JSP, Bean and Servelet example

thickbugSoftware and s/w Development

Oct 28, 2013 (4 years and 11 days ago)

69 views

CGI programming

Common Gateway Interface


interface between web server and other
programs (cgi scripts)


information passed as environment
variables


passed to standard input (STDIN)


script outputs to standard output
(STDOUT)


output is http response message

CGI Environment


Web Server defines


working directory


preset variables


filehandles (links to resources on the server)


CGI script must produce


minimal set of response headers


e.g.
Content
-
Type: text/html


content of http response

Environment Variables


provide info about the web server and the
client


information drawn from http request headers

SERVER_NAME

REMOTE_ADDR

CONTENT_LENGTH

CONTENT_TYPE

Server
-
Script interface


STDIN


Web server launches CGI program and
provides standard input


STDOUT


CGI program outputs response to web server


STDERR


Web server handles CGI program error output


Apache appends it to error log

CGI Output


headers:


Content
-
Type


print “Content
-
Type:text/html
\
n
\
n”;


Location


print “Location:someFile.html
\
n
\
n”;


Status


print “503 Service unavailable”;

CGI Example

CGI Example

Ice Cream Stand Design

Browser

Web

Server

CGI

Script

Present order form
and response

Handle request
and response

Produce order form

Process order form

CGI script design


Input


Form data


Output


Order form


Order response


Self
-
referencing form

ice cream stand CGI script

ice cream stand CGI script

CGI is programmer
-
oriented


HTML embedded in the program


HTML generated as a series of function
calls


requires


knowledge of HTML tags


programming skills

Does CGI implement M
-
V
-
C?


No!


Data processing (model) is inseparable from
response page generation (view)


Also contains elements of controller


Handles request headers and creates response
headers

CGI security problems


scripts can be corrupted by user data


hidden fields


arbitrary commands embedded in text fields


file permissions


file locations


trust relationships between web server and
other machines

speed of CGI


each request creates a new process


overhead of communication through CGI


overhead of interpretation and compilation


Possible solutions (only partly effective)


code optimisation


Fast CGI


mod_perl with Apache

Alternatives to CGI


Java servlets


JSP
-

Java Server Pages


PHP


ASP
-

Active Server Pages


Coldfusion

Java Servlets

Servlets


add functionality to a web server


comparable to CGI


More tightly defined


Separate http handling from middleware


Deployed in a web container (see later)


vendor and platform independent (Java)


integrate with other Java technologies


J2EE framework

Servlets


efficient


permanently available, no compile overhead


robust


encapsulation, type
-
checking, error handling


secure


specialised interfaces to other server resources
that are not vulnerable to attack

Servlets


implement javax.servlet.Servlet interface

public void init(ServletConfig c)


run on initialisation

public void service
(ServletRequest req,
ServletResponse res)


runs for each request and response

public void destroy ()


end of servlet life

Web

Server

Servlet

Class

init(ServletConfig c)

service(ServletRequest
r, ServletResponse s)

destroy()

once at first request or at server start

every request

once when server shuts down

webcontainer

HTTP servlets


Most commonly used servlet subclass


javax.servlet.http.HttpServlet


implements additional methods to handle
http functionality


service() method passes handling to more
specific sub
-
class methods


doGet, doPost …

The “Hello World” servlet

import java.io.*;

import javax.servlet.*;

import javax.servlet.http.*;

public class HelloWorld extends
HttpServlet{

The “Hello World” servlet

public void doGet
(HttpServletRequest req,


HttpServletResponse res) throws
ServletException, IOException {


res.setContentType(“text/html”);


Printwriter out = res.getWriter();

The Hello World servlet

out.println (“<html>”);

out.println (“<head><title>”);

out.println (“Hello World”);

out.println (“</title></head>”);

out.println (“<body>”);

out.println (“<h1>Hello World</h1>”);

out.println (“</body></html>”);


}

}

Servlets vs CGI


similar idea


web container “like” CGI environment


request and response objects vs std I/O


servlet compilation once only


much faster, even though run in JVM


security problems greatly reduced


web container is much more secure


but

still

HTML embedded in code

Java Server Pages

Java Server Pages (JSP)


Template for page generation


Separates code from HTML


HTML with additional jsp tags processed
on server side


links to other Java entities for more
complex processing/ database access


platform independent

JSP elements


A JSP is a template for generating a web
page


Response to an http request


JSP elements are tags embedded in HTML


JSP scripting elements


Specify Java code to be run when template is
requested


Separate the coding from HTML content


Fits with M
-
V
-
C philosophy

<HTML>

<HEAD>


<TITLE>JSP Digital Clock</TITLE>

</HEAD>

<BODY>


<H1>Date and Time</H1>

<!
--
table in here
--
>


<%= new java.util.Date.toString() %>

<!
--

end table
--
>

</BODY>

</HTML>

Simple JSP Example

JSP scripting elements


Three different kinds of scripting,
determining when each is executed:


Insert snippets of Java code




<% … %>


embed a code
expression
, which
evaluates in the response (no ;)




<%= … %>


declare variables and methods




<%! … %>

Examples

<!
--
Declare a variable
--
>

<%! String name = “Gandalf”; %>


<!
--

Do some processing
--
>

<% name = name + “ the Grey”;%>


<!
--

Output a result
--
>

<h1><%= name %></h1>

result

JSP and Servelets

How does JSP work?


NOT a Java scripting language


NOT like php


JSP are NOT parsed on request


Java code must involve classes, creation of
objects, etc…


JSP is a designer
-
friendly way of writing
servlets

Clock example

Server with

Tomcat

Web

Container

client

translation

request
processing

GET
clock.jsp

1

clock.jsp

read

2

Servelet

clock.java

generate

3

clock.class

compile and
deploy

4

execute

5

http
response

6

public class clock implements Servlet {


public void service (ServletRequest r,


ServletResponse s)


throws ServletException, IOException {


s.setContentType (“text/html”);


PrintWriter out = s.getWriter ();


out.println (“<HTML>”);


out.println (“<HEAD>”);


out.println (“<TITLE>JSP… </TITLE>”);


out.println (“</HEAD>”);


out.println (“<BODY>”);



out.println



(“<H1>Date and Time</H1>”);


out.println




(new
java.util.Date.toString());


out.println (“</BODY>”);


out.println (“</HTML>”);


}

}

JSP directive elements


applied when the JSP is compiled into a
servelet


Only executed once (on compilation)


Do not affect the response


Used to set up resources such as


Java classes


inclusions

JSP directive elements


specify page information (static)

<%@ page … >


scripting language, error page

<%@ include … >

includes a file, e.g. an applet

<%@ taglib … >


declare a tag library (custom actions)

JSP and http

JSP and http


A JSP is a servelet


Permanently resident in server memory


Multi
-
threaded


Request and response objects


Sessions and cookies

Accessing request information


Methods of the request object provide all
request information


object is called “request”

public String getParameter (String name)

public String getMethod ()

public String getHeader (String name)

public Cookie [] getCookies ()

javax.servelet.http.Cookie class


getName ()


the name of the cookie


getValue(), setValue (String value)


gets/sets the value of a cookie


getDomain(), setDomain(String dName)


get/set the cookie domain name


getPath(), String setPath(String path)


get/set the request path the cookie is associated with


getMaxAge(), setMaxAge (int expiry)


get/set maximum age for the cookie

javax.servelet.http.HttpSession


provides standard functionality for handling
sessions


handles cookies as standard but must be
extended to handle URL rewriting


holds client state info resident in memory


automatically times out abandoned sessions


created/returned by HttpServeletRequest
class getSession method

JSP and Java Beans

Java Beans


ordinary Java classes with the following
properties:


introspection


customization


events


properties


persistence

Java Beans


introspection


an analyser can inspect how the Bean works


properties


naming conventions for getter and setter methods


persistence


implement the Serializable interface


Bean state can be stored

Example Java bean

public class ExampleBean implements
java.io.Serializable {


private String name = null;


private int score = 0;



public ExampleBean() {} // Empty constructor



/* Getter and Setter Methods */


public String getName() {



return name;


}



public void setName(String s) {



name = s;


}

Example Java bean


public int getScore() {



return score;


}



public void setScore(int i) {



score = i;


}



/*



No method required to implement

Serializable


*/

}

JSP action elements


action elements


perform an action when page is requested

<jsp:useBean>


uses a JavaBean component

<jsp:getProperty>


property from JavaBean used in the page

<jsp:setProperty>



sets a JavaBean property (possibly using
request information)

<jsp:useBean


id="userInfo"


class="com.ora.jsp.beans.userInfo.
UserInfoBean“

>


<jsp:setProperty


name = “userInfo”


property = “userName”


value = “Gandalf”


/>


</jsp:useBean>

The following information was
saved:

<ul>


<li>User Name:


<jsp:getProperty



name="userInfo"



property="userName"/>
</li>


<li>Email Address:


<jsp:getProperty



name="userInfo"



property="emailAddr"/>
</li>

</ul></body></html>

Other JSP action elements

<jsp:include>


responses from other jsp pages or servelets

<jsp:forward>


forwards processing to other jsp or servelet

<jsp:param>


passes a parameter with include or forward

<jsp:plugin>


generates the HTML to embed an applet

Timetable change


From 10 November:


Two lectures moved into one slot:


Wednesday 11
-
1


B39


(lab with GE being moved)


Labs will still be Thursday, 9
-
11