Server-Side Processing Overview
Download
Report
Transcript Server-Side Processing Overview
Server-Side Development Basics
Harry R. Erwin, PhD
University of Sunderland
CIT304/CSE301
Resources
• Hans Bergsten, 2002, JavaServer Pages, 2nd edition, O’Reilly, ISBN:
0-596-00317-X
• http://java.sun.com/products/jsp/
• http://www.apl.jhu.edu/~hall/java/Servlet-Tutorial/
• Farley, et al., 2002, Java Enterprise in a Nutshell, 2nd edition,
O’Reilly, ISBN: 0-596-00152-5
• Brittain and Darwin, 2003, Tomcat: the Definitive Guide, O’Reilly.
• Kurniawan and Deck, 2004, How Tomcat Works,
BrainySoftware.com.
• Knuckles and Yuen, 2005, Web Applications: Concepts and Real
World Design, Wiley.
• Nakhimovsky and Myers, 2004, Google, Amazon and Beyond, Apress.
Questions to be Answered
•
•
•
•
•
What is server-side programming (SSP)?
What are some approaches to SSP?
What are SSP basics?
What is JSP?
How can I support SSP?
What is Server-Side
Programming (SSP)?
• Technologies for developing web pages that
include dynamic content—that is web
applications.
• Can produce web pages that contain information
that is connection- or time-dependent.
• A key technology for on-line shopping, employee
directories, personalized and internationalized
content.
History of Dynamic Web Content
• The Common Gateway Interface (CGI) was the first
approach to providing dynamic web content. Used scripts,
and a process, not just an individual thread, was dispatched
for each web page generated. Hence inefficient and did not
scale well.
• Numerous second generation alternatives were invented:
–
–
–
–
–
FastCGI
mod_perl
NSAPI
ISAPI
Java Servlets
• These embedded HTML in programming code. Hence
costly in programmer time.
Scripting—the Third Generation
Approach
• Idea: embed simple code in HTML pages!
• The HTML pages then use the code to
choose what elements and data to display.
• Classes and/or subroutines may be called to
compute information for inclusion in the
web page. Existing APIs can be invoked.
• This is known as ‘scripting’.
Some Approaches to Scripting
• JavaServer Pages (JSP, uses Java sparingly, will be
covered in these lectures)
• Active Server Pages (ASP, uses VBScript, Jscript, COM
or ActiveX components, ODBC). ASP.NET is quite
similar to JSP, using C#. Has not been very popular.
• PHP (C-like syntax, many functions available, insecure,
covered in DL versions of CIT304)
• ColdFusion (CFML, proprietary)
• Java servlet template engine (Velocity, FreeMarker)
Not much change in the last five years, other than the
introduction of AJAX (JavaScript + XML).
Some JSP Basics
• The HTTP protocol.
• Servlets
The HTTP Protocol
•
A communications model:
–
–
•
A client, often but not always a web browser, sends a
request for a resource to a server.
The server returns a response or an error message.
Points to remember:
1. Stateless protocol.
2. Delayed feedback.
3. Server cannot tell how the request was made. No
client-side processing can be invoked. (If it could be,
it would be a security nightmare.)
Examples of HTTP Clients
• Web browsers (many, including specialized ones for
console interfaces—lynx—and handicapped users)
• Search utilities (Sherlock on MacOS X)
• Help utilities
• FTP clients (e.g., interarchy on MacOS X)
• Software registration programs
• telnet (a hacker can emulate a web browser by connecting
to port 80)
• Specialized programs (e.g., curl)
• Cracker toolkits (to generate malformed http requests)
HTTP Requests
• Information is specified by an HTTP Uniform
Resource Locator (URL, see RFC-2396 and RFC2616).
http://osiris.sunderland.ac.uk:80/~cs0her/index.html
• Consists of:
– Protocol designation (http and https)
– Server name:port number (port number defaults to 80
for http and 8080 443 for https)
– Name of the resource being requested. Need not be a
file. Here it is: /~cs0her/index.html
HTTP Request Message
• Consists of:
– Request line
• GET resource_name protocol_in_use
• POST (provides parameters in the request body, see below)
– Request headers
• Host (server name)
• User-Agent (browser type)
• Various Accept headers describing formats and languages
– Request body (optional)
Java Servlets
• Currently, Java is the predominant language for
SSP. This is due to the Java Servlet API.
• Advantages over other SSP technologies:
– Persistent between invocations, avoiding process
instantiations.
– Portable across operating systems and servers.
– Good security.
– Can use the Java APIs, particularly JDBC.
– Is integrated closely with the J2EE environment.
Servlets
• A servlet runs in a servlet container within a Java
Virtual Machine.
• Servlet containers:
–
–
–
–
Apache/Jserv, which supports Servlets 2.0.
Mortbay.com/Jetty
IBM/WebSphere
Jakarta/Tomcat 4.0 (This is the reference implementation for the Servlet 2.3 API). Available from
http://jakarta.apache.org. We will discuss Tomcat in a
later lecture.
Servlet Basics
• The Servlet API consists of two Java
packages:
– javax.servlet
– javax.servlet.http
• Required for J2EE 1.3
Servlet Lifecycle
• A client makes a request involving a servlet
running on the server.
• The servlet is responsible for loading and
executing the Java classes that generate the HTML
content.
• To the client, this looks like standard HTML
processing, except faster.
• The servlet then need not shut down. Instead, it
can handle subsequent requests without restarting.
Servlet Methods
• init(), to handle startup. Once init() runs, the
servlet is available.
• service() is called to process each request. Disk
writes are only needed to preserve state.
Arguments to service() are ServletRequest and
ServletResponse objects.
• destroy() is called to clean up resources when the
server shuts down (if it ever shuts down).
Core of the API
• javax.servlet.Servlet interface.
• javax.servlet.http.Servlet class, implementing the
interface. Designed to work with the HTTP
protocol.
• javax.servlet.GenericServlet class, implementing
the interface. This class is communication
protocol agnostic. Can implement a filtering
servlet to adapt output from some other source.
This can provide other protocol services (e.g., ftp).
A Web Application
• A set of resources (servlets, static content,
.jsp files, class libraries) installed in a
specific path, making up a directory.
• Should be organized as a chroot jail.
• Multiple servlets can exist concurrently.
Run in a common ServletContext.
• Be careful—the path can change from
machine to machine.
Supporting JSP
• Requirements:
– Workstation or PC with an internet connection.
– Java 2 SDK (available from Sun, links on my
COM379 handbook page)
– JSP 1.2-enabled web server such as Apache
Tomcat (Jakarta Project). This is available here
at the Informatics Centre.
Sounds Good?
• Not really—Java servlets have to be programmed
and their configuration must be managed.
• Programmers make $50,000-$90,000 in the USA,
and programs are notoriously hard to develop and
maintain. This is particularly a problem when
changes to business logic force changes.
• Next lecture: we will look at how the same thing
can be done more quickly, easily, and flexibly
with web pages.
Conclusions
• You’ve gained a general understanding of what
Server Side Processing (SSP) is.
• You’ve seen the role of SSP in HTTP processing.
• You’ve been introduced to Java Servlets, and
• You now know the basic configuration for servlet
processing.
• Next lecture, you will see how JavaServer Pages
(JSP) interact with this environment.