Java web hosting at CERN
Download
Report
Transcript Java web hosting at CERN
Java web hosting at CERN
Computing Seminar, 1 November 2005
Michał Kwiatek, IT-DES
What we’ll be doing
• A few words about servlets and JSPs
• How to deploy them at CERN
• Scope, SLA and architecture of
J2EE Public Service
• Some „advanced” examples
Michał Kwiatek, IT-DES
2
What is a JSP?
<%@ page contentType="text/html;charset=iso-8859-1" %>
<html><header><title>Age example</title></header>
<body><h1>Age example</h1>
<%
String yearString = request.getParameter("year");
int year;
if (yearString==null || yearString.equals("")) {
out.print("Please specify your year of birth using year parameter");
} else {
try {
year = new Integer(yearString).intValue();
%>You are <%=2005-year%> years old.<%
} catch (NumberFormatException e) {
%><font color="red">Year of birth incorrect!</font><%
}
}
%>
<%--static inclusion--%><%@ include file="footer.html" %>
</body></html>
Michał Kwiatek, IT-DES
3
JSP implicit variables
•
•
•
•
•
request
session
application
response
out
Michał Kwiatek, IT-DES
4
What is a servlet?
• A java class that lives inside web container to serve
client requests
• extends javax.servlet.http.HttpServlet
• defining one or more of the following methods:
– doGet
– doPost
– doPut
– doDelete
– service
– init
– destroy
Note: the same servlet object will be used
simultaneously to serve many request!
Michał Kwiatek, IT-DES
5
Your servlets should be thread-safe!
Javadoc: Date formats are not
synchronized. It is recommended to
create separate format instances for
each thread. If multiple threads access
a format concurrently, it must be
synchronized externally.
package ch.cern.example;
import ...
public class ServletA extends HttpServlet {
SimpleDateFormat sdf = new SimpleDateFormat(
"yyyy-MM-dd HH:mm:ss"
);
public void service (HttpServletRequest request,
HttpServletResponse response) {
response.write("Current date and time is: ");
response.write(sdf.format(new Date()));
}
}
Michał Kwiatek, IT-DES
6
JSP is a servlet!
Declaration!
<%@ page laguage="java"%>
<html><body>
<%! int count=0 %>
Welcome, you are visitor number
<%=++count%>
</body></html>
package ch.cern.example;
import ...
public class MyServlet extends HttpServlet {
int count = 0;
public void service (HttpServletRequest request,
HttpServletResponse response) {
response.write("<html><body>Welcome, you are
visitor number"+(++count)+"</body></html>");
}
}
Michał Kwiatek, IT-DES
JSP
translation
servet class
source code
compilation
compiled
servet class
7
Did you make a nice jack’o lantern?
Michał Kwiatek, IT-DES
8
There’s more to JSP than just the pages
•
•
•
•
•
•
Object-oriented programming
Java libriaries, java beans
Custom tag libraries
Model-View-Controler model
Java Server Faces
It is vendor and platform independent
Michał Kwiatek, IT-DES
9
How to deploy them at CERN?
• Go to CERN Web Service:
http://webservices.web.cern.ch/WebServices/
• Choose „java web application (servlet/jsp)” as site
type
Michał Kwiatek, IT-DES
10
So what is this WAR file?
• WAR file is simply a zip
archive with a specific
structure
• jar files go to WEB-INF/lib
• classes go to WEB-INF/classes
• Application configuration files
• The rest is regular web
content
• Use your IDE or Ant to
package your application
jdbc_example.war
WEB-INF
classes
lib
web.xml
META-INF
context.xml *)
...
index.jsp
some.html
...
*) context.xml file is tomcat-specific
Michał Kwiatek, IT-DES
11
J2EE Public Service
• server-side infrastructure for deployment of java (servlet/jsp)
web applications provided by IT-DES
• we provide:
– servlet/JSP container
– support for deployment
– backup, monitoring
• we don’t provide:
– an EJB container
– support for development
– telnet/ssh/ftp access to the servers
• SLA: aimed for medium-sized, non-critical applications;
full support within CERN working hours; the support outside
working hours is provided on best effort basis.
Michał Kwiatek, IT-DES
12
„Standard” approach
Machine 1
servlet containter
!
proxy
web applications
Machine 2
servlet containter
web applications
Michał Kwiatek, IT-DES
13
J2EE Public Service - approach
Machine 1
servlet containers and applications
Machine 2
proxy
!
servlet containers and applications
Michał Kwiatek, IT-DES
14
J2EE Public Server architecture
• The
architecture
is open!
Michał Kwiatek, IT-DES
jpsmanager
httpd 1)
(httpd in front
of tomcats
running dev
and prod
jpsmanager)
tomcat
running
devjpsmanager 2)
tomcat
running
prodjpsmanager 3)
(used by app
owners for
managing
their
applications)
j2eeps.cern.ch
j2eeps02.cern.ch
ithp02.cern.ch
Apache20Mod
ProxyModJK 5)
(apache httpd
in front of
tomcats
running user
applications)
tomcat
running
prodjpsmanager 3)
(used by app
owners to
check logs)
j2eeps04.cern.ch
ithp04.cern.ch
j2eeps03.cern.ch
ithp03.cern.ch
j2eeps05.cern.ch
ithp05.cern.ch
container
(tomcat)
running
user app 6)
container
(tomcat)
running
user app 6)
container
(tomcat)
running
user app 6)
tomcat
running
prodjpsmanager 3)
(used by app
owners to
check logs)
jpsstunnel 4) (ldap connection to CERN’s Active Directory)
jpsmanager.cern.ch
j2eeps01.cern.ch
ithp01.cern.ch
jpsstunnel 4) (ldap connection to CERN’s Active Directory)
– Apache
Tomcat 5.5
– JDK 1.5
– Apache httpd
2.0
– jpsmanager
web
readers’
requests
web
authors’
requests
jpsstunnel 4) (ldap connection to CERN’s Active Directory)
• software
used:
idle,
meant for hosting
user applications
in the same way as
j2eeps03
not configured,
meant for hosting
user applications
in the same way as
j2eeps03
Symetrical, passwordless ssh/scp connectivity
15
Guess what!
• JDBC drivers to oracle are preinstalled (thin)
• 3 usage scenarios
Michał Kwiatek, IT-DES
16
JDBC
1. Basic example
Connection conn = null; Statement stmt = null; ResultSet rset = null;
try {
Class.forName("oracle.jdbc.driver.OracleDriver");
conn = DriverManager.getConnection(url, user, password);
stmt = conn.createStatement();
rset = stmt.executeQuery(query);
...
} catch(SQLException e) {
...
} finally {
try { rset.close(); } catch(Exception e) { }
try { stmt.close(); } catch(Exception e) { }
try { conn.close(); } catch(Exception e) { }
}
2. Connection pooling
Michał Kwiatek, IT-DES
17
JDBC (cont’d)
3. Connection pooling & JNDI (1/2)
// in Servlet, JSP, or simply a class:
Connection conn = null; Statement stmt = null; ResultSet rset = null;
try {
Context initContext = new InitialContext();
Context envContext = (Context)initContext.lookup("java:/comp/env");
DataSource ds = (DataSource)envContext.lookup("jdbc/devdb");
conn = ds.getConnection();
stmt = conn.createStatement();
rset = stmt.executeQuery(query);
...
} catch(SQLException e) {
...
} finally {
try { rset.close(); } catch(Exception e) { }
try { stmt.close(); } catch(Exception e) { }
try { conn.close(); } catch(Exception e) { }
}
Michał Kwiatek, IT-DES
18
JDBC (cont’d)
3. Connection pooling & JNDI (2/2)
// in META-INF/context.xml:
<Context>
<Resource
name="jdbc/devdb" auth="Container"
type="javax.sql.DataSource"
driverClassName="oracle.jdbc.driver.OracleDriver"
url="jdbc:oracle:thin:@oradev.cern.ch:10521:D"
username="XXXXX"
password="XXXXX"
maxActive="10"
maxIdle="5"
/>
</Context>
// in WEB-INF/web.xml:
<resource-ref> ... </resource-ref>
Michał Kwiatek, IT-DES
19
Authentication/authorisation
• Authentication:
– my identity can be
confirmed using
my CERN id card
• Authorisation
– using my identity
and additional information (did I attend
the security course?) the system will let me
into the Computer Centre or not
Michał Kwiatek, IT-DES
20
How to do it NICEly?
• method for
authentication and authorisation
– is provided by the container
– uses existing mechanisms
• this method is NICE:
– NICE login and password to authenticate
– NICE groups to authorise (CERN
Department/Group structure, or some
project-specific groups)
Michał Kwiatek, IT-DES
21
NICE authentication
NICE authentication is set up by default
• in WEB-INF/web.xml you specify which areas
of your application require authentication
• you also specify which groups of users are
authorized to access these areas
• you can define these groups (and their
members) at
https://www.cern.ch/WinServices/Services/GroupManager/
• from your application, you may check who is
logged on using:
request.getUserPrincipal()
Michał Kwiatek, IT-DES
22
Resources
• http://j2ee-public-service.web.cern.ch/j2ee-publicservice/
– sla.html
– faq.html
– technical.html
• chapter 9, "Developing secure web applications" from
SCWCD Exam Study Kit by Hanumant Deshmukh and
Jignesh Malavia.
• http://tomcat.apache.org/tomcat-5.5-doc/jndidatasource-examples-howto.html
• http://jakarta.apache.org/commons/dbcp/
• http://ws.apache.org/axis/java/index.html
• j2ee tutorial:
http://java.sun.com/j2ee/1.4/docs/tutorial/doc/inde
x.html
Michał Kwiatek, IT-DES
23
Questions?
Michał Kwiatek, IT-DES
24