Professional Documents
Culture Documents
SL310 - Beyond CGI Developing Java Servlets - SG - 1098
SL310 - Beyond CGI Developing Java Servlets - SG - 1098
SL-310
Student Guide
Enterprise Services
MS BRM01-209
500 Eldorado Blvd.
Broomfield, Colorado 80021
U.S.A.
Please
Recycle
Contents
About This Course.......................................................................................xi
Course Overview ............................................................................... xii
Course Map........................................................................................ xiv
Module-by-Module Overview ......................................................... xv
Course Objectives.............................................................................. xix
Skills Gained by Module................................................................... xx
Guidelines for Module Pacing ........................................................ xxi
Topics Not Covered......................................................................... xxii
How Prepared Are You?............................................................... xxiii
Introductions .................................................................................. xxiv
How to Use Course Materials ........................................................ xxv
Course Icons and Typographical Conventions ........................ xxvii
Icons ........................................................................................ xxvii
Typographical Conventions ..................................................xxix
Servlet Basics ..............................................................................................1-1
Relevance............................................................................................ 1-2
Objectives ........................................................................................... 1-3
Common Gateway Interface (CGI)................................................. 1-4
Overview ....................................................................................1-4
Example Uses.............................................................................1-4
CGI Request and Response.............................................................. 1-6
Request and Response Mechanism ........................................1-6
CGI and HTTP...........................................................................1-7
An Example HelloWorld CGI Script ............................................. 1-8
Script Code.................................................................................1-8
Setting Content Type ................................................................1-9
Returning a Response.............................................................1-10
Invoking the Example CGI Script.........................................1-11
Web Server and Common Gateway Interface Support ............. 1-12
What Is a Servlet?............................................................................ 1-13
Definition..................................................................................1-13
Example Uses...........................................................................1-14
Servlet Request and Response....................................................... 1-15
i
Copyright 1998 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services October 1998, Revision A
Request and Response Overview .........................................1-15
HTTP and Servlets ..................................................................1-17
An Example HelloWorld Servlet ................................................. 1-18
Servlet Code.............................................................................1-19
HttpServlet ...............................................................................1-20
The service Method .............................................................1-21
Setting Content Type ..............................................................1-22
Returning a Response.............................................................1-24
Writing Exceptions to Log Files ............................................1-25
Invoking the Example Servlet ....................................................... 1-26
Invocation URL .......................................................................1-26
servlet/ Versus servlets/................................................1-27
Web Server Servlet Support .......................................................... 1-28
Review of Servlet Basics................................................................. 1-29
Exercise: Developing a Simple HTTP Servlet ............................. 1-31
Preparation...............................................................................1-31
Tasks .........................................................................................1-32
Exercise Summary...................................................................1-35
Check Your Progress ...................................................................... 1-36
Think Beyond .................................................................................. 1-37
Forms Processing With Servlets..............................................................2-1
Relevance............................................................................................ 2-2
Objectives ........................................................................................... 2-3
A Basic Form Solution ...................................................................... 2-4
An Example HTML Form ................................................................ 2-5
The <FORM> Tag .........................................................................2-7
The <FORM> Tag .......................................................................2-11
The <INPUT> Tag.....................................................................2-12
An Example Form-Processing Script ........................................... 2-13
Script Code...............................................................................2-14
Setting Content Type ..............................................................2-15
Reading the Request ...............................................................2-15
Parsing the Request ................................................................2-16
Returning a Response.............................................................2-18
Invoking the Example Form-Processing Script .......................... 2-19
Forms and Servlets.......................................................................... 2-20
An Example Form-Processing Servlet ......................................... 2-21
Servlet Code.............................................................................2-21
HTTPServlet Service Methods ..............................................2-22
Setting Content Type ..............................................................2-25
Parsing the Request ................................................................2-26
CGI Variables and Equivalent Servlet APIs........................2-29
Returning a Response.............................................................2-30
Displaying Information About a Servlet .............................2-31
Review of Form Servlets ................................................................ 2-33
iii
Copyright 1998 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services October 1998, Revision A
Java Database Connectivity (JDBC)................................................ 4-8
Overview ....................................................................................4-8
An Example Database Servlet .................................................4-9
Loading the Database Driver ................................................4-12
Establishing a Connection to the Database .........................4-13
Creating and Executing a Query ..........................................4-14
Parsing and Displaying the Results .....................................4-15
Closing the Connection ..........................................................4-16
JDBC and Servlets ........................................................................... 4-17
Connection Pools............................................................................. 4-18
Overview ..................................................................................4-18
Items to Consider ....................................................................4-19
Implementing a Connection Pool ................................................. 4-20
A Connection Pool Client ......................................................4-21
An Example Connection Pool Client Servlet ......................4-23
The ConnectionPool API ............................................................. 4-24
The ConnectionPool Constructor.......................................4-25
The addConnection Method ................................................4-26
The getNewConnection Method..........................................4-27
The getConnection Method ................................................4-28
The releaseConnection Method .......................................4-30
The closeAll Method ...........................................................4-32
Review of Database Access............................................................ 4-33
Exercise: Enhancing a Database Servlet....................................... 4-35
Preparation...............................................................................4-35
Tasks .........................................................................................4-36
Exercise Summary...................................................................4-38
Check Your Progress ...................................................................... 4-39
Think Beyond .................................................................................. 4-40
RMI and CORBA/IDL...............................................................................5-1
Relevance............................................................................................ 5-2
Objectives ........................................................................................... 5-3
RMI...................................................................................................... 5-4
RMI Client, Server and Registry Interaction................................. 5-6
Implementing a Basic RMI Server .................................................. 5-8
Implementing a Basic RMI Client................................................... 5-9
Installing and Invoking the Server, Client, and RMI Registry . 5-10
RMI and Servlets ............................................................................. 5-11
An Example RMI Servlet Solution........................................5-12
An Example RMI Server ........................................................5-13
An Example RMI Client .........................................................5-18
An Example RMI Applet .......................................................5-23
Java IDL ............................................................................................ 5-26
Overview ..................................................................................5-26
Java IDL and Servlets .............................................................5-27
v
Copyright 1998 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services October 1998, Revision A
Exercise: Developing a Transaction Monitor .............................. 7-17
Preparation...............................................................................7-17
Tasks .........................................................................................7-18
Exercise Summary...................................................................7-22
Check Your Progress ...................................................................... 7-23
Think Beyond .................................................................................. 7-24
Servlet Security...........................................................................................8-1
Relevance............................................................................................ 8-2
Objectives ........................................................................................... 8-3
Major Threats to Web Server Security ........................................... 8-4
Authentication and Authorization ................................................ 8-6
Definition....................................................................................8-6
Authentication Mechanism Overview...................................8-7
Authorization Process Overview............................................8-7
Types of HTTP Authentication ....................................................... 8-8
Overview ....................................................................................8-8
Basic Authentication.................................................................8-9
Digest Authentication ............................................................8-10
SSL Server Authentication.....................................................8-10
Security Realms ............................................................................... 8-12
Definition..................................................................................8-12
Realms Within Java Web Server ...........................................8-13
Basic HTTP Authentication In-Depth .......................................... 8-16
The Seven Steps of Basic HTTP Authentication ......................... 8-18
Step One: Browser Sends URL ..............................................8-18
Step Two: Server Determines Whether Page Is
Protected................................................................................8-18
Step Three: Web Server Checks for Non-Null
Authorization Header, and Sends Challenge ..................8-20
Step Four: Browser Interprets 401 Error as Challenge ......8-21
Step Five: Dialog Box Prompts for User Name and
Password ...............................................................................8-21
Step Six: Browser Returns Encoded Authentication
Information ...........................................................................8-21
Step Seven: Server Validates Authentication Information,
Returns Page .........................................................................8-24
Implementing Basic Authentication in a Servlet ........................ 8-25
An Example Basic Authentication Servlet...........................8-26
Steps in Example Basic Authentication Servlet ..................8-28
Examples of Server-Independent Validation.............................. 8-29
Additional Security Features Java Web Server........................... 8-31
Secure Administration and Servlet Sandboxing ................8-31
Secure Administration With SSL ..........................................8-32
Servlet Sandbox .......................................................................8-34
Servlet Types.................................................................................... 8-37
vii
Copyright 1998 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services October 1998, Revision A
Servlet println Statements .......................................................... 10-6
Servlet println and Perl print Statements............................... 10-7
JavaServer Pages ............................................................................. 10-8
Definition..................................................................................10-8
An Example JavaServer Page ..............................................10-10
JavaServer Pages Syntax .............................................................. 10-11
Directives........................................................................................ 10-12
Language ................................................................................10-12
Method....................................................................................10-13
Import .....................................................................................10-13
Implements ............................................................................10-13
Extends ...................................................................................10-14
Declarations ................................................................................... 10-15
Definition................................................................................10-15
An Example JavaServer Page Declaration.........................10-16
Scriptlets ......................................................................................... 10-17
Definition................................................................................10-17
request ..................................................................................10-18
response................................................................................10-18
out...........................................................................................10-18
in .............................................................................................10-18
Expressions .................................................................................... 10-19
Definition................................................................................10-19
An Example JavaServer Page Expression..........................10-19
Additional Guidelines .................................................................. 10-20
The <BEAN> Tag ............................................................................. 10-22
Definition................................................................................10-22
An Example JavaServer Page Using the <BEAN> Tag ......10-23
Declaring a Bean............................................................................ 10-25
name.........................................................................................10-25
varname ..................................................................................10-26
type.........................................................................................10-26
introspect ...........................................................................10-26
create ....................................................................................10-27
scope ......................................................................................10-27
beanName................................................................................10-28
PageCompileServlet...................................................................... 10-29
An Example JavaServer Page ..............................................10-31
An Example Servlet Created From a JavaServer Page ....10-32
Creating a Servlet From a JavaServer Page.......................10-34
Review of JavaServer Pages......................................................... 10-35
Exercise: Creating JavaServer Pages .......................................... 10-39
Preparation.............................................................................10-39
Tasks .......................................................................................10-40
Exercise Summary.................................................................10-46
Check Your Progress .................................................................... 10-47
ix
Copyright 1998 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services October 1998, Revision A
Determining the Local Subnet Mask.....................................D-3
Network Classes.......................................................................D-3
Name Services .................................................................................. D-4
Port Numbers ................................................................................... D-6
Comparison of Protocols................................................................. D-7
Java Socket APIs............................................................................... D-8
TCP Sockets...............................................................................D-8
UDP Sockets..............................................................................D-9
Multicast Sockets....................................................................D-11
Replying to Broadcast and Multicast Data
Transmissions ......................................................................D-11
Glossary ......................................................................................... Glossary-1
Index .....................................................................................................Index-1
Course Goal
The primary goal of Beyond CGI: Developing Java Servlets is to establish
an understanding of servlet development, in contrast to common
gateway interface (CGI), and create several servlet solutions.You
should be able to identify how these solutions fit into your own
Internet and intranet needs.
xiii
Copyright 1998 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services October 1998, Revision A
Course Overview
This course uses the Java Web Server™ for servlet development and
deployment. This course also introduces the major servlet-related
features of the Java Web Server, including server-side includes and
servlet aliasing.
Each module begins with a course map that enables you to see what
you have accomplished and where you are going in reference to the
course goal. A complete map of this course is shown below.
Introduction to Servlets
Forms Processing
Servlet Basics
With Servlets
Distributed Servlets
Collaborative Servlets
Servlet Security
Servlet
Security
Servlet Hybrids
The skills for Beyond CGI: Developing Java Servlets are shown in the first
column of the matrix below. The black boxes indicate the main
coverage for a topic; the gray boxes indicate the topic is briefly
discussed.
Module
Skills Gained 1 2 3 4 5 6 7 8 9 10
The table below provides a rough estimate of pacing for this course.
This course does not cover the topics shown on the above overhead.
Many of the topics listed on the overhead are covered in other courses
offered by Sun Educational Services:
To be sure you are prepared to take this course, can you answer the
following questions in the affirmative?
Now that you have been introduced to the course, introduce yourself
to each other and the instructor, addressing the items shown on the
above overhead.
Icons
Additional resources – Indicates additional reference materials are
available.
Icons (Continued)
Typographical Conventions
Courier is used for the names of commands, files, and directories, as
well as on-screen computer output. For example:
Courier bold is used for characters and numbers that you type. For
example:
system% su
Password:
Palatino italics is used for book titles, new words or terms, or words
that are emphasized. For example:
Course Map
This module provides an introduction to servlet development by
examining and comparing a simple HelloWorld CGI script and servlet.
Introduction to Servlets
Forms Processing
Servlet Basics
With Servlets
Distributed Servlets
Collaborative Servlets
Servlet Security
Servlet
Security
Servlet Hybrids
1-1
Copyright 1998 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services October 1998, Revision A
1
Relevance
References
Additional resources – The following references can provide
additional details on the topics discussed in this module:
Overview
The common gateway interface (CGI) greatly increased the usefulness
of the Web. CGI provides a mechanism that allows a Web client to
execute programs on the server. These programs, called CGI scripts,
can be written in popular languages such as C, C++, Visual Basic, and
Perl.
Example Uses
A CGI script might perform a simple task such as returning the
current date from a server. Or, more commonly, a CGI script could be
used to parse data in a hypertext markup language (HTML) form and
return a result to the browser, based on the data parsed. Other uses of
CGI scripts are:
CGI scripts are request/response oriented. This means that scripts are
invoked based on some sort of request and, usually, return some sort
of response to the requestor. Figure 1-1 provides an overview of the
request/response nature of CGI scripts.
Gateway
programs 2
2 Shell 3
1
HTTP request Run
CGI
CGI script
5
HTTP response Output 4
Browser
(WWW client)
HTTP (Web)
server
2. The HTTP server parses the request information and starts a new
shell process. The request is stored either in a series of CGI
environment variables or through standard input.
3. The server then runs the script, which may run one or more
scripts, and then, optionally, generate an output consisting of a
HTTP header and message body.
Script Code
Shown here is a helloworld.pl CGI script that is invoked by a Web
browser and returns a string. The .pl extension identifies the script as
a Perl script. There are two main functions of the form processing CGI
script: setting content type and returning a response.
1 #!/usr/local/lib/perl4/bin/perl
2 # Perl 4.0
3
4 # Print out a content-type for HTTP/1.0 compatibility
5 print "Content-type: text/html\n\n";
6
7 &print_results;
8
9 sub print_results
10 {
11 print "<HTML><HEAD><TITLE>Hello World</TITLE>
</HEAD><BODY><h1>Hello World</h1></BODY></HTML>";
12 }
Returning a Response
Once the text/html response type is defined, the script composes a
the body of the response using the Perl print command to print to
standard output (line 11). The HTML generated by a script is often
referred to as dynamic HTML. This term is used because the HTML is
dynamically created based on a request to a script.
Most Web servers support CGI scripts. In addition, a Web server will
also support one or more CGI scripting languages. Popular languages
are Perl, C, and tool command language (TCL).
What Is a Servlet?
Definition
Servlets are modules that run inside request/response-oriented
services, extending these services in some manner. Services are bodies
of code that implement an application-level protocol such as file
transfer protocol (FTP), dynamic host configuration protocol (DHCP),
or HTTP.
Example Uses
Like CGI scripts, servlets are capable of performing tasks such as
returning a server’s date or parsing form data. Additional uses for
servlets include:
Class 2
loader Invoker
Is servlet No
loaded? 2
1 Yes 3
HTTP request
5 service
HTTP response Output 4 thread
Browser
(WWW client)
HTTP (Web)
server
3. The invoker then calls the servlet’s service method which runs
within its own thread. The servlet can run one or more servlets,
and then generates an output. The Web server spawns a new
thread for subsequent calls to the servlet’s service routine.
5. The HTTP service forwards the output to the client Web browser.
The following is the source code for a HelloWorld Java servlet. The
HTTP protocol generates an HTTP request, using the GET method,
which is sent to the Web server when the servlet is invoked from the
browser. The servlet is a .java file that has been compiled into a
.class file and stored on the Web server.
Servlet Code
1 import java.io.*;
2 import javax.servlet.*;
3 import javax.servlet.http.*;
4
5 public class HelloWorld extends HttpServlet{
6
7 public void doGet (HttpServletRequest req,
HttpServletResponse res) throws ServletException,
IOException {
8
9 res.setContentType("text/html");
10
11 try{
12 PrintWriter out = res.getWriter();
13 out.println("<HTML>");
14 out.println("<HEAD><TITLE>Hello World
</TITLE></HEAD>");
15 out.println("<BODY>");
16 out.println("<h1>Hello World</h1>");
17 out.println("</BODY></HTML>");
18 out.close();
19 } catch(IOException ioe) {
20 getServletContext().log (ioe,"Error in HelloWorld");
21 }
22 }
23 }
The first thing that this servlet code does is specify the appropriate
import libraries: java.io, javax.servlet and javax.servlet.http.
HttpServlet
The import statements are followed by the class declaration (line 5).
Notice that the class extends HttpServlet. This is a specific
implementation of the javax.servlet.GenericServlet abstract
class. You need only subclass an HttpServlet to develop an HTTP-
specific servlet. Remember, you can create servlets to support services
other than HTTP.
As with a CGI script, the servlet sets the content type within the
responses header (line 9). The content type is set using
HTTPServletResponse’s response.setContentType method. You
can also use setContentLength to set the length of the response.
Returning a Response
HttpServletResponse provides both PrintWriter and
ServletOutputStream for returning the body of a response to a
client. The way you choose to have your servlet respond depends on
the type of data your servlet will return:
Note – HttpServlet provides a standard log method that you can use
to log information to
server_root/logs/javawebserver/event_log. This log method
calls the servletContext log method.
Invocation URL
Servlets are commonly placed in the /servlets/ directory under the
server_root directory for Java Web Server. Servlets placed in this
directory can be invoked directly using their class names. For example,
if HelloWorld.class were placed in the server_root/servlets
directory, the syntax to invoke the servlet would be as follows:
http://host_name:port/servlet/servlet_class
For example:
http://fuggles:8080/servlet/HelloWorld
Servlet aliases are pathname mapping rules that the Java Web Server
uses to invoke servlets. These rules enable you to use a shortcut URL
to call a servlet from your browser, embed a shortcut into your files, or
perform a URL redirect such as invoking the invoker servlet when the
servlet/ reference is used. Servlet aliases are further discussed in
Module 3. Appendix B, “Using Java Web Server,” contains instructions
covering the use of servlet aliases with Java Web Server.
● Setting the content type and, optionally, the length of the response
using setContentType and setContentLength, respectively.
Preparation
● The Java Web Server must be installed and running on your
system. Refer to Appendix B, “Using Java Web Server,” for more
information regarding Java Web Server installation, execution, and
documentation.
● Refer to http://host_name:8080/system/doc/index.html
for help with the servlet API.
Tasks
Creating BasicServlet.java
% javac BasicServlet.java
Tasks
Tasks
Use the servlet API’s log methods to create a servlet that writes to the
server_root/logs/javawebserver/webpageservice/event_log.
The servlet should obtain and write the client’s IP address and date.
The servlet should also notify the client when the log file has been
written to and display the entry on the client’s browser.
Exercise Summary
Discussion – Take a few minutes to discuss what experiences, issues,
or discoveries you had during the lab exercises.
● Experiences
● Interpretations
● Conclusions
● Applications
Before continuing on to the next module, check that you are able to
accomplish or answer the following:
Course Map
This module builds upon basic servlet development through the
introduction of HTTP request handling and the creation of a form-
processing servlet.
Introduction to Servlets
Forms Processing
Servlet Basics
With Servlets
Distributed Servlets
Collaborative Servlets
Servlet Security
Servlet
Security
Servlet Hybrids
2-1
Copyright 1998 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services October 1998, Revision A
2
Relevance
● Identify the two primary tags used for building HTML forms
References
Additional resources – The following references can provide
additional details on the topics discussed in this module:
The HTML source code for the form in Figure 2-1 is as follows:
1 <HTML>
2 <HEAD>
3 <TITLE>Test Form</TITLE>
4 <BODY>
5 <FORM METHOD="POST" ACTION="/cgi-bin/form.pl">
6 <h1>Please fill out the following form data</h1>
7 First Name:<INPUT TYPE="TEXT" NAME="FNAME">
8 <p>
9 Last Name:<INPUT TYPE="TEXT" NAME="LNAME">
10 <p>
11 Position:
12 <SELECT NAME="SELECT">
13 <OPTION>Software Engineer
14 <OPTION>Editor
15 <OPTION>Course Developer
16 <OPTION>Instructor
17 </SELECT>
18 <p>
19 I would like to receive marketing materials
20 <INPUT TYPE="CHECKBOX" NAME="CHECKBOX">
21 <p>
22 <INPUT TYPE="SUBMIT">
23 <INPUT TYPE="RESET">
24 </FORM>
25 </BODY>
26 </HTML>
● METHOD
● ACTION
● ENCTYPE
METHOD
The METHOD attribute identifies how the data will be sent from the
browser to the Web server. There are several HTTP method types, each
with its own characteristics. Table 2-1 lists the HTTP methods
supported by HTTP 1.1 protocol.
METHOD (Continued)
METHOD (Continued)
POST is usually more reliable than GET and allows more data to be sent
to the Web browser. Therefore, POSTs are recommended for HTML
form requests.
The HEAD method is used for sending header information only, usually
to test hypertext links, and is deemed inadequate for most requests.
The ENCTYPE attribute is used to encode the data. This attribute can be
used only if your METHOD is a POST. In most cases, you do not need to
use this attribute.
Script Code
1 #!/usr/dist/pkgs/perl/bin/perl
2
3 # Print out a content-type for HTTP/1.0 compatibility
4 print "Content-type: text/html\n\n";
5
6 &parse_data;
7
8 &print_results;
9
10 sub parse_data
11 {
12 read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
13
14 # Split the name-value pairs
15 @pairs = split(/&/, $buffer);
16 }
17
18 sub print_results
19 {
20 print "<HTML><HEAD><TITLE>Form Object
21 List</TITLE></HEAD><BODY>";
22 print "Object/Value pairs passed in by form:<BR><BR>";
23 foreach $pair (@pairs) {
24 ($name, $value) = split(/=/, $pair);
25
26 # Remove plus signs and percent (%) encoding
27 $value =~ tr/+/ /;
28 $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
29 print "$name: $value<BR>";
30 }
31 }
The lines in bold represent the bulk of the work done by the example
form-processing script. These lines are explained in the following
sections.
The Perl split command accepts a delimiter (&) and the buffer
containing the unparsed data ($buffer). The split command parses
each name=value pair into its only place within an array (@pairs).
HARDWARE=CPU&HARDWARE=Sparc&HARDWARE=21Display
A CGI script must do some extra work, namely ensuring what values
belong to what names, to parse this type of data.
Returning a Response
The data is further parsed and returned to be displayed by the Web
browser (lines 23, 24, and 29).
The script iterates through each item in the array, parses out the equals
sign (=) for each name=value pair, and then prints the result (each pair)
to standard output as:
name: value
The HTML form used earlier in this module can also be used in a form
servlet solution. The only item in this HTML form that must be
changed is the value for the ACTION attribute within the <FORM> tag
itself. Currently the form launches a CGI script called form.pl:
<FORM METHOD="POST" ACTION="/cgi-bin/form_info.pl">
Modify the ACTION tag to contain the name of the servlet, either
relative to the server_root or as a complete URL. For example:
<FORM METHOD="POST"
ACTION=http://fuggles:8080/servlet/SimpleFormServlet">
Servlet Code
The following sample is the source code for a SimpleForm servlet that
is invoked by an HTML form and returns the form data to the
browser.
1 import java.io.*;
2 import java.util.*;
3 import javax.servlet.*;
4 import javax.servlet.http.*;
5
6 public class SimpleForm extends HttpServlet {
7
8 public void doPost(HttpServletRequest req,
HttpServletResponse res) throws ServletException,IOException {
9
10 Enumeration keys;
11 String key;
12 String value;
13 String title;
14
15 res.setContentType("text/html");
16 PrintWriter out = res.getPrintWriter();
17 out.println("<HEAD><TITLE>
SimpleFormServletOutput</TITLE></HEAD><BODY>");
18 out.println("<h1> SimpleFormServlet Output </h1>");
19 out.println("<P>This is output from SimpleFormServlet.\n");
20
21 keys = req.getParameterNames();
22 while (keys.hasMoreElements()) {
23 key = (String) keys.nextElement();
24 value = req.getParameter(key);
25 out.println("<P>" + key + ": " + value);
26 }
27 out.println("</BODY>");
28 out.close();
29 }
30
31 public String getServletInfo() {
32 return "A simple form servlet";
33 }
34 }
HTTP GET uses a portion of the URL to send parameters. For example:
http://fuggles:8080/servlet/Survey?name=skiing&level=1&years=15
Returning a Response
In the example form-processing servlet, the names of the request
parameters are saved in an Enumeration object (lines 21–24). The,
getParameterValue method is used to extract the value for each name
in the Enumeration object. The PrintWriter’s println method is
used to return to a response (lines 16, and 25).
You can invoke your servlet with a Web browser once you have placed
your HTML page in the server_root/public_html directory, and
your servlet in the server_root/servlets/ directory. You can type
the following in your URL locator to invoke the form.html page from
your Web browser:
http://host_name:port/form.html
Remember that the servlet, specified with the <FORM> tag’s ACTION
attribute, is invoked once the Submit button has been clicked.
Preparation
● The Java Web Server must be installed and running on your
system. Refer to Appendix B, “Using Java Web Server,” for more
information regarding Java Web Server installation, execution, and
documentation.
Tasks
Creating BasicForm.java
Tasks
% javac BasicForm.java
Tasks
http://host_name:8080/BasicForm.html
4. Fill out the form and click on the Submit button. The Submit
button sends the data to the BasicForm servlet. You will receive a
thank you reply once the data has been saved on the Web server.
Tasks
Exercise Summary
Discussion – Take a few minutes to discuss what experiences, issues,
or discoveries you had during the lab exercises.
● Experiences
● Interpretations
● Conclusions
● Applications
Before continuing on to the next module, check that you are able to
accomplish or answer the following:
❑ Identify the two primary tags used for building HTML forms
A servlet can receive all types of parameters, from form data to file
and path information, which are required by the servlet to store form
data. It is inefficient to provide a servlet with certain information, such
as file and path information, each time the servlet is called. How do
you think the servlet API handles this type of servlet initialization
information?
Course Map
This module provides an in-depth discussion of a servlet’s life cycle.
This discussion includes various development issues relative to each
stage in the life cycle.
Introduction to Servlets
Forms Processing
Servlet Basics
With Servlets
Distributed Servlets
Collaborative Servlets
Servlet Security
Servlet
Security
Servlet Hybrids
3-1
Copyright 1998 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services October 1998, Revision A
3
Relevance
Servlet also provides an init and destroy method that your servlet
can override. Why might you override these methods?
References
Additional resources – The following references can provide
additional details on the topics discussed in this module:
There are four steps within a servlet’s life cycle. The first step is the
actual loading and instantiation of the servlet, the creation of a servlet
instance, by a service. This step is followed by the invocation of three
life cycle methods: init, service, and destroy.
Class Loaders
A system class loader or special Java Web Server class loader will load
and instantiate your servlet classes (either automatically when Java
Web Server starts, or when the servlet is initially referenced). The class
loader that is used is dependent on the location of your servlet’s
classes.
Servlets in server_root/servlets/
The server_root/servlets directory is not in Java Web Server’s
CLASSPATH. A special Java Web Server class loader is used to create
servlets from this directory. Java Web Server will reload servlets from
this directory when their time stamp is updated (reflecting a change in
the servlet’s code).
Remote Servlets
You can load servlets from a remote location, such as another Web
server. To load servlets remotely, you must define a codebase in
addition to the servlet’s class name (for example,
http://nine.eng/classes/foo/). Refer to Appendix B, “Using Java
Web Server,” for information on configuring remote servlets.
Overview
When a service loads a servlet, it invokes the servlet’s init method.
The init method prepares the servlet for service requests by
establishing resources that a servlet manages. You must override the
init method if your servlet needs to perform some one-time
initialization. Furthermore:
● The init method is called only once; the service will not call init
again unless it is reloading the servlet.
● As soon as the init method returns, the servlet can receive client
requests through its service method.
Accepting ServletConfig
Saving ServletConfig
The init method should save the ServletConfig object, so you can
retrieve it later using getServletConfig (line 26). The simplest way
to save the object is to have the your init method call super.init
(with the ServletConfig object as a parameter). If you do not call
super.init, you should store the ServletConfig object yourself, and
override the getServletConfig method so that it can obtain the
object from its new location.
● getInitParameter
● getInitParameterNames
ServletRequest
ServletRequest gives a servlet access to information such as
parameter names and values, the protocol (scheme) used by the client,
the names of the remote host that made the request, the server that
received the request, and an input stream.
ServletResponse
ServletResponse provides an output stream and a writer, through
which the servlet can send the reply data. ServletResponse also
allows the servlet to set the content length and MIME type of the reply.
Concurrency Issues
Servlets can run multiple service methods simultaneously. Therefore,
service methods must be thread-safe. For example, if the service
method updates a field in the servlet object, such as a class variable,
that access should be synchronized.
Multithreaded-Safe Servlets
Definition
Multithreaded-Safe Servlets
● Ensure that all instance methods that access critical data are
synchronized.
For example, several servlets could be writing to the same file at the
same time. If the writing is not synchronized, the data that is written
may not appear in the proper order. Following is a service method
that calls a synchronized access method to write to a file:
Multithreaded-Hot Servlets
Definition
SingleThreadModel
Your servlet may implement the SingleThreadModel interface if a
service should not run multiple servlet service methods concurrently.
SingleThreadModel guarantees that multiple instances of the servlet
are created and individually called for each request. An example of a
class implementing SingleThreadModel is
1 public class FormServlet extends HttpServlet implements
SingleThreadModel {
2 ...
3 }
Overview
When a service unloads a servlet, it calls the servlet's destroy method.
The destroy method should undo any initialization work and
synchronize persistent data with the current in-memory state of the
servlet.
While most servlets that override init also override destroy to undo
the initialization, this is not required. For example, a servlet that uses
the init method to get a parameter, such as a file name, does not need
to override destroy because a file name is not a resource that typically
requires clean-up.
Uninitialization
Concurrency Issues
Access Methods
The destroy method ensures that all service methods have finished.
The destroy method checks the serviceCounter, and if there are any
long-running methods, sets the shuttingDown variable (line 53–54).
This variable will let the threads still handling client requests know
that it is time to shut down. The destroy method should wait for the
service methods to complete, in order to provide a clean shutdown
(lines 58–64).
Servlets have a life cycle: they load through a class loader, initialize
through the init method, run through the invoker calling service,
and unload through destroy. The summarized items regarding servlet
life cycle are:
● A class loader is used to load servlets, either when the server starts
up (usually user-definable) or when the servlet is initially
referenced.
▼ The init method is only called once: the service will not call
init again unless it is reloading the servlet.
▼ The init method cannot be reloaded unless its destroy
method has been called by the service to remove the servlet.
Preparation
● The Java Web Server must be installed and running on your
system. Refer to Appendix B, “Using Java Web Server,” for more
information regarding Java Web Server installation, execution, and
documentation.
● Refer to http://host_name:8080/system/doc/index.html
for help with the servlet API.
Tasks
Creating BasicFormTwo.java
Tasks
% javac BasicFormTwo.java
Tasks
http://host_name:8080/BasicFormTwo.html
You should see the BasicFormTwo form appear. This form uses the
ACTION attribute to invoke the BasicFormTwo servlet.
12. Fill out the form and click on the Submit button. The Submit
button sends the data to the BasicFormTwo servlet. You will
receive a thank you reply once the data has been saved on the Web
server.
Tasks
Exercise Summary
Discussion – Take a few minutes to discuss what experiences, issues,
or discoveries you had during the lab exercises.
● Experiences
● Interpretations
● Conclusions
● Applications
Before continuing on to the next module, check that you are able to
accomplish or answer the following:
Can you think of additional, solution-specific, uses for the three life
cycle methods: init, service, and destroy?
Course Map
Database access is one of the primary uses of CGI scripts and
servlets. This module discusses using a JDBC connection pool to
optimize database access times between a Web browser and Web
server.
Introduction to Servlets
Forms Processing
Servlet Basics
With Servlets
Distributed Servlets
Collaborative Servlets
Servlet Security
Servlet
Security
Servlet Hybrids
4-1
Copyright 1998 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services October 1998, Revision A
4
Relevance
● List the four steps needed to create a simple database access client
References
Additional resources – The following references can provide
additional details on the topics discussed in this module:
Distributed Models
Two-Tier (Client/Server)
The two-tier model for distributed computing consists of multiple
clients talking to one or more servers. The client, an applet or
application on an end-user machine, talks directly to shared
applications and databases on a server. The client generally performs
some computation and handles items like connection management.
Java application
Client machine
JDBC
DBMS-proprietary protocol
Database server
DBMS
Multi-Tier
The multi-tier model for distributed computing consists of multiple
clients interacting with one or more servers which, in turn, interact
with one or more additional servers. Generally clients talk to
middleware components (such as servlets on a Web server) which talk
to other tiers such as database servers, application servers, and other
servlets on other Web servers.
Multi-Tier (Continued)
In a multi-tier system, operations like computation and connection
management are performed on the server. Other characteristics of
multi-tier architectures are:
Java applet or
Client machine (GUI)
HTML browser
Application server
(Java) Server machine (business logic)
JDBC
DBMS-proprietary protocol
Database server
DBMS
Overview
The JDBC API provides the developer with a means for insulating the
Java technology client program (applet or application) from the
specific databases the client wants to access.
The jdbcclass variable points to the name of the class to load (line 5).
The variables url and con are defined on lines 4 and 31, and 37,
respectively.
The URL will always start with jdbc:. The vendor documentation for
the JDBC driver will describe the syntax for the remainder of the URL.
ResultSet will contain the results (rows) of the query, if the query
information is found.
Connection Pools
Overview
The best solution to the timing and connection problem is to create a
pool of persistent (reusable) connections that will be used by a servlet
as needed. This pool of connections should be managed by a separate
object called a connection pool.
Connection Pools
Items to Consider
Items to consider when developing a connection pool are:
● The connection pool developer must decide whether the pool will
allow blocking, which would cause a client to wait until a
connection is free.
The closeAll method closes all of the connections currently free (lines
4–12) and removes connections from the list used connections (lines
20–24). A connection is assumed broken if it cannot be closed (lines
13–14).
Preparation
● The Java Web Server must be installed and running on your
system. Refer to Appendix B, “Using Java Web Server,” for more
information regarding Java Web Server installation, execution, and
documentation.
● Refer to http://host_name:8080/system/doc/index.html
for help with the servlet API.
Tasks
▼ Send the query (the last name you fetch from the form) to the
database using the connection. The query string you will use is:
Tasks
6. Test DBServlet directly using a URL. You will not notice anything
different about DBServlet until you have multiple clients
(browsers) trying to access it at the same time. Access time should
be reduced when multiple clients access DBServlet at the same
time.
Note – The following last names are valid for testing DBServlet:
Smith, McNealy, Colorado, Cruz, and Presson.
Exercise Summary
Discussion – Take a few minutes to discuss what experiences, issues,
or discoveries you had during the lab exercises.
● Experiences
● Interpretations
● Conclusions
● Applications
Before continuing on to the next module, check that you are able to
accomplish or answer the following:
❑ List the four steps needed to create a simple database access client
Course Map
Servlets offer a gateway into an abundance of Java technologies such
as JDBC and remote method invocation (RMI). This module discusses
the use of RMI and CORBA/IDL technologies in conjunction with
servlets.
Introduction to Servlets
Forms Processing
Servlet Basics
With Servlets
Distributed Servlets
Collaborative Servlets
Servlet Security
Servlet
Security
Servlet Hybrids
5-1
Copyright 1998 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services October 1998, Revision A
5
Relevance
● Identify the six steps to install and invoke an RMI client and
server
References
Additional resources – The following reference can provide additional
details on the topics discussed in this module:
RMI
An RMI solution consists of RMI servers, clients, and the RMI registry.
An RMI server implements an RMI object interface and registers the
object with the RMI registry. The RMI registry is a daemon that keeps
track of all of the available remote objects. The RMI server must have
access to skeletons for the server class. A skeleton for a remote object is
a server-side entity that contains a method which dispatches calls to
the actual remote object implementation.
The Java RMI API provides a set of classes and methods that handle
the serialization of any object passed as an argument in a method
invocation. The API also takes care of all communication and
parameter referencing.
Figure 5-1 shows the interaction among the RMI client, server, and
registry.
1
RMI registry RMI Server JVM
**Stub
3. The RMI registry returns a serialized copy of the stub to the RMI
client program. The RMI client program deserializes the stub to
create an instance.
4. The RMI client program calls one of the remote object’s methods
via the stub instance.
9. The RMI client stub returns the result to the RMI client program.
1. Use the RMI Naming class to look up and instantiate the remote
object stub from the RMI registry.
Follow these steps to install and invoke the RMI client, server, and
registry:
3. Generate stubs and skeletons using the rmic compiler. Place the
stubs and skeletons on the server and the stubs on the client.
Database.java
1 import java.net.*;
2 import java.util.*;
3 import java.rmi.*;
4
5 public interface Database extends Remote {
6 public void addClient(String ip_addr, Calendar date)
throws RemoteException;
7 public Vector getClientVisits(String ip_addr)
throws RemoteException;
8 public long getNumberOfVisitors() throws RemoteException;
9 public long getNumberOfClientVisits(String ip_addr)
throws RemoteException;
10 public void close() throws RemoteException;
11 }
DatabaseImpl.java
1 import java.sql.*;
2 import java.rmi.*;
3 import java.rmi.server.*;
4 import java.util.*;
5 import java.net.*;
6 import java.util.Date;
7
8 public class DatabaseImpl extends UnicastRemoteObject implements
Database
9 {
10 private Connection connection;
11 private Statement statement;
12 private Date thedate;
13
14 public DatabaseImpl(String driverName, String url) throws
StartupException, RemoteException
15 {
16 try
17 {
18 // Let's set up our connection to the database using JDBC
19 setupDBConnection(driverName, url);
20 }
21 catch(Exception e)
22 {
23 throw new StartupException(new String("Had a problem
connecting to db: "+url));
24 }
25 }
26
DatabaseImpl.java
27
28 /**************************************************************
29 * setupDBConnection is used to:
30 * 1) install the JDBC driver for mSQL
31 * 2) establish a connection to the DB
32 * 3) create a statement allowing us to interact with the DB
33 ***************************************************************/
34 private void setupDBConnection(String driverName,
String url) throws Exception
35 {
36 ...
37 }
38
39 /*************************************************************
40 * addClient adds a record to the Client table of the DB.
41 * It converts the string to a String representation and
42 * the calendar to a string (because of the Mini-SQL limitations).
43 * Normally, business logic or rules would be placed in here.
44 **************************************************************/
45 public void addClient(String ip_addr, Calendar date)
throws RemoteException
46 {
47 ...
48 }
49
50 /****************************************************************
51 * getClientVisits returns a Vector of Strings, each of which
52 * represents a visit.
53 *****************************************************************/
54 public Vector getClientVisits(String ip_addr)
throws RemoteException
55 {
56 ...
57 }
DatabaseImpl.java
58
59 /******************************************************************
60 * getNumberOfVisitors calculates the total number of visitors in
61 * the database.
62 *******************************************************************/
63 public long getNumberOfVisitors() throws RemoteException
64 {
65 ...
66 }
67
68 /******************************************************************
69 * getNumberOfClientVisits calculates the number of times a client
70 * with the given String interacted with our service.
71 *******************************************************************/
72 public long getNumberOfClientVisits(String ip_addr)
throws RemoteException
73 {
74 ...
75 }
76
77 public void close() throws RemoteException
78 {
79 ...
80 }
81 }
RMIServer.java
1 import java.rmi.*;
2
3 class RMIServer {
4 private final static String driverName =
"com.imaginary.sql.msql.MsqlDriver";
5 private final static String url =
"jdbc:msql://fuggles:1114/ClientLog";
6
7 public static void main(String args[]) {
8 try {
9 Database database = new DatabaseImpl( driverName,
url );
10 Naming.rebind("ClientLog", database);
11 } catch(StartupException se) {
12 System.err.println("StartupException: "+se.getMessage());
13 } catch(Exception e)
14 {
15 System.err.println("An Error occurred during RMI Server
initialization.");
16 e.printStackTrace();
17 System.exit(0);
18 }
19 }
20 }
ClientLogServlet
The RMI client accesses the remote database object through the RMI
registry.
1 import java.io.*;
2 import java.util.*;
3 import java.rmi.*;
4 import javax.servlet.*;
5
6 public class ClientLogServlet extends GenericServlet
7 {
8 static
9 {
10 System.err.println("CLIENTLOGSERVLET CLASS LOADED");
11 }
12
13 private Database database;
14 private ServletContext context;
15 private final String rmiParam = "RMI_Registry_Server";
16 private final String remoteObjParam = "Remote_Object_Name";
17
18 private String rmiRegistry, remoteObjectName;
19
20 public void init(ServletConfig config) throws ServletException
21 {
22 super.init(config);
23 context = config.getServletContext();
24 context.log("init in ClientLogServlet called");
25
26 try
27 {
28 rmiRegistry = config.getInitParameter(rmiParam);
29 System.err.println("rmiRegistry: "+rmiRegistry);
30 remoteObjectName = config.getInitParameter(remoteObjParam);
31 System.err.println("remoteObjParam: "+remoteObjectName);
32
ClientLogServlet (Continued)
ClientLogServlet (Continued)
ClientLogServlet (Continued)
92 try
93 {
94 database.close();
95 }
96 catch(Exception e)
97 {
98 System.exit(0);
99 }
100 }
101}
ClientLogServlet
The servlet calls the remote objects methods, via the stub instance,
within the service method. ClientLogServlet calls
database.addClient (line 67) to add the client browser’s IP address
and current date/time to the remote object.
The number of clients, dates, and Internet Protocol addresses are then
returned to an applet called RMIApplet.
Java IDL
Overview
The JavaIDL API is actually a Java technology approach to the CORBA
technology. CORBA is similar to RMI. Server capabilities are described
in a specification file: the IDL file.
Overview (Continued)
An object request broker is a concept similar to the RMI registry. ORBs
are an IDL runtime responsible for all of the mechanisms required to
find the object implementation for the request, to prepare the object
implementation to receive the request, and to communicate the data
making up the request. The Java interface that the client sees is
completely independent of where the object is located, the
programming language it is implemented in, or any other aspect
which is not reflected in the object’s interface.
● The binaries that are executed are not composed of byte codes and
are therefore not platform independent. In turn, RMI can actually
move class files transparently from one machine to another if
required.
Preparation
● The Java Web Server must be installed and running on your
system. Refer to Appendix B, “Using Java Web Server,” for more
information regarding Java Web Server installation, execution, and
documentation.
● Refer to http://host_name:8080/system/doc/index.html
for help with the servlet API.
Tasks
4. Recompile RMIServer.java.
6. Copy RMIApplet.class to
server_root/public_html/applets.
Tasks
rmiregistry &
3. Start RMIServer:
java RMIServer
appletviewer http://host_name:8080/RMIApplet.html
You should notice that several messages are printed within the
window where RMIServer was started. Additionally, the applet should
receive messages from the ClientLogServlet.
Note – You will have to exit and reload the RMIApplet via the
AppletViewer to increment the values within the remote object.
Exercise Summary
Discussion – Take a few minutes to discuss what experiences, issues,
or discoveries you had during the lab exercises.
● Experiences
● Interpretations
● Conclusions
● Applications
Before continuing on to the next module, check that you are able to
accomplish or answer the following:
❑ Identify the six steps to install and invoke an RMI client and
server
Course Map
Persistent state allows information to be kept over time, and shared
among a series of Web pages sent by one server to the same browser.
This is central to many shopping-type applications.
Introduction to Servlets
Forms Processing
Servlet Basics
With Servlets
Distributed Servlets
Collaborative Servlets
Servlet Security
Servlet
Security
Servlet Hybrids
6-1
Copyright 1998 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services October 1998, Revision A
6
Relevance
● Define the term session and describe how a session can be used to
overcome limitations imposed by the stateless HTTP protocol
References
Additional resources – The following reference can provide additional
details on the topics discussed in this module:
Suppose you have a Web site that has a Web page for authenticating
users and a Web page for accessing a corporate database.
● If the user was authenticated, what are the privileges of the user?
How can the database servlet gain access to this information? There
are three approaches: cookies, sessions, or both.
Cookies
Cookies are a mechanism for storing a variable and its associated value
on the client. The server requests that a cookie value be set when a
Web page is accessed. The browser has the option of accepting or
rejecting the cookie. If the cookie is accepted, the value is set. The same
value can be read back by the server at a later time, such as during the
handling of a later page request.
Cookies
Cookies
Setting a Cookie
Follow these steps to set a cookie in a browser:
Note – The addCookie method must be called even if the cookie was
retrieved from the browser. If this is not done the cookie value will not
be set or modified in the browser.
Retrieving a Cookie
The following code fragment shows how to retrieve a cookie:
1 public void doPost(HttpServletRequest req, HttpServletResponse resp) {
2 Cookie [] allCookies = req.getCookies();
3 Hashtable cookieTable = new Hashtable();
4
5 for (int i = 0; i < allCookies.length; i++) {
6 cookieTable.put(allCookies[i].getName(), allCookies[i]);
7 }
8 }
Sessions
Sessions
Sessions
Example
This example demonstrates the use and programming of a session and
consists of two servlets:
Sessions
Example
The login servlet will collect a user name and password from an HTTP
POST request. The POST request will be created using a simple HTML
form, although the design of the servlet does not preclude the use of
an applet. The user data will be validated, and if deemed accurate, an
HttpSession, containing the user name, password, and secret
information, is created and initialized.
The login servlet has an init and a doPost method. The init
method reads data from a configuration file. This file contains records
of user name, password, and secret information, separated by colons.
Example
The init routine parses input lines from the file specified by
InitFile (lines 2, 6, 8–11), loads an array called value with the
password and extra data (line 12), and loads a hash table called
database with the user name (line 13).
Example
Calls to the login servlet are serviced by the doPost method once the
servlet is initialized.
1 public void doPost(HttpServletRequest req,
HttpServletResponse resp) {
2 Hashtable reqParams = null;
3 try {
4 ServletInputStream sins = req.getInputStream();
5 reqParams = HttpUtils.parsePostData(
sins.available(),sins);
6 } catch (IOException e) {
7 ;
8 // trouble with the input stream. The empty
9 // hashtable will cause a suitable handling.
10 }
11 }
12 String user = ((String[])(reqParams.get("USER")))[0];
13 String pass = ((String [])(reqParams.get("PASSWORD")))[0];
14
15 Object entry;
16 String response = null;
17
18 if ((user != null) && (pass != null) && ((entry =
database.get(user)) != null)) {
19 String [] entryStrings = (String [])entry;
20 if (!pass.equals(entryStrings[0])) {
21 response = "Bad Password, access denied";
22 }
23 else {
24 response = "Welcome " + user;
25 HttpSession session = req.getSession(true);
26 session.putValue("loginservlet.user", user);
27 session.putValue("loginservlet.password", pass);
28 session.putValue("loginservlet.secrets",
29 entryStrings[1]);
30 }
Example
31 }
32
33 else {
34 response = user + " is not a known user here";
35 }
36
37 resp.setContentType("text/html");
38
39 try {
40 Writer output = resp.getWriter();
41 output.write("<HTML>\n<BODY>\n" + response
+ "</BODY>\n<HTML>\n");
42 output.flush();
43 } catch (IOException ex) {
44 ex.printStackTrace();
45 }
First, the POST parameters are collected into a hash table. The hash
table is generated using the utility method parsePostData in the
HttpUtils class (line 5).
Next, the user name and password parameters are fetched from the
hash table (lines 12–13). If neither the user name nor the password is
null, the servlet’s main database is checked for a match on the
supplied user name. If a match is found, the corresponding data will
contain the password and secrets for the user (line 20). A final check is
made to determine if the password is correct. If the password is
correct, an HttpSession object is created and initialized with the
user’s user name, password, and secret data (lines 25–28).
Example
The bulk of the login servlet’s work is completed within this service
method. This code segment produces a session object for a valid login
attempt, or creates an error string for an invalid login. Any servlets
invoked by the same browser that invoked the login servlet can obtain
this session and manipulate the data in it.
Sessions
Example
The secret servlet checks for the existence of the session. The servlet
returns an error report if a session is not found. If the session is found,
the user information within the session is used to generate a dynamic
Web page containing secret information.
Example
First, the secret servlet checks to see if the session exists. To check for
the session, an argument of false is passed to the getSession
method (line 3). This method/argument combination requests that a
new session not be created if it does not already exist. If the session
does not exist, it is assumed that the login servlet has not yet been
executed properly, and therefore, the secret servlet issues a message
encouraging users to log in (lines 4–5).
Example
Sessions
Additional Guidelines
There are several additional guidelines for working with sessions.
These guidelines are:
Additional Guidelines
● Any servlet can request that a session be created. However, if a
session already exists for the browser, it will be reused.
Cookies
A Web server can use two ways to track the session that relates to a
browser. The simplest and most effective approach is to have the
server set a cookie in the browser.
URL Rewriting
URL rewriting allows a session to be tied to a browser by adding a
session ID to a requested URL. The Web server recognizes this extra ID
information and extracts it from the URL when the browser attempts
to follow a link. The restored URL (without the ID) is used to load the
page, while the ID is used to track the session. For example, if the
current session ID is DA32242SSGE2 and the URL /store/catalog is
requested, the rewritten URL would be:
/store/catalog;$sessionid$DA32242SSGE2
URL rewriting is cumbersome, as all local URLs sent to the client must
be modified. Each HTML page must be scanned by the server to
determine all the data that gets sent to the client.
● In some instances you might use cookies. For example, you might
use cookies when writing a servlet that will interact with other
pre-existing Web pages that use cookies, such as those created by
standard CGI scripts.
Preparation
● The Java Web Server must be installed and running on your
system. Refer to Appendix B, “Using Java Web Server,” for more
information regarding Java Web Server installation, execution, and
documentation.
● Refer to http://host_name:8080/system/doc/index.html
for help with the servlet API.
Tasks
4. Edit ShopUsers.txt.
Tasks
Tasks
Tasks
Tasks
Tasks
Exercise Summary
Discussion – Take a few minutes to discuss what experiences, issues,
or discoveries you had during the lab exercises.
● Experiences
● Interpretations
● Conclusions
● Applications
Before moving on to the next module, check that you are able to
accomplish the following:
❑ Define the term session and describe how a session can be used to
overcome limitations imposed by the stateless HTTP protocol
Course Map
A servlet may need to pass information to a browser on a continuous
basis. This functionality requires a special “time-extended” connection.
Introduction to Servlets
Forms Processing
Servlet Basics
With Servlets
Distributed Servlets
Collaborative Servlets
Servlet Security
Servlet
Security
Servlet Hybrids
7-1
Copyright 1998 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services October 1998, Revision A
7
Relevance
What happens if data in a Web page changes after the browser has
downloaded the Web page?
References
Additional resources – The following default reference can provide
additional details on the topics discussed in this module:
Implementation Options
Server push is more efficient than client pull because network transfers
and central processing unit (CPU) usage only occur when new data is
available. A Web server must keep track of all the interested parties in
a server push option.
Preparation
● The Java Web Server must be installed and running on your
system. Refer to Appendix B, “Using Java Web Server,” for more
information regarding Java Web Server installation, execution, and
documentation.
● Refer to http://host_name:8080/system/doc/index.html
for help with the servlet API.
Tasks
Tasks
Tasks
The rest of the program will then append this String to the
display so that it can be seen.
6. Generate .class files for each of the servlets and the monitor
program.
Tasks
java UDPMonitor
12. Use the modified Web shopping pages. You should see all of the
transactions for all of the students in the classroom as you and
other students use the Web shopping pages.
Note – You will find that you can run multiple monitors, on different
machines, and they will all display the transaction logs. However, you
might notice a lost log from time to time, and you might find that the
logging does not work if there is a router between your shopping
server and your logging station.
Exercise Summary
Discussion – Take a few minutes to discuss what experiences, issues,
or discoveries you had during the lab exercises.
● Experiences
● Interpretations
● Conclusions
● Applications
Before moving on to the next module, check that you are able to
accomplish the following:
Course Map
This module discusses security topics relevant to Web server and
servlet security.
Introduction to Servlets
Forms Processing
Servlet Basics
With Servlets
Distributed Servlets
Collaborative Servlets
Servlet Security
Servlet
Security
Servlet Hybrids
8-1
Copyright 1998 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services October 1998, Revision A
8
Relevance
● Describe how access control lists and realms are used, both on
Web servers and by programmers
References
Additional resources – The following references can provide
additional details on the topics discussed in this module:
For the most part, Web servers contain free information accessed using
HTTP protocol over the Web. However, these threats involve data that
the Web server administrators have labeled secure. A Web server must
be able to authenticate a user that claims rightful access to secure data
at a target URL, in order to authorize access for that user.
Definition
All browsers can communicate using HTTP protocol with the server at
a target URL to request, receive, and display a Web page. Browsers
and servers seem to communicate silently as they pass information
within request headers and response headers.
Overview
Today, most Web servers (including Java Web Server) provide the
following HTTP security mechanisms:
Basic Authentication
Basic authentication involves a user entering a user name and a
passphrase in response to a challenge by the Web server to pass an
access control check for access to protected data.
For example, a Web site that provides a bulletin board, for topical
discussions, enforces registration of a user name to deter posts by
imposters and spammers. An attempt to post for the first time would
result in a graphical challenge dialog box requesting a valid user name
and passphrase.
Java Web Server supports the basic authentication scheme using ACLs.
However, there are two well recognized problems with this standard
HTTP mechanism:
● The server needs to store the passwords in plain text; these are
“shared secrets.” This means that when (not if) a server is broken
into, the attacker gains the right to authenticate as each user. Since
users frequently use the same passwords at many different sites,
this is a threat against both those users and all those other sites.
(SSL client authentication is used to protect against this kind of
attack.)
Digest Authentication
Basic authentication’s problem of having plain text passwords is
resolved by digest authentication. With digest authentication, the
password must be known to the server. However, only a small portion
or “fingerprint,” used by both the client and server, is actually
exchanged over the network. Therefore, an eavesdropper cannot read
passwords on their way to your Web server. Although this is safer
than sending the password over the network, the client and other
servers, are still at high risk when the server is successfully attacked.
Examples of SSL authentication are all over the Internet now. SSL is
used by financial institutions such as banks who want to allow
customers to securely inquire about their account and transfer funds. It
is also used for on-line purchasing of mail-order products like books
and CDs.
Security Realms
Definition
A security realm contains users and groups plus their associated ACLs.
The access control list for a user in a particular realm specifies the
privileges that user is granted to access server resources. Resources
include such things as files, directories, and servlets.
All three types of HTTP authentication require the Web server to have
been configured with security realms.
Definition (Continued)
Users can be grouped for two reasons:
● You need to create different realms for various sites, such as other
virtual hosts, or parts of a given Web site serving diverse
applications.
ACLs are tied to specific realms, so they let your Web site’s
administrator control which users get access to individual Web pages
or trees of such pages.
Browser
Server
sends URL
Browser
Yes
No
No
Encode
Send 401
user:pass
The browser is used to open the author administration page that had
been bookmarked previously,
http://secure.booksellers.com/authors/admin.html
The BookSellers site has chosen Java Web Server, and the Web
administrator had previously taken the following steps to configure it
using the administration applet under the Security section:
● http://secure.booksellers.com/authors/
Note – Since the Netscape browser does not support digest, choosing
digest would be feasible only if booksellers.com also provided an
applet of its own that performs the client-side part of digest
authentication, as the Java Web Server has done with
com.sun.server.admin.toolkit.AdminApplet.
The browser does not send this information (so the header is null)
until there has been a previous request for authentication on the space
during the session. However, if the browser had already visited the
page and passed authentication, the browser would automatically
supply the header.
The following output is actual text sent from a Web server, showing
the WWW-authenticate header information:
HTTP/1.0 401 Unauthorized
Server: JavaWebServer/1.1.1
Date: Fri, 26 Jun 1998 16:04:36 GMT
WWW-authenticate: basic realm="defaultRealm"
Content-type: text/html
Content-length: 223
Step Five: Dialog Box Prompts for User Name and Password
The browser displays a dialog box prompting the user for user name
and password.
Author Judy Javaguru might supply the user name javaguru and the
password 2_pro1ifik.
The browser would encode the string javaguru:2_pro1ifik and set the
authorization header as follows when it requests the page again. The
browser sends this text, as if it were using TELNET to access port 80 of
the secure.booksellers.com machine.
GET /authors/admin.html HTTP/1.0
Connection: Keep-Alive
User-Agent: Mozilla/4.05 [en] (X11; I; SunOS 5.5
sun4u)
Host: java-guru-writer.com
Accept: image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg, image/png, */*
Accept-Language: en
Accept-Charset: iso-8859-1,*,utf-8
Authorization: Basic amphdmFndXJ1OjJfcHJvMWlmaWs=
Most browsers will let you preempt the dialog by supplying the user
name and password as part of a URL:
http://jjavaguru:2_pro1ifik@secure.booksellers.com/
authors/admin.html
Opening this URL has the same effect as entering the information in an
authentication dialog, except that anyone looking at your browser will
see your password.
Even though there are many Web servers that support servlets, many
have different ways of configuring the equivalent of realms, groups,
and ACLs for resources. In addition, a corporate intranet typically has
some sort of password database which is used for legacy applications.
2. The Web server resolves the URL to point to this servlet, whether
directly or indirectly, and invokes doGet method with potential
Authorization header stuffed into the HttpRequest (line 9).
7. On lines 19–40 the user name and password are decoded and the
validate method (undefined) returns a Boolean indicating whether
the password is valid.
You can have Java Web Server use the secure Web service when it is
started by highlighting Secure Web Service from the initial window
and clicking on Start. In its normal usage, SSL provides up to four
features to your TCP connections:
● Your Web server is authenticated to its clients, so that they can tell
who you “really” are. Public key certificates are used for this
authentication.
● All requests to your Web server are encrypted so that client data
(such as credit card data) is kept confidential (as are the responses
from your Web server).
There are several different ways to use SSL. In particular, each of the
four features comes in several varieties, and all except integrity
protection are optional.
Servlet Sandbox
The Java Web Server provides a controlled execution environment, a
servlet sandbox analogous to the applet sandbox used by Web browsers
to control applets.
All Java servlets that are remotely loaded are untrusted. Untrusted
Java servlets are invoked by separate instances of a dispatcher servlet
and run in a thread that is part of an isolated thread group in the
servlet sandbox. The service handler must send requests through the
dispatcher servlet to a thread in that sandbox, and wait for it to
complete. The cost of a request for an untrusted Java servlet is
therefore higher than for local Java servlets.
Untrusted Untrusted
servlet servlet
Isolated thread groups
Untrusted
servlet
● Files
● Runtime state
● Administrative state
● Network servers
Servlet Types
▼ Java Web Server internal servlets – Some parts of the Java Web
Server are implemented using trusted internal servlets.
Note – Servlets that have been digitally signed as they were put into
Java Archive (JAR) files can be trusted and granted more permissions
by the security manager. A digital signature on executable code
indicates that the organization which signed the code “vouches for it”
in one sense. Such signatures cannot support accountability by
themselves, but they do indicate a degree of assurance that can be
placed on use of that code.
Trusted servlets should, of course, not abuse the trust placed in them.
They have access to the server’s private encryption keys, to the file
system, and to the network. They could even call the System.exit
method which will unload the Web server.
RemoteUser Property
Overview
Upon authentication of any sort (basic, digest, or SSL) the property
RemoteUser is set by the Web server within an HTTP header. It is
available within a servlet through a call to getRemoteUser on the
request object. For those familiar with CGI scripts, this property is
the same as the CGI variable REMOTE_USER.
Overview (Continued)
● A group of servlets can be used to depend on the RemoteUser
property for a session without passing extra login information.
You can use the administration applet to set up a realm, an ACL for
the realm, users for the realm, and resources that the ACL controls.
Then have your servlet check the RemoteUser property using the
getRemoteUser method to verify that some type of authentication
took place.
Sanity Checking
In most cases, you will be creating both servlets and the interfaces that
communicate with your servlets (such as HTML pages, applets, and
applications). Therefore, you will have full knowledge of the types of
parameters a request should contain. It is important, for security
reasons, to perform a sanity check on request parameters. This is
especially true if the parameters you expect to receive access a volatile
portion of your Web server.
Generally, Web servers offer several security features that can be built
into servlets. These features include
Preparation
● The Java Web Server must be installed and running on your
system. Refer to Appendix B, “Using Java Web Server,” for more
information regarding Java Web Server installation, execution, and
documentation.
● Refer to http://host_name:8080/system/doc/index.html
for help with the servlet API.
Tasks
▼ The first element in the array that is returned is the user name.
host_name:9090/
user: admin
password: admin
Tasks
8. Click on Servlets.
9. Click on Add.
Alias: /testbasicauth.html
ServletInvoked: TestBasicAuth
Tasks
http://host_name:8080/testbasicauth.html
Password: illegalpassword
20. Click on OK and try again with the following user name and
password:
Password: servlets
Tasks
The lab directory for this module contains a subdirectory called RFCs.
This subdirectory includes the RFCs mentioned in the lecture material:
RFC 2068 and RFC 2069. If you are interested, you can look through
what is specified in each of these.
Exercise Summary
Discussion – Take a few minutes to discuss what experiences, issues,
or discoveries you had during the lab exercises.
● Experiences
● Interpretations
● Conclusions
● Applications
Before continuing on to the next module, check that you are able to
accomplish or answer the following:
❑ Describe how access control lists and realms are used, both on
Web servers and by programmers
Course Map
The JavaBeans architecture can be used to create server-side servlet
components. This module addresses the issues involved with creating
a Java servlet that is also a Bean.
Introduction to Servlets
Forms Processing
Servlet Basics
With Servlets
Distributed Servlets
Collaborative Servlets
Servlet Security
Servlet
Security
Servlet Hybrids
9-1
Copyright 1998 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services October 1998, Revision A
9
Relevance
● Invoke a servlet Bean using Java Web Server and an .shtml Web
page
References
Additional resources – The following references can provide
additional details on the topics discussed in this module:
What Is JavaBeans?
Functionality of Beans
● Beans are event aware. Beans use the JDK 1.1. events system to
communicate with each other.
Definition
A servlet can access other Beans, or a servlet can be a Bean. A servlet
Bean is a servlet that adheres to the JavaBeans design patterns,
particularly the design pattern for introspection. Simply put, a servlet
becomes a servlet Bean when it implements get and set accessor
methods to access state-related values within the servlet.
30 /**
31 * Bean property accessor - Get the <tt>stringProperty</tt> value.
32 * @return A String instance, or <tt>null</tt>
33 */
34 public String getStringProperty(){
35 return stringProperty;
36 }
37
38 /**
39 * Bean property accessor - Set the <tt>stringProperty</tt> value.
40 * @param A String instance, or <tt>null</tt>
41 */
42 public void setStringProperty(String stringProperty){
43 this.stringProperty = stringProperty;
44 }
45
46 /**
47 * Bean property accessor - Get the <tt>intProperty</tt> value.
48 * @return The integer value for the property.
49 */
50 public int getIntProperty(){
51 return intProperty;
52 }
53
54 /**
55 * Bean property accessor - Set the <tt>intProperty</tt> value.
56 * @return The new value for that property
57 */
58 public void setIntProperty(int intProperty){
59 this.intProperty = intProperty;
60 }
61 }
Setting Cache-Control
For example, a servlet that returns stock quotes might implement this
feature to ensure that all stock quotes on a browser are current.
Properties in ServletConfig
Introspected Properties
Java Web Server can also discover the properties that a servlet Bean
contains through introspection. Java Web Server examines servlet
Beans to determine property names when a servlet Bean is configured.
Properties are identified by the names of their get and set accessor
and mutator methods (lines 34, 42, 50, 58). Java Web Server will
automatically list the property and its default value within its property
editor.
The example contains two sets of get and set accessor methods:
public void setStringProperty(String stringProperty)
public String getStringProperty()
You can change the default values for these properties using Java Web
Server if your servlet Bean supports JavaBeans design pattern for Bean
persistence.
The properties editor will also create a servletInfo property for any
servlet that is configured as a servlet Bean (regardless of whether the
servlet Bean overrides getServletInfo).
Implementing java.io.Serializable
Your servlet Bean must implement java.io.Serializable (or
java.io.Externalizable) to make its fields persistent. Implementing
Serializable allows Java Web Server to create a persistent form of
your Bean when you configure the Bean.
Note – Java Web Server only creates .ser files for Bean classes that are
within a JAR file.
The class of the object, the signature of the class, and the values of the
non-transient and non-static fields of the class and all of its supertypes
are written by the writeObject method. The writeObject method
throws both IOException and ClassNotFoundException.
Serialized servlet Bean files, and the class file they reference, can be
packaged together in a JAR file. Serialized Beans (.ser files) within a
JAR file cannot be modified by Java Web Server or your servlet. If you
want to keep modifiable persistent forms of your Beans, they will have
to reside outside of the JAR file.
Java Web Server will create .ser files when you initially add and
configure a new servlet Bean whose classes reside in a JAR file. This
.ser file will have the same name as the servlet Bean class. You can
use Java Web Server to further modify and save property values
within this newly created .ser file. Java Web Server creates .ser files in
the server_root/servletbeans directory. If a serialized form of the
servlet Beans exists, Java Web Server will automatically read it and
update the servlet’s state with the saved state.
You can invoke servlet Beans the same way you would invoke any
other servlet, after a servlet Bean is loaded. However, there are some
items to consider when accessing a servlet Bean using a URL.
ServletName represents either the name of the servlet Bean class file
or a .ser file. Invoke a class file or serialized file using the name of
the file without the .class or .ser extension.
Counter.class
counter1.ser
Servlet Beans are servlets that adhere to the JavaBeans design pattern
for introspection. A servlet Bean can adhere to all of the JavaBeans
design patterns. The following information was discussed regarding
servlet Beans:
● The servlet Beans that you create should be packaged in JAR files.
Preparation
● The Java Web Server must be installed and running on your
system. Refer to Appendix B, “Using Java Web Server,” for more
information regarding Java Web Server installation, execution, and
documentation.
● Refer to http://host_name:8080/system/doc/index.html
for help with the servlet API.
Tasks
▼ Get and set the value for count by creating get and set
accessor and mutator methods.
Note – A Web page counter should be invoked every time a Web page
is visited (not when a Web page action is performed). The
CounterBean.java file overrides the standard Servlet.service
method. This is because other HTTP-based service methods (such as
doPost and doGet) require action, on behalf of the Web browser user,
to invoke the servlet.
Tasks
Tasks
3. Type a new value in the Count Property field. Press the Return key
once you are finished.
4. Click on Save to save the count value as the default value for the
CounterBean servlet Bean. Java Web Server will create a
CounterBean.ser file, containing this value, in the
server_root/servletbeans directory.
Note – Remember, the CounterBean is not saving its state each time it
is accessed. In the next exercise you will implement the code necessary
to save CounterBean’s state (the current count).
Tasks
Tasks
▼ Before continuing with the next step, note the number of hits
that the CounterBean is displaying.
8. Wait approximately one minute for the Java Web Server to reload.
Tasks
1. Create a servlet that keeps track of the total number of hits, for a
Web page. This counter should keep individual numbers of hits
for each Internet Protocol (IP) address accessing the page.
Exercise Summary
Discussion – Take a few minutes to discuss what experiences, issues,
or discoveries you had during the lab exercises.
● Experiences
● Interpretations
● Conclusions
● Applications
Before continuing on to the next module, check that you are able to
accomplish or answer the following:
❑ Invoke a servlet Bean using Java Web Server and an .shtml Web
page
How might you use the JavaBeans event mechanism to extend the
functionality of your servlet Beans?
Course Map
This module discusses JavaServer Pages, an integrated solution for
generating and returning dynamic Web page content to a client
(browser).
Introduction to Servlets
Forms Processing
Servlet Basics
With Servlets
Distributed Servlets
Collaborative Servlets
Servlet Security
Servlet
Security
Servlet Hybrids
10-1
Copyright 1998 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services October 1998, Revision A
10
Relevance
● List the five directives that can be used within a JavaServer page
References
Additional resources – The following references can provide
additional details on the topics discussed in this module:
out.println("<HEAD><TITLE>Howdy Servlet</TITLE></HEAD>");
out.println("<BODY>");
out.println("Howdy " + getParameter("yourname"));
out.println("</BODY>");
out.close();
● These statements force you to combine HTML and code for the
Java platform (“Java code”) or script code within your servlets,
preventing reuse of code.
JavaServer Pages
Definition
JavaServer Pages (JSP) are Web pages that contain a combination of
HTML and code written in a scripting language such as the Java
programming language. The two primary benefits of JavaServer Pages
are:
Definition
JavaServer Pages are processed by a special servlet called the
PageCompileServlet.
● Directives
● Declarations
● Scriptlets
● Expressions
● Bean tags
Directives
Language
The language variable is used to define the scripting language used in
a JavaServer page. The value of this tag applies to the entire file. If you
include the language tag more than once, only the value for the first
tag is used. If you omit this tag entirely, the scripting language defaults
to java.
Note – Java Web Server 1.1.1 supports only the Java programming
language for scripting. Other vendors might support other scripting
languages (for example, IBM supports REXX within their JavaServer
Pages equivalent).
Method
The method variable is used to define the name of the method that will
contain the body of code generated from the JavaServer page. By
default, this method is the service method. The value for this tag
applies to the entire file. If you include the method tag more than once,
only the value for the first tag is used. For example, to change the
default method to doPost, your JavaServer page would contain
Import
The import variable is used to define the list of package names or
class names, each separated by a comma, that will be imported by the
generated servlet. You can use this tag multiple times within a file. For
example, to import the java.io.* and java.util.Hashtable
packages, your JavaServer page would contain:
<%@ import = "java.io.*,java.util.Hashtable" %>
Implements
The implements variable is used to define the list of interface names,
each separated by a comma, that the generated servlet implements.
You can use this tag multiple times within a file.
Extends
The extends variable is used to define the name of the super class that
the generated servlet extends. The value for this tag applies to the
entire file. If you include the method tag more than once, only the
value for the first tag is used. For example, if the servlet generated
from your JavaServer page extended HttpServlet, your JavaServer
page would contain
<%@ extends = "javax.servlet.http.HttpServlet" %>
Declarations
Definition
Declarations identify class-wide variables and methods used by the
generated servlet. Variable and method declarations are defined within
starting and ending SCRIPT tags. The starting SCRIPT tag is
<SCRIPT runat=server>
</SCRIPT>
Scriptlets
Definition
A scriptlet is the portion of scripting code used to add additional
functionality to the HTML within a JavaServer Page. You can use any
valid Java code within a scriptlet. Scriptlet code is defined within <%
and %> tags. The example has several examples of scriptlet code. Prior
to parsing the form request, a small portion of scriptlet code
determines whether or not the form has been completed (lines 4 and
5):
<%
if (request.getParameter("first") == null) { %>
Definition (Continued)
Additionally, the generated servlet will have access to several
predefined variables that reference objects common to most servlets
(such as a HttpServletRequest and HttpServletResponse). These
variables are: request, response, out, and in.
request
The request variable references an incoming
javax.servlet.http.HttpServletRequest object.
response
The response variable references a
javax.servlet.http.HttpServletResponse which is used for
outgoing responses.
out
The out variable references a java.io.PrintWriter output writer.
The example uses the request.getParameter method to parse the
request and then prints a response using the out.println method. A
small portion of scriptlet code determines whether the form has been
completed (lines 20–24):
<%} else {
String foo = request.getParameter("first");
out.println(foo);
}
} %>
in
The in variable references the java.io.BufferedReader input
reader.
Expressions
Definition
Expressions are a type of tag that contain script language expressions
that are replaced with the values for those expressions, once an
expression has been resolved. Expressions are defined within <%= and
%> tags. An expression is evaluated to a result which is then
converted into a string and displayed. Conversions to string
representation for all primitive types, such as int and float, occur
automatically.
Additional Guidelines
You cannot reuse a variable name later in your page. If you need
to use the same variable name twice, use the scoping syntax of
your scripting language to establish a scope for each variable. For
example, in the Java programming language, you would use
braces to establish scope for a series of methods and variables.
In the example shown, if the value for the balance variable is more
than 100.00, the message You use the phone far too much! is
printed.
You can use println statements, within your scriptlet code, to
send HTML to an output buffer.
Definition
One of the most powerful and important features of JavaServer Pages
is the ability to access any Java object from within a JavaServer page.
This feature enables you to completely separate HTML presentation
from Java programming language content creation.
Declaring a Bean
name
The example sets name to cb. The name attribute identifies the key
used to look up the Bean or object in the appropriate scope. For
example, name may refer to a session key value where the Bean is
stored. In example shown here, the Bean name is myBean.
varname
The varname attribute identifies a variable name that can be used to
refer to the Bean in other portions of the JavaServer page. The example
uses the varname to reference an accessor method in the
ColorGameBean (lines 10, 11, 33, 34, 39, 49, and 51) of the example
code. For example:
<body bgcolor= <%= cb.getColor1() %>>
type
In the example, type is equal to ColorGameBean.The type attribute
identifies the name or interface of the Bean’s class file. If a class is not
specified, it defaults to the type Object.
introspect
In the example, introspect is equal to yes. The introspect attribute
identifies whether the Bean’s set acessor methods are called when an
associated property is handed to the Bean within the request. The
instrospect attribute can be set to either yes or no.
Note – By declaring a BEAN tag, the JavaServer page will have access to
a Bean whose properties have been set to the values of the parameters
(query parameters or posted form parameters) that the client called the
page with.
Declaring a Bean
create
In the example, create is equal to yes. The create attribute identifies
whether or not to create the Bean if it is not found in the specified
request or session. The create attribute can be set to either yes or no.
The default value of create is yes.
scope
In the example, scope is equal to session. The scope attribute is
used to identify where the Bean is retrieved from. Remember:
scope (Continued)
Once created, a Bean is alive for either the lifetime of the current
request or the lifetime of the session (depending on what the scope in
the BEAN tag is).
request
If this value is used, the Bean is retrieved from the service’s request
context. This is the default value used when scope is not specified. If
the Bean is not part of the request context, then the Bean is created and
stored in the request context unless the create attribute is no.
session
If this value is used, the Bean is reused from the current session if
present. If not present, it is created and stored as part of the session if
the create attribute is yes.
beanName
The beanName attribute identifies the name of the serialized file or
class that contains the Bean. This attribute is used only when the Bean
is not present in the scope of the <BEAN> tag and the value of the
create attribute is yes.
PageCompileServlet
The scriptlet portion of the page lies between the <% and %> tags.
PageCompileServlet
● The <BEAN> tags enables the system to access any Java object from
within a JavaServer page.
● Bean and object declarations are placed between the <BEAN> and
optional </BEAN> tags.
▼ The name attribute identifies the key used to look up the Bean
or object in the appropriate scope.
▼ The varname attribute identifies a variable name that can be
used to refer to the Bean in other portions of the JavaServer
page.
Preparation
● The Java Web Server must be installed and running on your
system. Refer to Appendix B, “Using Java Web Server,” for more
information regarding Java Web Server installation, execution, and
documentation.
● Refer to http://host_name:8080/system/doc/index.html
for help with the servlet API.
Tasks
1. Create Java code, within this same JavaServer page, to parse form
fields as request data.
Tasks
3. Create the Java code, within this same JavaServer page, to return
and display the width and height of the entire grid of images.
Tasks
▼ Duration: 10
▼ Images horizontally: 5
▼ Images vertically: 5
▼ Width in pixels: 20
▼ Height in pixels: 20
The Web browser should display the values computed within your
JavaServer page. If you used these values, the returned values
should be:
Tasks
The ImageTable.jsp file accepts the same five values listed in the first
task: duration, vertical images, horizontal images, vertical pixels, and
horizontal pixels. The following steps should occur, within
ImageTable.jsp, after this information is submitted using the form
portion of ImageTable.jsp:
● The <BEAN> tag is used to define the Bean used in the JSP page.
● The form values are parsed and held by their respective variables.
This includes a startImage variable that is not entered in the
form, but keeps track of the starting image for the grid of images
(provided).
● The values are passed to the Bean by calling the various set
accessor methods within the Bean. These methods are documented
within the mod10-dynamic/lab/doc/
jsp.beans.ImageTableBean.html Javadoc file.
Tasks
● The output contains HTML containing the form values and grid of
images). The form’s values are placed within a special META tag:
<META HTTP-EQUIV=REFRESH CONTENT="DURATION;
URL=http://...">
● This tag tells the Web browser to refresh its image grid with new
copy based on the time indicated by the DURATION value. The
supplied URL is used to specify the parameters for the image grid.
This mechanism is known as a client pull mechanism as the client
will pull updated information from the Web server.
Tasks
▼ Duration: 10
▼ Images horizontally: 5
▼ Images vertically: 5
▼ Width in pixels: 20
▼ Height in pixels: 20
Exercise Summary
Discussion – Take a few minutes to discuss what experiences, issues,
or discoveries you had during the lab exercises.
● Experiences
● Interpretations
● Conclusions
● Applications
Before continuing, check that you are able to accomplish or answer the
following:
❑ List the five directives that can be used within a JavaServer page
A-1
Copyright 1998 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services October 1998, Revision A
A
HTTP MIME Types
B-1
Copyright 1998 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services October 1998, Revision A
B
Supported Platforms
The Java Web Server is officially supported only under the Solaris™
SPARC™ and Windows NT environments. Windows 95 is supported
for development but is not recommended for deployment because
Microsoft does not consider it a server platform.
The Java Web Server runs on any platform that supports Java
Development Kit (JDK) 1.1 or above.
Hardware
Solaris
Software
You must configure a server environment to run Java Web Server, and
a client environment to run the Web server administration tools.
Server Environment
You can use one of the following to execute Java Web Server:
Note – You will use the Java Web Server JRE to run Java Web Server
during this course.
Software
Client Environment
You must have the following item for your client environment:
The lab files for this course include a copy of Java Web Server. This
product will be installed by your instructor prior to the course.
However, the Java Web Server installation instructions are included
here for future reference.
Solaris
1. Copy the jws111-solaris.tar.Z file from the SL310_LF
directory to a directory where you want Java Web Server installed.
3. Press Return to begin installing Java Web Server. The archive file
will create a JavaWebServer directory within the same directory
where the archive file exists.
Solaris
1. Set JSERV_HOME to server_root: the location where the Java
Web Server is installed.
% cd server_root/bin
% ./httpd &
After you have started the server, you can display the default Java
Web Server home page by entering the following URL in your Web
browser:
http://host_name:8080/
1. From the default home page on port 8080, click on the link labeled
Administration Tool.
Note – You can also connect to the Administration Tool by typing its
URL. For example, if the host name for your Java Web Server is bagua,
then you enter the URL http://bagua:9090/index.html.
3. Log in using the default user name admin and the default
password admin. Figure B-1 shows the Administration Tool
window.
Once you have created a servlet, add it to the list of available servlets
within Java Web Server.
4. Select Add from the hierarchical menu. The Add a New Servlet
screen will be displayed (Figure B-3).
5. Enter the unique name of the servlet in the Servlet Name field.
6. Enter the name of the Java class for the servlet. This consists of the
package name without the .class extension.
8. Click on the Add button. The servlet name that you assigned to
the servlet will appear in the hierarchical list under Configure.
2. Highlight Web Service and click on the Manage button. The Java
Web Server Web Service screen will be displayed.
4. Select a servlet from the Configure list. Two configuration tabs will
display: Configure and Properties.
1. Add your servlet to Java Web Server. Adding servlets was covered
earlier in this appendix.
✓
3. Click on Yes within the Load Class Remotely section and then
enter the URL for the location of your remote servlet.
For example:
<form
action=http://fuggles:8080/servlet/CustomerForm
method=GET>
Overview
Server-side includes (SSI) enables you to embed instructions to the
server inside an HTML document. The instructions are given using
extensions to the HTML tag language. A special file extension, .shtml,
signals the server that the document contains SSI directives. The server
parses the document, executing SSI code in-line. Results are embedded
in the document before it is served to the client.
For example:
<!--This file: pressrelease.shtml-->
The syntax of an SSI tag for inclusion of servlets differs from the
NCSA syntax discussed previously but is very similar to the applet
tag.
For example:
<servlet code=DateServlet.class
codebase=http://blitz/>
<param name=filename value=MyFile.txt>
...
</servlet>
In the example just presented, the contents of the file up to the servlet
tag are sent to the client unmodified. The DateServlet is then loaded
from http://blitz and invoked with the appropriate init and request
parameters (the init parameters are not applicable if the servlet is
already loaded). The output of the DateServlet is embedded into the
response. The contents of the file after the ending servlet tag is then
appended unmodified.
Overview
Servlet aliases are path name mapping rules that the Java Web Server
uses to invoke servlets. These rules allow you to use a shortcut URL to
call a servlet from your browser, embed a shortcut into your files, or
perform a URL redirect.
http://host_name:port/servlet/hello
▼ Servlet Invoked – The name of the servlet that will be run
when the alias is referenced.
Arguments
You can add arguments to the name of the servlet that the alias
invokes. To add an argument, enter the name of the servlet followed
by a question mark (?) and the arguments.
Note – You can use this option to perform server redirections; such as,
redirecting users from an old URL to a new URL. For example, you
could alias /oldstuff
to/RedirectServlet?http://www.newcompanyname.com/newstuff
to perform a server redirection. The source code for the
RedirectServlet is located in mod1-basic/examples.
Overview
For some requests, a chain of ordered servlets can be invoked rather
than just one servlet. The input from the browser is sent to the first
servlet in the chain and the output from the last servlet in the chain is
the response sent back to the browser. Each servlet in the chain has the
inputs and outputs piped to the servlet before and after it, respectively.
A chain of servlets can be triggered for an incoming request through
servlet aliasing or MIME types.
Use the servlet alias window to specify a servlet chain alias. To specify
the servlets in the chain: enter the name of each servlet in the Servlet
Invoked field, separated by commas. For example, to chain the
finger, snoop, and date servlets together, type the following in the
Servlet Invoked field:
Filtering is one of the primary uses for MIME type servlet chaining.
The first servlet in a servlet chain can act as a filter, parsing incoming
request data, based on the MIME type of the data, and then forward
data to the appropriate servlet for processing.
5. Select the Options tab to display the Options card (Figure B-7).
Servlets run within a particular service. Each service maintains its own
environment, which is known as a context. Servlets running within
the same service share the same context. Servlet contexts are
implemented by service developers.
For example:
1 public class First extends GenericServlet {
2 public void service(ServletRequest req,ServletResponse resp) throws
ServletException, IOException {
3 if (condition){
4 Servlet anotherServlet =
servletContext.getServlet("Second");
5 anotherServlet.somemethod()
6 return;
7 }
8 }
9 }
http://host_name:8080/system/doc
JSERV-INTERST
It is highly recommended that you join the Java Web Server interest
mailing list. This list is used by the Java programming community to
discuss various JavaServer products, including servlet-related issues.
URL Description
C-1
Copyright 1998 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services October 1998, Revision A
C
HttpServletRequest Methods
HttpServletRequest
CGI Variable Description
Method
Table C-2 lists additional methods that can be used to extract specific
pieces of information from an HttpServletRequest.
Table C-2 Additional HttpRequestMethods
HttpServletRequest Description
Method
D-1
Copyright 1998 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services October 1998, Revision A
D
IP Addressing
192.98.64.12
Network Address
To assist with the problems of routing, the addressing space is divided
into ranges, called networks. On a single network, part of the IP
address of each machine is common. That part is called the network
address. The remaining part of the 32-bit range is used to give each
machine a unique address.
Subnet Mask
The subnet mask is also a 32-bit number and is also usually
represented as four decimal values with dot separation. This is used to
distinguish the bits of the IP address range that are common to this
network from those that are used to indicate the host address.
One bit in the subnet mask indicates that the corresponding bit is part
of the network address, while a zero indicates that the corresponding
bit is part of the host address.
On a network, all machines must have the same subnet mask, and
must have the same network address. All host addresses must be
different.
Network Classes
There are three basic categories of network, which are distinguished
by the leading bits of the IP address. These are called class A, B, and C:
● Class E network addresses start with four 1 bits and are reserved
Using 32-bit binary numbers is not very easy for humans, and even
when the convenience form of four decimal numbers is used, it is still
difficult to remember addresses and make mistakes.
The hosts file mechanism predates both NIS and DNS and can be used
to map all addresses in a network. However, this mechanism can be
hard to adminster as each machine in a network must always contain
an updated copy of the hosts file to be able to access every machine.
Port numbers below 1024 are usually reserved for standard services,
such as TELNET, FTP and HTTP. NFS™ uses ports in the 2xxx range
while X Windows uses ports in the 6000 range. Hewlett-Packard
printers use port 9000 for a typewriter mode. Ensure that the port
selected for your service is not in use by other things.
The default ports used by most protocols are documented in the RFCs
available at http://nic.mil/rfc.
TCP Sockets
There are two types of TCP sockets: server and client. The server
socket must be associated with a particular port and is constructed like
this:
ServerSocket ss = new ServerSocket(5432);
A client Socket is created with the host name of the server and the
port number on which the server is providing the service.
Socket s = new Socket("banana", 5432);
Once you have a Socket object, the next step is to obtain input and
output streams from that Socket.
InputStream is = s.getInputStream();
OutputStream os = s.getOutputStream();
These streams are byte oriented and you might need to convert them
to Unicode readers and writers if the communication takes place using
text. This can be done like this:
InputStreamReader ir =
new InputStreamReader(is, "8859_1");
OutputStreamWriter ow =
new OutputStreamWriter(os, "8859_1");
UDP Sockets
UDP sockets are encapsulated in the Java class DatagramSocket. To
construct a socket for use in a server program the socket must be
attached to a particular port. When used in a client program, any free
port can be used and it is usual to allow the system to allocate that
port.
Packets can then be received from the network by issuing the call
ds.receive(dp);
When the receive method returns, a packet has been collected. The
data can be extracted using the method getData which returns the
buffer. The length of the data is usually less than the length of the
buffer, and the getLength method should be used to determine how
many bytes are valid.
UDP Sockets
To send data, build a datagram packet with the host address of the
destination machine and the target port number, like this:
byte [] data = ...// initialize data buffer
DatagramPacket outPacket = new DatagramPacket(data,
data.length,
InetAddress.getByName("banana"),
5432);
Once the packet has been constructed, it can be sent from the socket
like this:
ds.send(dp);
Multicast Sockets
The difference between multicasting and normal UDP is that the
listener must “join” the multicast address group. Multicast is
supported in the Java programming language with the
MulticastSocket class, which is a subclass of DatagramSocket. The
significant difference is that the MulticastSocket object has an extra
method, joinGroup.
Glossary-1
Copyright 1998 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services October 1998, Revision A
Cookies
A mechanism for storing a variable and its associated value on
the Web browser.
Connection Pool
A pool of persistent (reusable) connections that can be used by a
database client, such as a servlet, as needed.
Declarations
A JavaServer Pages tag that identifies class-wide variables and
methods used by the generated servlet.
Digest authentication
A form of authentication whereby no password is sent over the
wire.
Directives
A JavaServer Pages tag that allows you to modify certain
characteristics of the JavaServer page and resulting servlet.
Dynamic HTML
The HTML generated by a common gateway interface (CGI)
script or servlet.
Expressions
A JavaServer Pages tag that contains script language
expressions which are replaced with the values for those
expressions, once an expression has been resolved.
Hypertext Transfer Protocol
See HTTP.
HTTP
The request/response protocol used by most Web servers to
communicate with Web browsers on the Internet.
HttpServlet
A subclass of the GenericServlet abstract class which is used to
develop HTTP-based servlets.
JavaBeans
A portable, platform-independent component model written in
the Java programming language.
JavaServer Pages
See JSP.
Glossary Glossary-3
Copyright 1998 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services October 1998, Revision A
Servlet aliases
Pathname mapping rules that the Java Web Server uses to
invoke servlets.
Servlet Bean
A servlet that adheres to the JavaBeans design patterns,
particularly to the design pattern for introspection.
Servlet context
A service’s environment shared among the servlets within that
service.
Servlet engine
Required by Web servers to run servlets.
Servlet sandbox
An isolated group of threads used to run untrusted Java
servlets.
Session
The data associated with a collection of related HTTP
transactions made by one browser to one server.
SSL server authentication
A mechanism whereby a server is authenticated to a Web
browser to ensure a secure transaction.
Statelessness
Refers to the lack of a mechanism for keeping track of a request
or request data sent using a Web browser.
TCP
A connection-oriented transmission protocol; for reliability, TCP
requires a connection before a message can be sent.
Time-extended connection
A mechanism allowing new data to be sent to the client,
automatically, at regular intervals.
Transmission Control Protocol
See TCP.
Trusted servlet
Servlets that are assumed to be secure and are granted full
access to system resources.
Two-tier
A model for distributed computing consisting of multiple
clients talking to one or more servers.
Glossary Glossary-5
Copyright 1998 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services October 1998, Revision A
Index
A C
Acessor methods 9-11 Cache-Control 9-9
ACL 8-12 CGI
ACTION 2-32 an example form processing
addConnection 4-26 script 2-11, 2-13
addCookie 6-9 example uses for 1-4 to 1-5
Authentication 8-6 invocation of 1-11
basic 8-9 invoking a form processing
challenge-response 8-7 script 2-19
digest 8-10 overview of 1-4
HTTP types 8-8 to 8-11 parsing the form
passphrase 8-7 request 2-16 to 2-17
public key protocol 8-7 print statements 10-5
SSL server 8-10 to 8-11 println statements 10-5
Authorization 8-6 processing form data with 2-4
an overview of 8-7 reading the form request 2-15
request and response
B mechanism of 1-6 to 1-7
returning a response 1-10
Bean 9-11, 9-12, 9-15, 9-19, 10-25, returning a response after
10-27, 10-28 processing a form 2-18
an overview of 9-4 setting content type 1-9
customization 9-5 variables and equivalent
events 9-5 servlet APIs 2-29
functionality of 9-5 Web server support for 1-12
introspection 9-5 with HTTP 1-7
persistance 9-5 class loaders
Beans 9-4 when is a class loaded? 6-3
an overview of 9-4 Class.forName 4-12
functionality of 9-5 CLASSPATH 3-6, 9-17, 9-18
BufferedReader 2-28 Client Pull
dynamic HTML updates 7-7
Client pull 7-5 to 7-6
Index-1
Copyright 1998 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services October 1998, Revision A
dynamic Java updates 7-8 E
closeAll 4-32 encodeRedirectURL 6-25
ConnectionPool 4-25 encodeURL 6-25
Continuous or Transient TCP
Connections 7-8 to 7-10
Cookie 6-9 G
Cookies 6-6, 6-7 to 6-10, 6-26 GenericServlet 1-20
an example of adding 6-9 GET 2-9, 2-23, 2-27, 2-32, 6-19
an example of creating 6-9 get 9-12
an example of retrieving 6-10 getConnection 4-13, 4-28
compared with sessions 6-26 getContentLength 2-29
programming with 6-8 getCookies 6-10
using to tie a session to a getInitParameter 3-10
browser 6-24 getInitParameterNames 3-10
CORBA/IDL 4-4, 4-7, 5-1, getInputStream 2-28
5-26 to 5-27 getLastModified 2-23
a comparison with RMI 5-27 getNewConnection 4-27
createStatement 4-14 getOuputStream 1-24
getParameter 2-27
D getParameterNames 2-26, 2-27
getParameterValue 2-30
Datagram 7-11
getParameterValues 2-26, 2-27
DELETE 2-9, 2-23
getQueryString 2-27
destroy 3-2, 3-4, 3-19, 3-20, 3-21,
getReader 2-28
3-22, 3-25
getServletConfig 3-10
Destroy method 3-18
getServletInfo 2-31, 9-12
concurrency issues 3-20
getValue 6-12, 6-21
four tasks 3-22
getWriter 1-24
handling service threads at
servlet termination 3-21
Distributed H
applications 4-4 to 4-6 HEAD 2-9, 2-23
distributed computing HTML 1-4, 4-17, 6-14, 6-19, 7-7,
Java technologies 4-7 10-6, 10-17, 10-20, 10-21, 10-22
doDelete 2-23 an example form 2-5
doGet 1-21, 2-23 forms 2-4
doOptions 2-23 forms and servlets 2-20
doPost 2-23, 6-14, 6-16 the tag 2-7
doPut 2-23 the ACTION attribute 2-11
doTrace 2-23 the ENCTYPE
DriverManager 4-13 attribute 2-11
Dynamic content the METHOD attribute 2-8
generating 10-4 the tag 2-12
Dynamic html 1-10 HTTP 6-11, 6-14, 7-4, 7-7, 8-5,
8-6, 8-8, 8-9, 8-10, 8-13
benefits and limitations of
Index Index-3
Copyright 1998 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services October 1998, Revision A
the beanName println 1-24, 10-4, 10-7
attribute 10-28 PrintWriter 1-24, 2-29
the create attribute 10-27 PUT 2-9, 2-23
the introspect putValue 6-12
attribute 10-26
the name attribute 10-25 Q
the scope
attribute 10-27 to 10-28 Query string 2-27
request 10-28
session 10-28 R
the type attribute 10-26 readLine 2-28, 2-29
the varname Realms 8-12, 8-12 to 8-15
attribute 10-26 CertificateRealm 8-14
the SCRIPT tag 10-15 to 10-16 defaultRealm 8-14
two benefits of 10-8 to ?? NTRealm 8-13
UNIXRealm 8-13
M with Java Web
Malicious code 8-4 Server 8-13 to 8-15
METHOD 2-11 releaseConnection 4-30
Multithreaded-hot Remote 5-8
recommendations for Remote servlets 3-6
code 3-16 RemoteUser property 8-39 to ??
Multithreaded-safe 3-14 request 10-18
code samples for response 10-18
synchronized access ResultSet 4-15
methods 3-15 ResultSetMetaData 4-15
recommendations for RMI 4-4, 4-7, 5-1, 5-4 to 5-25
code 3-15 a comparison with
Multi-tier model 4-5 to 4-6 CORBA/IDL 5-27
an example RMI servlet
solution 5-12 to 5-25
O an overview of 5-4 to 5-5
ObjectOutput 9-15 and servlets 5-11
ObjectOutputStream 9-15 implementing a client 5-9
OPTIONS 2-9 implementing a server 5-8
out 10-18 installing and invoking the
OutputStream 1-24 server, client, and
registry 5-10
P interaction between client,
server, and
PageCompileServlet 10-8, 10-9, registry 5-6 to 5-7
10-20, 10-29 to 10-34 rmiregistry 3-11
parsePostData 6-17
parseQueryString 2-27
POST 2-9, 2-23, 2-32, 6-14, 6-17 S
print 10-7 Sanity checking 8-41
Index Index-5
Copyright 1998 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services October 1998, Revision A
Servlet aliases 1-27 an example Login and Secret
Servlet bean 9-6 servlet 6-13 to 6-21
a definition of 9-6 compared with cookies 6-26
a SampleBean HTTPSession Interface 6-12
example 9-7 to 9-8 set 9-12
an invocation setContentType 1-22, 2-25
example 9-20 to ?? setHeader 1-23, 9-9
automatic reloading of 9-18 setIntHeader 1-23
deserializing beans 9-17 Signed network servlets 8-38
generating a serialized SingleThreadModel 3-17
bean 9-16 SQLException 3-20
get and set acessor SSL 8-10
methods 9-11 to 9-12
introspected T
properties 9-11 to 9-12
introspection 9-6 TCP 7-9
invocation of 9-19 Theft or alteration of data 8-4
invocation using an URL 9-22 Time-extended
locations for 9-17 connection 7-4 to 7-14
packaging of 9-16 an overview of 7-4
writing to a serialization broadcast and multicast
file 9-13 to 9-14 UDP 7-13 to 7-14
Servlet context 1-25 continuous or transient TCP
Servlet engine 1-28 connections 7-9
Servlet lifecycle implementation
loading and instantiating a options 7-5 to 7-6
servlet 3-5 using UDP 7-11 to 7-12
remote servlets 3-6 TRACE 2-9, 2-23
servlets in Trusted servlets 8-37
server_root/servlets/ 3-6 Two-tier model 4-4 to 4-5
servlets on the
CLASSPATH 3-6 U
system class loader 3-5 UDP 7-11, 7-13
the destroy method 3-18 UDP broadcast 7-13
the four steps of 3-4 UDP multicast 7-14
the init method 3-7 UnavailableException 3-9
the service method 3-12 UnicastRemoteObject 5-8
ServletConfig 3-9, 3-10, 9-11 Unsigned network servlets 8-38
ServletContext 3-20 Untrusted servlets 8-34
servletContext 1-25 URL Rewriting
servletInfo 9-12 tie a session to a browser 6-25
ServletInputStream 2-28, 2-29
ServletOutputStream 1-24
ServletRequest 3-12 W
ServletResponse 3-12 writeObject 9-15
Sessions 6-6, 6-11 to ??
Please
Recycle