Model-View-Controller

Java Servlet API

The predominant language for server-side
programming
Standard way to extend server to generate dynamic
content
Web browsers are universally available “thin” clients
Web server is “middleware” for running application
logic
User sends request – server invokes servlet – servlet
takes request and generates response- returned to user
Advantages of Servlet API
Like CGI, ISAPI, ASP, PHP, etc also generate dynamic
content
Standard, stable, supported API
multithreaded for improved performance
Persistent between invocations, improved performance
100% portable between OS and servers
Access to all API’s of Java platform
Basis of JSP technology
Basis of Struts and JSF frameworks
Servlet Basics
Packages:
javax.servlet and javax.servlet.http
Runs in servlet container such as Tomcat
Tomcat 4.x for Servlet 2.3 API
Tomcat 5.x for Servlet 2.4 API
Servlet lifecycle
Persistent (remains in memory between requests)
Startup overhead occurrs only once
init() method runs at first request
service() method for each request
destroy() method when server shuts down
Common Gateway Interface (CGI)
Not persistent
Not multithreaded
Not high performancce
Any language that can read standard input, write
standard output and read environment variables
Server sends request information specially
encoded on standard input
Server expects response information on standard
output
Writing servlets
public class MyServlet extends
javax.servlet.GenericServlet
{
public void service(ServletRequest req,
ServletResponse resp) throws
ServletException, IOException

{ Resp.SetContentType(“text/plain”);

}
HttpServlet
public class MyServlet extends
javax.servlet.http.HttpServlet {
public void doGet(ServletRequest req, ServletResponse
resp)throws ServletException, IOException {
resp.SetContentType(“text/plain”);
PrintWriter out = resp.getWriter();
out.println(“Hello, world”);
}
public void doPost(ServletRequest req, ServletResponse
resp)throws ServletException, IOException {
doGet(req, resp);
}
HttpServlet
doPost does three things
Set output type “text/plain” MIME type
getWriter() method for out stream
Print on out stream
getLastModified() method
To cache content if content delivered by a servlet has not
changed
Return Long =time content last changed
Default implementation returns a negative number – servlet
doesn’t know
getServletInfo() method
Returns String for logging purposes
 Web Applications
Consists of a set of resources including
Servlets, Static content, JSP files, Class libraries
Servlet context:
a particular path on server to identify the web application
Servlets have an isolated, protected environment to operate in
without interference
ServletContext class where servlets running in same context can
use this to communicate with each other
Example servlet context: /catalog
request.getContextPath() + “/servlet/CatalogServlet”
Web App Structure
Directory tree

Static resources: /

Packed classes: /WEB-INF/lib/*.jar

Unpacked classes: /WEB-INF/classes/*.class

Deployment descriptor: /WEB-INF/web.xml

 Configuration information for the servlets including

Names, servlet (path) mapprings, initialization

parameters, context-level configuration
<web-app>
<display-name>The OnJava App</display-name>
<session-timeout>30</session-timeout>
<servlet>
<servlet-name>TestServlet</servlet-name>
<servlet-class>com.onjava.TestServlet</servlet-class>
<load-on-startup>1</load-on-startup>
<init-param>
<param-name>name</param-name>
<param-value>value</param-value>
</init-param>
</servlet>
</web-app>
Servlet Path Mappings
Servlets are not files, so must be mapped to URIs (Uniform
Resource Identifiers)
Servlet container can set default, typically /servlet/*
Example: /servlet/MyPacPageServlet can invoke
PageServlet.class
Mapping by
Exact path: /store/chairs
Prefix: /store/*
Extension: *.page
A servlet mapped to / path becomes the default servlet for
the application and is invoked when no other servlet is found
Servlet Context Methods
Resources such as index.html can be accessed through web
server or by servlet
 Servlet uses request.getContextPath() to identify its context path, for
example: /app
 Servlet uses getResource() and
getResourceAsStream(request.getContextPath() + “/index.html”)
To retrieve context-wide initialization parameters, servlet
uses getInitParameter() and getInitParameterNames()
To access a range of information about the local environment,
shared with other servlets in same servlet context, servlet uses
getAttribute(), setAttribute(), removeAttribute(),
getAttributeNames()
HttpServletRequest interface
Server creates object implementing this interface, passes it to

servlet. Allows access to:

URL info: getProtocol(), getServerName(), getPort(), getScheme()

User host name: getRemoteHost()

Parameter info: (variables from input

form): .getParameterNames(), getParameter()

HTTP –specific request data: getHeaderNames(), getHeader(),

getAuthType()
Forms and Interaction
<form method=get action=“/servlet/MyServlet”>
Username: <input type=text name=“userid” size=20>

Password: <input type=password name=“pass” size=20>

<input type=submit value=“Login”>

GET method appends parameters to action URL:

/servlet/MyServlet?userid=Jeff&pass=1234
This is called a query string (starting with ?)

POST Method
<form method=post …
Post method does not append parameters to action URL:
/servlet/MyServlet
Instead, parameters are sent in body of request where the password is
not visible as in GET method
POST requests are not idempotent
From Mathematics – an idempotent unary operator definition:
whenever it is applied twice to any element, it gives the same result as if
it were applied once.
Cannot bookmark them
Are not safely repeatable
Can’t be reloaded
browsers treat them specially, ask user
 HEAD, and Other Methods
HEAD – returns headers only

PUT, DELETE – create and remove resources from the web server

 TRACE – returns the request headers to the client

doXXX() methods (XXX is one of the four)

Most servlet programmers ignore these methods

Default implementation informs user that request is unsupported

or provides minimal implementation

HttpServletResponse
Specify the MIME type of the response
 .setContentType(“image/gif”);
 Called before .getWriter() so correct Charset is used

Two methods for producing output streams:

 Java.io.Printwriter out = resp.getWriter() //used for text responses
 ServletOutputStream str = resp.getOutputStream()
//used for non-text responses
HTTP response headers and status code
 setHeader(), containsHeader(),
 setStatus(), 200 OK, 404 Not Found, etc.
 sendError()
 sendRedirect(), sets Location header and status code for redirect.
Causes browser to make another request.
RequestDispatcher
Can forward request to another servlet
Can include bits of content from other servlets in its own
response
RequestDispatcher d =
req.getRequestDispatcher(“/servlet/OtherServlet”);
 Either include – goes and comes back
d.include(req, resp);
 Or forward – doesn’t come back
d.forward(req, resp);
Request dispatching is Different from sendRedirect()
 browser not involved
 from user perspective, URL is unchanged
Status Codes
response.sendError(HttpServletResponse.SC_NOT_FOUND,
“Could not find it”);
 SC_OK = 200 // the success code
 SC_NO_CONTENT = 204 //content unchanged -- browser view stays
at the form but avoids “contains no data” error message
 SC_MOVED_PERMANENTLY = 301 // browser uses Location header
 SC_MOVED_TEMPORARILY = 302 // browser uses Location header
 SC_UNAUTHORIZED = 401 // wrong authentication
 SC_NOT_FOUND = 404 // page not found
 SC_INTERNAL_SERVER_ERROR = 500
 SC_NOT_IMPLEMENTED = 501 // for HEADER, PUT, DELETE
 SC_SERVICE_UNAVAILABLE = 503
Servlet Exceptions
ServletException – thrown to indicate a general
servlet problem
try { …
} catch (Exception ex) {
throw new ServletException(ex);
}
UnavailableException, a derivative of
ServletException, notifies the server that servlet
is going to be temporarily unavailable
Servlet Context Initialization
Application-level events use a listener style interface

Opportunity to create and share application-level

resources such as DB connection pools

Classes that implement ServletContextListener are

notified when the context is initialized or destroyed.

Context listeners are associated with their context

with the application-level web.xml file.

 Security
J2EE User Role Model -- users can be assigned one or more
roles
web.xml defines which servlets and resources are protected
and which users have access
particular role allows access to specific protected resources
getRemoteUser() -- user’s ID
getAuthType() -- Basic, Digest, or SSL
isUserInRole() – for dynamic content decisions
getUserPrincipal() – returns a java.security.Principal
object identifying the user
Servlet Filters
Filters perform processing on the request
Implement logging, control security, set up
connection-specific objects
javax.servlet.Filter = filter resource class
Filter chain – zero or more Filter objects and a
destination resource (servlet or JSP)
Set up a filter for a particular request path, (like a
servlet mapping) such as *.jsp
Filter resource calls doFilter() to advance to next
filter in the chain, if no more filters, request is
passed to ultimate destination
Thread Safety
Multithreaded = one servlet, multiple requests

simultaneously
Threadsafe – not using class variables since one

copy of these variables is shared by all threads

Synchronized blocks of code, all threads wait

until they can enter, one at a time

 Cookies
Persistent client-side storage of data known to server and sent
to client
Cookie is multiple names and values. Value limited to 4096
bytes
has expiration date, and a server name (returned to same host
and not to others)
Cookie is sent in HTTP header of response
resp.addCookie(name,value)
Cookie is returned to server in HTTP header of subsequent
request
cookies = req.getCookies();
 For (int i=0;i<cookies.length;i++) {
 cookies[i].getName cookies[i].getAttribute
Session Tracking
For tracking individual users through the site
Application needs stateful environment whereas
the web is inherently stateless
Previously, applications had to resort to
complicated code, using cookies, hidden variables
in forms, rewriting URLs to contain state
information
Delegates most of the user-tracking functions to
the server
Server creates object javax.servlet.http.HttpSession
Session
Servlet uses req.getSession(true)
Boolean arg handles case if no current session object

Should new one be created or not

Session.isNew() – useful to detect new session object

Servlet binds data to the HttpSession object with

session.setAttribute(“hits”,new Integer(34));
Server assigns unique session ID, stored in a cookie
JDBC
Database
Collection of data
DBMS
Database management system
Storing and organizing data
SQL
Relational database
Structured Query Language
JDBC
Java Database Connectivity
JDBC driver
JDBC Steps
1. Load the driver class

2. Get a connection

3. Create a statement

4. Execute the query, returns ResultSet

5. Iterate through ResultSet

 JDBC Example (Summary)
// Load the Oracle JDBC driver
Class.forName ("oracle.jdbc.driver.OracleDriver");
//Connect to DB server as authorized user
Connection conn = DriverManager.getConnection (
“jdbc:oracle:thin:@orion.towson.edu:1521:cosc", account,
password);
// Create a JDBC Statement to hold SQL query
Statement stmt = conn.createStatement ();
ResultSet rset = stmt.executeQuery ("select ticker from
stocks");
// Iterate through the result and print the employee names
while (rset.next ()) {
out.println (rset.getString (1));
}
 Create Connection at Init()

public class SQLGatewayServlet extends HttpServlet{

private Connection connection;

public void init() throws ServletException{

try{
Class.forName("org.gjt.mm.mysql.Driver");
String dbURL = "jdbc:mysql://localhost/murach";
String username = "root";
String password = "";
connection = DriverManager.getConnection(
dbURL, username, password);
}

…
Processing Multiple ResultSets or
Update Counts
Execute the SQL statements
Identify the result type
ResultSets
Update counts
Obtain result
getResultSet
getUpdateCount
JDBC 2.0 Optional Package javax.sql
Package javax.sql

Included with Java 2 Enterprise Edition

Interfaces in package javax.sql

DataSource

ConnectionPoolDataSource

PooledConnection

RowSet