The Java Servlet API

HTTP
⚫ HyperText Transfer Protocol
⚫ Stateless request/response client-server protocol
⚫ Requests:
⚫ Method: GET, POST, HEAD, TRACE, OPTIONS, PUT,
DELETE
HTTP
⚫ Requests, continued
⚫ URI (required in HTTP/1.1)
⚫ Header Fields
⚫ E.g. how the response should be returned, under what conditions,
identification and characterization of client, accounting data
⚫ Body
⚫ POST data
⚫ Empty for GET
HTTP
⚫ Response:
⚫ Status code (machine), reason (human)
⚫ Header
⚫ Metadata, e.g. Content-Type (Media type), Content-Length,
Last-Modified, Etag
⚫ Body
⚫ (X)HTML, other XML, text, binary data …
URL Connections
⚫ java.net also -- connections extend Socket
⚫ Encapsulates HTTP and FTP connections
⚫ URI, URL, URLConnection,
HttpURLConnection
Servlets Definition
⚫ Server side component in a client server model (now the
browser is the client )
⚫ Reside in a servlet container, assigned to a certain URL
pattern.
⚫ Provide mechanisms for maintaining state over the
stateless HTTP protocol
Servlet Model
Servlet API
⚫ Interfaces:
⚫ HttpServletRequest
⚫ HttpServletResponse
⚫ HttpSession
⚫ HttpBindingSession
⚫ HttpSessionContext
⚫ Interfaces are implemented by server providers and can be
used out of the box
Servlet API
⚫ Classes
⚫ Cookie
⚫ HttpServlet
⚫ HttpSessionBindingEvent
⚫ HttpUtils
Servlet Lifecycle
Servlet Lifecycle
⚫ Multithreaded access (usually default)
⚫ init called first time only (by the container)
⚫ zero to many calls to service
⚫ destroy called
init (ServletConfig)
⚫ call super.init (config), or just use init ()
⚫ Called once
⚫ Prior to any call to service
⚫ Don’t worry about multithreading issues here
⚫ Sometimes used to get resources needed for the lifetime of
the servlet
service (req, resp)
⚫ Not usually overridden
⚫ Default impl. determines what request handler to call (based
on HTTP request type), calls it
⚫ Service method will call doGet, doPost, doPut, etc.
based on service type.
⚫ Default implementations provided for doHead,
doTrace, doOptions
doPost, doGet, etc.
⚫ doPost (HttpServletRequest req,
HttpServletResponse resp)
⚫ Implement this to handle POSTs
⚫ Read from req, build resp
⚫ Multithreaded access by default (depending on server config)
⚫ Beware instance variables, shared data
⚫ config and context are shared, session is usually safe,
req/resp are not
⚫ Use locks and/or synchronized data structures if shared data is an issue
destroy ()
⚫ called once
⚫ Servlet timeout, servlet reload, container shutdown
⚫ Other threads may still be processing service requests, no
further requests will be processed
⚫ Release resources, write data, etc.
Servlet Skeleton
import javax.servlet.*
import javax.servlet.http.*
import java.io.*

public class myServlet extends HttpServlet

{
void doGet (HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException
{
response.setContentType (“text/html”);
PrintWriter out =response.getWriter();
.
.
out.close()
}
}
 Using servlets
Generating output, handling form data, maintaining state
Servlet API Main Roles
⚫ Servlet Class for handling client request
⚫ HttpServletRequest for getting all the information that the
client passed
⚫ HttpServletResponse for sending a response to the client
⚫ Cookie/Session for storing and reading session variables
Review
⚫ Typically used in HTTP servers
⚫ Server side of HTTP request/response
⚫ Interpret request, generate response
⚫ Servlets are container-managed
⚫ Respond to events, doXXXX
⚫ Need to consider lifecycle, threading policies, security,
resource access and configuration
Generating (X)HTML
⚫ Set content type
⚫ Access response output stream
⚫ As a PrintWriter, via response.getWriter ()
⚫ Use out.println, out.print
⚫ Escape quotes
⚫ You are responsible for all content, including doctype
header (and xml declaration if using XHTML)
HTML Forms
⚫ Form data consists of name, value pairs
⚫ Values are retrieved on the server by name
⚫ GET passes data in the query string
⚫ Always URL-encoded
⚫ POST passes data in content of request
⚫ Either URL-encoded, or multipart/form-data
Structure of forms
⚫ form element
⚫ Attributes:
⚫ action (REQUIRED)
⚫ method (GET)
⚫ enctype, accept, accept-charset
⚫ onsubmit, onreset
Forms contain controls
⚫ input : many kinds of form data
⚫ Text fields, checkboxes, radio buttons, passwords, buttons, hidden
controls, file selectors, object controls
⚫ button : type=submit|button|reset
⚫ select : a menu, contains option child elements
⚫ textarea : multi-line text input field
⚫ Other html tags can be present (e.g. format forms in tables)
Servlet support
⚫ Does decoding for you, common interface
⚫ Just use
request.getParameter (String name)
for both GET and POST
⚫ Returns null if parameter doesn’t exist
⚫ Multipart not well supported in standard API
⚫ Use request.getReader (),
request.getInputStream () ..parse yourself
⚫ Use 3rd party API, e.g.
com.oreilly.servlet.multipart.MultipartParser,
org.apache.commons.fileupload.servlet
More Servlet Support
⚫ Retrieve all values matching name:
⚫ request.getParameterValues (String name)
⚫ Returns String array, or null
⚫ Retrieve all parameter names:
⚫ request.getParameterNames ()
⚫ Returns String Enumeration
⚫ Retrieve an immutable Map<String,String> of name,
value pairs
⚫ request.getParameterMap ()
Maintaining State
⚫ Cookies
⚫ Name,value pairs with properties
⚫ Lifetime independent of request/response
⚫ Passed between client and server during HTTP transactions
⚫ Hidden fields, URL rewriting
⚫ Form controls (input type=“hidden”) added dynamically to pages,
containing name/value that should be associated with client.
⚫ Hardcoded links (href) contain name/value data in query
Maintaining State, continued
⚫ Sessions
⚫ Pass a single cookie (or fallback to URL rewriting)
containing a session ID
⚫ Server maintains a mapping between session ID and
associated data stored on the server
Cookie Support
⚫ Cookie class
⚫ Name, value
⚫ Domain, path
⚫ maxAge
⚫ > 0 Persist cookie, in seconds
⚫ -1 (default) in memory, until browser is closed
⚫ 0 delete cookie on client
Using Cookies
⚫ Retrieving cookies
⚫ request.getCookies () returns array of Cookie or null
⚫ Creating cookies
⚫ Cookie (String name, String value)
⚫ Updating client
⚫ Existing Cookies can be modified, but must be added to response for
change to take place
⚫ response.addCookie (Cookie c)
Sessions Support in Java
⚫ HttpSession is an interface
⚫ for a glorified (specialized) Map<String,Object> or
similar
⚫ One-to-one mapping between jsessionID and
HttpSession
⚫ Attached to HTTPServletRequest object in
doXXXX methods
⚫ request.getSession (boolean create=true)
⚫ request.isRequestedSessionIdValid ()
Sessions support
⚫ Associated with one client (usually)
⚫ Id, creation time, last accessed time
⚫ Can be invalidated manually or due to inactivity
⚫ Lifetime: new-->active-->invalid
⚫ Object getAttribute (String name)
⚫ setAttribute (String name, Object o)
⚫ Enumeration getAttributeNames ()
More Session details
⚫ Interface maps String to Object, you must cast ref to
derived type
⚫ If your object uses generics (e.g. typed lists), you’ll
get a compiler warning when casting
⚫ Interface is pre 1.5, strips away type info
⚫ Any other code can take e.g. a List<String> session object
and treat it as an untyped list
⚫ Solutions: be careful, store keys into external structures, use
Checked wrappers on collections (runtime cost)
ServletConfig
⚫ Provided to a servlet upon initialization by the web server
(container)
⚫ Simple read only interface to configuration details
⚫ String getInitParameter (String name)
⚫ Enumeration getInitParameterNames ()
⚫ String getServletName ()
⚫ Can also access ServletContext
ServletContext
⚫ Lets a servlet communicate with its container
⚫ Access container-managed resources, dispatch
requests, write to logs
⚫ Can be used as a global data store (like an
application-wide session)
⚫ But is specific to single web container -- does not work in
clustered scenarios
⚫ Recommendation is to use a resource that is shared (e.g.
cached DataSource, directory)
⚫ We will see/use the servlet context later on
Questions?