Lecture note from May 23th
Lecture note from May 25th
Lecture note from Jun 1st
Lecture note from Jun 6th
Output
The HTTP protocol is layered over a reliable bidirectional byte stream, normally TCP (Transfer Contral Protocol(reliable)). Each HTTP interaction consists of a request sent from the client to the server, followed by a response sent from the server to the client. Requests and responses are expressed in a simple ASCII format.(Clear Text)
HTTP is reliable but stateless, meaning the application cannot memorize previous connection.
HTTP Methods
| Method | Description |
|---|---|
| OPTIONS | Rquest for communication options available on the request/response chain |
| GET | Requet to retirieve information from server |
| HEAD | Identical to GET except that it does not return message-body. only the headers. |
| POST | request for server to accept the entit enclosed in the body of HTTP method. |
| DELETE | Request for servre to delete the resource. |
| CONNECT | Reserved for use with a proxy that can switch to being a tunnel. |
HTTP Errors
| Error No. | Description |
|---|---|
| 100-199 | Codes in the 100’s are informational, indicating that |
| 200-299 | Indicate that the request was successful |
| 300-399 | Used for files that have moved and usually indicate a Location header indicating the new address. |
| 400-499 | Indicate an error by the client |
| 500-599 | Signify an error by the server. |
Browser
header - Browser information (Data is sent in header to the server)
body - Usually empty
Server
header - Server information
body - Response data
Browser
header - browser information
body - Request Data, and Value/Name pairs. (data is sent in request body)
Server
header - Server information
body - Response data
- Load Servlet Calss
- Create Servlet Instance
- Call the init() method (Initiation Servlet and call service() method)
- Call the service() method
- Call the destory() method
//Program 1
//A plain old Servlet
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class Program1 extends HttpServlet {
public void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
String docType =
"<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 " +
"Transitional//EN\">\n";
out.println(docType +
"<HTML>\n" +
"<HEAD><TITLE>Hello</TITLE></HEAD>\n" +
"<BODY BGCOLOR=\"#FDF5E6\">\n" +
"<H1>Hello</H1>\n" +
"</BODY></HTML>");
}
}HTTPServletRequest Object
provides access to HTTP header data: such as cookies. the HTTP method with which the request is made. obtain args that the client sent as part of the request.
Methods
getparameter --- returns value of named parameters
getParameterValues --- returns the array of values for the named parameter
getParameterNames --- returns the names of the parameters
getQueryString --- returns a String of raw data from the client
FOR HTTP POST, PUT and DELETE requests
the text data is handled by getReader() method that provides you with BufferedReader object to read raw data.
the binary data is handled in getInputStream() method that provides a ServletInputStream to read the raw data.
HTTPServletResponse Object
Two ways are available for returning the data from the user.
getWriter() method returns a writer for text data
getOutputStream returns a ServletOutputStream for binary data
Closing these streams allows the server to know the the response is complete.
Prgram 2
//Reading Parameters in Servlets
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class Program2 extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
ServletOutputStream out = response.getOutputStream();
String fileName = request.getParameter("file");
out.println("<html>");
out.println("<head>");
out.println("<title>Welcome</title>");
out.println("</head>");
out.println("<body>");
out.println("<h2>The File</h2>");
out.println(fileName);
out.println("</body>");
out.println("</html>");
out.close();
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
}Prgram 3
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class Program3 extends HttpServlet
{
String msg = "";
public void init(ServletConfig config)
{
msg = "Hello from Java servlets!";
}
public void doGet(HttpServletRequest request,
HttpServletResponse response)
throws IOException, ServletException
{
response.setContentType("text/html");
PrintWriter out = response.getWriter();
out.println("<HTML>");
out.println("<HEAD>");
out.println("<TITLE>");
out.println("Using the init Method");
out.println("</TITLE>");
out.println("</HEAD>");
out.println("<BODY>");
out.println("<H1>Using the init Method</H1>");
out.println(msg);
out.println("</BODY>");
out.println("</HTML>");
}
}
- Look at the HTML Source - to see if the tags are coded properly.
- Return error pages to the client - typically send error code -
- Look at the server running in command line for any apparent errors when the call to the servlet is made.
- HTTPServlet object has a method called log that allows you to log information to the server. Location of the file is specific to Servlet Engines
- Printout request data separately
- print out response data separately.
- Restarting the webserver is also a good idea: unless the webserver support automatic reload.
Accessing the CGI Standard Variables
CGI - Common Gateway Interface allows execution of several types of programs and is collection of information about the current request.
Information is collected for HTTP request header or thru sockets by connecting to the requesting host.
Following is the collection of CGI Variables
| CGI variables | Description |
|---|---|
| AUTH_TYPE | Gives authorization type in Authorization header, if one is available(basic or digest.) |
| CONTENT_LENGTH | For POST Requests only. Size in Bytes indicating the size of data in POST. |
| CONTENT_TYPE | designate the MIME Type of attached data. |
| DOCUMENT_ROOT | Provides name of the real directory corresponding to the URL |
| HTTO_XXX_YYYY | gives information on HTTP Request header |
| PATH_INFO | gives path information attached to the URL after the address of the servlet - but before query data |
| PATH_TRANSLATED | gives path information mapped to the real path on the server |
| QUERY_STRING | Provides raw data in the servlet |
| REMOTE_ADDR | Indicates the IP Address of the client that made the request |
| REMOTE_HOST | Indicates fully qualified Domain name |
| REMOTE_USER | If authorization header is available, then the user information accessed can be used for session tracking |
| REQUEST_METHOD | gives information on the method type. |
| SCRIPT_NAME | gives path to the servlet name |
| SERVER_NAME | host name |
| SERVER_PORT | information about the port that the server is listening on |
| SERVER_PROTOCOL | gives protocol name and version egHTTP/1.0 or 1.1 |
| SERVER_SOFTWARE | information about webserver |
package coreservlets;
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.util.*;
public class ShowCGIVariables extends HttpServlet {
public void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
String[][] variables =
{ { "AUTH_TYPE", request.getAuthType() },
{ "CONTENT_LENGTH",
String.valueOf(request.getContentLength()) },
{ "CONTENT_TYPE", request.getContentType() },
{ "DOCUMENT_ROOT",
getServletContext().getRealPath("/") },
{ "PATH_INFO", request.getPathInfo() },
{ "PATH_TRANSLATED", request.getPathTranslated() },
{ "QUERY_STRING", request.getQueryString() },
{ "REMOTE_ADDR", request.getRemoteAddr() },
{ "REMOTE_HOST", request.getRemoteHost() },
{ "REMOTE_USER", request.getRemoteUser() },
{ "REQUEST_METHOD", request.getMethod() },
{ "SCRIPT_NAME", request.getServletPath() },
{ "SERVER_NAME", request.getServerName() },
{ "SERVER_PORT",
String.valueOf(request.getServerPort()) },
{ "SERVER_PROTOCOL", request.getProtocol() },
{ "SERVER_SOFTWARE",
getServletContext().getServerInfo() }
};
String title = "Servlet Example: Showing CGI Variables";
out.println(ServletUtilities.headWithTitle(title) +
"<BODY BGCOLOR=\"#FDF5E6\">\n" +
"<H1 ALIGN=\"CENTER\">" + title + "</H1>\n" +
"<TABLE BORDER=1 ALIGN=\"CENTER\">\n" +
"<TR BGCOLOR=\"#FFAD00\">\n" +
"<TH>CGI Variable Name<TH>Value");
for(int i=0; i<variables.length; i++) {
String varName = variables[i][0];
String varValue = variables[i][1];
if (varValue == null)
varValue = "<I>Not specified</I>";
out.println("<TR><TD>" + varName + "<TD>" + varValue);
}
out.println("</TABLE></BODY></HTML>");
}
/** POST and GET requests handled identically. */
public void doPost(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
}Used by Servlets to maintain the state about a series of requests from the same user. This is similar to working with files.
You can look up the session object associated with the current request. or create new session
lookup information associated with the session store information in a session discard or abandon a session
HttpSession Object Associated with current request getSession() isNew()
getAttribute() removeAttribute() getAttributeNames() putAttribute()
getID()
getCreationTime() LastAccessedTime(0
geMaxInactiveIntervals() setMaxInactiveIntervals()
invalidate()
Intro to Session Sessions help you remember the application state and can help deal with many transactions. javax.servlet.http.HttpSession - Interface allows.
getsession( ) putValue ( name, value) where name is the parameter name of type String and value is of type Object.
getValue - retrieve information from a session.
Object HttpSession.getValue(name)getValueName - returns a String array that provides a list of all parameters passed.
removeValues(name) - will remove the value from the session object - good for memory optimization.
Session alive - HttpSession methods that help poll the information regarding a particular session.
- getId() - if the request to a sessioobject is invalid, in that case the request can get the sessionid from the servlet by using this method.
- getSessionContext() - Information on the context of all valid Session.
- isNew() return true or false: if the browser has never seen the session then this function returns true or it returns false.
- getCreationTime - time when the session was created
- getLastAccessedTime()
- getMaxInactiveInterval()
To destroy the session use the method called
invalidate()Program6.java
package coreservlets;
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.net.*;
import java.util.*;
Simple example of session tracking.
public class Program6 extends HttpServlet {
public void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
String title = "Session Tracking Example";
HttpSession session = request.getSession(true);
String heading;
// Use getAttribute instead of getValue in version 2.2.
Integer accessCount =
(Integer)session.getValue("accessCount");
if (accessCount == null) {
accessCount = new Integer(0);
heading = "Welcome, Newcomer";
} else {
heading = "Welcome Back";
accessCount = new Integer(accessCount.intValue() + 1);
}
// Use setAttribute instead of putValue in version 2.2.
session.putValue("accessCount", accessCount);
out.println(ServletUtilities.headWithTitle(title) +
"<BODY BGCOLOR=\"#FDF5E6\">\n" +
"<H1 ALIGN=\"CENTER\">" + heading + "</H1>\n" +
"<H2>Information on Your Session:</H2>\n" +
"<TABLE BORDER=1 ALIGN=\"CENTER\">\n" +
"<TR BGCOLOR=\"#FFAD00\">\n" +
" <TH>Info Type<TH>Value\n" +
"<TR>\n" +
" <TD>ID\n" +
" <TD>" + session.getId() + "\n" +
"<TR>\n" +
" <TD>Creation Time\n" +
" <TD>" +
new Date(session.getCreationTime()) + "\n" +
"<TR>\n" +
" <TD>Time of Last Access\n" +
" <TD>" +
new Date(session.getLastAccessedTime()) + "\n" +
"<TR>\n" +
" <TD>Number of Previous Accesses\n" +
" <TD>" + accessCount + "\n" +
"</TABLE>\n" +
"</BODY></HTML>");
}
/** Handle GET and POST requests identically. */
public void doPost(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
doGet(request, response);
}
}Small bit of Textual information sent to the browser by the WebServer.
- Identify a user during an E-Commerce Session
- Avoid Username and password for a session - if already logged in
- Customization of site visit - like in my.yahoo.com - portal allowing customization of content
- Focused Advertising - Based on Search done - display the ads for the given context
- Search for particular topics is remembered inside a cookie
- Health Sensitive information can be shared between different sites. Leads to Email Spamming.
Because of the disadvantages - people turn off cookies usage in the browser. As a Servlet Programmer, be careful not to use cookies for sensitive information.
Create a cookie
new Cookie(name, value)Following characters are not allowed: ,"/?@:;
Setting additional attributes
cookie.setXxx()applies to outgoing cookie(server to client)
Inserting the cookie into response header
response.addCookie(cookie)Reading incoming cookies
request.getCookies() returns an array of cookie objects which can later be traversed for usage.
Adding comment with a cookie
Public String getComment()
public void setComment(String comment)
used for information about the cookie.getting and setting domain for the cookie
Public String getDomain()
public void setDomain(String domainpattern)Normally the browser will return cookies to exact same host. This method can be used to instruct the browser to return them to other hosts within the same domain. For eg cookie.setDomain(".database.com") would send cookies to singh.database.com or oracle.database.com etc.
setting the age of cookies
Public String getMaxAge()
public void setMaxAge(int lifetime)This allow the programmer to set the time in seconds before the cookie expires. A negative value indicates that the cookie last through the end of session. A 0 value indicates the browser to delete the cookie. A longlivedcookie can be set to leave the cookie inside the browser for a week, month or year - by specifying a large int value.
Setting Cookie name
Public String getName()
public void setName(String cookieName)This set the name of the cookie. Name is typically supplied in cookie constructor. getName is used to traverse through the list array of cookie objects returned by getCookies.
Setting/Getting path to which the cookie applies
Public String getPath()
public void setPath(String path)This method should be used to set the cookies for all pages in a website for a group of pages or just for one page.
For eg cookiename.setPath("?") specifies that all pages on the server should receive the cookie.
Setting cookies over secure connections
Public Boolean getSecure()
public void setComment(Boolean secureFlag)This flag sets a flag to indicate if the cookie should be sent over encrypted (SSL) Connections. default is false. If set, the cookie should apply to all connections.
getting and setting values from cookies
Public String getValue()
public void setValue(String cookieValue)getVlaue looks up the value and setValue sets the value.
Setting the version
Public int getVersion()
public void setVersion(String comment)These two method get/set the cookie protocol version that the cookie complies with.Version 0 follow the Netscape Specification. Version 1 follows RFC2109 specification. Version 1 is not widely implemented yet.
Pogram 7
package coreservlets;
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class Program7 extends HttpServlet {
public void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
for(int i=0; i<3; i++) {
// Default maxAge is -1, indicating cookie
// applies only to current browsing session.
Cookie cookie = new Cookie("Session-Cookie-" + i,
"Cookie-Value-S" + i);
response.addCookie(cookie);
cookie = new Cookie("Persistent-Cookie-" + i,
"Cookie-Value-P" + i);
// Cookie is valid for an hour, regardless of whether
// user quits browser, reboots computer, or whatever.
cookie.setMaxAge(3600);
response.addCookie(cookie);
}
response.setContentType("text/html");
PrintWriter out = response.getWriter();
String title = "Setting Cookies";
out.println
(ServletUtilities.headWithTitle(title) +
"<BODY BGCOLOR=\"#FDF5E6\">\n" +
"<H1 ALIGN=\"CENTER\">" + title + "</H1>\n" +
"There are six cookies associated with this page.\n" +
"To see them, visit the\n" +
"<A HREF=\"ShowCookies\">\n" +
"<CODE>ShowCookies</CODE> servlet</A>.\n" +
"<P>\n" +
"Three of the cookies are associated only with the\n" +
"current session, while three are persistent.\n" +
"Quit the browser, restart, and return to the\n" +
"<CODE>ShowCookies</CODE> servlet to verify that\n" +
"the three long-lived ones persist across sessions.\n" +
"</BODY></HTML>");
}
}//ShowCookies.java
package coreservlets;
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class ShowCookies extends HttpServlet {
public void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
String title = "Active Cookies";
out.println(ServletUtilities.headWithTitle(title) +
"<BODY BGCOLOR=\"#FDF5E6\">\n" +
"<H1 ALIGN=\"CENTER\">" + title + "</H1>\n" +
"<TABLE BORDER=1 ALIGN=\"CENTER\">\n" +
"<TR BGCOLOR=\"#FFAD00\">\n" +
" <TH>Cookie Name\n" +
" <TH>Cookie Value");
Cookie[] cookies = request.getCookies();
Cookie cookie;
for(int i=0; i<cookies.length; i++) {
cookie = cookies[i];
out.println("<TR>\n" +
" <TD>" + cookie.getName() + "\n" +
" <TD>" + cookie.getValue());
}
out.println("</TABLE></BODY></HTML>");
}
}JSP is a Servlet with the following differences:
JSP = HTML code + Java Code.
WS - receives the request -- parse HTML and strip out Java --> Pass to appserver
generate a java file (builds a java file + compiles) - generatea .java + .class file (work directory)
JSP is loaded as a Servlet -- service the requests.
//scripting elements
<% code goes here %>
//begin and end token - this refers to the service method.
//Expression tag
<%= ... %>
//declarations
<%! ... %> --treated as instance variable in a Servlet (JSP is a servlet) but these static to all requests.
//JSP Comment
<% //JSP Comment ------ %>
<!--HTML Comments-->provide java interface. connection between Dabtabase and Java. once you have loaded the JDBC,
use type 4 in assignment 6.