Server-Side Development Basics

viraginitysplashInternet και Εφαρμογές Web

10 Νοε 2013 (πριν από 3 χρόνια και 5 μήνες)

54 εμφανίσεις

Server
-
Side Development Basics

Harry R. Erwin, PhD

University of Sunderland

CIT304/CSE301

Resources


Hans Bergsten, 2002,
JavaServer Pages,

2nd edition, O’Reilly, ISBN:
0
-
596
-
00317
-
X


http://java.sun.com/products/jsp/


http://www.apl.jhu.edu/~hall/java/Servlet
-
Tutorial/


Farley, et al., 2002,
Java Enterprise in a Nutshell,

2nd edition,
O’Reilly, ISBN: 0
-
596
-
00152
-
5


Brittain and Darwin, 2003,
Tomcat: the Definitive Guide,
O’Reilly.


Kurniawan and Deck, 2004,
How Tomcat Works,
BrainySoftware.com.


Knuckles and Yuen, 2005,
Web Applications: Concepts and Real
World Design,
Wiley.


Nakhimovsky and Myers, 2004,
Google, Amazon and Beyond,
Apress.

Questions to be Answered


What is server
-
side programming (SSP)?


What are some approaches to SSP?


What are SSP basics?


What is JSP?


How can I support SSP?

What is Server
-
Side
Programming (SSP)?


Technologies for developing web pages that
include
dynamic

content

that is web
applications.


Can produce web pages that contain information
that is connection
-

or time
-
dependent.


A key technology for on
-
line shopping, employee
directories, personalized and internationalized
content.

History of Dynamic Web Content


The Common Gateway Interface (CGI) was the first
approach to providing dynamic web content. Used scripts,
and a process, not just an individual thread, was dispatched
for each web page generated. Hence inefficient and did not
scale well.


Numerous second generation alternatives were invented:


FastCGI


mod_perl


NSAPI


ISAPI


Java Servlets


These embedded HTML in programming code. Hence
costly in programmer time.

Scripting

the Third Generation
Approach


Idea: embed simple code in HTML pages!


The HTML pages then use the code to
choose what elements and data to display.


Classes and/or subroutines may be called to
compute information for inclusion in the
web page. Existing APIs can be invoked.


This is known as ‘scripting’.

Some Approaches to Scripting


JavaServer Pages (JSP, uses Java sparingly, will be
covered in these lectures)


Active Server Pages (ASP, uses VBScript, Jscript, COM
or ActiveX components, ODBC). ASP.NET is quite
similar to JSP, using C#. Has not been very popular.


PHP (C
-
like syntax, many functions available, insecure,
covered in DL versions of CIT304)


ColdFusion (CFML, proprietary)


Java servlet template engine (Velocity, FreeMarker)


Not much change in the last five years, other than the
introduction of AJAX (JavaScript + XML).

Some JSP Basics


The HTTP protocol.


Servlets

The HTTP Protocol


A communications model:


A client, often
but not always

a web browser, sends a
request for a resource to a server.


The server returns a response or an error message.


Points to remember:

1.
Stateless protocol.

2.
Delayed feedback.

3.
Server cannot tell how the request was made. No
client
-
side processing can be invoked. (If it could be,
it would be a security nightmare.)

Examples of HTTP Clients


Web browsers (many, including specialized ones for
console interfaces

lynx

and handicapped users)


Search utilities (Sherlock on MacOS X)


Help utilities


FTP clients (e.g., interarchy on MacOS X)


Software registration programs


telnet (a hacker can emulate a web browser by connecting
to port 80)


Specialized programs (e.g., curl)


Cracker toolkits (to generate malformed http requests)

HTTP Requests


Information is specified by an HTTP Uniform
Resource Locator (URL, see RFC
-
2396 and RFC
-
2616).

http://osiris.sunderland.ac.uk:80/~cs0her/index.html


Consists of:


Protocol designation (http and https)


Server
name:port

number (port number defaults to 80
for http and
8080

443 for
https)


Name of the resource being requested. Need
not

be a
file. Here it is: /~cs0her/index.html

HTTP Request Message


Consists of:


Request line


GET resource_name protocol_in_use


POST (provides parameters in the request body, see below)


Request headers


Host (server name)


User
-
Agent (browser type)


Various Accept headers describing formats and languages


Request body (optional)

Java Servlets


Currently, Java is the predominant language for
SSP. This is due to the Java Servlet API.


Advantages over other SSP technologies:


Persistent between invocations, avoiding process
instantiations.


Portable across operating systems and servers.


Good security.


Can use the Java APIs, particularly JDBC.


Is integrated closely with the J2EE environment.

Servlets


A servlet runs in a servlet container within a Java
Virtual Machine.


Servlet containers:


Apache/Jserv, which supports Servlets 2.0.


Mortbay.com/Jetty


IBM/WebSphere


Jakarta/Tomcat 4.0 (This is the reference implemen
-
tation for the Servlet 2.3 API). Available from
http://jakarta.apache.org
. We will discuss Tomcat in a
later lecture.

Servlet Basics


The Servlet API consists of two Java
packages:


javax.servlet


javax.servlet.http


Required for J2EE 1.3

Servlet Lifecycle


A client makes a request involving a servlet
running on the server.


The servlet is responsible for loading and
executing the Java classes that generate the HTML
content.


To the client, this looks like standard HTML
processing,
except faster
.


The servlet then need not shut down. Instead, it
can handle subsequent requests without restarting.

Servlet Methods


init(), to handle startup. Once init() runs, the
servlet is available.


service() is called to process each request. Disk
writes are only needed to preserve state.
Arguments to service() are ServletRequest and
ServletResponse objects.


destroy() is called to clean up resources when the
server shuts down (if it ever shuts down).

Core of the API


javax.servlet.Servlet interface.


javax.servlet.http.Servlet class, implementing the
interface. Designed to work with the HTTP
protocol.


javax.servlet.GenericServlet class, implementing
the interface. This class is communication
protocol agnostic. Can implement a filtering
servlet to adapt output from some other source.
This can provide other protocol services (e.g., ftp).

A Web Application


A set of resources (servlets, static content,
.jsp files, class libraries) installed in a
specific
path
, making up a directory.


Should be organized as a chroot jail.


Multiple servlets can exist concurrently.
Run in a common ServletContext.


Be careful

the
path

can change from
machine to machine.

Supporting JSP


Requirements:


Workstation or PC with an internet connection.


Java 2 SDK (available from Sun, links on my
COM379 handbook page)


JSP 1.2
-
enabled web server such as Apache
Tomcat (Jakarta Project). This is available here
at the Informatics Centre.

Sounds Good?


Not really

Java servlets have to be programmed
and their configuration must be managed.


Programmers make $50,000
-
$90,000 in the USA,
and programs are notoriously hard to develop and
maintain. This is particularly a problem when
changes to business logic force changes.


Next lecture: we will look at how the same thing
can be done more quickly, easily, and flexibly
with web pages.

Conclusions


You’ve gained a general understanding of what
Server Side Processing (SSP) is.


You’ve seen the role of SSP in HTTP processing.


You’ve been introduced to Java Servlets, and


You now know the basic configuration for servlet
processing.


Next lecture, you will see how JavaServer Pages
(JSP) interact with this environment.