Transcript Server-Side Processing Overview
Server-Side Development Basics
Harry R. Erwin, PhD University of Sunderland CIT304/CSE301
Resources
• • Hans Bergsten, 2002,
JavaServer Pages,
0-596-00317-X http://java.sun.com/products/jsp/ 2nd edition, O’Reilly, ISBN: • http://www.apl.jhu.edu/~hall/java/Servlet-Tutorial/ • Farley, et al., 2002,
Java Enterprise in a Nutshell,
2nd edition, O’Reilly, ISBN: 0-596-00152-5 • Brittain and Darwin, 2003,
Tomcat: the Definitive Guide,
O’Reilly.
• Kurniawan and Deck, 2004,
How Tomcat Works,
BrainySoftware.com.
• Knuckles and Yuen, 2005,
Web Applications: Concepts and Real World Design,
Wiley.
• Nakhimovsky and Myers, 2004,
Google, Amazon and Beyond,
Apress.
Questions to be Answered
• What is server-side programming (SSP)?
• What are some approaches to SSP?
• What are SSP basics?
• What is JSP?
• How can I support SSP?
What is Server-Side Programming (SSP)?
• Technologies for developing web pages that include
dynamic
content—that is web applications.
• Can produce web pages that contain information that is connection- or time-dependent.
• A key technology for on-line shopping, employee directories, personalized and internationalized content.
History of Dynamic Web Content
• The Common Gateway Interface (CGI) was the first approach to providing dynamic web content. Used scripts, and a process, not just an individual thread, was dispatched for each web page generated. Hence inefficient and did not scale well.
• Numerous second generation alternatives were invented: – FastCGI – mod_perl – NSAPI – ISAPI – Java Servlets • These embedded HTML in programming code. Hence costly in programmer time.
Scripting—the Third Generation Approach
• Idea: embed simple code in HTML pages!
• The HTML pages then use the code to choose what elements and data to display.
• Classes and/or subroutines may be called to compute information for inclusion in the web page. Existing APIs can be invoked.
• This is known as ‘scripting’.
Some Approaches to Scripting
• JavaServer Pages (JSP, uses Java sparingly, will be covered in these lectures) • Active Server Pages (ASP, uses VBScript, Jscript, COM or ActiveX components, ODBC). ASP.NET is quite similar to JSP, using C#. Has not been very popular.
• PHP (C-like syntax, many functions available, insecure, covered in DL versions of CIT304) • ColdFusion (CFML, proprietary) • Java servlet template engine (Velocity, FreeMarker) Not much change in the last five years, other than the introduction of AJAX (JavaScript + XML).
Some JSP Basics
• The HTTP protocol.
• Servlets
The HTTP Protocol
• • – – A communications model: A client, often
but not always
a web browser, sends a request for a resource to a server.
The server returns a response or an error message.
Points to remember: 1. Stateless protocol.
2. Delayed feedback.
3. Server cannot tell how the request was made. No client-side processing can be invoked. (If it could be, it would be a security nightmare.)
Examples of HTTP Clients
• Web browsers (many, including specialized ones for console interfaces—lynx—and handicapped users) • Search utilities (Sherlock on MacOS X) • Help utilities • FTP clients (e.g., interarchy on MacOS X) • Software registration programs • telnet (a hacker can emulate a web browser by connecting to port 80) • Specialized programs (e.g., curl) • Cracker toolkits (to generate malformed http requests)
HTTP Requests
• Information is specified by an HTTP Uniform Resource Locator (URL, see RFC-2396 and RFC 2616).
http://osiris.sunderland.ac.uk:80/~cs0her/index.html
• Consists of: – Protocol designation (http and https) – Server name:port number (port number defaults to 80 for http and 8080 443 for https) – Name of the resource being requested. Need
not
file. Here it is: /~cs0her/index.html
be a
HTTP Request Message
• Consists of: – Request line • GET resource_name protocol_in_use • POST (provides parameters in the request body, see below) – Request headers • Host (server name) • User-Agent (browser type) • Various Accept headers describing formats and languages – Request body (optional)
Java Servlets
• Currently, Java is the predominant language for SSP. This is due to the Java Servlet API.
• Advantages over other SSP technologies: – Persistent between invocations, avoiding process instantiations.
– Portable across operating systems and servers.
– Good security.
– Can use the Java APIs, particularly JDBC.
– Is integrated closely with the J2EE environment.
Servlets
• A servlet runs in a servlet container within a Java Virtual Machine.
• Servlet containers: – Apache/Jserv, which supports Servlets 2.0.
– Mortbay.com/Jetty – IBM/WebSphere – Jakarta/Tomcat 4.0 (This is the reference implemen tation for the Servlet 2.3 API). Available from http://jakarta.apache.org
. We will discuss Tomcat in a later lecture.
Servlet Basics
• The Servlet API consists of two Java packages: – javax.servlet
– javax.servlet.http
• Required for J2EE 1.3
Servlet Lifecycle
• A client makes a request involving a servlet running on the server.
• The servlet is responsible for loading and executing the Java classes that generate the HTML content.
• To the client, this looks like standard HTML processing,
except faster
.
• The servlet then need not shut down. Instead, it can handle subsequent requests without restarting.
Servlet Methods
• init(), to handle startup. Once init() runs, the servlet is available.
• service() is called to process each request. Disk writes are only needed to preserve state. Arguments to service() are ServletRequest and ServletResponse objects.
• destroy() is called to clean up resources when the server shuts down (if it ever shuts down).
Core of the API
• javax.servlet.Servlet interface.
• javax.servlet.http.Servlet class, implementing the interface. Designed to work with the HTTP protocol. • javax.servlet.GenericServlet class, implementing the interface. This class is communication protocol agnostic. Can implement a filtering servlet to adapt output from some other source. This can provide other protocol services (e.g., ftp).
A Web Application
• A set of resources (servlets, static content, .jsp files, class libraries) installed in a specific
path
, making up a directory.
• Should be organized as a chroot jail.
• Multiple servlets can exist concurrently. Run in a common ServletContext.
• Be careful—the
path
machine to machine.
can change from
Supporting JSP
• Requirements: – Workstation or PC with an internet connection.
– Java 2 SDK (available from Sun, links on my COM379 handbook page) – JSP 1.2-enabled web server such as Apache Tomcat (Jakarta Project). This is available here at the Informatics Centre.
Sounds Good?
• Not really—Java servlets have to be programmed and their configuration must be managed.
• Programmers make $50,000-$90,000 in the USA, and programs are notoriously hard to develop and maintain. This is particularly a problem when changes to business logic force changes.
• Next lecture: we will look at how the same thing can be done more quickly, easily, and flexibly with web pages.
Conclusions
• You’ve gained a general understanding of what Server Side Processing (SSP) is.
• You’ve seen the role of SSP in HTTP processing.
• You’ve been introduced to Java Servlets, and • You now know the basic configuration for servlet processing.
• Next lecture, you will see how JavaServer Pages (JSP) interact with this environment.