WT 4 Jwfiles
WT 4 Jwfiles
com
UNIT IV
Overview
This topic provides information about CGI. Common Gateway Interface (CGI) is a
standard, supported by almost all web servers, that defines how information is exchanged
between a web server and an external program (CGI program).
The CGI specification dictates how CGI programs get their input and how they produce
any output. CGI programs process data that is received from browser clients. For
example, the client fills out a form and sends the information back to the server. Then the
server runs the CGI program.
Programs that are called by the server must conform to the server CGI interface in order
to run properly. We will describe this in further detail later in this chapter.
The administrator controls which CGI programs the system can run by using the server
directives. The server recognizes a URL that contains a request for a CGI program,
commonly called a CGI script. Depending on the server directives, the server calls that
program on behalf of the client browser.
The server supports CGI programs that are written in C++, REXX, Java™, ILE C, ILE
RPG, and ILE COBOL. It also supports multi-thread CGI programs in all of these
languages capable of multiple threads.
You need to compile programs that are written in programming languages. Compiled
programs typically run faster than programs that are written in scripting languages. On
the other hand, those programs that are written in scripting languages tend to be easier to
write, maintain, and debug.
The functions and tasks that CGI programs can perform range from the simple to the very
advanced. In general, we call those that perform the simple tasks CGI scripts because you
do not compile them. We often call those that perform complex tasks gateway programs.
In this manual, we refer to both types as CGI programs.
Given the wide choice of languages and the variety of functions, the possible uses for
CGI programs seem almost endless. How you use them is up to you. Once you
understand the CGI specification, you will know how servers pass input to CGI programs
and how servers expect output.
www.jntuworld.com
www.jntuworld.com
There are many uses for CGI programs. Basically, you should design them to handle
dynamic information. Dynamic in this context refers to temporary information that is
created for a one-time use and not stored as a static Web page. This information may be a
document, an e-mail message, or the results of a conversion program.
Objectives::
Form elements are elements that allow the user to enter information (like text fields, text
area fields, drop-down menus, radio buttons, checkboxes, etc.) in a form.
<form>
<input>
<input>
</form>
Input
The most used form tag is the <input> tag. The type of input is specified with the type
attribute. The most commonly used input types are explained below.
www.jntuworld.com
www.jntuworld.com
Text Fields
Text fields are used when you want the user to type letters, numbers, etc. in a form.
<form>
First name:
<input type="text" name="firstname">
<br>
Last name:
<input type="text" name="lastname">
</form>
First name:
Last name:
Note that the form itself is not visible. Also note that in most browsers, the width of the
text field is 20 characters by default.
Radio Buttons
Radio Buttons are used when you want the user to select one of a limited number of
choices.
<form>
<input type="radio" name="sex" value="male"> Male
<br>
<input type="radio" name="sex" value="female"> Female
</form>
www.jntuworld.com
www.jntuworld.com
Male
Female
Checkboxes
Checkboxes are used when you want the user to select one or more options of a limited
number of choices.
<form>
I have a bike:
<input type="checkbox" name="vehicle" value="Bike">
<br>
I have a car:
<input type="checkbox" name="vehicle" value="Car">
<br>
I have an airplane:
<input type="checkbox" name="vehicle" value="Airplane">
</form>
I have a bike:
I have a car:
I have an airplane:
www.jntuworld.com
www.jntuworld.com
When the user clicks on the "Submit" button, the content of the form is sent to another
file. The form's action attribute defines the name of the file to send the content to. The
file defined in the action attribute usually does something with the received input.
Submit
Username:
If you type some characters in the text field above, and click the "Submit" button, you
will send your input to a page called "html_form_action.asp". That page will show you
the received input.
More Examples
Checkboxes
This example demonstrates how to create check-boxes on an HTML page. A user can
select or unselect a checkbox.
Radio buttons
This example demonstrates how to create radio-buttons on an HTML page.
www.jntuworld.com
www.jntuworld.com
Textarea
This example demonstrates how to create a text-area (a multi-line text input control). A
user can write text in the text-area. In a text-area you can write an unlimited number of
characters.
Create a button
This example demonstrates how to create a button. On the button you can define your
own text.
Form Examples
www.jntuworld.com
www.jntuworld.com
Form Tags
Tag Description
<form> Defines a form for user input
<input> Defines an input field
<textarea> Defines a text-area (a multi-line text input control)
<label> Defines a label to a control
<fieldset> Defines a fieldset
<legend> Defines a caption for a fieldset
<select> Defines a selectable list (a drop-down box)
<optgroup> Defines an option group
<option> Defines an option in the drop-down box
<button> Defines a push button
<isindex> Deprecated. Use <input> instea
www.jntuworld.com
www.jntuworld.com
What is CGI?
The common gateway interface is a standard that specifies the interaction between
external applications and a web server during a URL request. CGIs allow the
manipulation and presentation of information in real time. Two examples are processing
forms or presenting dynamic web pages. In this tutorial we are concerned with processing
forms, but the standard governs any request that is handled by an application other than
the server.
In most cases the reply will be an HTML document giving feedback to the user on
the data that they sent, but any legal MIME type can be sent. CGI applications can send
back HTML, plain text, images or even audio files. It is totally under the control of the
CGI application, but the type of data must be speicifed by a MIME type in the header of
www.jntuworld.com
www.jntuworld.com
the document. Below is an example of a simple HTML document sent back with its
corresponding MIME type. The MIME type is in line 1.
Listing 1 - An example of text that might be sent back from a CGI application
1: Content-type: text/html
2: <HTML><HEAD>
3: <TITLE>output of HTML from CGI script</TITLE>
4: </HEAD><BODY>
5: <H1>Sample output</H1>
6: What do you think of <STRONG>this?</STRONG>
7: </BODY></HTML>
Don't worry about MIME types, since Frontier will handle much of the dirty work for
you.
Web servers on the Macintosh communicate with Frontier through Apple Events. During
a CGI request, a web server will send an 'sdoc' Apple Event to Frontier, containing the
following data from the browser that activated the CGI.
www.jntuworld.com
www.jntuworld.com
The only really important thing for these tutorials is the post_args parameter
which contains the data from the form. The 'sdoc' Apple Event is actually received by the
webserver suite, which is a collection of Frontier scripts for handling CGI requests. This
suite parses the incoming information from the server into separate items and builds a
table in Frontier containing the data. I will refer to this table as the parameter table. A
sub-table of the parameter table (argTable) is built from post_args and contains all the
information from the form. CGI scripts that are written to handle this data, get passed a
variable containing a pointer to the parameter table. The job of our script is to extract the
necessary data from the parameter table and take appropriate action.
www.jntuworld.com
www.jntuworld.com
In order to make this easier however, this doc attempts to explain more specifically how
to create the necessary code using the HTTPClient in order duplicate what a browser
would send when you submit a given form. What follows here is not meant to be
exhaustive - if you see something in your form that is not explained here, then please
refer to the html specs.
www.jntuworld.com
www.jntuworld.com
For the rest of this document, I'm going to assume you've got a page under the URL
http://www.some.org/some/form.html which contains an html form whose submission
you want to emulate in java code. Html tag and attribute names are case insensitive, so
while I'll always use uppercase for these (i.e. FORM or NAME=), they may appear in a
different case in the actual html you're aiming at emulating (but note that the values are
not case insensitive, i.e. if you see a NAME=UsEr then you must send the string "UsEr"
using that exact case).
The first thing to do is to find the beginning and the end of the form you're interested in.
The beginning is marked with a <FORM ...>, and the end with a </FORM>. There may be
multiple forms in the document, so make sure you pick the one you're actually interested
in (this can be achieved either by counting the forms and picking the n-th one, or by
looking at which input fields the form contains and making sure it contains the ones
you're interested in).
The ACTION attribute specifies the URL to which to send the form data; it is taken
relative to the document's URL. If you are unsure how to contruct the resulting URL, you
can use the URI class to do so:
The METHOD attribute describes the method to use; it can take the values GET or
POST. If it is missing, GET is assumed. As the name implies, this is the method you must
use when posting the form data.
The ENCTYPE attribute specifies the content-type (and therefore the encoding) for the
data to be sent. If not present, the default is "application/x-www-form-urlencoded",
which is what will be used if you create an array of NVPair's and pass them to the Get or
Post method of HTTPConnection. The other popular value is "multipart/form-data" - if
you see that, you can use the Codecs.mpFormDataEncode() to correctly encode the form
data.
All the actual data to be entered and submitted is specified by INPUT tags. These have
the form
www.jntuworld.com
www.jntuworld.com
Again, there may be other attributes, but in general they're not of interest here; the
VALUE attribute is often missing. For each INPUT tag you need to decide whether to
create a corresponding NVPair, and if so, what name and value to put into it. The name
for the NVPair is always what's given in the NAME attribute; the value is either what you
enter in that field or what is in the VALUE attribute.
The type attribute specifies the what kind of element is displayed, e.g. an input field, a
button, or nothing at all; if missing, the type is assumed to be "text". This also determines
whether you need to create a corresponding NVPair and what to put in its value:
TYPE=text
A simple text field is displayed. An NVPair must always be created for each such
input tag, and the NVPair's value is whatever you'd enter in that field (which may
be the empty string if nothing is entered).
TYPE=password
A simple password field is displayed - treat this exactly like a TYPE=text.
TYPE=checkbox
A checkbox is displayed. If the box is supposed to be checked, then create an
NVPair with the value given in the VALUE attribute; otherwise skip this field.
Note that you need to create an NVPair for each checkbox that is selected, even if
some of them have the same NAME and/or VALUE attributes.
TYPE=radio
A radio button is displayed. There may be multiple of these with the same name,
which creates a group (in which only one of the buttons can be selected at any
time). Create an NVPair with value given in the VALUE attribute of that button
which is checked; if no buttons are checked, don't create an NVPair for this tag.
TYPE=hidden
Nothing is displayed. Create an NVPair with the name and value as given in the
NAME and VALUE attributes.
TYPE=submit
A submit button is displayed. If the tag contains a NAME attribute, then create an
NVPair with the name and value as given in the NAME and VALUE attributes; if
no NAME attribute is specified, skip this.
TYPE=reset
A reset button is displayed. Ignore this.
These are used to provide a drop down selection box. An NVPair must be created with
the name from the NAME attribute of the SELECT tag and the value of the VALUE
attribute of the selected OPTION tag.
This displays a multiline text entry area. An NVPair must created with the name from the
NAME attribute of this tag, and the value must be whatever was entered in the textarea
(which may be the empty string if nothing was entered).
www.jntuworld.com
www.jntuworld.com
A Complete Example
Following is an example form that uses all of the above described elements.
Assuming we enter the text "Hell hath no fury..." for the text, we check the second
checkbox, choose today, select the third option, and give no comment, then the resulting
code to duplicate this would look like the following:
www.jntuworld.com
www.jntuworld.com
Assuming we select the file "hhgttg.txt", then the resulting code to duplicate this would
look like the following:
// create the NVPair's for the form data to be submitted and do the
// encoding
NVPair[] files = { new NVPair("upload_file", "hhgttg.txt") };
NVPair[] opts = { new NVPair("secret", "data") };
NVPair[] hdrs = new NVPair[1];
byte[] form_data = Codecs.mpFormDataEncode(opts, files, hdrs);
Up to this point, we have spent a lot of time talking about the mechanics of
scripting within our applications, but we have only provided hints as to how the scripting
technology can be used within the web environment. ASP provides seven objects within
the scripting engine that your scripts can use to work within the context of an application
and to facilitate the scripts communication with the web browser that is calling the pages.
These objects are known as the ASP intrinsic objects.
Although in the previous chapters of the book, we have been providing most of our code
examples in both languages, we will avoid doing that in this chapter since the ASP
objects behavior is identical in both languages. So for the purposes of readability, we will
standardize on VBScript in this chapter.
www.jntuworld.com
www.jntuworld.com
Handling Errors
The ASPError object, which is new in IIS 5, provides a persistent state for error
information so that is may be retrieved from another page context.
Maintaining Transactional Integrity
The ObjectContext object permits us to establish transactional integrity within our
web page.
The ASPError and ObjectContext objects will be covered in the chapter, Handling Errors
in ASP.
4.5 E-MAIL GENERATION
Acoupleofpossibilitiesare:
www.jntuworld.com
www.jntuworld.com
1.ShellExecutea"mailto"command.
2.UseSimpleMAPI -see"SendingMessageswithSimpleMAPI"inMSDN.
You can test the capabilities of the mailto syntax using the Start,
Run dialog. It can't automatically send the email, or add attachments.
CGI and Java are two totally different animals. CGI is a specification that can be
used by any programming language. CGI applications are run on a Web server. Java is a
programming language that is run on the client side.
CGI applications should be designed to take advantage of the centralized nature of a Web
server. They are great for searching databases, processing HTML form data, and other
applications that require limited interaction with a user.
Java applications are good when you need a high degree of interaction with users: for
example, games or animation.
Java programs need to be kept relatively small because they are transmitted through the
Internet to the client. CGI applications, on the other hand, can be as large as needed
because they reside and are executed on the Web server.
You can design your Web site to use both Java and CGI applications. For example, you
might want to use Java on the client side to do field validation when collecting
information on a form. Then once the input has been validated, the Java application can
send the information to a CGI application on the Web server where the database resides.
www.jntuworld.com
www.jntuworld.com
On-Line
Java Source Description
Example
A simple example of an applet as a
CGI client that works like an
SearchYahoo.java. Requires HTML form, sending GET data
SearchYahoo.html
SearchService.java. and having the browser display the
results. This one talks to the
Yahoo! search engine.
Another example of an applet as a
CGI client. This one talks to the
Excite search engine,
demonstrating one advantage of
SearchExcite.java. Requires
using Java instead of forms: you SearchExcite.html
SearchService.java.
can more easily reuse code in other
applications (this one extends the
same class that the Yahoo applet
did).
An applet that sends data via GET
and then reads the results itself
ShowFile.java ShowFile.html
(rather than having the browser
display results).
Weather.java. The client-side
(applet) requires
CityChooser.java and
An applet that sends data via POST
WeatherPanel.java. The server- Weather.html
and then reads the result.
side is answered by the
WeatherInfo script, which then
invokes WeatherInfo.java.
www.jntuworld.com
www.jntuworld.com
alternatives such as NSAPI, ISAPI, LiveWire, and JDBC. JDBC is covered in depth in
chapter 15. Servlets are a particularly good alternative for people who are
installing/customizing their own server, or whose employer's or ISP's server already
supports them. You should very seriously consider using them instead of "standard" CGI
with Java if you fall in this category. Please see my tutorial on Java servlets and JSP 1.0
for more detail.
Shell Script
Java Source
Interface Description On-Line Example
(Portable)
(Unix Specific)
An extremely simple
CGI Script that
CgiHello N/A CgiHello
outputs "Hello,
World".
A simple CGI script
ShowData N/A that shows any ShowData
attached data.
CgiGet.java. Requires
CgiShow.java. Note that A simple script that
some browsers will try to passes the query data
interpret the HTML strings from the
in the print statements and QUERY_STRING
CgiGet CgiGet
the result may be variable to a Java
formatted strangely when program that builds a
viewed in the browser. But page showing the
you can save the file to data supplied.
disk to edit it normally.
A simple script that
passes the command-
line data to a Java
program that builds a
page showing the
CgiCommandLine CgiCommandLine.java data supplied. CgiCommandLine
Arguments are
separated by plus
signs ("+") and
cannot contain an
equals sign ("=").
A script that passes
the data to a Java
IsIndex IsIndex.java IsIndex
program that builds
an HTML document
www.jntuworld.com
www.jntuworld.com
www.jntuworld.com
www.jntuworld.com
Authentication is the process by which a person or other entity (such as a server) proves
that it is who (or what) it says it is. Authentication is achieved through presenting
something that you know, something that you have, some unique identifying feature, or
some combination of these. A common example is the way you authenticate yourself in
order to use a teller machine: you insert your ATM card (something you have) and enter
your personal identification number (PIN, something you know). Unique identifying
features include such things as fingerprints, retina patterns, and voice prints.
It is always desirable to authenticate the person or server with which you are dealing
before transferring something valuable, such as information or money. Authentication,
however, is time consuming and can inconvenience users. For example, once having
shown your photo ID card to enter the Apple Worldwide Developer’s Conference, you
would not want to get it out again every time you walked into one of the conference
rooms. To make situations like this more convenient and efficient, many systems use
some method of identification, which verifies that the person or entity is the same one
you communicated with last time. The means of identification can be through the use of a
ticket or token issued when authentication is done. For example, the conference badge
you are given to wear during the Developer’s Conference identifies you as a legitimate
attendee who was authenticated when you first came in.
www.jntuworld.com
www.jntuworld.com
(indicated, in this case, by the color of your badge), and you must be granted access by
the guard at the door.
Aspects of Security
The fundamental purpose of security is to control who has access to valuable property,
whether physical or intellectual. This is the reason we have locks on the doors of our
houses, why the military encrypts classified information, and why Mac OS X enables you
to require a password every time someone logs on to your computer.
Security features on a personal computer can be classified into two general groups: those
designed to protect programs and data on the computer from unauthorized access by
users on the system (“local security”); and those designed to protect the system,
programs, and data from unauthorized access over a network or other transport medium,
such as removable disks (“remote transport security”).
When considering local security, you must be aware of whether access is being controlled
by the operating system or by the application itself.
In this section:
Local Security
Remote Transport Security
System-Restricted or Self-Restricted Access Local Security
www.jntuworld.com
www.jntuworld.com
Remote transport security is important to all users, and especially to users whose
computers are connected to a LAN or to the Internet. Web browsers, for example, use
secure transport protocols (“Protocols for Secure Communication”) to protect data from
interception while in transit, digital signatures (“Digital Signatures”) to ensure data
integrity, and digital certificates (“Digital Certificates”) to verify the identity of people or
servers trying to get access to data. Many of the security APIs provided by Mac OS X are
useful in this regard, including the secure networking APIs (Secure Transport,
CFNetwork, and URL Loading System), Keychain Services (used to store certificates,
passwords, and encryption keys), and Certificate, Key, and Trust Services.
It is important to understand that certain forms of access permission are enforced by the
operating system, whereas others are enforced by individual applications. BSD
permissions (“BSD”) control who can execute a program or open a file, and are built into
the operating system. On the other hand, if you want finer-grained control over access,
such as restricting certain operations to a subset of users, you must enforce these
restrictions yourself. Authorization Services provides functions you can use to implement
such restrictions, and you can make the restrictions optional so that they operate only
when your application is being used in an environment where they are necessary. For
example, you might want to restrict access to some application preferences to
administrators on a shared computer but not require a password when the computer is not
shared. See Authorization for Everyone, Technical Note TN2095, for techniques and
sample code for implementing self-restricted access permissions.
Summary
The Common Gateway Interface is the protocol by which programs interact with
Web servers. The versatility of CGI gives programmers the opportunity to write
www.jntuworld.com
www.jntuworld.com
gateway programs in almost any language, although there are many trade-offs
associated with different languages. Without this ability, making interactive Web
pages would be difficult at best, requiring modifications to the server and putting
interactivity out of the reach of most programmers who are not also site
administrators.
Key words ::
CGI,HTML,HTTPS
Windows DNA
Java servlet API ,Bean ,jar
NSAPI, ISAPI, LiveWire, and JDBC.
Caveats
3. ------------- is the process by which a person or other entity (such as a server) proves
that it is who (or what) it says it is.
5. CGI specifies which information is communicated between ---------- and such a --------
-----, and how.
www.jntuworld.com
www.jntuworld.com
Multiple Choice::
2. A submit action on the html form invokes the ________method on the servlet.
a. doGet()
b. doPost()
c. doDelete()
d. method mentioned in the method attribute of the Form Tag
5. To retrieve all the initialization parameter names from within a servlet, one of the
following has to be performed
a. the ServletContext object is used to invoke getServletInfo();
b. the ServletConfig object is used to invoke getInitParameterNames();
c. the ServletRequest object is used to invoke getParameter();
d. none of the above
Review Questions
www.jntuworld.com
www.jntuworld.com
Lab Excerise
1. Write a java program to access the information from Database using JDBC
Connectivity.
www.jntuworld.com