Server-Side Processing Overview

Download Report

Transcript Server-Side Processing Overview

Server-Side Development Basics

Harry R. Erwin, PhD University of Sunderland CIT304/CSE301

Resources

• • Hans Bergsten, 2002,

JavaServer Pages,

0-596-00317-X http://java.sun.com/products/jsp/ 2nd edition, O’Reilly, ISBN: • http://www.apl.jhu.edu/~hall/java/Servlet-Tutorial/ • Farley, et al., 2002,

Java Enterprise in a Nutshell,

2nd edition, O’Reilly, ISBN: 0-596-00152-5 • Brittain and Darwin, 2003,

Tomcat: the Definitive Guide,

O’Reilly.

• Kurniawan and Deck, 2004,

How Tomcat Works,

BrainySoftware.com.

• Knuckles and Yuen, 2005,

Web Applications: Concepts and Real World Design,

Wiley.

• Nakhimovsky and Myers, 2004,

Google, Amazon and Beyond,

Apress.

Questions to be Answered

• What is server-side programming (SSP)?

• What are some approaches to SSP?

• What are SSP basics?

• What is JSP?

• How can I support SSP?

What is Server-Side Programming (SSP)?

• Technologies for developing web pages that include

dynamic

content—that is web applications.

• Can produce web pages that contain information that is connection- or time-dependent.

• A key technology for on-line shopping, employee directories, personalized and internationalized content.

History of Dynamic Web Content

• The Common Gateway Interface (CGI) was the first approach to providing dynamic web content. Used scripts, and a process, not just an individual thread, was dispatched for each web page generated. Hence inefficient and did not scale well.

• Numerous second generation alternatives were invented: – FastCGI – mod_perl – NSAPI – ISAPI – Java Servlets • These embedded HTML in programming code. Hence costly in programmer time.

Scripting—the Third Generation Approach

• Idea: embed simple code in HTML pages!

• The HTML pages then use the code to choose what elements and data to display.

• Classes and/or subroutines may be called to compute information for inclusion in the web page. Existing APIs can be invoked.

• This is known as ‘scripting’.

Some Approaches to Scripting

• JavaServer Pages (JSP, uses Java sparingly, will be covered in these lectures) • Active Server Pages (ASP, uses VBScript, Jscript, COM or ActiveX components, ODBC). ASP.NET is quite similar to JSP, using C#. Has not been very popular.

• PHP (C-like syntax, many functions available, insecure, covered in DL versions of CIT304) • ColdFusion (CFML, proprietary) • Java servlet template engine (Velocity, FreeMarker) Not much change in the last five years, other than the introduction of AJAX (JavaScript + XML).

Some JSP Basics

• The HTTP protocol.

• Servlets

The HTTP Protocol

• • – – A communications model: A client, often

but not always

a web browser, sends a request for a resource to a server.

The server returns a response or an error message.

Points to remember: 1. Stateless protocol.

2. Delayed feedback.

3. Server cannot tell how the request was made. No client-side processing can be invoked. (If it could be, it would be a security nightmare.)

Examples of HTTP Clients

• Web browsers (many, including specialized ones for console interfaces—lynx—and handicapped users) • Search utilities (Sherlock on MacOS X) • Help utilities • FTP clients (e.g., interarchy on MacOS X) • Software registration programs • telnet (a hacker can emulate a web browser by connecting to port 80) • Specialized programs (e.g., curl) • Cracker toolkits (to generate malformed http requests)

HTTP Requests

• Information is specified by an HTTP Uniform Resource Locator (URL, see RFC-2396 and RFC 2616).

http://osiris.sunderland.ac.uk:80/~cs0her/index.html

• Consists of: – Protocol designation (http and https) – Server name:port number (port number defaults to 80 for http and 8080 443 for https) – Name of the resource being requested. Need

not

file. Here it is: /~cs0her/index.html

be a

HTTP Request Message

• Consists of: – Request line • GET resource_name protocol_in_use • POST (provides parameters in the request body, see below) – Request headers • Host (server name) • User-Agent (browser type) • Various Accept headers describing formats and languages – Request body (optional)

Java Servlets

• Currently, Java is the predominant language for SSP. This is due to the Java Servlet API.

• Advantages over other SSP technologies: – Persistent between invocations, avoiding process instantiations.

– Portable across operating systems and servers.

– Good security.

– Can use the Java APIs, particularly JDBC.

– Is integrated closely with the J2EE environment.

Servlets

• A servlet runs in a servlet container within a Java Virtual Machine.

• Servlet containers: – Apache/Jserv, which supports Servlets 2.0.

– Mortbay.com/Jetty – IBM/WebSphere – Jakarta/Tomcat 4.0 (This is the reference implemen tation for the Servlet 2.3 API). Available from http://jakarta.apache.org

. We will discuss Tomcat in a later lecture.

Servlet Basics

• The Servlet API consists of two Java packages: – javax.servlet

– javax.servlet.http

• Required for J2EE 1.3

Servlet Lifecycle

• A client makes a request involving a servlet running on the server.

• The servlet is responsible for loading and executing the Java classes that generate the HTML content.

• To the client, this looks like standard HTML processing,

except faster

.

• The servlet then need not shut down. Instead, it can handle subsequent requests without restarting.

Servlet Methods

• init(), to handle startup. Once init() runs, the servlet is available.

• service() is called to process each request. Disk writes are only needed to preserve state. Arguments to service() are ServletRequest and ServletResponse objects.

• destroy() is called to clean up resources when the server shuts down (if it ever shuts down).

Core of the API

• javax.servlet.Servlet interface.

• javax.servlet.http.Servlet class, implementing the interface. Designed to work with the HTTP protocol. • javax.servlet.GenericServlet class, implementing the interface. This class is communication protocol agnostic. Can implement a filtering servlet to adapt output from some other source. This can provide other protocol services (e.g., ftp).

A Web Application

• A set of resources (servlets, static content, .jsp files, class libraries) installed in a specific

path

, making up a directory.

• Should be organized as a chroot jail.

• Multiple servlets can exist concurrently. Run in a common ServletContext.

• Be careful—the

path

machine to machine.

can change from

Supporting JSP

• Requirements: – Workstation or PC with an internet connection.

– Java 2 SDK (available from Sun, links on my COM379 handbook page) – JSP 1.2-enabled web server such as Apache Tomcat (Jakarta Project). This is available here at the Informatics Centre.

Sounds Good?

• Not really—Java servlets have to be programmed and their configuration must be managed.

• Programmers make $50,000-$90,000 in the USA, and programs are notoriously hard to develop and maintain. This is particularly a problem when changes to business logic force changes.

• Next lecture: we will look at how the same thing can be done more quickly, easily, and flexibly with web pages.

Conclusions

• You’ve gained a general understanding of what Server Side Processing (SSP) is.

• You’ve seen the role of SSP in HTTP processing.

• You’ve been introduced to Java Servlets, and • You now know the basic configuration for servlet processing.

• Next lecture, you will see how JavaServer Pages (JSP) interact with this environment.