Advanced Java Class Web Applications Part 1 (Servlets) Named vs. - - PowerPoint PPT Presentation

advanced java class
SMART_READER_LITE
LIVE PREVIEW

Advanced Java Class Web Applications Part 1 (Servlets) Named vs. - - PowerPoint PPT Presentation

Oct 31, 2023 172 likes •374 views

Advanced Java Class Web Applications Part 1 (Servlets) Named vs. Anonymous Servlets Anonymous Syntax: http://hostname/MyApp/ servlet/myapp.servlets. MyServlet Named Syntax: http://hostname/MyApp /Myservlet in web.xml:

slide-1
SLIDE 1
slide-2
SLIDE 2

Advanced Java Class

Web Applications – Part 1 (Servlets)

slide-3
SLIDE 3

Named vs. Anonymous Servlets

  • Anonymous Syntax:

http://hostname/MyApp/servlet/myapp.servlets.MyServlet

  • Named Syntax: http://hostname/MyApp/Myservlet

in web.xml: <servlet> <servlet-name>MyServlet</servlet-name> <servlet-class>myapp.servlets.MyServlet</servlet-class> </servlet> < servlet-mapping> <servlet-name>MyServlet</servlet-name> <url-pattern>/MyServlet</url-pattern> </servlet-mapping>

  • advantages of named: user friendly, more secure
slide-4
SLIDE 4

Servlet API

  • HttpServlet

– Your Servlets must extend this class

  • HttpServletRequest

– Interface type of object sent to Servlet

  • HttpSession

– Useful for storing user session data

  • HttpServletResponse

– Interface type of object sent to Servlet

slide-5
SLIDE 5

HttpServlet

  • doGet(HttpServletRequest req,

HttpServletResponse resp)

– [send page to user]

  • doPost(HttpServletRequest req,

HttpServletResponse resp)

– [process user input]

slide-6
SLIDE 6

HttpServletRequest

  • HttpSession getSession()
  • String getParameter(String name)
  • java.util.Map getParameterMap()
  • Object getAttribute(String name)
  • void setAttribute(String name)
slide-7
SLIDE 7

HttpSession

  • Object getAttribute(String name)
  • setAttribute(String name, Object value)
slide-8
SLIDE 8

Processing HTML Forms

  • in HTML page

– < form method=post action="/SkiClub/LoginServlet"> – < input type="text" name="LNAME" value="">

  • in Servlet

– doPost method implemented – Call getParameter("LNAME") to find what they want to login as

slide-9
SLIDE 9

HTTP Response options

  • write HTML as text into the Output

Stream

  • forward request to another resource in

web app: HTML, JSP, Servlet, etc.

  • Redirect request to any web resource
  • Return an error
slide-10
SLIDE 10

HttpServletResponse

  • ServletOutputStream getOutputStream();
  • RequestDispatcher rd =

request.getRequestDispatcher(“[resource we’re forwarding request to]”); rd.forward(request, response);

  • void sendRedirect(String location);
  • void sendError(int sc, String msg);
slide-11
SLIDE 11

Servlet filtering

  • Encryption
  • to use : implement Filter interface, and

write doFilter method, initialize with FilterConfig

  • Can make subclasses of HttpRequest

& HttpResponse for special behavior

slide-12
SLIDE 12

Web App Continuity

  • Problem:

Http protocol is inherently stateless, but often a web app requires a "conversation", which has state.

  • Solutions:

– Storing Data on Server side

  • Request
  • Session
  • Application
  • DB

– Storing Data on Client side

  • Cookies
  • URL Rewriting
  • Hidden form fields
slide-13
SLIDE 13

Storing Data on Server side; available scopes

  • Request scope [HttpRequest]

– good for a forward to a JSP page or another servlet

  • Session scope [HttpSession]

– good for session-long variables, like 'username‘

  • Application scope - getServletContext()

– global for all servlets & clients

  • DB scope

– permanent

slide-14
SLIDE 14

Storing Data in HttpSessions

  • Attributes may be stored in sessions - so long as they

are serializable.

  • There should be one session per client browser

session.

  • Sessions reside on the server. They are not passed to

the client.

– Instead, a cookie stored on the client machine tells the server which session belongs to which client browser.

  • Knowing when to end a session is tricky, but usually

you want them to time out after a period of inactivity. You want the session to remain active as long as the user is "using" the site.

slide-15
SLIDE 15

Storing Data on Client side

  • Cookies (permanent, but may be

disabled)

  • URL rewriting (use if cookies are

disabled)

  • Hidden form fields (temporary)
slide-16
SLIDE 16

Cookies

  • Name-value string pairs
  • Last beyond one session
  • Stored on the client side, tagged with IP

address that they came from.

  • When client sends request, it includes all the

cookies from the IP that it's contacting.

  • HttpServletResponse.addCookie(String name,

String value);

  • Cookie[] HttpServletRequest.getCookies();
  • No security involved! Be careful.
slide-17
SLIDE 17

URL Rewriting

  • What if cookies are disabled on the client

machine?

  • These methods put the cookie info into the

URL if cookies are disabled.

– String HttpServletResponse.encodeURL(String url) – String HttpServletResponse.encodeRedirectURL(String url)

  • Encoded with an easy to decrypt algorithm - still

not secure.

slide-18
SLIDE 18

Hidden form fields

  • HTML Syntax:

– <input type="hidden" name="formID" value=TA45"/>

  • Not user modifiable
  • Not secure - visible in view source
  • Client side storage area to pass data to

servlet

slide-19
SLIDE 19

Digital Flashcards Example Activity

  • 1. What is the highest scope at which each

the following values should be stored?

– username of currently logged in user – Quiz word for the next page – list of valid user names and passwords – Number of words correct in current quiz – History of correctness for this word