LectureL

quaggahooliganInternet and Web Development

Feb 5, 2013 (4 years and 8 months ago)

122 views

M
-
V
-
C for web applications

Model for Web Applications


model consists of data and system state


database tables


persistent data


session information


current system state data


business logic (eCommerce)


rules governing the transaction

View for web applications


view gives a presentation of the model


client
-
side presentation in a browser window


(D)HTML


CSS stylesheets


server
-
side templates


administrative information


server output logs

Controller for web applications


controller handles events


user
-
generated events


client
-
side scripting


http request processing


redirection


preprocessing


system maintenance


web application management

M
-
V
-
C Example

PHP

/CGI

Web

Server

Web

Browser

presentation

request processing

program logic

controller

view

model

two
-
tier client
-
server architecture

M
-
V
-
C Example

JSP

/ASP

/CF

Web

Server

Web

Browser

entity

entity

view

controller

view/

controller

model

model

multi
-
tier client server architecture

development of absence monitoring
web app


model data


student ids and names


number of absences


model API


list names


list names and absences


update absences


implement as a relational database

development of absence monitoring
web app


views


attendance register


list of absences


add a student


delete a student


implemented in a browser


DHTML interface


pages dynamically generated from model

development of absence monitoring
web app


controller


handle requests for views


generate correct page from the database


update the model


translate user action into a database update


update the views


refresh browser when view changes


build the model


design data structure


implement tables


create SQL queries


support all required
functionality


test queries against
sample data


this is a simple view

build the view


develop server side
scripts to query the
database


SQL already tested is
the model API


design web pages and
embed the scripts


view now updates from
the model

build the controller


add client side scripts


JavaScript


HMTL forms


input validation


add navigation
functionality


frames


layers


update confirmation
pages

web application frameworks

web application frameworks


technologies designed to implement web
apps in M
-
V
-
C


model 2 architecture


provide standard re
-
useable components for
model, view and controller


greatly ease the design of large
sophisticated web apps


significant learning curve

web application frameworks


typically xml configuration files “glue”
components into an application


implement standard web concepts


interface features (forms)


request and response objects


sessions


database interactions


many frameworks exist

web application frameworks


Many frameworks are being developed…


JavaServer Faces, Struts, Webwork2


WebObjects (.NET specific)


Model Glue (ColdFusion specific)


Velocity, Fusebox, Mach II, Maypole, Catalyst,
Tapestry, ZNF, Phrame, Cocoon, Ruby on
Rails, …


Most, but not all, are based around M
-
V
-
C

CGI programming

Common Gateway Interface


interface between web server and other
programs (cgi scripts)


information passed as environment
variables


passed to standard input (STDIN)


script outputs to standard output
(STDOUT)


output is http response message

CGI Environment


Web Server defines


working directory


preset variables


filehandles (links to resources on the server)


CGI script must produce


minimal set of response headers


e.g.
Content
-
Type: text/html


content of http response

Environment Variables


provide info about the web server and the
client


information drawn from http request headers

SERVER_NAME

REMOTE_ADDR

CONTENT_LENGTH

CONTENT_TYPE

Server
-
Script interface


STDIN


Web server launches CGI program and
provides standard input


STDOUT


CGI program outputs response to web server


STDERR


Web server handles CGI program error output


Apache appends it to error log

CGI Output


headers:


Content
-
Type


print “Content
-
Type:text/html
\
n
\
n”;


Location


print “Location:someFile.html
\
n
\
n”;


Status


print “503 Service unavailable”;

CGI Example

CGI Example

Ice Cream Stand Design

Browser

Web

Server

CGI

Script

Present order form
and response

Handle request
and response

Produce order form

Process order form

CGI script design


Input


Form data


Output


Order form


Order response


Self
-
referencing form

ice cream stand CGI script

#!/usr/local/bin/perl

#ice cream stand cgi script

use CGI qw(:standard);

print (header(),start_html("Ice Cream
Stand"),h1("Ice Cream Stand"));

if (param()) { #the form has been filled out


$who = param("name");


$flavour = param("flavour");


$scoops = para
m("scoops");


$vat = 1.175;


$cost = sprintf("%.2f", $vat*(1.00 +
$scoops*0.25));


print p("OK $who, have $scoops scoops of
$flavour for £$cost.");

ice cream stand CGI script

} else {# present the form


print (hr, start_form());


print p("What is your name",textfield("name"));



print p("What flavour: ", popup_menu("flavour",
['mint','cherry','mocha'] ));


print p("How many scoops? ",
popup_menu("scoops",[1..3] ));


print p(submit("order"), reset("clear"));


print (end_form, hr);

}

print end_html;

CGI is programmer
-
oriented


HTML embedded in the program


HTML generated as a series of function
calls


requires


knowledge of HTML tags


programming skills

Does CGI implement M
-
V
-
C?


No!


Data processing (model) is inseparable from
response page generation (view)


Also contains elements of controller


Handles request headers and creates response
headers

CGI security problems


scripts can be corrupted by user data


hidden fields


arbitrary commands embedded in text fields


file permissions


file locations


trust relationships between web server and
other machines

speed of CGI


each request creates a new process


overhead of communication through CGI


overhead of interpretation and compilation


Possible solutions (only partly effective)


code optimisation


Fast CGI


mod_perl with Apache

Alternatives to CGI


Java servlets


JSP
-

Java Server Pages


PHP


ASP
-

Active Server Pages


Coldfusion

Java Servlets

Servlets


add functionality to a web server


comparable to CGI


More tightly defined


Separate http handling from middleware


Deployed in a web container (see later)


vendor and platform independent (Java)


integrate with other Java technologies


J2EE framework

Servlets


efficient


permanently available, no compile overhead


robust


encapsulation, type
-
checking, error handling


secure


specialised interfaces to other server resources
that are not vulnerable to attack

Servlets


implement javax.servlet.Servlet interface

public void init(ServletConfig c)


run on initialisation

public void service
(ServletRequest req,
ServletResponse res)


runs for each request and response

public void destroy ()


end of servlet life

Web

Server

Servlet

Class

init(ServletConfig c)

service(ServletRequest
r, ServletResponse s)

destroy()

once at first request or at server start

every request

once when server shuts down

webcontainer

HTTP servlets


Most commonly used servlet subclass


javax.servlet.http.HttpServlet


implements additional methods to handle
http functionality


service() method passes handling to more
specific sub
-
class methods


doGet, doPost …

The “Hello World” servlet

import java.io.*;

import javax.servlet.*;

import javax.servlet.http.*;

public class HelloWorld extends
HttpServlet{

The “Hello World” servlet

public void doGet
(HttpServletRequest req,


HttpServletResponse res) throws
ServletException, IOException {


res.setContentType(“text/html”);


Printwriter out = res.getWriter();

The Hello World servlet

out.println (“<html>”);

out.println (“<head><title>”);

out.println (“Hello World”);

out.println (“</title></head>”);

out.println (“<body>”);

out.println (“<h1>Hello World</h1>”);

out.println (“</body></html>”);


}

}

Servlets vs CGI


similar idea


web container “like” CGI environment


request and response objects vs std I/O


servlet compilation once only


much faster, even though run in JVM


security problems greatly reduced


web container is much more secure


but

still

HTML embedded in code

Java Server Pages

Java Server Pages (JSP)


Template for page generation


Separates code from HTML


HTML with additional jsp tags processed
on server side


links to other Java entities for more
complex processing/ database access


platform independent

JSP elements


A JSP is a template for generating a web
page


Response to an http request


JSP elements are tags embedded in HTML


JSP scripting elements


Specify Java code to be run when template is
requested


Separate the coding from HTML content


Fits with M
-
V
-
C philosophy

<HTML>

<HEAD>


<TITLE>JSP Digital Clock</TITLE>

</HEAD>

<BODY>


<H1>Date and Time</H1>

<!
--
table in here
--
>


<%= new java.util.Date.toString() %>

<!
--

end table
--
>

</BODY>

</HTML>

Simple JSP Example

JSP scripting elements


Three different kinds of scripting,
determining when each is executed:


Insert snippets of Java code




<% … %>


embed a code
expression
, which
evaluates in the response (no ;)




<%= … %>


declare variables and methods




<%! … %>

Examples

<!
--
Declare a variable
--
>

<%! String name = “Gandalf”; %>


<!
--

Do some processing
--
>

<% name = name + “ the Grey”;%>


<!
--

Output a result
--
>

<h1><%= name %></h1>

result