Presentation is loading. Please wait.

Presentation is loading. Please wait.

DEV034 -Web Applications, Introduction

Similar presentations


Presentation on theme: "DEV034 -Web Applications, Introduction"— Presentation transcript:

1 DEV034 -Web Applications, Introduction
Presentation title DEV034 -Web Applications, Introduction General comments The goal of the general introduction is to reassure, to create a context and an ambiance, to answer the questions of the students, to start the day…. And to create a group. This part is done from: * presentation of the chairman. * Intervention of the students. This general introduction must be done for every course even if it is a self study ! The Welcome of the students is a banal phases but it must be done. The phases answer the questions Where are we ? In the C&w university ? In an Hotel , Why are we there ? Is there inconvenience ? If yes, apologies. This can be done while the students are busy drinking their coffee. Particular comments for a skills training Speakers name C&W Date

2 Objective of the training
Presentation title Objective of the training This course will give you an overview of web technologies. After this training, you should Have the capacity to understand the main components of a web application. Have to background necessary to follow more specialized training or to learn by yourself specific subjects in the domain of web applications (J2EE/PHP web applications/…). General comments Recall the title of the course. Why this duration and this form ? Particular comments for a skills training

3 Schedule of the day Schedule 09:00 – 10:45 : Training Session
Presentation title Schedule of the day Schedule 09:00 – 10:45 : Training Session 10:45 – 11:00 Break 11:00 – 12:30 Training Session 12:30 – 13:30 Lunch 13:30 – 15:15 Training Session 15:15 – 15:30 Break 15:30 – 17:00 Training Session General comments Present the agenda of a day and define rules as well as no mobile phone during training session. TURN IT OFF Introduce break and what hapens during breaks. Particular comments for a skills training

4 Training session Teaching from PPT. Examples and stories Exercises
Presentation title Methods and tools Training session Teaching from PPT. Examples and stories Exercises Open discussion General comments What are the tools used during training session ? Particular comments for a skills training If a pc is necessary during the session, precise that during the theory, it’s not allowed to use the pc. Insist that it’s a rule to respect !

5 Presentation title Methods and tools The objectives of the training is to give you an overview of standards, principles and techniques in the domain of web applications. General comments Particular comments for a skills training

6 Agenda First day : Introduction Theory : HTTP, XML, HTML, CSS, …
Presentation title Agenda First day : Introduction Theory : HTTP, XML, HTML, CSS, … Demonstrations Exercises Second day: Reminder Theory : server side techniques, web services, security, … General comments Recall the title of the course. Give a general overview of the complete agenda of the training. Particular comments for a skills training

7 Why this training session?
Presentation title Why this training session? This training session is a part of the skills training program. It‘s a pre-requisite to obtain more specialized skills: development of web applications with PHP or with Java J2EE.

8 Web Applications Global scheme of our presentation.
Presentation title Web Applications Global scheme of our presentation. Introduction Communication between client & server Client-side Server-Side Web-services & SOA RSS Security & Authentication

9 Introduction - What is a web application?
Presentation title Introduction - What is a web application? Web application Client-side server-side protocol Client application Generic server My web application Stored data

10 Presentation title Introduction – Application tiers: client / server, n-tiers applications Client side Fat Client UI Layer Light Client Client interface Business Layer Business Data Layer Data Data Server side

11 Introduction – classic dialog between the web-client and the server
Presentation title Introduction – classic dialog between the web-client and the server The classical exchange between a web client (web browser) and a web-server Web browser URL http get HTTP server Tcp/ip http answer & html page The user clicks on a hyperlink (or type the URL), the browser send an HTTP get message. The message is transferred on a TCP/IP channel. The server treats the request and returns an html page embedded into an HTTP answer. The answer may consist of different content than an HTTP page (for example, an image). The “content type” is specified with a value defined by the MIME standard.

12 Web Applications Global scheme of our presentation.
Presentation title Web Applications Global scheme of our presentation. Introduction Communication between client & server Client-side Server-side Web-services & SOA RSS Security & Authentication

13 Communication & common standards
Presentation title Communication & common standards We will introduce here some subjects concerning as well the client- side than the server side. TCP/IP : communication channel for HTTP messages HTTP : basic dialogs between the client and the server Mime : definition of content-types URL : mean to address web resources

14 TCP/IP Transport Communication Protocol / Internet Protocol
Presentation title TCP/IP Transport Communication Protocol / Internet Protocol Communication point to point in connected mode at least during a request/answer exchange. Each extremity is addressed via an IP address and a port number.

15 Resource (HTML page, image, …)‏
Presentation title HTTP An HTTP channel links two programs through internet (or an intranet) for simple request/answer dialogues. HTTP messages are transferred as well for the request (from the client to the server) than for the answer (from the server to the client). http action Client application HTTP server http answer Resource (HTML page, image, …)‏

16 HTTP - message. An HTTP message is composed of
Presentation title HTTP - message. An HTTP message is composed of a start line : an action (for a request) or a status (for an answer), a message header a blank line to separate the header from the body an optional message body. The message header is composed of couple of fields and value, following the template : <fieldName>:<fieldValue> The length, the type, the encoding of the content of the message body are given by the value of specific header fields. For a full description see

17 HTTP - actions. HTTP has few actions (HTTP Methods):
Presentation title HTTP - actions. HTTP has few actions (HTTP Methods): GET : get a resource (=> display an HTML page, download a file, execute a script producing an HTML page). Usable to submit a form but all input fields are transferred as arguments in the URL. POST : post the submission of a form; the input fields are transferred as content of the HTTP message. PUT : transfer a local resource to the host machine(upload); this is seldom allowed. HEAD : get information on a resource DELETE : delete a resource on the host machine; this is seldom allowed. TRACE : trace the network path to reach a resource.

18 Presentation title HTTP – answer status In the start line of an answer, the server put a status. Most used status are: 200 : OK 301 : Moved Permanently 307 : Moved Temporarily 401 : Unauthorized 404 : Not found 500 : Internal error

19 Presentation title HTTP header The header of an HTTP message may contain different types of variables: General variables Specific variables for requests Specific variables for answers Attributes of the body

20 HTTP header – General variables
Presentation title HTTP header – General variables Cache specifications (no-cache, no-store, max-age, …)‏ Connection specification (close/keep-alive)‏ Directives for proxies and authentication servers Transfer encoding

21 HTTP header - Specific variables for requests
Presentation title HTTP header - Specific variables for requests Acceptable media types Acceptable char-set Authorization (schema, user, password)‏ Cookie Conditions to get the resource (IF-Modified-Since, IF-Unmodified- Since, …)‏ Referrer User-Agent (client program)‏

22 HTTP header - Specific variables for answers
Presentation title HTTP header - Specific variables for answers Location Age Set-Cookie WWW-Authenticate

23 HTTP header - Attributes of the body
Presentation title HTTP header - Attributes of the body Content encoding Content-Length Content-Location Content-Type Expiration date Last modification date

24 HTTP – example of GET call from an URL and answer
Presentation title HTTP – example of GET call from an URL and answer Call: GET /cgi-bin/displayCurrentDate.pl HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-ms-application, application/vnd.ms-xpsdocument, application/xaml+xml, application/x-ms-xbap, application/x-shockwave-flash, */* Accept-Language: fr UA-CPU: x86 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR ; Media Center PC 5.0; .NET CLR )‏ Host: localhost:8080 Connection: Keep-Alive Answer: HTTP/ OK Date: Wed, 24 Sep :35:48 GMT Server: Apache/2.2.9 (Win32) PHP/5.2.6 Keep-Alive: timeout=5, max=100 Transfer-Encoding: chunked Content-Type: text/html; charset=iso <html>24/09/ :35:48</html>

25 HTTP – example of GET call from a simple form
Presentation title HTTP – example of GET call from a simple form Call: GET /cgi-bin/printenv.pl?subject=Reclamation HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-ms-application, application/vnd.ms-xpsdocument, application/xaml+xml, application/x-ms-xbap, application/x-shockwave-flash, */* Accept-Language: fr UA-CPU: x86 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR ; Media Center PC 5.0; .NET CLR )‏ Host: localhost:8080 Connection: Keep-Alive Answer: HTTP/ OK Date: Wed, 24 Sep :59:57 GMT Server: Apache/2.2.9 (Win32) PHP/5.2.6 Keep-Alive: timeout=5, max=100 Transfer-Encoding: chunked Content-Type: text/html; charset=iso 653 <html> .. <br>QUERY_STRING="subject=Reclamation" <br>REQUEST_METHOD="GET" ... <br></html>

26 HTTP – example of POST call from an URL and answer
Presentation title HTTP – example of POST call from an URL and answer Form: <html> <head> <title>A simple HTML page with a single form</title> </head> <body> <form action="http://localhost:8080/cgi-bin/printenv.pl" method=”POST”> request subject:<input type="text" name="subject"></input> Do you confirm your request? <input type="submit" value="OK"> <input type="submit" value="Cancel"> </form> <a href="simplePage.htm">Simple HTML page</a> </body> </html>

27 HTTP – example of POST call from a simple form
Presentation title HTTP – example of POST call from a simple form Call: POST /cgi-bin/printenv.pl HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-ms-application, application/vnd.ms-xpsdocument, application/xaml+xml, application/x-ms-xbap, application/x-shockwave-flash, */* Accept-Language: fr Content-Type: application/x-www-form-urlencoded UA-CPU: x86 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR ; Media Center PC 5.0; .NET CLR )‏ Host: localhost:8080 Content-Length: 19 Connection: Keep-Alive Cache-Control: no-cache subject=Reclamation

28 HTTP – example of POST call from a simple form
Presentation title HTTP – example of POST call from a simple form Answer: HTTP/ OK Date: Wed, 24 Sep :09:18 GMT Server: Apache/2.2.9 (Win32) PHP/5.2.6 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso 69f <html> <br>CONTENT_LENGTH="19" ... <br>QUERY_STRING="" <br>REQUEST_METHOD="POST" <br></html>

29 Presentation title HTTP cookies Cookies are data stored on client-side (via a local file). Those data are transferred by the HTTP messages. The web application returns a “Set-Cookie” instruction in the http header. The web browser will send back this cookie, in the http header of each next calls. The cookie may have a deletion date. Without date, a cookie disappears when the user closes the web-browser. A cookie is identified by a name, a domain and a path. By default, the domain is the name of the site that returned the cookie. By default, the path is the path of the resource that returned the cookie. When the browser gets a resource, he inserts the active cookies registered for the domain and the path of the resource.

30 Presentation title HTTP cookies The usage of Cookies on some sites may be a breach of privacy. It’s possible to set your browser options to deactivate cookies.

31 Presentation title HTTP cookies – Example – First call from the web-browser to the web application. GET /servlets-examples/servlet/SessionExample HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/xaml+xml, application/vnd.ms-xpsdocument, application/x-ms-xbap, application/x-ms-application, application/x-silverlight, application/x-shockwave-flash, */* Accept-Language: fr-ch UA-CPU: x86 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.1; .NET CLR ; .NET CLR ; .NET CLR )‏ Host: localhost Connection: Keep-Alive

32 Presentation title HTTP cookies – Example - HTTP answer from the web application to the web-browser HTTP/ OK Server: Apache-Coyote/1.1 Set-Cookie: JSESSIONID=4BC3CDACCD53684EFC312B7E79D0D791; Path=/servlets-examples Content-Type: text/html;charset=ISO Content-Length: 1305 Date: Mon, 06 Oct :08:35 GMT <html> </html>

33 HTTP cookies – Example – next call from client
Presentation title HTTP cookies – Example – next call from client GET /servlets-examples/servlet/SessionExample HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/xaml+xml, application/vnd.ms-xpsdocument, application/x-ms-xbap, application/x-ms-application, application/x-silverlight, application/x-shockwave-flash, */* Accept-Language: fr-ch UA-CPU: x86 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.1; .NET CLR ; .NET CLR ; .NET CLR )‏ Host: localhost Connection: Keep-Alive Cookie: JSESSIONID=4BC3CDACCD53684EFC312B7E79D0D791

34 Presentation title HTTP re-location When with your web browser you call for a resource, the server may answer that the resource is present at another location. The “location” header field is the used for this purpose. Example – call from the client GET /servlets-examples HTTP/1.1 ... Answer from the server HTTP/ Déplacé Temporairement Server: Apache-Coyote/1.1 Location: Transfer-Encoding: chunked Date: Mon, 06 Oct :16:25 GMT New call from the client GET /servlets-examples/ HTTP/1.1

35 Presentation title HTTPS Secure version of HTTP. Usage of Secure Socket Layer (SSL) or Transport Layer Security (TLS) protocol. The content of the message is encrypted and the server is authenticated by an electronic certificate. The sender may also be authenticated. An URL for an HTTPS call begins with “https://” instead of “http://” for an HTTP call.

36 Communication & common standards – Where are we now?
Presentation title Communication & common standards – Where are we now? TCP/IP : communication channel for HTTP messages HTTP : basic dialogs between the client and the server Mime : definition of content-types URL : mean to address web resources

37 Common standards - Mime types
Presentation title Common standards - Mime types In web applications, we use different types of files : files referred in HTML pages, files returned to the browser. Multipurpose Internet Mail Extensions (MIME) is an Internet standard that extends the format of to support: text in character sets other than US-ASCII; non-text attachments; message bodies with multiple parts header information in non-ASCII character sets. MIME's use, however, has grown beyond describing the content of to describing content type in general. Extract of The list of registered types is available on

38 Presentation title URL Uniform Resource Locator (URL) is a way to identify resources on internet. A resource is supposed to identify either a static content (an HTML page, an image) or a call to a process that will create dynamically such content.

39 Presentation title Elements of an URL o>][?<query>][#<bookmark>] Protocol. Examples: http, ftp. User : user ID. Password : user password. Host: Server address; IP address or IP name. Port : server port. Number of TCP/IP port, 80 by default for http, 443 for https. Path to a file or a program (script, servlet, …). Path info : path after the name of a program Query : usually a list of couple <field>=<value> Bookmark : name of an anchor of an HTML page (to point to a position in the resource.

40 Absolute Vs relative URL in an HTML page
Presentation title Absolute Vs relative URL in an HTML page In an HTML page, we will use URLs for forms actions, inclusion of images, hyperlinks on different pages, links to CSS files, … You may use complete URL (“http://<hostName>/<resourcePath>”) or shortened URLs beginning with: “//<hostName>/<resourcePath>” “/<resourcePath>” “<relativeResourcePath>” The relative resource path is related to the “base path” of the current HTML page. The “base path” is either the base of the resource that produced the current HTML page or the value of the attribute “href” of a “base” tag in the current HTML page (the “base” tag should be a direct child of the “head” tag).

41 Presentation title URL encoding Some characters have to be encoded in URLs send by the client: Ascii controls characters (non printable chars, codes 0-31 and 127 decimal). Non-Ascii characters (codes decimal). Characters used in the syntax of the URL (reserved chars)‏ Unsafe chars: Some characters present the possibility of being misunderstood within URLs for various reasons. The way to encode chars is: ‘%’<char code in hexadecimal> ‘+’ : replace a space == %20

42 Web Applications Where are we now?
Presentation title Web Applications Where are we now? Introduction Communication between client & server Client-side Server-Side Web-services & SOA RSS Security & Authentication

43 Client-side - Main Web Standards and techniques
Presentation title Client-side - Main Web Standards and techniques HTML : description of the content to display in the current page of the browser CSS : styles to apply to HTML tags. Scripting : JavaScript, VBScript Client side embedded objects

44 Presentation of HTML SGML HTML XML X-HTML
Presentation title Presentation of HTML HTML is a language based on the usage of tags. HTML is a language created with SGML. XML is a subset of SGML, it’s a meta-language (a language used to define specific languages). X-HTML is a subset of HTML conformed to SGML and described by an XML Schema. SGML HTML XML X-HTML

45 Presentation title XML XML is a meta-language (a language used to define specific languages). An XML file can be well formed : respect some rules Allowed chars (no “<“ and “&” chars in the content)‏ Correct tagging of elements: <tag>….</tag> (the close tag is mandatory), correct usage of attributes of elements (attributes values enclosed in single or double quotes). Presence of a root tag Tags incorrect imbrications : <tag1><tag2></tag1></tag2> not allowed valid : conform to a language defined for XML (the definition is written with a DTD or with a XML Schema).

46 XML – Example, instance + DTD
Presentation title XML – Example, instance + DTD Instance <?xml version=“1.0”?> <!DOCTYPE client SYSTEM “clients.dtd”> <clients> <client id=“C1”> <name>Dupont & Dupond</name> </client> <client id=“C2”> <name>Gaston Lagaffe</name> <country>Belgium</country> </clients> clients.dtd <!ELEMENT clients (client*) > <!ELEMENT client (name, country?) > <!ELEMENT name (#PCDATA) > <!ELEMENT country (#PCDATA) > <!ATTRIBUTES client ID CDATA #REQUIRED>

47 XML – Example, instance + XSD
Presentation title XML – Example, instance + XSD Instance <?xml version=“1.0”?> <clients xmlns="http://www.w3schools.com" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.w3schools.com clients1.xsd"> <client id=“C1”> <name>Dupont & Dupond</name> </client> <client id=“C2”> <name>Gaston Lagaffe</name> <country>Belgium</country> </clients> clients.xsd <schema xmlns='http://www.w3.org/2000/10/XMLSchema' targetNamespace='http://www.w3.org/namespace/' xmlns:t='http://www.w3.org/namespace/'> <element name='clients'> <complexType> <sequence> <element ref='t:client' minOccurs='0' maxOccurs='unbounded'/> </sequence> </complexType> <attribute name="id" type="ID"/> </element> <element name='client'> <element ref='t:name'/> <element ref='t:country' minOccurs='0' maxOccurs='1'/> <element name='name'> <complexType mixed='true'> <element name='country'> </schema>

48 Presentation of HTML … elements, tags
Presentation title Presentation of HTML … elements, tags A tag is a delimiter placed between “<“ and “>”. In fact, tags are used to delimit sections of text where you can have other tags. Elements are words of the tagged language. For example in HTML “H1”, “input”, “table” are elements. In HTML, the name of the element can be written in upper or lower case. Tags are, in principle, used by couple to mark the beginning and the end of an element: openTag : <elementName> closeTag : </elementName> Example : <H1><bold>R</bold>eport</H1>

49 Presentation of HTML … attributes
Presentation title Presentation of HTML … attributes In the openTag, you can insert a list of attributes & values. An attribute is a characteristic of your tag. The syntax of an open tag with attributes is: <elementName attr1Name=“attr1Value” attr2Name=“attr2Value” …> For example, in a HTML anchor you should place an “href” attribute to form a link. <a href=“http://www.hotmail.com”>hotmail</a> In HTML, attributes are often optional. The order of attributes are not significant. The value of an attribute should be delimited by single quotes or double quotes. In Html, you could omit the quotes if the value is a single word.

50 Presentation of HTML … main tags
Presentation title Presentation of HTML … main tags Main structure of the content : HTML (root element), HEAD (meta-data & scripts), BODY (visible content). Textual content: Headings : H1, H2, …, H6 Paragraphs : P Lists : OL, UL, LI Inline style : B,I, U, S, SUP, SUB, FONT Inline semantic formatting : ABR, CITE, CODE, DFN, EM, SAMP, STRONG, VAR Line breaks : BR Presentation : CENTER, PRE Organization : DIV

51 Presentation of HTML … main tags
Presentation title Presentation of HTML … main tags Horizontal line : HR Tables : TABLE, TH, TR, TD Links & anchors : A, LINK Images : IMG, MAP See for the full specification.

52 Presentation of HTML … entities
Presentation title Presentation of HTML … entities Some characters can’t be included directly because they have a special meaning in the XML/SGML tagging: <, >, “, & Named entities have been defined to replace those chars : “<” , “>”, “"”, “&” You may also insert the ascii code of special chars : “&#<code>;” – Example : “"”

53 A simple HTML page Presentation title <html> <head>
<title>A simple HTML page</title> </head> <body> <h1>HTML or XHTML</h1> <ul> <li>HTML is very flexible but can interpreted differently on different browsers</li> <li>XHTML is more rigorous, the validity can be controlled </li> </ul> <a href=“simpleForm.htm”>Simple HTML form</a> </body> </html>

54 A simple HTML form Presentation title <html> <head>
<title>A simple HTML page with a single form</title> </head> <body> <form action=“confirm”> Do you confirm your request? <input type=“submit” value=“OK”> <input type=“submit” value=“Cancel”> </form> <a href=“simplePage”>Simple HTML page</a> </body> </html>

55 Presentation of HTML … main tags for forms
Presentation title Presentation of HTML … main tags for forms root element of the form part : FORM. input zones : INPUT (type=“text”/”password”, ”checkbox”/”radio”), TEXAREA, SELECT. buttons : INPUT (type=“button”/“submit”/”reset”). hidden fields : INPUT (type=“hidden”). file to post : INPUT (type=“file”).

56 Presentation title HTML - Frames An HTML page (frame set) can be divided in different independent zones called frames. Example: <html> <frameset cols="250,*"> <frame src="SimplePage.htm"> <frame src="SimpleForm.htm"> </frameset> </html>

57 Client-side - Main Web Standards and techniques Where are we now?
Presentation title Client-side - Main Web Standards and techniques Where are we now? HTML : description of the content to display in the current page of the browser CSS : styles to apply to HTML tags. Scripting : JavaScript, VBScript Client side embedded objects

58 CSS – a simple HTML page with embedded CSS
Presentation title CSS – a simple HTML page with embedded CSS <html> <head> <title>A simple HTML page</title> <style type="text/css"> body {background-color: yellow} h1 {background-color: #00ff00; color: #0000ff} li {font-family: courier} </style> </head> <body> <h1>HTML or XHTML</h1> <ul> <li>HTML is very flexible but can interpreted differently on different browsers</li> <li>XHTML is more rigorous, the validity can be controlled </li> </ul> <a href="simpleForm.htm">Simple HTML form</a> </body> </html>

59 CSS – a simple HTML page with external CSS.
Presentation title CSS – a simple HTML page with external CSS. SimplePageWithExternalCss.htm <html> <head> <title>A simple HTML page</title> <link rel="stylesheet" type="text/css" href="simple.css" /> </head> <body> <h1>HTML or XHTML</h1> <ul> <li>HTML is very flexible but can interpreted differently on different browsers</li> <li>XHTML is more rigorous, the validity can be controlled </li> </ul> <a href="simpleForm.htm">Simple HTML form</a> </body> </html> simple.css body {background-color: yellow} h1 {background-color: #00ff00; color: #0000ff} li {font-family: courier}

60 CSS syntax - style on element, id, class
Presentation title CSS syntax - style on element, id, class The syntax to define a style is: <selector>{ <propertyName>=<value>; <attributeName>=<value>; …} The selector give one or more targets (target1, target2, …). Each target can be all HTML elements with a given tag all HTML elements with a given tag and a specific value in a given attribute all HTML elements having a given id all HTML elements having a given class a combination of previous criteria For a list of available properties see

61 CSS syntax - style on id - example
Presentation title CSS syntax - style on id - example <html> <head> <title>A simple HTML page</title> <style type="text/css"> #important{color: #ff0000} </style> </head> <body> <h1>HTML or XHTML</h1> <ul> <li id="important">HTML is very flexible but can interpreted differently on different browsers</li> <li>XHTML is more rigorous, <strong id="important">the validity can be controlled</string> </li> </ul> <a href="simpleForm.htm">Simple HTML form</a> </body> </html>

62 CSS syntax - style on class - example
Presentation title CSS syntax - style on class - example <html> <head> <title>A simple HTML page</title> <style type="text/css"> .important{color: #ff0000} </style> </head> <body> <h1>HTML or XHTML</h1> <ul> <li class="important">HTML is very flexible but can interpreted differently on different browsers</li> <li>XHTML is more rigorous, <strong class="important">the validity can be controlled</string> </li> </ul> <a href="simpleForm.htm">Simple HTML form</a> </body> </html>

63 CSS Syntax – Pseudo-classes
Presentation title CSS Syntax – Pseudo-classes Pseudo classes are defined in CSS to let you define dynamic presentation of links when not visited / visited : a:link / a:visited some elements when there are surrounded by the mouse or received the focus or become active : hover, focus, active to let you select elements in the HTML tree: First child of any HTML element: first-child First line of a textual element : p:first-line First char of a textual element : p:first-letter to let you give attributes of the page to let you select elements expressed in a given language: lang

64 CSS Syntax – Pseudo-classes - Example
Presentation title CSS Syntax – Pseudo-classes - Example <html> <head> <title>A simple HTML page</title> <style type="text/css"> a:hover{font-style: oblique} p:first-line{font-weight: bold} </style> </head> <body> <h1>HTML or XHTML</h1> <ul> <li id="important"><p>HTML is very flexible <BR>but can interpreted differently on different browsers</p></li> <li>XHTML is more rigorous, <strong id="important">the validity can be controlled</string> </li> </ul> <a href="simpleForm.htm">Simple HTML form</a> </body> </html>

65 Client-side - Main Web Standards and techniques Where are we now?
Presentation title Client-side - Main Web Standards and techniques Where are we now? HTML : description of the content to display in the current page of the browser CSS : styles to apply to HTML tags. Scripting : JavaScript, VBScript Client side embedded objects

66 HTML & Client side scripting
Presentation title HTML & Client side scripting HTML syntax include a “script” tag. <script type=“…”> // script code directly included in your HTML page </script> Or <script type=“…” url=“…”></script> <!– script in an external file--> <script language=“javascript”>…</script> : Obsolete! Defined types: text/ecmascript text/javascript application/ecmascript application/javascript text/vbscript Or. : Obsolete! Defined types: text/ecmascript. text/javascript. application/ecmascript. application/javascript. text/vbscript.", "width": "800" }

67 JavaScript JavaScript is an interpreted language used mainly to give dynamical behavior into HTML pages. JavaScript has a different syntax than Java. Main characteristics: small, lightweight language object oriented variable data types are not declared (dynamic typing). prototype-based object model Reference :

68 JavaScript – example of definition of an object type
function mycircle(x,y,r) { this.xcoord = x; this.ycoord = y; this.radius = r; this.retArea = getTheArea; //This next line uses an alternative syntax this.retCirc = function () { return ( Math.PI * this.radius * 2 ); }; this.mvBy = mvCclBy; } function getTheArea() { return ( Math.PI * this.radius * this.radius ); function mvCclBy(xDis,yDis) { this.xcoord += xDis; this.ycoord += yDis; /* create a mycircle called testcircle where testcircle.xcoord is 3 and testcircle.ycoord is 4 and testcircle.radius is 5 */ var testcircle = new mycircle(3,4,5); use the mvBy method to displace the centre of testcircle. move it by 2 in the x direction and 3 in the y direction testcircle.mvBy(2,3); //testcircle.xcoord is now 5 and testcircle.ycoord is now 7 window.alert( 'The area of the circle is ' + testcircle.retArea() ); window.alert( 'The circumference is ' + testcircle.retCirc() ); Extract of

69 HTML & Client side scripting – event handlers
Presentation title HTML & Client side scripting – event handlers Some HTML tags have attributes used to call scripts functions.

70 HTML & Client side scripting – event handlers - example
Presentation title HTML & Client side scripting – event handlers - example <html> <head> <title>A simple example of java script and event handlers</title> <script language="javascript"> function callSelectedPage(){ var selectControl = document.selectform.selectpage; var selectedPage = selectControl.options[selectControl.selectedIndex].text document.location= selectedPage + ".htm"; } </script> </head> <body> <form name="selectform"> <h1>selection of one of an HTML page selected in a list</h1> <select name="selectpage"> <option>SimplePage</option> <option>SimpleForm</option> <option>SimplePageWithEmbeddedCssWithStyleOnClass</option> </select> <a href="#" onclick="javascript:callSelectedPage();return(false);">call selected HTML page</a> </form> </body> </html>

selection of one of an HTML page selected in a list

call selected HTML page
", "width": "800" }

71 Client-side - Main Web Standards and techniques Where are we now?
Presentation title Client-side - Main Web Standards and techniques Where are we now? HTML : description of the content to display in the current page of the browser CSS : styles to apply to HTML tags. Scripting : JavaScript, VBScript Client side embedded objects

72 HTML & Client side embedded objects
Presentation title HTML & Client side embedded objects An HTML page can embed objects using the “object” tag. Such “object” has a type (“type” attribute), a path to the code ( “codebase” attribute), a region in the screen (“height”, “width” attributes) and other attributes. The XML “object” tag may have sub-elements to give supplementary information to the object. The main objects types are: ActiveX : Ms-Windows components that you may insert in an HTML page. Applets : Java classes that you may insert in an HTML page.

73 HTML & Client side objects - ActiveX - Example
Presentation title HTML & Client side objects - ActiveX - Example <html> <H1> test ActiveX </H1> <OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B " codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0" WIDTH="550" HEIGHT="400" id="myMovieName"> <PARAM NAME=movie VALUE="http://www.dan-dare.org/SonicMario/pjinns_mario_quickie.swf"> <PARAM NAME=quality VALUE=high> <PARAM NAME=bgcolor VALUE=#FFFFFF> <EMBED src="/support/flash/ts/documents/myFlashMovie.swf" quality=high bgcolor=#FFFFFF WIDTH="550" HEIGHT="400" NAME="myMovieName" ALIGN="" TYPE="application/x-shockwave-flash" PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer"> </EMBED> </OBJECT> </html>

74 HTML & Client side objects - Flash - Example
Presentation title HTML & Client side objects - Flash - Example <html> <H1> test embedding direct flash content </H1> <div class="resultObject"> <object type="application/x-shockwave-flash" data="http://joliclic.free.fr/html/object-tag/data/test.swf" width="320" height="240"> <param name="movie" value="http://joliclic.free.fr/html/object-tag/data/test.swf"> <param name="loop" value="false"> alt : <a href="data/test.swf">test.swf</a> </object> </div> </html>

75 HTML & Client side objects - Applet
Presentation title HTML & Client side objects - Applet Applets are Java classes written to be embedded in an HTML page. There are loaded and executed by the client-browser.

76 HTML & Client side objects – Applet – Example 1
Presentation title HTML & Client side objects – Applet – Example 1 DisplayCurrentDateApplet.html <html> <H1>Embedding of a simple applet displaying the current date and time</H1> <APPLET CODE="appletsExercices.AppletTest1" WIDTH=400 HEIGHT=180></APPLET> </html> appletsExercices.java package appletsExercices; import java.applet.Applet; import java.awt.Graphics; import java.util.Date; public class AppletTest1 extends Applet{ private static final long serialVersionUID = 1L; public void paint(Graphics g){ g.drawString("Current date and time:" + (new Date()).toString(),10,10); }

77 HTML & Client side objects – Applet – Example 2
Presentation title HTML & Client side objects – Applet – Example 2 <html> <H1>A calculator as applet</H1> <APPLET CODE="appletsExercices.CalculatorApplet" ARCHIVE="swing.jar" WIDTH=180 HEIGHT=180></APPLET> </html>

78 Web Applications Where are we now?
Presentation title Web Applications Where are we now? Introduction Communication between client & server Client-side Server-Side Web-services & SOA RSS Security & Authentication

79 Server-side of web Applications Presentation scheme
Presentation title Server-side of web Applications Presentation scheme History CGI HTML pages with embedded code executed server side Custom program executed by a web application container How to create a session context with a not-connected protocol Application/ session / request / page contexts. Logical separation of UI / business / data. MVC Principle Languages to create the view AJAX Data Layer

80 Standards & techniques on the server-side
Presentation title Standards & techniques on the server-side History: Beginning : static HTML pages served by HTTP servers First generation of server applications: the CGI protocol – applications executed as standalone programs – applications written mainly in C, Perl. The HTML code is directly produced by a program. Second generation, type 1 : the client calls an HTML page with embedded code. This code is executed server side. Second generation, type 2 : program executed by an web application container. The client calls a program (as for the first generation) but this code is directly executed by the server in the same process.

81 Presentation title CGI call The execution of a script is made through several processes launched at each call. HTTP get script Client appl. HTTP server Exec Command Interpreter Script Exec Script- Interpreter

82 Presentation title CGI - Transfer of information from the client to a server script through the CGI protocol Two modes of HTTP calls: Get : all user input fields are transferred to the script through the environment variable named “QUERY_STRING” Post : all user input fields are transferred on STDIN, the env variable “CONTENT_LENGTH” gives the number of bytes to read. In the both cases additional information are passed via other environment variables: REQUEST_METHOD: GET/POST PATH_INFO: part of the URL path after the name of the script HTTP_ACCEPT : the mime types the client accept REMOTE_USER : the ID of the user if identified by the server ...

83 CGI – Example 1 @echo off echo Content-type: text/html echo.
Presentation title CGI – Example 1 @echo off echo Content-type: text/html echo. echo ^<HTML^> echo ^<H1^>Test^</H1^> echo the current date is: echo %date% echo ^</HTML^>

84 CGI – Example 2 #!c:/Perl/bin/perl.exe ##
Presentation title CGI – Example 2 #!c:/Perl/bin/perl.exe ## ## displayCurrentDate.pl -- demo CGI program which just prints the current date and time print "Content-type: text/html; charset=iso \n\n"; print "<html>"; my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime; $year += 1900; $mon += 1; my $datetime = sprintf "%02d/%02d/%04d %02d:%02d:%02d", $mday, $mon, $year, $hour, $min, $sec; print $datetime; print "</html>";

85 Server-side of web Applications Where are we now?
Presentation title Server-side of web Applications Where are we now? History CGI HTML pages with embedded code executed server side Custom program executed by a web application container How to create a session context with a not-connected protocol Application/ session / request / page contexts. Logical separation of UI / business / data. MVC Principle Languages to create the view AJAX JSF Data Layer

86 Standards & techniques on the server-side
Presentation title Standards & techniques on the server-side Second generation, type 1 : the client calls an HTML page with embedded code (or specific tags). This code is executed server side. JSP : Java Server pages ASP : active server pages PHP Coldfusion

87 PHP code embedded in an HTML page - example
Presentation title PHP code embedded in an HTML page - example <html> <head> <title>Display current date</title> </head> <body> <?php print "current date:"; print(Date("l F d, Y")); ?> </body> </html>

88 Simple JSP Example <html> <body>
Presentation title Simple JSP Example <html> <body> <%= "current Date and time :" + (new java.util.Date()).toString() %> </body> </html>

89 Server-side of web Applications Where are we now?
Presentation title Server-side of web Applications Where are we now? History CGI HTML pages with embedded code executed server side Custom program executed by a web application container How to create a session context with a not-connected protocol Application/ session / request / page contexts. Logical separation of UI / business / data. MVC Principle Languages to create the view AJAX Data Layer

90 Standards & techniques on the server-side
Presentation title Standards & techniques on the server-side Second generation of server applications, type 2: web application containers. The client calls a program (as for the first generation) but this code is directly executed by the server in the same process. Java J2EE web container: servlets (+ JSP for the view). Perl with modPerl on Apache server WebObjects (Apple)‏

91 Presentation title Web application call The execution of a web application is made by the application server that already hosts the interpreter of the language used. HTTP get ../script Client appl. HTTP server Script- Interpreter Load and execute Script

92 Web application call via a J2EE webContainer
Presentation title Web application call via a J2EE webContainer With a J2EE server, the HTTP client calls a servlet directly executed by the J2EE web container. J2EE server HTTP get ../servlet Client appl. J2EE web container JVM Servlet J2EE EJB Container JVM EJB

93 Transfer of information from the client to a servlet
Presentation title Transfer of information from the client to a servlet Two modes of HTTP calls: Get : call of doGet(HttpServletRequest req, HttpServletResponse res)‏ Post : call of doPost(HttpServletRequest req, HttpServletResponse res)‏ In both cases, the req object gives access to the data transferred by the client application.

94 Example 1 of servlet Presentation title /*
Simple Servlet Example, extends HttpServlet */ package servletsExercices; import java.io.IOException; import java.io.PrintWriter; import java.util.Date; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class Servlet1 extends HttpServlet{ static final long serialVersionUID = 1; public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException,IOException{ PrintWriter out = res.getWriter(); res.setContentType("text/html"); out.println("<HTML>"); out.println("The current date and time is "); out.println((new Date()).toString()); out.println("</HTML>"); }

95 Example 2 of servlet Presentation title import java.io.*;
import java.util.*; import javax.servlet.*; import javax.servlet.http.*; public class Servlet8 extends HttpServlet{ static final long serialVersionUID = 1; public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException,IOException{ PrintWriter out = res.getWriter(); res.setContentType("text/html"); out.println("<HTML>"); out.println("<H3>main variables defined in the CGI protocol</H3><BR>\n"); out.println("REQUEST_METHOD :" + req.getMethod()+"<BR>\n"); out.println("PATH_INFO :" + req.getPathInfo()+"<BR>\n"); out.println("QUERY_STRING :" + req.getQueryString()+"<BR>\n"); out.println("REMOTE_HOST :" + req.getRemoteHost()+"<BR>\n"); out.println("REMOTE_ADDR :" + req.getRemoteAddr()+"<BR>\n"); out.println("CONTENT_TYPE :" + req.getContentType()+"<BR>\n"); out.println("CONTENT_LENGTH :" + req.getContentLength()+"<BR>\n"); out.println("<H3>request arguments</H3><BR>\n"); Enumeration paramNames = req.getParameterNames(); while(paramNames.hasMoreElements()){ String name = (String) paramNames.nextElement(); String value = req.getParameter(name); out.println(name + " = " + value + "<BR>\n"); } out.println("</HTML>"); public void doPost(HttpServletRequest req, HttpServletResponse res) throws ServletException,IOException{ doGet(req,res);

96 Example 2 of servlet - result
Presentation title Example 2 of servlet - result

97 Server-side of web Applications Where are we now?
Presentation title Server-side of web Applications Where are we now? History CGI HTML pages with embedded code executed server side Custom program executed by a web application container How to create a session context with a not-connected protocol Application/ session / request / page contexts. Logical separation of UI / business / data. MVC Principle Languages to create the view AJAX Data Layer

98 How to create a session context with a not-connected protocol.
Presentation title How to create a session context with a not-connected protocol. The HTTP protocol doesn’t necessary maintain the connection between two calls to an web application. To do some treatments, it is necessary to keep information on previous requests & results. The solution is to create a logical session for each user. Each request is part of a session (except the first request, for which the server will create a new session). A session has an end triggered either by an explicit action of the user (or of the application) or by a time-out. At the end of the session, the server frees resources allocated to keep session data. Req 1 Req 2 Req n Time-out Session1 start Session end

99 How to create a session context with a not-connected protocol.
Presentation title How to create a session context with a not-connected protocol. Session info kept on client-side Transfer of context data via URL (in the query string) and/or via hidden fields of forms. Transfer of context data via cookies. Session info stored server-side and session ID (ticket) kept client- side Transfer of session ticket via URL and/or via hidden fields of forms. Transfer of session ticket via cookies. Usually, a web application uses a cookie to store a session ticket but if the cookies are not authorized by the web-browser (de-activated) the web application may switch automatically to the insertion of the session ticket in the call-back URLs present in the content of the page.

100 Application/ session / request / page contexts.
Presentation title Application/ session / request / page contexts. The HTTP protocol is not connected and has no context. An HTTP application, usually creates a session by user and may create some contexts to store and retrieve information from calls to calls. With JSP/ASP/servlets the following context scopes are available: application : information stored in this context can be shared between different entries (different servlets for a J2EE application) of the same application. session : information stored in this context can be used by the code executed after different calls of the user during the execution of the same user-session. request : information stored in this context can be used by different modules of codes chained to answer to a single call of the user. page : information stored in this context is only available to construct a single HTML page.

101 Logical separation of UI / business / data.
Presentation title Logical separation of UI / business / data. A good practice is to separate different concerns, in particular the user-interface, the business code, the access to data. If the design is correct, it is possible to modify or replace a component playing a specific role without any modification of the others. When you distribute a part of a layer, you have to add modules to act as an interface. UI Layer Client UI Layer Interface Server Business Layer Data Access Layer

102 Server-side of web Applications Where are we now?
Presentation title Server-side of web Applications Where are we now? History CGI HTML pages with embedded code executed server side Custom program executed by a web application container How to create a session context with a not-connected protocol Application/ session / request / page contexts. Logical separation of UI / business / data. MVC Principle Languages to create the view AJAX Data Layer

103 MVC principle. MVC means Model View Controller.
Presentation title MVC principle. MVC means Model View Controller. It is a way to separate the management of the look of user-interface and the process of actions. The model is a structure of data used to exchange information between the view and the controller. The view is the expression of what the user will see (the view will be populated with data coming from the model). The controller process the actions and fills the view with results to display.

104 Presentation title MVC A generic controller (often furnished by a framework) calls the code implemented to achieve an action. The action code may call a business operation and may fill the model. The action code also identifies the view to return to the user. The controller calls the interpretation of the view. The view may dynamically include data stored into the model. The details of this process may differ from one framework to another. 6.Get content to return 0.Http get Generic Controller View 8.Return content 9.Http answer 1.Execute 5.Identity of the view 7. Get data Action Model 4.Fill 2. Execute 3.Return Business Operation

105 Server-side of web Applications Where are we now?
Presentation title Server-side of web Applications Where are we now? History CGI HTML pages with embedded code executed server side Custom program executed by a web application container How to create a session context with a not-connected protocol Application/ session / request / page contexts. Logical separation of UI / business / data. MVC Principle Languages to create the view AJAX Data Layer

106 Languages to create the view
Presentation title Languages to create the view The principle is to separate the as much as possible the HTML from the programming code. In a web application, the view produces usually HTML code (but you can find situations where the view produces XML code or other types of content). Views are often defined as a mix of HTML code and either special tags or instructions in a hosted language (PHP, Java, VB, …). The non-HTML content is there to produce dynamically HTML to present data (injection of data, conditional production of HTML code, loops in production of HTML code, …). An other way to define dynamic behaviors in the view is to use specific tags (insertion of data, conditional sections, loops, ...).

107 Different languages to create the view
Presentation title Different languages to create the view For an extensive list of available templates engine for web pages, see For J2EE applications, most famous template engines are JSP (with JSTL or other custom tag libs) Apache Velocity Free Marker For PHP, see rossolini.developpez.com/comparatifs/php/templates/?page=sommaire An alternative is to use XSLT with a template in XML. Data Template Engine HTML/XML Template

108 Servlet + JSP (with JSTL & EL) example
Presentation title Servlet + JSP (with JSTL & EL) example Foo.jsp <html> page isELIgnored="false" %> taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %> values of the bean "foo" filled by the calling servlet <ul> <c:forEach var="val" items="${foo.list}" varStatus="vs"> <li>value = ${val}</li> </c:forEach> </ul> </html> Foo.java public class Foo { String s[]; public String[] getList() { return s; } public Foo(String s[]) { this.s = s; } } FooServlet.java package servletsExercices; import java.io.*; import javax.servlet.*; import javax.servlet.http.*; import model1.Foo; public class FooServlet extends HttpServlet { private static final long serialVersionUID = 1L; public void service(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException String s[] = new String[] {"blue", "green", "red"}; Foo f = new Foo(s); req.setAttribute("foo", f); getServletContext().getRequestDispatcher("/foo.jsp").forward (req, res); }

109 J2EE JSTL & tag libs JSTL stands for Java Standard Tag Lib.
Presentation title J2EE JSTL & tag libs JSTL stands for Java Standard Tag Lib. The idea is to add specific tags in JSP pages instead of using Java code to produce dynamic HTML. See

110 Presentation title JSTL example taglib uri="http://java.sun.com/jstl/core" prefix="c" %> <html> <head> <title>Count to 10 Example (using JSTL)</title> </head> <body> <c:forEach var="i" begin="1" end="10" step="1"> <c:out value="${i}" /> <br /> </c:forEach> </body> </html>

111 Presentation title Velocity & freeMarker Velocity & freemarker are template engines you may use in other contexts that a call to an HTTP resource. You have to explicitly specify the association between the template and a bean and then you have to call the processing of the template. Properties p = new Properties(); p.setProperty("resource.loader", "class"); p.setProperty("class.resource.loader.class","org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader"); VelocityEngine engine = new VelocityEngine(); engine.init(p); Template template = engine.getTemplate("/templates/ -workflow.vm"); // Create a context and add all the objects VelocityContext context = new VelocityContext(); context.put (“mailBody",“hello"); // Render the template for the context into a string String result = new StringWriter(); template.merge(context, result);

112 Velocity example <HTML> <BODY> Hello $customer.Name!
Presentation title Velocity example <HTML> <BODY> Hello $customer.Name! <br/> Here is a list of your current subscriptions:<br/><br/> <table> #foreach( $subscription in $subscriptions )‏ #if ( $customer.isSubscribed($subscription) )‏ <tr> <td> $subscription.Name </td> </tr> #end </table> </BODY> </HTML>

113 FreeMarker example <html> <h1>${doc.book.title}</h1>
Presentation title FreeMarker example <html> <h1>${doc.book.title}</h1> <#list doc.book.chapter as ch> <h2>${ch.title}</h2> <#list ch.para as p> <p>${p} </#list> </html>

114 Server-side of web Applications Where are we now?
Presentation title Server-side of web Applications Where are we now? History CGI HTML pages with embedded code executed server side Custom program executed by a web application container How to create a session context with a not-connected protocol Application/ session / request / page contexts. Logical separation of UI / business / data. MVC Principle Languages to create the view AJAX Data Layer

115 AJAX AJAX stands for Asynchronous Javascript And XML
Presentation title AJAX AJAX stands for Asynchronous Javascript And XML It is a combination of different technologies: HTML as the main client-side language CSS for the presentation DOM & JavaScript to display results and submit requests JavaScript XMLHtppRequest for asynchronous calls XML for messages

116 Presentation title AJAX AJAX enables asynchronous refresh of parts of the screens. It improves the interactivity. It allows a server-side management of events on screen controls instead of a simple get or submit followed by a full refresh of all the screen.

117 Server-side of web Applications Where are we now?
Presentation title Server-side of web Applications Where are we now? History CGI HTML pages with embedded code executed server side Custom program executed by a web application container How to create a session context with a not-connected protocol Application/ session / request / page contexts. Logical separation of UI / business / data. MVC Principle Languages to create the view AJAX Data Layer

118 Presentation title Data access layer. The data access layer has the responsibility to get, store and update the data. Only this layer has the knowledge of the data storage structure. The data layer manages also caching, locking, DB transactions. Usually the data are stored in a SGBD. If the structure of the data base changes, only the data access layer should be modified. It exists some generic libraries able to play the role of the access layer, you just have to configure it (by example : hibernate or JDO).

119 Web Applications Where are we now?
Presentation title Web Applications Where are we now? Introduction Communication between client & server Client-side Server-Side Web-services & SOA RSS Security & Authentication

120 Presentation title Web Services Web Services are services (often stateless) callable by programs on internet/intranet using the web technologies and XML messages. The communication with Web Services are usually made through HTTP messages but with a supplementary layer : the SOAP protocol (Simple Object Access Protocol). Web Services may be registered in a standardized directory, UDDI (Universal Discovery, Description and Integration). The UDDI standards also define the protocol to access to the directory. Web Services communicate using platform-independent and language neutral web protocols. You may call a web service written in Java and executed on an Unix machine from a program written in .NET C# and executed on Windows Server.

121 Web Services - SOAP The SOAP protocol defines : Messages IN/OUT
Presentation title Web Services - SOAP The SOAP protocol defines : Messages IN/OUT The dialog (SOAP is a stateless protocol). A Web Service is defined through a WSDL file (Web Service Definition Language). The structure of messages is defined with the XSD syntax (XML Schema Description). Some systems use directories of Web Services (UDDI). A web Service offers a set of operations. SOAP defines two modes of communication: SOAP-RPC : the client requests execution of an operation & wait for the answer. The message send identifies the operation to execute and the arguments. The answer may contain a status and a result. SOAP-Message : the client sends a message and do not necessarily have to wait for an answer. The SOAP message just contains an XML document treated by the receiver.

122 Web services – Example of call
POST /axis/EchoHeaders.jws HTTP/1.0 Content-Type: text/xml; charset=utf-8 Accept: application/soap+xml, application/dime, multipart/related, text/* User-Agent: Axis/1.4 Host: localhost:8180 Cache-Control: no-cache Pragma: no-cache SOAPAction: "" Content-Length: 374 <?xml version="1.0" encoding="UTF-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <soapenv:Body> <ns1:list soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns1="http://DefaultNamespace"/> </soapenv:Body> </soapenv:Envelope>

123 Web services – Example of answer
HTTP/ OK Server: Apache-Coyote/1.1 Set-Cookie: JSESSIONID=47307A96AE5D2471FFE16C6F01B64E6C; Path=/axis Content-Type: text/xml;charset=utf-8 Date: Sun, 19 Oct :20:21 GMT Connection: close <?xml version="1.0" encoding="utf-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <soapenv:Body> <ns1:listResponse soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/ xmlns:ns1="http://DefaultNamespace"> <listReturn soapenc:arrayType="xsd:string[8]" xsi:type="soapenc:Array" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"> <listReturn xsi:type="xsd:string">content-type:text/xml; charset=utf-8</listReturn> <listReturn xsi:type="xsd:string">accept:application/soap+xml, application/dime, multipart/related, text/*</listReturn> <listReturn xsi:type="xsd:string">user-agent:Axis/1.4</listReturn> <listReturn xsi:type="xsd:string">host:localhost:8180</listReturn> <listReturn xsi:type="xsd:string">cache-control:no-cache</listReturn> <listReturn xsi:type="xsd:string">pragma:no-cache</listReturn> <listReturn xsi:type="xsd:string">soapaction:""</listReturn> <listReturn xsi:type="xsd:string">content-length:374</listReturn> </listReturn></ns1:listResponse> </soapenv:Body> </soapenv:Envelope>

124 J2EE server Web Services in Java
Presentation title Web Services in Java In the Java world, web services are usually accessed through a servlet but can be implemented either in the web container or in the EJB container. J2EE server HTTP get ../servlet Client appl. J2EE web container JVM Servlet W-S implementation

125 Presentation title Web Services limits The basic technologies for Web services are not always sufficient, some issues have to be addressed: State management. Transactions. Security Some standards are available to cover those concerns but there are not widely adopted.

126 Presentation title SOA SOA means Service Oriented Architecture. It is based on loose coupling services implementing business operations (usually web services). Such operations are combined and reused to form business applications. The combination of elementary services, with decisions, loops, management of exceptions, ... is called “orchestration”. Specific tools help to design an orchestration without classical programming. There are standards related to the definition and the execution of business processes as BPEL.

127 Web Applications Where are we now?
Presentation title Web Applications Where are we now? Introduction Communication between client & server Client-side Server-Side Web-services & SOA RSS Security & Authentication

128 Presentation title RSS feeds "Really Simple Syndication (RSS 2.0)", is a standard used to subscribe and receive news or often modified contents. The user subscribes to a feed by entering the feed's link into the reader or by clicking an RSS icon in a browser that initiates the subscription process. The RSS reader checks the user's subscribed feeds regularly for new work, downloads any updates that it finds, and provides a user interface to monitor and read the feeds. (extract of ). The server just publishs XML documents with metadata on articles and links to detailed content. The client filters following criteria given by the users and following the status (consulted or not).

129 RSS feeds – example of content
Presentation title RSS feeds – example of content <?xml version="1.0"?> <rss version="2.0"> <channel> <title>Lift Off News</title> <link>http://liftoff.msfc.nasa.gov/</link> <description>Liftoff to Space Exploration.</description> <language>en-us</language> <pubDate>Tue, 10 Jun :00:00 GMT</pubDate> <lastBuildDate>Tue, 10 Jun :41:01 GMT</lastBuildDate> <docs>http://blogs.law.harvard.edu/tech/rss</docs> <generator>Weblog Editor 2.0</generator> <ttl>5</ttl> <item> <title>Star City</title> <link>http://liftoff.msfc.nasa.gov/news/2003/news-starcity.asp</link> <description>How do Americans get ready to work with Russians aboard the International Space Station? They take a crash course in culture, language and protocol at Russia's Star City.</description> <pubDate>Tue, 03 Jun :39:21 GMT</pubDate> <guid>http://liftoff.msfc.nasa.gov/2003/06/03.html#item573</guid> </item> <title>Space Exploration</title> <description>Sky watchers in Europe, Asia, and parts of Alaska and Canada will experience a partial eclipse of the Sun on Saturday, May 31st.</description> <pubDate>Fri, 30 May :06:42 GMT</pubDate> <guid>http://liftoff.msfc.nasa.gov/2003/05/30.html#item572</guid> </channel> </rss>

130 Web Applications Were are we now?
Presentation title Web Applications Were are we now? Introduction Communication between client & server Client-side Server-Side Web-services & SOA RSS Security & Authentication

131 Security with web applications.
Presentation title Security with web applications. A web application can cause some harm to your computer, can attack your privacy, can usurp your identity to act on external sites. You may configure your browser to specify some restrictions: No cookies No applets No scripting No Active-X No frames

132 Security with web applications – zones.
Presentation title Security with web applications – zones. You may give different security policies by zone: Local internet : sites of your local network Trusted sites : sites that you have registered as secure. Restricted sites : sites that you have registered as non-secure. Internet : all other sites.

133 Security restrictions client-side.
Presentation title Security restrictions client-side. In a web browser, the applicative program should have at the minimum following restrictions: No access to the local file system. Can’t launch programs on the local system. The JavaScript security model is based on a sandbox approach where scripts run in a restricted execution environment without access to local file systems, user data, or network capabilities. The same-origin policy prevents scripts from one site from reading properties of windows loaded from a different location. A signed script can request expanded privileges that give it access to restricted information and abilities.

134 Security with web applications – for Active-X objects.
Presentation title Security with web applications – for Active-X objects. An Active-X object has all rights on your computer. Active-X objects are signed and certified, you should accept to load an Active-X only if you trust the provider.

135 Security with web applications – for applets.
Presentation title Security with web applications – for applets. By default applets loaded on an external site have restricted rights : No storage of data (except through cookies). No actions on the local file system (no read, no creation of files, directories, …). No execution of another program on the client-side. Not allowed to open network connections to any computer, except for the host that provided the .class files. To add rights to an applet, the more secure way is to use certificated and encrypted applets.

136 Presentation title Authentication HTTP Basic authentication : the user/password are coded (in base 64) and transferred directly in the HTTP header => it is not really secure! HTTP Digest access authentication : uses MD5 encryption (one way encryption). Public key authentication (usually implemented with HTTPS / SSL Client Certificates)‏ Kerberos or SPNEGO authentication

137 Web Applications Where are we now? … It’s finished!
Presentation title Web Applications Where are we now? … It’s finished! Introduction Communication between client & server Client-side Server-Side Web-services & SOA RSS Security & Authentication

138 Presentation title

139 Presentation title


Download ppt "DEV034 -Web Applications, Introduction"

Similar presentations


Ads by Google