Servlets
1-Nov-13
�Servers
A server is a computer that responds to requests from a client
Typical requests: provide a web page, upload or download a file, send email
A server is also the software that responds to these requests; a client could be the browser or other software making these requests Typically, your little computer is the client, and someone elses big computer is the server
However, any computer can be a server It is not unusual to have server software and client software running on the same computer
�Apache
Apache is a very popular server
66% of the web sites on the Internet use Apache Full-featured and extensible Efficient Robust Secure (at least, more secure than other servers) Up to date with current standards Open source Free
Apache is:
Why use anything else?
3
�Ports
A port is a connection between a server and a client
Ports are identified by positive integers A port is a software notion, not a hardware notion, so there may be very many of them Typical port numbers:
A service is associated with a specific port
21FTP, File Transfer Protocol 22SSH, Secure Shell 25SMTP, Simple Mail Transfer Protocol 53DNS, Domain Name Service 80HTTP, Hypertext Transfer Protocol 8080HTTP (used for testing HTTP) 7648, 7649CU-SeeMe 27960Quake III
These are the ports of most interest to us
�Ports II
My UPenn Web page is:
[Link]
But it is also:
[Link]
The http: at the beginning signifies a particular protocol (communication language), the Hypertext Transfer Protocol The :80 specifies a port By default, the Web server listens to port 80
The Web server could listen to any port it chose This could lead to problems if the port was in use by some other server For testing servlets, we typically have the server listen to port 8080 If I had sent it to some other port, say, 99, my request would either go unheard, or would (probably) not be understood
5
In the second URL above, I explicitly sent my request to port 80
�CGI Scripts
CGI stands for Common Gateway Interface
Client sends a request to server Server starts a CGI script client
server
script
Script computes a result for server and quits
Server returns response to client Another client sends a request
client
Server starts the CGI script again
Etc.
�Servlets
A servlet is like an applet, but on the server side
Client sends a request to server Server starts a servlet client
server
servlet
Servlet computes a result for server and does not quit
Server returns response to client Another client sends a request
client
Server calls the servlet again
Etc.
�Servlets vs. CGI scripts
Advantages:
Running a servlet doesnt require creating a separate process each time A servlet stays in memory, so it doesnt have to be reloaded each time There is only one instance handling multiple requests, not a separate instance for every request Untrusted servlets can be run in a sandbox Servlets must be in Java (CGI scripts can be in any language)
8
Disadvantage:
�Tomcat
Tomcat is the Servlet Engine than handles servlet requests for Apache
Tomcat is a helper application for Apache Its best to think of Tomcat as a servlet container Apache can be installed without Tomcat Tomcat can be installed without Apache
Apache can handle many types of web services
Its easier to install Tomcat standalone than as part of Apache
By itself, Tomcat can handle web pages, servlets, and JSP
Apache and Tomcat are open source (and therefore free)
�Servlets
A servlet is any class that implements the [Link] interface
In practice, most servlets extend the [Link] class Some servlets extend [Link] instead
Servlets, like applets, usually lack a main method, but must implement or override certain other methods
10
�What does a servlet do?
1. Read any data sent by the user 2. Look up any information about the request that is embedded in the HTTP request 3. Generate the results 4. Format the results inside a document 5. Set the appropriate HTTP parameters 6. Send the document back to the client
From: Core Servlets and JavaServerPages, by Marty Hall
11
�Important servlet methods, I
When a servlet is first started up, its init(ServletConfig config) method is called
init should perform any necessary initializations init is called only once, and does not need to be thread-safe
Every servlet request results in a call to service(ServletRequest request, ServletResponse response)
service calls another method depending on the type of service requested Usually you would override the called methods of interest, not service itself service handles multiple simultaneous requests, so it and the methods it calls must be thread safe
destroy is called only once, but must be thread safe (because other threads may still be running)
12
When the servlet is shut down, destroy() is called
�HTTP requests
When a request is submitted from a Web page, it is almost always a GET or a POST request The HTTP <form> tag has an attribute action, whose value can be "get" or "post" The "get" action results in the form information being put after a ? in the URL
Example: [Link] The & separates the various parameters Only a limited amount of information can be sent this way The information is in the body of the HTTP request
13
"post" can send large amounts of information
�Important servlet methods, II
The service method dispatches (sends to another method) the following kinds of requests: DELETE, GET, HEAD, OPTIONS, POST, PUT, and TRACE
A GET request is dispatched to doGet(HttpServletRequest request, HttpServletResponse response) A POST request is dispatched to doPost(HttpServletRequest request, HttpServletResponse response) These are the two methods you will usually override
Regardless of whether the client sends a GET or a POST request, the information it sends is in the HttpServletRequest parameter
doGet and doPost typically do the same thing, so usually you do the real work in one, and have the other just call it public void doGet(HttpServletRequest request, HttpServletResponse response) { doPost(request, response); }
14
�Less important requests
HEAD
Asks for only the header part of what a GET would return Asks to send the received request message back (for debugging) Says to put the body at the requested URL Says to delete the resource or file at the requested URL Asks for a list of the HTTP methods to which the thing at the requested URL can respond Says to connect for purposes of tunneling
15
TRACE
PUT
DELETE
OPTIONS
CONNECT
Each of these (except CONNECT) an associated doXXX method
�A Hello World servlet
(from the Tomcat installation documentation)
public class HelloServlet extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { [Link]("text/html"); PrintWriter out = [Link](); String docType = "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 " + "Transitional//EN\">\n"; [Link](docType + "<HTML>\n" + "<HEAD><TITLE>Hello</TITLE></HEAD>\n" + "<BODY BGCOLOR=\"#FDF5E6\">\n" + "<H1>Hello World</H1>\n" + "</BODY></HTML>"); } Dont worry, well take this a little at a time! }
16
�The superclass
public class HelloServlet extends HttpServlet {
Every class must extend GenericServlet or a subclass of GenericServlet
GenericServlet is protocol independent, so you could write a servlet to process any protocol In practice, you almost always want to respond to an HTTP request, so you extend HttpServlet
A subclass of HttpServlet must override at least one method, usually one doGet, doPost, doPut, doDelete, init and destroy, or getServletInfo
17
�The doGet method
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { This method, doGet, services a GET request The method uses request to get the information that was sent to it The method does not return a value; instead, it uses response to get an I/O stream, and outputs its response Since the method does I/O, it can throw an IOException Any other type of exception must be encapsulated as a ServletException The doPost method works exactly the same way
18
�Parameters to doGet and doPost
Input is from the HttpServletRequest parameter
Our first example doesnt get any input, so well discuss this a bit later
Output is via the HttpServletResponse object, which we have named response
I/O in Java is very flexible but also quite complex, so the response object acts as an assistant
19
�doGet and doPost
Actual differences between doGet and doPost:
You can send only a small amount of data with doGet Data sent via doGet is visible in the URL Pages returned by doPost cannot easily be bookmarked
doGet is a request for information; it does not (or should not)
Intended difference between doGet and doPost:
change anything on the server
Jargon term: doGet should be idempotent
doPost provides information (such as placing an order for
merchandise) that the server is expected to remember
20
�Using the HttpServletResponse
The second parameter to doGet (or doPost) is HttpServletResponse response Everything sent via the Web has a MIME type The first thing we must do with response is set the MIME type of our reply: [Link]("text/html");
This tells the client to interpret the page as HTML
Because we will be outputting character data, we need a PrintWriter, handily provided for us by the getWriter method of response: PrintWriter out = [Link](); Now were ready to create the actual page to be returned
21
�Using the PrintWriter
From here on, its just a matter of using our PrintWriter, named out, to produce the Web page First we create a header string:
String docType = "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 " + "Transitional//EN\">\n"; This line is technically required by the HTML spec Browsers mostly dont care, but HTML validators do care
Then use the println method of out one or more times
[Link](docType + "<HTML>\n" + "<HEAD> ... </BODY></HTML>");
And were done!
22
�Input to a servlet
A GET request supplies parameters in the form
URL ? name=value & name=value & name=value (Illegal spaces added to make it more legible) Actual spaces in the parameter values are encoded by + signs Other special characters are encoded in hex; for example, an ampersand is represented by %26
Parameter names can occur more than once, with different values A POST request supplies parameters in the same syntax, only it is in the body section of the request and is therefore harder for the user to see
23
�Getting the parameters
Input parameters are retrieved via messages to the HttpServletRequest object request
Most of the interesting methods are inherited from the superinterface ServletRequest
Returns an Enumeration of the parameter names
public Enumeration getParameterNames()
An Enumeration is like an Iterator, only older
If no parameters, returns an empty Enumeration Returns the value of the parameter name as a String If the parameter doesnt exist, returns null If name has multiple values, only the first is returned Returns an array of values of the parameter name If the parameter doesnt exist, returns null
24
public String getParameter(String name)
public String[] getParameterValues(String name)
�Enumeration review
An Enumeration is almost the same as Iterator
Its an older class, and the names are longer
Iterator boolean hasNext() Object next() void remove()
Enumeration boolean hasMoreElements() Object nextElement() --
Example use:
Enumeration e = [Link](); while ([Link]()) { [Link]([Link]()); }
25
�Example of input parameters
public void doGet(HttpServletRequest request, HttpServletResponse response) { ... stuff omitted ... [Link]("<H1>Hello"); String names[] = [Link]("name"); if (names != null) for (int i = 0; i < [Link]; i++) [Link](" " + names[i]); [Link]("!"); }
26
�Java review: Data from Strings
All parameter values are retrieved as Strings Frequently these Strings represent numbers, and you want the numeric value
int n = new Integer(param).intValue(); double d = new Double(param).doubleValue(); byte b = new Byte(param).byteValue();
Similarly for short, float, and long These can all throw a NumberFormatException, which is a subclass of RuntimeException
boolean p = new Boolean(param).booleanValue();
char c = [Link](0);
27
But:
�Whats left?
Weve covered enough so far to write simple servlets, but not enough to write useful servlets
We still need to be able to:
Configure the server to recognize the servlet! Use other configuration information Authenticate users Keep track of users during a session Retain information across different sessions Make sure our servlets are thread safe Communicate between servlets
But remember: The most difficult program in any language is Hello World!
28
�The End
29
