Lesson 1 Java Web Fundamentals
Lesson 1 Java Web Fundamentals
LESSON 1
CGI Platform
Common Gateway Interface (CGI) is a standard method used to generate dynamic content on Web
pages and Web applications.
4
A servlet is server-side java code that can handle http requests and return dynamic
content
Servlet Container
When a request comes to the web server, based on Servers that support servlets have
the URL, the server passes the request data to the as a helper app: servlet
servlet container. container.
The servlet container locates the servlet, creates SERVLET request and
response objects and passes them to the servlet, and returns to the web
server the response stream that the servlet produces.
7
Servlet Lifecycle
8
writer.println("<tr>"); Continued
writer.println("<td>Country:</td>");
writer.println("<td><select name='country'>");
writer.println("<option>United States</option>");
writer.println("<option>Canada</option>");
writer.println("</select></td>");
writer.println("</tr>");
writer.println("<tr>");
writer.println("<td>Delivery Method:</td>");
writer.println("<td><input type='radio' "
+ "name='deliveryMethod'"
+ " value='First Class'/>First Class");
writer.println("<input type='radio' "
+ "name='deliveryMethod' "
+ "value='Second Class'/>Second Class</td>");
writer.println("</tr>");
writer.println("<tr>");
writer.println("<td>Shipping Instructions:</td>");
writer.println("<td><textarea name='instruction' "
+ "cols='40' rows='5'></textarea></td>");
writer.println("</tr>");
11
And More
writer.println("<tr>");
writer.println("<td> </td>");
writer.println("<td><textarea name='instruction' "
+ "cols='40' rows='5'></textarea></td>");
writer.println("</tr>");
writer.println("<tr>");
writer.println("<td>Please send me the latest " +
"product catalog:</td>");
writer.println("<td><input type='checkbox' " +
"name='catalogRequest'/></td>");
writer.println("</tr>");
writer.println("<tr>");
writer.println("<td> </td>");
writer.println("<td><input type='reset'/>" +
"<input type='submit'/></td>");
writer.println("</tr>");
writer.println("</table>");
writer.println("</form>");
writer.println("</body>");
writer.println("</html>");
12
• Defines everything about your Java Web Application that a server needs to
know:
Servlets
Initialization parameters
Listeners
Filters
Error pages
Welcome pages
13
<servlet-mapping>
<servlet-name>hello</servlet-name>
<url-pattern>/hello</url-pattern>
</servlet-mapping>
14
• ServletContext holds parameters that are initialization information for the entire application(i.e, every servlet
in the application). ServletContext is also used during the application for application state management.
<web-app>
<servlet>
<servlet-name>order</servlet-name>
<servletclass>mum.edu.cs.Order</servlet-class>
<init-param>
<param-name>servletName</param-name>
<param-value>MVC2</param-value>
</init-param>
</servlet>
<context-param>
<param-name>applicationName</param-name>
<param-value>Order Form</param-value>
</context-param>
<listener>
<listener-class>mum.edu.listener.OrderContextListener </listener-class>
• </listener>
</web-app>
16
OrderFormStartup Demo
<listener>
<listener-class>mum.edu.listener.OrderContextListener </listener-class>
2 </listener>
Main Point
Servlets are the basis of dynamic Java web applications. Servlets process information
from a request object and generate new information in a response object.
This request/response functionality is an example of the concept that For every action
in nature there is always a reaction.
19
• It is a type of Java servlet that is designed to fulfill the role of a user interface
for a Java web application.
• Developers write JSPs as text files that combine HTML or XHTML code,
XML elements, and embedded JSP actions and commands.
•
20
JSP Lifecycle
21
Scriptlets
SCRIPLETS [UGH!]
BETTER THAN SERVLETS!!!
See JspIntroDemo/PostMessage.jsp
24
Scriptless JSPs
• The JSP Expression Language (EL)
• Syntax: ${person.name}
• Left value is either an attribute or an implicit object (like request), right side is a property
• Tag Libraries
• There is a standard set of additional tags for JSP pages that encapsulate
functionality of scriptlets (like for loops), thereby eliminating embedded code
26
• To test whether two objects are equal, EL uses eq[or ==] for equals and ne[or !=] for
not equals
• Can use integers, floating point numbers, strings, the built-in constants true and false
for boolean values, and null.
27
Expression Language
versus
Scriptlet
• Example: We have a person object stored as a request attribute. A person has an address
and an address has a zip. How to retrieve zip?
• Scripting approach:
<%((edu.mum.Person)request.getAttribute(“person”)).
getAddress().getZip() %>
• EL approach:
28
• They use the custom tag API, but have become a standard library,
essentially a part of JSP language
29
Using JSTL
The JSTL library provides 5 Sets of tags, each having a different
(standard) prefix. You “import” a library by placing a “taglib”
directive at the top of your jsp page. Here are the choices:
Additional Tags
Head First, p. 475 lists all the available JSTL library tags
31
C:OUT
Preventing XSS (Cross Site Scripting)
• URLs can only be sent over the Internet using the ASCII character-set.
• Since URLs often contain characters outside the ASCII set [UTF-8/Unicode],
the URL has to be converted into a valid ASCII format.
• URL encoding replaces “unsafe” ASCII characters with a "%" followed by
two hexadecimal digits.
• For example, URLs cannot contain spaces. URL encoding normally replaces
a space with a plus (+) sign or with %20.
• Percent Encoding
• Unsafe Characters: rfc1738
33
JSTL DEMO
MVC: Model-View-Controller
Separation of Concerns
Separates the modeling of the domain, the presentation, and the actions based on
user input into three separate classes
Model
Maintains the data[i.e. state] of the application domain
View
Manages the display of information.
Controller
Manages user input triggering the model and/or the view to change as
appropriate.
35
Model 1 Architecture
Model 1 mixes view and business logic inside each handling servlet (or JSP). This
makes it more difficult to change the view independently of that logic, and difficult to
change business logic without changing the view.
36
• Model II cleanly separates business data and logic from the view, and the two are
connected by way of a controller servlet. The model allows for multiple
controllers/servlets, [e.g., one per GET/POST pair]. Typical MVC Framework
implementations have just one controller servlet which centralizes common tasks.
37
DEMO
Main Point
When you use JSP pages according to a Model 2 MVC architecture, It enforces a
separation of concerns. There is a servlet that acts as a controller that sets attribute
values based on computations and results from the domain model, then dispatches
the request to the JSP view page. This is similar to the concept of knower [domain
model], knowing [controller ] & known[view].
.
39