Web Architectures

thickbugΛογισμικό & κατασκευή λογ/κού

28 Οκτ 2013 (πριν από 3 χρόνια και 8 μήνες)

62 εμφανίσεις

Web Architectures

Willem Visser

RW334

Static versus Dynamic Sites


Server Side versus Client Side


Client Side (Browser)


Good for operations that don’t need to access the server


Serious security issues


Javascript


Server Side (Webserver)


Good for operations that access server side entities, such
as DBs


Also got serious security issues


PHP

Server Side Approaches


Server Side Includes (SSI)


instructs the Web server to customize a static resource
based on directives in an HTML
-
like file.


Server Scripts


separate program that generates the request resource.


Common Gateway Interface (CGI)


is a standard interface to external programs supported by
most web servers.


SSI
vs

CGI


SSI


Static HTML + embedded command


Add small amounts of dynamic content to pages, without doing
a lot of extra work


CGI


Generate a complete HTML document in real time

Static versus Dynamic Sites (1)


Static Sites


Few performance demands on Web server


Serving files is light work


Caching is easy to do


State management probably not an issue


Few security risks


Tight permissions possible


No interaction with other executables or processes


Developer support relatively simple


Basic access control and monitoring

Static versus Dynamic Sites (2)


Dynamic Pages on the Server Side


Significantly heavier performance demands


Code execution


Database access


Caching more difficult to do


Complex state management schemes


Security risks go way up


Higher level permissions required


Buffer overflows, code injection, hijacking


Significantly more complex developer support


Install, maintain application environments


Potentially help debug the actual applications


Server Side Processing


Server
-
side processing makes a
simple model significantly more
complex


Basic internal request/response
cycle


Read request


Do authentication if any


Process other headers


Map URL to physical path


Read file or retrieve cached
response


Send response, Log, Cleanup


Server programming adds a new
dimension


Read request, set up internal
data structures


Do authentication if any


Process other headers


Map URL to script or program


Script or program diverts
request handling into new
code paths


Server must wait for result
of processing before it finds
out what it is supposed to
send back


Send response, Log, Cleanup

Server Side Models


Classic CGI model


“fork and exec”


Web server creates new child process, passing it request data as
environment variables


CGI script issues response using standard I/O stream
mechanisms


Examples: Often Perl scripts, could be any language


Server API model


Web server runs additional request handling code inside its own
process space


Examples: Apache Modules, etc.


Web application frameworks


Web server calls API application, which may manage request within its
own pool of resources and using its native objects


Examples: JSP/
Servlets
, ASP.NET, etc.


Pros and Cons



Classic CGI model


Pro: isolation means easiest in principle to secure, least damaging if
something goes wrong


Con: isolation makes it slow & resource intensive


Server API model


Pro: very fast & low overhead if written properly


Con: hard to write; blows up server if done wrong


Web application frameworks


Pro: ideally combines efficiency of API model with safety of CGI; adds
helpful encapsulation of routine tasks like state management


Con: built
-
in tools can be resource hogs in wrong hands; ease of use may
encourage carelessness


Web vs Application Servers


Web Server


What is it?


A

server

that handles
HTTP protocol.




Examples:


Apache (60% of market)


Microsoft IIS


Application Server


What is it?


A

server

that exposes
business logic to client
apps through various
protocols including HTTP.


Examples:


Java Application Servers


Weblogic



Webservers can be seen as a subset of Application Servers

Node.js Webserver

nodejs.org

var

http = require('http');


http.createServer(
function

(req, res) {


res.writeHead(200, {'Content
-
Type': 'text/plain'});


res.end('Hello World
\
n');

}).listen(1337, '127.0.0.1');


console.log('Server running at
http://127.0.0.1:1337/
');



To run the server, put the code into a file

example.js

and execute it with the

node

program from the command line:


% node example.js

Server running at http://127.0.0.1:1337/

Web Application Servers

Webservers

only grab files and sends them onto browsers, so when you need

something from a DB for example, you need an application server.

Application servers
are now so common most people assume they are part of

webservers.

Web Application Servers


Java Application Servers


Java Server Pages and Servlets


J2EE: Business Logic in Enterprise Java Beans (EJB)


Apache Tomcat (only JSP and Servlets)


JBoss (Full J2EE)


Microsoft


.NET Framework

Classic Architectural Options


n
-
Layered Architectures (n = 3)


Client
-
server


Modularization


Any layer can be swapped out without affecting others


Flexible and reusable


Model
-
View
-
Controller (MVC)


Software Engineering concept


Lately applied to web programming

3
-
Layered Architecture


Presentation Layer


HTML, etc.




Application/Logic
Layer





Persistence/Data
Layer



Linear interaction

Tier versus layered

Layers are logical whereas tiers are physical

Model
-
View
-
Controller


Controller


Receives interactions from the user, e.g. mouse
-
click


Sends request to the Model


Model


Contains both application logic and data


Performs state change request from Controller


Returns current state to View


View


Presents the data to the user in a meaningful way


Requests state of the data from the Model

MVC != 3
-
Layered


3
-
Layered only allows linear access


Presentation layer cannot directly access the data
layer, it must first go through the application layer


MVC


The View can directly access the Model to retrieve
its state to render to the user


Also, the Model in MVC is both the
Application Layer and the Data Layer
combined in the 3
-
Layered architecture

Scalability


Distributed systems


Load Balancing


Distribute workload


Software and/or Hardware


One port but many servers


Round
-
Robin DNS


Many sites for one domain


Often times the DB is the issue, so back to
distributed databases