Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Servlets – Part 2 Representation and Management of Data on the Web.

Published byArabella Glenn Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Servlets – Part 2 Representation and Management of Data on the Web."— Presentation transcript:

1 1 Servlets – Part 2 Representation and Management of Data on the Web

2 2 Announcement I have put an excellent book on Servlets and JSP pages at: –~dbi/Core-Servlets-and-JSP.pdf

3 3 What are Cookies used For? Identifying a user during an e-commerce (or other) session Avoiding user-name and password Customizing a site Focusing advertising

4 4 Cookies Cookies are state information that gets passed back and forth between the web server and browser in HTTP headers Set-Cookie: NAME=VALUE; expires=DATE; path=PATH; domain=DOMAIN_NAME; secure A response header Cookie: NAME=VALUE; NAME2=VALUE2; NAME3=VALUE3... A request header

5 5 Problems A privacy threat: –search engine can remember previous searches –The computer that stores the cookie can allow an access to a site for a person that is not the person that the site recognizes However, cookies do not pose a security threat

6 6 Sharing Information Can two sites share the information that they have with cookies? What if the two sites use images from the same source?

7 7 javax.servlet.http.Cookie Cookies are represented with the class Cookie in javax.servlet.http A cookie object can be created by the cookie constructor The name and the value of the constructor should not include: []() =, “ / ? @ : ;

8 8 Cookies You create cookies and then add them to the HttpServletResponse –public Cookie[] getCookies() You can get cookies from the HttpServletRequest –public void addCookie(Cookie)

9 9 Properties of Cookies getDomain / setDomain –The domain for which the cookie belongs getMaxAge / setMaxAge –How long (in seconds) will the cookie last –Negative value = per-session cookie –Default: Only exists during session getName –The name of the cookie to identify it

10 10 Properties of Cookies getPath / setPath –Defines the path for which the cookie relates –Cookie.setPath(“/”) means that all the pages on host will get the cookie –Defualt: Entire host getSecure / setSecure –Should the cookie be sent with SSL secured line getValue / setValue –The value that the cookie holds*

11 11 Login Page Logon to My Site Your Name: HTML Page

12 12 import java.io.*;import javax.servlet.*;import javax.servlet.http.*; public class WelcomeBack extends HttpServlet { public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { String user = req.getParameter("username"); if (user == null) { Cookie[] cookies = req.getCookies(); for (int i = 0 ; i < cookies.length ; i++) { if (cookies[i].getName().equals("username")) user = cookies[i].getValue(); } } else res.addCookie(new Cookie("username", user)); if (user != null) { res.setContentType("text/html"); PrintWriter out = res.getWriter(); out.println(" Welcome Back" + user + " "); } else { res.sendRedirect("/dbi/login.html"); } } }

13 13 Session Tracking HTTP is a stateless protocol Many web applications (i.e. shopping carts) are not stateless) Need to keep track of each user’s state (i.e. items in the shopping cart) Sessions can be managed using: cookies, hidden form fields or URL rewriting

14 14 Using Cookies: Intuition sessionIdsessionData dsf39324 324jlsdf 234jksdf 789388dd …… …… …… …… …… …… …… …… …… …… …… ……

15 15 Hidden Form Fields: Inutiton Hidden fields are just another type of input tag for a form The receiving web server can’t tell the difference between a user entered value and a hidden form field value For this to work: All pages must be results of form submission <INPUT TYPE = hidden NAME = “session” VALUE = “…” >

16 16 URL Encoding Client appends some extra data to all URLs of the session: –http://host/path/file.html?sessionid=455hh You must embed all links into your site! If you want to embed a link in a response, and want the link to reflect the session-id, use either (from HttpServletResponse) –public String encodeURL(String url) –public String encodeRedirectURL(String url) These encode the session id as ?name=value on the end of the url

17 17 Tracking with HttpSession Servlets have built-in session tracking Every user has a HttpSession object to store and retrieve user information, e.g., –shopping cart contents, –database connections Can be implemented using cookies/URL Encoding (for us it doesn’t make a difference which)

18 18 Getting the Session Retrieve the user’s session: (from the request object) HttpSession getSession(boolean create) if the user has no valid session, –a new one is created if create is true; –null is returned if create is false HttpSession's method isNew() returns true if the session is new to the client

19 19 Session Tracking API Add data to a session using HTTPSession's method: void setAttribute(String name, Object val) –value must implement Serializable interface –replaces any object that is bound in the session and has the same name Retrieve data from a session public Object getAttribute(String name) –returns null if no object is bound to the name

20 20 More on Tracking API Retrieve the name of all session objects –public Enumeration getAttributeNames() Remove an attribute from the session –public void removeAttribute(String name) –does nothing if no object is bound You can get the identifier of the object by –public String getId(String name) These methods throw an IllegalStateException if the session is invalid

21 21 import java.io.*;import javax.servlet.*;import javax.servlet.http.*; public class HitCount extends HttpServlet { public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { res.setContentType("text/html"); PrintWriter out = res.getWriter(); HttpSession session = req.getSession(true); Integer count = (Integer)session.getValue("tracker.count"); if (count == null) count = new Integer(1); else count = new Integer(count.intValue() + 1); session.putValue("tracker.count", count); out.println(" You've visited this page " + count + ((count.intValue() == 1) ? " time." : " times.") + " "); }

22 22 Note about HTTPSession There is a single session per user, per session. Different Sevlets will get the same HttpSession object, when calling getSession on different HTTPServletRequest objects during the same session

23 23 ServletContext For sharing resources among servlets in the same web application, we use ServletContext Can store web application initialization parameters (similar to ServletConfig) Can store attributes (defined during lifetime of application) Access to logger Dispatching requests to other Servlets

24 24 ServletContext Methods Get a ServlerContext using getServletContext(). This is a method of Servlet Partial Method List: –public void log(String msg) –public void log(String msg, Throwable exception) –public String getRealPath(String path) –public Object getAttribute(String name) –public void setAttribute(String name, Object object) –public void removeAttribute(String name) –public RequestDispatcher getRequestDistpatcher(String Name);

25 25 Note about ServletContext There is a single ServletContext per web application Different Sevlets will get the same ServletContext object, when calling getServletContext during different sessions

26 26 Request Dispatcher Methods void forward (ServletRequest request, ServletResponse response) –Forwards a request from a servlet to another resource (servlet, JSP file, or HTML file) on the server void include (ServletRequest request, ServletResponse response) –Includes the content of a resource (servlet, JSP page, HTML file) in the response

27 27 Passing on Data 3 different ways to set parameters for the forwarded servlet or JSP to see –Data that will be used only for this request: request.setAttribute("key", value); –Data will be used for this client (also for future requests): session.setAttribute("key", value); –Data that will be used in the future for any client context.setAttribute("key", value);

28 28 Fowarding Request Example Consider an online Travel Agent, as shown here here The Travel Servlet is called by the page The Travel Servlet sets some variables The request is then forwarded depending on the button that the user had pressed

29 29 public class Travel extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String emailAddress = request.getParameter("emailAddress"); String password = request.getParameter("password"); TravelCustomer customer = TravelCustomer.findCustomer(password, emailAddress); if (customer == null) gotoPage("/travel/Accounts", request, response); customer.setStartDate(request.getParameter("startDate")); customer.setEndDate(request.getParameter("endDate")); customer.setOrigin(request.getParameter("origin")); customer.setDestination(request.getParameter ("destination")); HttpSession session = request.getSession(true); session.putValue("customer", customer);

30 30 if (request.getParameter("flights") != null) { gotoPage("/travel/BookFlights", request, response); } else if (request.getParameter("cars") != null) { gotoPage("/travel/RentCars", request, response); } else if (request.getParameter("hotels") != null) { gotoPage("/travel/FindHotels", request, response); } else if (request.getParameter("cars") != null) { gotoPage("/travel/EditAccounts", request, response); } else gotoPage("/travel/IllegalRequest", request, response); } private void gotoPage(String address, HttpServletRequest request, HttpServletResponse response)throws ServletException, IOException { RequestDispatcher dispatcher = getServletContext().getRequestDispatcher(address); dispatcher.forward(request, response); }

31 31 Forward versus SendRedirect SendRedirect requires extra communication on part of the client: Why? SendRedirect does not have to preserve all the variables in the request SendRedirect ends up with a different URL on the client. What problems does this imply might happen when using Forward?

32 32 Include Forwarding a request completely services a request To include the result of a resource (html page, jsp page, servlet) in our response use the include method of RequestDispatcher

33 33 Servlet Chaining Servlets cooperate to create content Multiple servlets in a chain –request parameters supplied to first servlet –output from each Servlet piped to the next Servlet in the chain –last servlet in chain sends output to client Web server Servlet request request + response Servlet request + response Servlet response

34 34 More on Servlet Chaining Example use: –Servlet #1: Translates XSQL page to XML page –Servlet #2: Translates XML to HTML using XSL Can Servlet chaining be implemented using RequestDispatcher.forward? Can Servlet chaining be implemented using RequestDispatcher.include? How can Servlet chaining be implemented?

35 35 Comparison Comparing Servlets to Other Technologies

36 36 Comparing Servlets to Applets An Applet is a Java application, embedded in a Web page Commonly used for: games, graphics, etc. To add an Applet to a web page, use the tag When a browser loads the Web page, the applet byte-code is downloaded to the client box and executed by the browser

37 37 Problems with Applets Security Restrictions: Applets cannot access files or databases The Bandwidth Problem: As your applets grow in size, the download time becomes unacceptable Compatibility: –client must have a compatible browser –If a client's browser is not compatible, s/he will not be presented with proper content –Thin clients do not support the whole Java API

38 38 Servlet Solutions Why don't Servlets have: –Security restrictions? –Bandwidth problems? –Compatibility problems? What disadvantages do Servlets have over Applets?

39 39 Comparing Servlets to CGI Common Gateway Interface (CGI): Perl scripts that generate Web pages dynamically by processing form data With CGI, each request causes a new process to be created that runs the script With Servlets, each request causes a new thread to be created Thread creation requires less time and resources

40 40 Java Server Pages (JSP) JavaServer Pages: use XML-like tags and scriptlets written in Java within a web page Result in dynamic data in web page JSP is automatically compiled to Servlet Next Week: Learn about JSP!

Download ppt "1 Servlets – Part 2 Representation and Management of Data on the Web."

Similar presentations

JSP and Servelets.

JSP and Servelets.
CGI programming. Common Gateway Interface interface between web server and other programs (cgi scripts) information passed as environment variables passed.

CGI programming. Common Gateway Interface interface between web server and other programs (cgi scripts) information passed as environment variables passed.
Cookie in a servlet. Cookies are small bits of textual information that a Web server sends to a browser and that the browser returns unchanged when visiting.

Cookie in a servlet. Cookies are small bits of textual information that a Web server sends to a browser and that the browser returns unchanged when visiting.
Java Server Pages (JSP)

Java Server Pages (JSP)
Server Side Programming Common Gateway Interface (CGI): Scripts generate Web pages or other files dynamically by processing form data and returning documents.

Server Side Programming Common Gateway Interface (CGI): Scripts generate Web pages or other files dynamically by processing form data and returning documents.
Objectives Ch. D - 1 At the end of this chapter students will: Know the general architecture and purpose of servlets Understand how to create a basic servlet.

Objectives Ch. D - 1 At the end of this chapter students will: Know the general architecture and purpose of servlets Understand how to create a basic servlet.
CSE 190: Internet E-Commerce Lecture 7. HTML Templates Designed to separate server side logic from HTML presentation Key features –Escapes from HTML into.

CSE 190: Internet E-Commerce Lecture 7. HTML Templates Designed to separate server side logic from HTML presentation Key features –Escapes from HTML into.
An introduction to Java Servlet Programming

An introduction to Java Servlet Programming
J2EE Servlets and JSP Advanced topics Presented by Bartosz Sakowicz.

J2EE Servlets and JSP Advanced topics Presented by Bartosz Sakowicz.
Liang, Introduction to Java Programming, Sixth Edition, (c) 2005 Pearson Education, Inc. All rights reserved. 0-13-148952-6 1 Chapter 34 Servlets.

Liang, Introduction to Java Programming, Sixth Edition, (c) 2005 Pearson Education, Inc. All rights reserved Chapter 34 Servlets.
June 1, 2000 Object Oriented Programming in Java (95-707) Advanced Topics 1 Lecture 10 Object Oriented Programming in Java Advanced Topics Servlets.

June 1, 2000 Object Oriented Programming in Java (95-707) Advanced Topics 1 Lecture 10 Object Oriented Programming in Java Advanced Topics Servlets.
2/16/2004 Dynamic Content February 16, 2004. 2/16/2004 Assignments Due – Message of the Day Part 1 Due – Reading and Warmup Work on Message of the Day.

2/16/2004 Dynamic Content February 16, /16/2004 Assignments Due – Message of the Day Part 1 Due – Reading and Warmup Work on Message of the Day.
1 Servlets Part 2 Representation and Management of Data on the Web.

1 Servlets Part 2 Representation and Management of Data on the Web.
Servlet Session Tracking. 2 Persistent information A server site typically needs to maintain two kinds of persistent (remembered) information: Information.

Servlet Session Tracking. 2 Persistent information A server site typically needs to maintain two kinds of persistent (remembered) information: Information.
Integrating Servlets and JavaServer Pages Vijayan Sugumaran School of Business Administration Oakland University Parts of this presentation provided by.

Integrating Servlets and JavaServer Pages Vijayan Sugumaran School of Business Administration Oakland University Parts of this presentation provided by.
1 CS6320 – Servlet Cookies L. Grewe 2 What is a cookie? Name-value bindings sent by a server to a web browser and then sent back unchanged by the browser.

1 CS6320 – Servlet Cookies L. Grewe 2 What is a cookie? Name-value bindings sent by a server to a web browser and then sent back unchanged by the browser.
/ department of mathematics and computer sciencedepartment of mathematics and computer science / architecture of information systems.

/ department of mathematics and computer sciencedepartment of mathematics and computer science / architecture of information systems.
JSP Architecture  JSP is a simple text file consisting of HTML or XML content along with JSP elements  JSP packages define the interface for the compiled.

JSP Architecture  JSP is a simple text file consisting of HTML or XML content along with JSP elements  JSP packages define the interface for the compiled.
Chapter 4 Servlets Concept of Servlets (What, Why, and How) Servlet API Third-party tools to run servlets Examples of Using Servlets HTML tag with GET.

Chapter 4 Servlets Concept of Servlets (What, Why, and How) Servlet API Third-party tools to run servlets Examples of Using Servlets HTML tag with GET.
Servlets Compiled by Dr. Billy B. L. Lim. Servlets Servlets are Java programs which are invoked to service client requests on a Web server. Servlets extend.

Servlets Compiled by Dr. Billy B. L. Lim. Servlets Servlets are Java programs which are invoked to service client requests on a Web server. Servlets extend.

Similar presentations

Ads by Google