run by a servlet engine in a restrictive
environment, called a sandbox. This reduces security
risks
.


Maven Project Directory Structure






pom.xml

web.xml

pom.xml








<
project

xmlns
="http://maven.apache.org/POM/4.0.0"
xmlns:xsi
="http://www.w3.org/2001/XMLSchema
-
instance"


xsi:schemaLocation
="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven
-
v4_0_0.xsd">



<
modelVersion
>4.0.0</
modelVersion
>



<
groupId
>
org.lds.training
</
groupId
>



<
artifactId
>
MyServlet
</
artifactId
>



<
packaging>war</packaging>



<
version>1.0</version>





<
dependencies
>



<
dependency>



<
groupId
>
javax.servlet
</
groupId
>



<
artifactId
>
servlet
-
api
</
artifactId
>



<
version>2.5</version>



</
dependency
>



</
dependencies
>



</
project
>

web.xml








<web
-
app
xmlns
="http://java.sun.com/xml/ns/
javaee
"


xmlns:xsi
="http://www.w3.org/2001/XMLSchema
-
instance"


xsi:schemaLocation
="http://java.sun.com/xml/ns/
javaee

http://java.sun.com/xml/ns/javaee/web
-
app_2_5.xsd"


version="2.5">




<display
-
name>
Welcome to Java Stack Training
</
display
-
name>



<description>
Introduction to
Servlets</
description
>




<
servlet>



<
display
-
name>
HelloWorldServlet
</display
-
name>



<
servlet
-
name>
HelloWorldServlet
</servlet
-
name>



<
servlet
-
class>
org.lds.training.HelloWorldServlet
</servlet
-
class>


</
servlet>



<
servlet
-
mapping>



<
servlet
-
name>
HelloWorldServlet
</servlet
-
name>



<
url
-
pattern>/
HelloWorldServlet
</
url
-
pattern>



</
servlet
-
mapping>


</web
-
app>

Lab 1: Simple Servlet

https://tech.lds.org/wiki/Introduction_To_Servlets
#Lab_1_Simple_Servlet

Servlet Life Cycle

1.
Load class

2.
Instantiate servlet

3.
init

4.
service

5.
doGet
,
doPost
,
doTrace
,
doDelete
,
doPut


6.
destroy


Servlet Container

Client

Servlet Container

Web Server

Servlet Container


Context (Web Application)


Session


Request

Servlet Container

1.
Loads
the servlet class
.

2.
Creates an instance of the servlet class
.

3.
Initializes the servlet instance by calling the
init

method
.

4.
Handles client requests.

5.
If the container needs to remove the servlet it
finalizes the servlet by
calling
the servlet's
destroy
method.


Servlet Container


Communications support


Lifecycle Management


Multithreading Support


Declarative Security


JSP Support

Servlet Container

Servlet Container

Web Server

r
equest

r
esponse

Servlet

Servlet Container

Servlet Container

r
equest

r
esponse

Servlet
thread

Servlet Container

Servlet Container

r
equest

r
esponse

Servlet
thread

Service()

Servlet Container

Servlet Container

r
esponse

Servlet
thread

Service()

doGet
()

Servlet Container

Servlet Container

Web Server

r
equest

r
esponse

X

HttpServletRequest



Method

Description

getCookies
()

Obtain array of cookies

getHeader
()

Returns the value of the
specified request header as a
String.

getParameter
()

Returns the value of a request
parameter as a String.

getRequestURL
()

Reconstructs the URL the
client used to make the
request.

getSession
()

Returns the current valid
session associated with this
request or creates a new
session

HttpServletRequest

String name =
request.getParameter
("
fullName
“);


String
requestMethod

=
request.getMethod
();


String
userAgent

=
request.getHeader
(
"User
-
Agent
");


String host =
request.getHeader
(
"host
");

HttpServletResponse



Method

Description

addCookie
()

Adds the specified cookie to
the response

encodeURL
()

Encodes the URL by including
the session id in it if needed

sendError
()

Sends an error response to the
user with the specified error
code

sendRedirect
()

Sends a redirect request to the
user

HttpServletResponse


response.
setContentType
("text/html");




PrintWriter

out =
response.
getWriter
();


Date
today = new Date
();



out.print
("<html> " + "<body> " +



"<h1 align=center>Hello World</h1> " +



"<
br
> " + today +



"</body> " +"</html>");

Servlet Class

Extends
java.servlet.http.HttpServlet



i
nit
()


s
ervice()


doGet
()


doPost
()


destroy()

init
()

public void
init
()

throws
ServletException

{


// custom code goes here

}


public void
init
(
ServletConfig

config
)

throws
ServletException

{


super.init
(
ServletConfig
)


// custom code goes here

}


service()

public void
service
(
HttpServletRequest

request,

HttpServletResponse

response)

throws
ServletException
,
IOException

{


// Custom code goes here

}


doGet
()

public void
doGet
(
HttpServletRequest

request,

HttpServletResponse

response)

throws
ServletException
,
IOException

{


// Custom Code goes here

}


doPost
()

public void
doPost
(
HttpServletRequest

request,

HttpServletResponse

response)

throws
ServletException
,
IOException

{


// Custom Code goes here

}

destroy()

public void
destroy
() {


// custom code goes here

}

Lab 2: Page Hit Counter

https://tech.lds.org/wiki/Introduction_To_Servlets
#Lab_2_Page_Hit_Counter

Event Listeners

Event Listeners


javax.servlet.ServletContextListener


javax.servlet.ServletContextAttributeListener


javax.servlet.http.HttpSessionListener


javax.servlet.http.HttpSessionAttributeListener


javax.servlet.http.HttpSessionActivationListener


javax.servlet.http.HttpSessionBindingListener


javax.servlet.http.HttpRequestListener


javax.servlet.http.HttpRequestAttributeListener

Event Listeners


javax.servlet.ServletContextListener


javax.servlet.http.HttpSessionListener


javax.servlet.http.HttpSessionActivationListener


javax.servlet.http.HttpRequestListener

web.xml








<listener>


<listener
-
class>
org.lds.training.HelloWorldSessionListener
</
listenerclass
>

</
listener>

<
listener>


<listener
-
class>
org.lds.training.HelloWorldContextListener
</
listener
-
class>

</
listener>

Servlet Filters

Servlet Filters

Client

Servlet Container

Web Server

Request

Response

Filter 1

Filter 2

Servlet Filter








public
void
doFilter
(
ServletRequest

request,
ServletResponse

response,
FilterChain

chain) throws
IOException
,
ServletException

{




// preprocessing code goes here



HttpServletResponse

res = (
HttpServletResponse
)response;



String
name =
request.getParameter
("
fullName
");





if
(
name.equals
("")) {



res.sendRedirect
("index.html");


return;



}



//
pass the request along the filter chain


chain.doFilter
(request
, response
);



//
postprocessing

code goes here

}

web.xml








<filter>


<
filter
-
name>timer</filter
-
name>


<
filter
-
class>
filter.TimerFilter
</filter
-
class>

</
filter>


<filter
-
mapping>



<
filter
-
name>timer</filter
-
name>


<
servlet
-
name>
myservlet
</servlet
-
name
>



<
url
-
pattern
>/
mypath
/*</
url
-
pattern>


</
filter
-
mapping
>

Redirect

response.sendRedirect
(http://lds.org/?lang=eng);

Request Dispatch

// from a
ServletRequest

RequestDispatcher

view =
request.getRequestDispatcher
(“
MyOtherServlet
”);


// from a
ServletContext

RequestDispatcher

view =
getServletContext
().
getRequestDispatcher
(“/
MyOtherServlet
”);


v
iew.forward
(request, response);

Lab 3: Login Filter

https://tech.lds.org/wiki/Introduction_To_Servlets
#Lab_3_Login_Filter

Credit where credit is due


http
://en.wikipedia.org/wiki/Common_Gateway_Interface


http
://
en.wikipedia.org/wiki/Java_Servlet


Head First Servlets & JSP

Bryan Basham, Kathy Sierra & Bert Bates


More Servlets and
JavaServer

Pages

Marty Hall


http://
maven.apache.org/guides/introduction/introduction
-
to
-
the
-
standard
-
directory
-
layout.html


http://download.oracle.com/javaee/5/api
/


http://download.oracle.com/docs/cd/B32110_01/web.1013/b28959/filters.htm



Images
from the Microsoft Clip Art gallery