【高级网络程序设计】Week3-2 Servlet

一、 What are servlets?

1. 定义

(1)Servlets are Java's answer to CGI:

|----------------------------------------------------------------------------------------------------------------------------|
| programs that run on a web server acting as middle layer between HTTP request and databases or other applications. |
| Used forclient requests that cannot be satisfied using pre-built (static) documents. |
| Used to generate dynamic web pages in response to client. |

(2)图解

|---------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Web Browser | Sending Requests to a Web Server |
| Web Server | hold/return static web pages -- e.g. index.htmldoes not respond to user input. |
| Server Side Programs | different technologies written in various languages -- e.g. CGI scripts, Java Servlets(and JSPs -- later), PHP scripts -- Call to http://localhost:8080/servlet/myhelloservlet.HelloServlet -- Not web-browsing but executing program (servlet) |
| Dynamic response | -- database lookup, calculation etc. |
| We'll look at the Java solution | how to write servlets; how the container (Tomcat) works. |

2. A general purpose Web Server

二、Simple Example

ignore how the Container finds the servlet (via the deployment descriptor -- web.xml).

html 复制代码
<form action="http://server.com/ExecuteServlet">
<input type="submit" value = "press for servlet">
</form>

1. A Basic Servlet

XML 复制代码
import jakarta.servlet.*;
import jakarta.servlet.http.*;
import java.io.*;
//import jakarta.servlet.*:imports classes in this directory, but not in sub-directories
public class HelloServlet extends HttpServlet {
    public void doGet(HttpServletRequest request,HttpServletResponse response) throws IOException, ServletException {
        response.setContentType("text/html");//设置响应文件类型、响应式的编码形式
        PrintWriter out = response.getWriter();//获取字符输出流
        out.println("<html><body>Hello!</body></html>");
        out.close();
    }
}

2. Echo Servlet

XML 复制代码
import jakarta.servlet.*;
import jakarta.servlet.http.*;
import java.io.*;
public class GetEchoServlet extends HttpServlet {
    public void doGet(HttpServletRequest request,HttpServletResponse response)throws IOException, ServletException {
        String userName = request.getParameter("fname");//获取form中输入的参数
        response.setContentType("text/html");//设置响应文件类型、响应式编码格式
        PrintWriter out = response.getWriter();//获取字符输出流
        out.println("<html><body>Hello");
        if (userName != null) 
            out.println(userName);
        else 
            out.println("mystery person");
        out.println("</body></html>");
        out.close();
    }
}

3. BMI Servlet

- HTML

html 复制代码
//Page that asks for weight (kg) and height (cm) :Write the HTML and the HTTP Request (GET)
<form method="GET"action="http://server.com/BMIServlet">
<input type="text" name="weight"/>weight<br>
<input type="text" name="height"/>height<br>
<input type="submit" value="send">
</form>

- Servlet

XML 复制代码
import jakarta.servlet.*;
import jakarta.servlet.http.*;
import java.io.*;
public class BMIServlet extends HttpServlet {
    public void doGet(HttpServletRequest request,HttpServletResponse response) throws IOException,ServletException {
        String ht = request.getParameter("height");
        int height = Integer.parseInt(ht);
        double weight = Double.parseDouble(request.getParameter("weight"));
        double ht_squared = (height/100.0)*(height/100.0);
        response.setContentType("text/html");
        PrintWriter out = response.getWriter();
        out.println("<html><body><br>");
        out.println("Your BMI is: " + weight/ht_squared + "<body></html>");
        out.close();
    }
}

4. Name-salary Servlet

XML 复制代码
import jakarta.servlet.*;
import jakarta.servlet.http.*;
import java.io.*;
public class HelloServlet extends HttpServlet {
    public void doPost(HttpServletRequest request,HttpServletResponse response) throws IOException, ServletException {
        String name = request.getParameter("name");
        int salary = Integer.parseInt(salary);
        response.setContentType("text/html");
        PrintWriter out = response.getWriter();
        out.println("<html><body><br>");
        out.println("Hello,"+name);
        out.println("Your salary is"+salary);
        out.println("<body><html>");
        out.close();
    } // end of method
} // end of class

三、Servlet Key Points

1. Servlets: Key points

|---------------------------|-----------------------------------------------------------------------------------------------------------------------------------|
| NO main method | public static void main(String[] args) |
| NO constructor | There is one (default) constructor but the developer should never write an explicit constructor -- Why------servlet lifecycle |
| Two key (service) methods | doGet(); doPost() |

2. Finding things

|------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Tracing the user data | -- e.g. nameattribute inside an HTML element -- name in HTTP request message -- argument in request.getParameter(...) |
| String( int /doublerequired) | then have to use appropriate method on this Stringto convert - Integer.parseInt(); - Double.parseDouble(); |
| Finding the servlet | -- **<form>**tag action attribute e.g. <FORM action="servlet/myServlet" ...> -- Used by deployment descriptor, web.xml (see later), to map to the corresponding servletclass. |

3. JavaBeans, JSPs and Servlets

|--------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------|
| Although a servlet can be a completely self-contained program , to ease server-side programming, generating content should be split into | The business logic (content generation), which governs the relationship between input, processing, and output. |
| Although a servlet can be a completely self-contained program , to ease server-side programming, generating content should be split into | Thepresentation logic (content presentation, or graphic design rules), which determines how information is presented to the user. |
| controller | theservlet handles the HTTP protocol and coordination of which other servlets and auxiliary class methods to call |
| model | Java classes/JavaBeans handle the business logic |
| view | Java Server Pages handle presentation logic |

4. Advantages of Servletsover CGI

|-----------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Efficient | -- Servlets run in the JVM. Each request is serviced using a thread rather than a new process (so lower overhead). - Though some scripting languages, e.g. perl on certain web servers do this now. |
| Convenient | -- Provides infrastructure that parses and decodes HTML forms. |
| Powerful | -- Can communicate directly with web server. -- Multiple servlets can share database connections. -- Simplifies session tracking. |
| Portable | -- Written in Java and follows standard API. |
| Secure | -- CGI often executed using O/S shells, which can cause many security breaches. -- Array checking & exception handling is automatic in Java. |
| Inexpensive | -- Many Java web servers are freely available. |

四、Servlets in Detail

1. A general purpose Web Server

2. What servletsdo

|--------------|----------------------------------------------------------------|
| request | Read any data sent by the user |
| request | Look up information embedded in HTTP request |
| request | Generate results. |
| response | Format results inside a document (e.g. HTML, XML, GIF, EXCEL). |
| response | Set appropriate HTTP response parameters. |
| response | Send the document back to the client. |

3. Typical generic servlet code

XML 复制代码
import java.io.*;
import jakarta.servlet.*;
public class AnyServlet extends GenericServlet {
    public AnyServlet() {} 
        // constructor -- BUT USE THE DEFAULT
        // NEVER ANY NEED TO WRITE ONE
        //ONLY creates an object, becomes a "proper" servlet after init().
    public void init(ServletConfig config) throws ServletException;
        // The method is actually called by container when servlet is
        // first created or loaded.
    public void service(ServletRequest req, ServletResponse res)throws ServletException, IOException;
        // Called by a new thread (in the container) each time a
        // request is received.
        public void destroy();
        // Called when servlet is destroyed or removed.
}

4. A Servlet is "deployed" in a container

• A program that receives (e.g. HTTP) requests to servletsfrom a web server application:
-- finds the servlet (and loads, calls constructor & **init()**if not ready);
-- creates or reuses a thread that calls service() method of chosen servlet;
-- creates & passes request and response objects to chosen servlet;
-- passes the response (e.g. HTTP response) back to the web server application; kills servlet thread or recycles into thread pool; anddeletes request and response objects.
• More generally, manages the life cycle of its servlets:
-- Calls constructor , init() , service() , destroy().
-- Also invokes methods of listening classes that a servlet implements (out of scope here).
• It has a **main()**and is working "all the time".
• Also provides:
-- Declarative security using settings in Deployment Descriptor (DD).
-- JSP support.

5. Dissecting the Container's actions

- HTTP request:
GET /myServlet/BMIInfo height=156&name=paula+fonseca HTTP/1.1
- Servlet:

public class BMIServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response) throws
IOException, ServletException {
// ...
String ht = request.getParameter("height");
// ...
}
}

6. The servletlife cycle

7. methods & inheritance

8. Servlet's Life cycle

|---------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Constructor (no arguments) | -- not written or called by a developer -- called by the container |
| public void init() | -- called after constructor -- called once, at the beginning (so potentially useful for initialisation of, e.g. databases) -- can be overridden by the developer |
| public void service(...) | -- rarely overridden by thedeveloper -- called everytime |
| public void doGet()/ public void doPost() | -- must be written by the developer -- must match the HTTP method in **<form>**in the HTML |
| public void destroy() | -- must be written by the developer |

五、 Configuration Servlets To Run In Tomcat

1. Mapping names using the Deployment Descriptor (DD)

XML 复制代码
//For each servlet in the web application.
//Internal name of servlet can be "anything" following XML rules.
<web-app ...>
    <servlet>
        <servlet-name>...</servlet-name>
        //maps internal name to fully qualified class name (except without .class)
        <servlet-class>...</servlet-class>
        //maps internal name to public URL name e.g. /makebooking
    </servlet>
    <servlet-mapping>
        <servlet-name>...</servlet-name>
        <url-pattern>...</url-pattern >
    </servlet-mapping>
...
</web-app>

2. Servlet Mapping Examples

- HTML:
<FORM method="post" action="/servlet/MyTest.do">
- Server (webapps):
WEB-INF/classes/Echo.class
<servlet>
<servlet-name>......</servlet-name>
<servlet-class>.....</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>......</servlet-name>
<url-pattern>.......</url-pattern >
</servlet-mapping>
- HTML:
<FORM method="post" action="/servlet/Test">
- Server (webapps):
WEB-INF/classes/foo/Name.class
<servlet>
<servlet-name>......</servlet-name>
<servlet-class>.....</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>......</servlet-name>
<url-pattern>.......</url-pattern >
</servlet-mapping>

3. Example: A Small Form

html 复制代码
//SmallForm.html
<html>
    <title>Sending Form Information to a Servlet</title>
    <body>
        <form action="http://localhost:8080/servlet/elem004.ProcessSmallForm"method="post">
            //Can use absolute or relative URLs or pre-configured names.
            Please input your login: <br>
            <input type="text" name="Login">
            <input type="submit" value="Login">
        </form>
    </body>
</html>

//the Deployment Descriptor (web.xml) and the servlet
<servlet>
     <servlet-name>smallForm</servlet-name>
     <servlet-class>SmallFormServlet</servlet-class>
</servlet>
<servlet-mapping>
     <servlet-name>smallForm</servlet-name>
     <url-pattern>/servlet/elem004.ProcessSmallForm</url-pattern>
</servlet-mapping>

4. Putting everything in the right place

|---------|-----------------------------------------------------------------------------------------------------------|
| Level 1 | WEB-INF (folder) and .html , .jsp |
| Level 2 | (inside WEB-INF folder): web.xml and classes(folder) |
| Level 3 | (inside classes folder): servlet .class files (and other "business" class files e.g. JavaBeans) |

5. Servlet initialisation & Servlet Configuration object

• Only one servletinstance is created: each request is serviced by a separate thread in the container.
• Prior to initialisation, the ServletConfigobject is created by the container:
-- one ServletConfig object per servlet;
-- container uses it to pass deploy-time information to the servlet (data you do not want to hard code into the servlet, e.g. the DB name);
-- the names are specified in the DD.
• Parameters are set in a server-specific manner, e.g.
-- in a file called web.xml (for Tomcat);
-- in a file called resin.config (for Resin).
• Parameters do not change while servletis deployed and running:
-- like constants;
-- if servletchanges, then need to redeploy.

6. Example: DD's init parameters (web.xml for Tomcat)

html 复制代码
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xsi:schemaLocation="http//java.sun.com/xml/ns/j2ee/web-app_2.4.xsd"
     version="2.4">
    <servlet>
        <servlet-name>Hello World Servlet</servlet-name>
        <servlet-class>S1</servlet-class>
        <init-param>
            <param-name>lecturersEmail</param-name>
            <param-value>paula.fonseca@qmul.ac.uk</param-value>
        </init-param>
        //Container reads these & gives them to ServletConfig object.
    </servlet>
</web-app>

out.println(getServletConfig().getInitParameter("lecturersEmail"));
Returns the servlet 's ServletConfig object (all servletshave this method).
Getting a parameter value from the ServletConfig object; this code is in servlet.

7. Creating a servlet: ServletConfig and init(...)

|--------|---------------------------------------------------------------------------------------------------|
| Step 1 | container reads the deployment descriptor |
| Step 2 | container creates new ServletConfig object |
| Step 3 | container creates name/value pair (Strings) for each servlet init-param |
| Step 4 | container passes referencesto these to the ServletConfigobject |
| Step 5 | container creates new instance of the servletclass |
| Step 6 | container calls servlet's init() method passing in reference to the ServletConfigobject |

六、Thread Safety And****Putting Things Together

1. Instance Variables

html 复制代码
public class ExampletServlet extends HttpServlet {
private int age;
public void init() { age = 0; }
public void doGet(HttpServletRequest request,
HttpServletResponse response) throws
IOException, ServletException {
age = Integer.parseInt(request.getParameter("age"));
response.setContentType("text/html");
PrintWriter out = response.getWriter();
out.println("<HTML><BODY>You are " + age + " weeks old");
out.println("</BODY></HTML>");
out.close();
}
}

2. The 3 Threads access same Resources

• We don't know whose agewill be displayed!
• Solution 1:
-- Never use instance variables in servlets(some books say you
can't -- what they mean is you shouldn't!).
-- Find a way to save information (state) about each user (i.e.
each request) -- we'll see how later ...
• Solution 2:
-- Synchronisation -- a lock that makes a variable thread-safe

3. Access -- introducing the ServletContext object

Servlet
-- ServletConfig object -- one per servlet(or JSP)
-- contains init params
-- all requests made to a servletcan access this object
• Web application
-- ServletContextobject -- one per web application
• Web applications normally have several servlets/JSPs.
-- Used to access web application parameters that need to be seen by all servlets/JSPs in the application.
• A misnomer, as it relates not to a servletbut to the set of servletsand JSPs in the web application.
The web application's DD specifies the context parameters

html 复制代码
<web-app ...> ...
    <servlet>
        <servlet-name>...</servlet-name>
        <servlet-class>...</servlet-class>
    <init-param>
        <param-name>...</param-name>
        <param-value>...</param-value></init-param>
    </servlet> ... + other servlets
    <context-param>
        <param-name>HOP_Email</param-name>
        <param-value>g.tyson@qmul.ac.uk</param-value>
    </context-param>
...
</web-app>

Note : Not inside any servlet. These are parameter namevalue pairs: both are strings.
ServletContextobject created and set up when web application is deployed.

4. To access web app parameters in servletcode

ServletContext ctx = getServletContext();
out.println(ctx.getInitParameter("HOP_Email"));
Context parameters generally more commonly used than Config.
-- Typical use (of former) is a DB lookup name.
• Can access ServletContext,
-- directly: getServletContext().getInitParameter(...)
-- from ServletConfig: getServletConfig().getServletContext().getInitParameter(...)
-- Latter is useful if in a method of an auxiliary class e.g. a JavaBean , and only the ServletConfigobject has been passed as a parameter.
Same name for get method as when accessing ServletConfigobject.

5. ServletContext also has attributes

• Parameters are name-value pairs, where both name and value are strings.
• Attributes are name-value pairs where the name is a String, but the value is an object (that may not be a String).
-- accessed by getAttribute(String);
-- set by setAttribute(String,Object).
• Running code prior to invoking any servletin the application:
-- E.g. to turn sets of parameters into attribute objects,
• so all servletsonly need to deal with objects;
• and don't have to read the context parameters.
-- Implement a ServletContextListener (out of scope here)

6. Servlets-- The Basics: Key Points & What we can't do yet

|---------------------------------------------------------------|---------------------------------------------------------------|
| How to call a servletin an HTML form | What a deployment descriptordoes |
| How to write a servlet | Where to deploy files |
| How to access client information | Servlet life-cycle |
| Initialisation | -- ServletConfig -- ServletContext |
| Have a conversation with a client | -- Shopping basket -- Session object |
| Run any code before a servletstarts | -- E.g. Database set up -- Listeners |
| Send client information, or control, to another servlet/JSP | -- Could be in another web server -- Redirect and forward |

7. Extracting unknown parameters and multiple values

|-------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| String getParameter(String) | parameter name is known: -- returns nullif unknown parameter; -- returns ""(i.e. empty string) if parameter has no value. |
| Enumeration getParameterNames() | obtain parameter names |
| String[] getParameterValues(String) | obtain an array of values for each one: -- returns nullif unknown parameter; -- returns a single string ("") if parameter has no values. Case sensitive. |

8. Example: A Big Form

html 复制代码
//BigForm.html
<form action="http://localhost:8080/servlet/elem004.ProcessBigForm"method="post">
    Please enter: <br><br>
    Your login: <input type="text" name="Login"> <br><br>
    Your favourite colour:
    <input type="radio" name="Colour" value="blue">Blue
    <input type="radio" name="Colour" value="red">Red
    <input type="radio" name="Colour" value="green">Green <br><br>
    //Single-value parameters.
    Which of these courses you are taking: <br>
    <input type="checkbox" name="Course" value="elem001">ELEM001 <br>
    <input type="checkbox" name="Course" value="elem002">ELEM002 <br>
    <input type="checkbox" name="Course" value="elem003">ELEM003 <br>
    <input type="checkbox" name="Course" value="elem004">ELEM004 <br>
    <input type="submit" value="Send to Servlet">
    //Multiple-value parameter.
</form>
//After BigForm is processed.getParameterNames() returns parameters in no particular order.

//ProcessBigForm.java
//More code here ...
    out.println("<table border=1>");
    // Obtain all the form's parameters from the request object.
    Enumeration paramNames = req.getParameterNames();
    while (paramNames.hasMoreElements()) {
        String paramName = (String) paramNames.nextElement();
        // Obtain values for this parameter and check how many there are.
        String[] paramValues = req.getParameterValues(paramName);
        if (paramValues.length == 1) { // a single value
            String paramVal = req.getParameter(paramName);
            out.println("<tr><td>" + paramName +"</td><td>"+ paramVal + "</td></tr>");
        }else { // If several values print a list in the table.
            out.println("<tr><td>" + paramName +"</td><td><ul>");
            for (int i = 0; i < paramValues.length; i++)
                out.println("<li>" + paramValues[i] + "</li>");
                out.println("</ul></td></tr>");
        }
    }
    out.println("</table>");
    out.close();
}
相关推荐
是Dream呀3 分钟前
Python从0到100(七十八):神经网络--从0开始搭建全连接网络和CNN网络
网络·python·神经网络
kaixin_learn_qt_ing1 小时前
了解RPC
网络·网络协议·rpc
安全小王子1 小时前
Kali操作系统简单介绍
网络·web安全
Hacker_LaoYi3 小时前
【漏洞分析】DDOS攻防分析(四)——TCP篇
网络·tcp/ip·ddos
爱吃水果蝙蝠汤3 小时前
DATACOM-IP单播路由(BGP)-复习-实验
网络·网络协议·tcp/ip
Sun_12_23 小时前
SQL注入(SQL lnjection Base)21
网络·数据库
网络安全Jack4 小时前
网络安全概论——身份认证
网络·数据库·web安全
易我数据恢复大师4 小时前
如何彻底删除电脑数据以防止隐私泄露
网络·电脑·数据删除·擦除
学习溢出5 小时前
【网络安全】逆向工程 练习示例
网络·安全·网络安全·渗透测试·逆向工程