Upload
alisha-newman
View
216
Download
0
Tags:
Embed Size (px)
Citation preview
Cutting Edge Research in Engineering of Web
ApplicationsPart 1
What is a Web Application?
Jeff OffuttProfessor of Software Engineering
George Mason University
http://www.cs.gmu.edu/~offutt/[email protected]
A. Who am I ?B. Who are you ?
Outline
July 2013 © J Offutt 2
Part1 (13:00-15:00)1. Web Apps Overview2. How the Interweb
Works3. Web Software
(Servlets)
Part 2 (19:00-21:00)4. Control Flow & State
Handling is Different5. State Handling in JSP
Part 3 (Friday13:00-15:00)
6. Web Software Security
7. Modeling Web Apps8. Testing Web Apps9. Engineering Process
Who Am I?• Professor of Software Engineering
– > 150 refereed publications, H-index = 51– Editor-in-Chief: Journal of Software Testing, Verif.,
and Reliability– Co-Founder: IEEE Intl Conf. on Software Testing– Author: Introduction to Software Testing– Several teaching awards at Mason
• George Mason University– Suburban Washington, DC– “Most diverse” campus in the USA– 34,000 students
• MS Software Engineering– Established 1987– 60 to 80 graduates per year– 24 different graduate coursesJuly 2013 © J Offutt 3
Who Are You?
• Where are you from ?
• What was your undergraduate major ?
• What do you think of software engineering?
July 2013 © J Offutt 4
A. Who am I ?B. Who are you ?
Outline
July 2013 © J Offutt 5
Part1 (13:00-15:00)1. Web Apps Overview2. How the Interweb
Works3. Web Software
(Servlets)
Part 2 (19:00-21:00)4. Control Flow & State
Handling is Different5. State Handling in JSP
Part 3 (Friday13:00-15:00)
6. Web Software Security
7. Modeling Web Apps8. Testing Web Apps9. Engineering Process
Motivation – Overview• Modern web applications are:
– Distributed (world-wide)– Heterogeneous (hardware and software)– Highly user interactive– Built on new technologies
• The software is:– Very loosely coupled– Written in multiple languages– Often generated dynamically
July 2013 © J Offutt 6
Diverse: In terms of software, communication, and people
July 2013 © J Offutt 7
Motivation – Overview (2)
• Web application software has to be better than most shrink-wrap or contract software
• The combination of higher quality requirements and unique technologies make for a very interesting situation(Academics think “interesting” means fun,
managers think “interesting” is scary …)
This talk discusses why and in what ways web software must be better
Software Deployment• Bundled : On your computer when you buy it• Shrink-wrapped : Bought at a store on a CD
– Downloaded from company’s website or OSS site• Contract : Single customer• Embedded : Installed on an electronic device• Web application : On the web through a URL
– Component-based– Concurrent / distributed– One copy on the server– Can be updated at any time (fast update cycle)– User interactive
July 2013 © J Offutt 8
July 2013
© J Offutt
9
Important Quality Attributes for Traditional Software
Traditional1. Efficiency of process (time-to-
market)2. Efficiency of execution
(performance)50.Reliability51.Safety52.Maintainability53.Security
July 2013 © J Offutt 10
Important Quality Attributes for Web Software
1. Reliability2. Usability3. Security
Customers have little “site loyalty” and will switch quickly, thus time to market is much less important than in other application areas.
(but still important!)
4. Availability5. Scalability6. Maintainability7. Performance & Time to
MarketBased on an informal survey of around a dozen software
development managers, 2000
July 2013 © J Offutt 11
Common N-Tier Architecture
Client WebServer
ApplicationServer
DBServer
BrowserJavascripts
HTMLCGIJSP, etc
Java
networkmiddleware
middleware
Client-server … 3-tier … N-tier …
Problems Can Occur Anywhere
• 1995 : Web sites were 100% interface• 1998 : Web sites were about 90% interface• 2001 : Web sites are less than 50% interface• 2005 : Web applications about 25% interface• 2013 : Web application development
dominates the software industry
July 2013 © J Offutt 12
There is a huge shortage of knowledgeable, skilled web
programmers and software engineers
Summary : Concerns of Software
July 2013 © J Offutt 13
Traditional1. Efficiency of process
(time to market)2. Efficiency of
execution
Web Software1. Reliability2. Usability3. Scalability4. Security5. Availability6. Maintainability7. Performance & Time to
Market
50.Reliability51.Safety52.Maintainability53.Security
A. Who am I ?B. Who are you ?
Outline
July 2013 © J Offutt 14
Part1 (13:00-15:00)1. Web Apps Overview2. How the Interweb
Works3. Web Software
(Servlets)
Part 2 (19:00-21:00)4. Control Flow & State
Handling is Different5. State Handling in JSP
Part 3 (Friday13:00-15:00)
6. Web Software Security
7. Modeling Web Apps8. Testing Web Apps9. Engineering Process
15
Hypertext Transport Protocol
• HTTP is based on the request-response communication model :– Client sends a request– Server sends a response
• HTTP is a stateless protocol :– The protocol does not require the server to
remember anything about the client between requests
• The original standards proposal for HTTP :– ftp://ftp.rfc-editor.org/in-notes/rfc2616.txt
July 2013 © J Offutt
(HTTP)
16
HTTP• Normally implemented over a TCP connection
– 80 is standard port number for HTTP
• Typical browser-server interaction:– User enters Web address in browser– Browser uses DNS to locate IP address– Browser opens TCP connection to server– Browser sends HTTP request over connection– Server sends HTTP response to browser over
connection– Browser displays body of response in the client area
of the browser window
July 2013 © J Offutt
17
HTTP Request
July 2013
Clients send requests to servers to ask for a resource (usually a file or to run a program)
Example: GET http://cs.gmu.edu/~offutt HTTP/1.1
© J Offutt
18
HTTP Response
July 2013
Servers send responses to clients with result of request (error code, a file output of a program)
Example: HTTP/1.1 200 OK
First digit is class of the status code :– 1 = Informational– 2 = Success– 3 = Redirection (with alternate
URL)– 4 = Client Error– 5 = Server Error© J Offutt
19
Client Caching
Browser WebServer
1. HTTP request for image
2. HTTP response containing image
Client Server
Cache
3. Store image
July 2013
I need thatimageagain…
HTTP request for image
HTTP response containing image
The slow way …
Get image
… or the fast way
© J Offutt
A. Who am I ?B. Who are you ?
Outline
July 2013 © J Offutt 20
Part1 (13:00-15:00)1. Web Apps Overview2. How the Interweb
Works3. Web Software
(Servlets)
Part 2 (19:00-21:00)4. Control Flow & State
Handling is Different5. State Handling in JSP
Part 3 (Friday13:00-15:00)
6. Web Software Security
7. Modeling Web Apps8. Testing Web Apps9. Engineering Process
© J OffuttJuly 2013 21
Server Side Processing
HTTP Response
HTTP Request
Client Server
data
HTML
UI implemented in a browser
Web serverContainer engineProgram
components
Execution Overview
July 2013 © J Offutt 22
Web server
Server
Container engine
HTTP Respons
e
HTTP Request
Incoming request on port 8080
1
27
63
Request /
Response
Objects
Modified Respons
e Objects
Response back to
requestor
8
Program component
ReturnCreate thread /
call method
4
5
Web Container Engine
July 2013 © J Offutt 23
Container Engine
Web App 1
Web App 2C1
a
C1c
C1b
Shared
memory
C2a
C2c
C2b
Shared
memory
C2d
Shared
memory
© J Offutt 24July 2013
Compiled Modules
• Compiled modules are executable program components that the server uses
• Common compiled module application plug-ins :– Microsoft’s .NET ASP– J2EE Java servlets
• Compiled modules are efficient and very effective
• They allow programmers to clearly separate the front-end from the back-end– Aids design– Complicates implementation
© J Offutt 25July 2013
Scripted Pages
• Scripted pages look like HTML pages that happen to process business logic
• Execution is on the server, not on the client– unlike JavaScripts
• They have HTML with program statements that get and process data
• JSPs are compiled and run as servlets– very clean and efficient
© J Offutt 26July 2013
Scripted Pages (2)• Common scripted pages:
– Adobe’s ColdFusion– Microsoft’s Active Server Pages (ASP)– Java Server Pages (JSP)
• Scripted pages are generally easy to develop and deploy
• They mix logic with HTML, so can be difficult to read and maintain
• Not as effective for heavy-duty engineering
© J Offutt 27
Summary Web Programming• The major difference is deployment
– Software is deployed across the Web using HTTP
– Other deployment methods include bundling, shrink-wrapping, embedding, and contracting
• New software technologies• New conceptual language constructs for
programming– Integration– Data management– Control connectionsJuly 2013
These differences affect every aspect of how to engineer high quality software
© J Offutt 28
What are Servlets?• Servlets are small Java classes that
– Process an HTTP request– Return an HTTP response
• Servlet container or engine– Connects to network– Catches requests– Produces responses– Creates object instances of servlet classes– Hands requests to the appropriate object
• Programmers use an API to write servlet classes
July 2013
© J Offutt 29
Servlets vs. Java Applications• Servlets do not have a main()
– The main() is in the server– Entry point to servlet is via call to a method
( doGet() or doPost() )• Servlet interaction with end user is indirect
via request / response object APIs– Actual HTTP request / response processing is
handled by the server• Servlet output is usually HTML
July 2013
© J Offutt 30July 2013
Servlet Container (or Engine)• Servlet container is a plug-in for handling Java
servlets• A servlet container has five jobs :
1. Creates servlet instance2. Calls init()3. Calls service() whenever a request is made
1. service() calls a method written by a programmer to handle the request
2. doGet() to handle GET requests, doPost() to handle POST requests
3. More on this later …
4. Calls destroy() before deleting the servlet object5. Destroys instance
© J Offutt 31July 2013
Servlet Container (2)
1. If there is an active object for the servlet, the container creates a Java thread to handle the request
2. If there is no active object for the servlet, the container instantiates a new object of that class, then creates a Java thread on the object to handle the request
When a request comes to a servlet, the servlet container does one of two things:
© J Offutt 32July 2013
Servlet Container (3)
• When it gets destroyed is not specified by the servlet rules
• Most servlet containers destroy the object N minutes after the last request
• N is usually 15 or 30, and can be set by the system administrator
• Container can also be configured to never destroy a servlet object
A servlet instance runs until the container decides to destroy it :
© J Offutt 33July 2013
Servlet Container (4)
• What if the same servlet gets multiple requests ?
• More than one thread for the same servlet may be running at the same time, using the same memory
Risky …
Client 1
Client 2
Server containerservlet thread 1servlet thread 2
Sharedmemory
space
© J Offutt 34July 2013
Servlet Object Thread Lifecycle
Does not exist
UnavailableInitialized
and/or ready for requests
Destroyed Service
instantiation based on a
request or at container startup
release reference
initialization
initialization failed
back to service if temporarily unavailable(optional)
temporary or
permanent failuretimeout or a
container shutdown
HTTP requests
from clients
end of service thread
Instantiated
© J Offutt 35July 2013
Simple Servlet Exampleimport javax.servlet.*;import javax.servlet.http.*;import java.io.*;public class hello extends HttpServlet{public void doGet (HttpServletRequest req, HttpServletResponse res) throws servletException, IOException{ res.setContentType (“text/html; charset=\”UTF-8\””); PrintWriter out = res.getWriter (); out.println (“<HTML>”);
© J Offutt 36July 2013
Simple Servlet (2)
out.println (“<HEAD>”); out.println (“<TITLE>Servlet example</TITLE>”); out.println (“</HEAD>”); out.println (“<BODY>”); out.println (“<P>My first servlet. </P>”); out.println (“</BODY>”); out.println (“</HTML>”); out.close ();} // end doGet()} // end hello
July 2013 © J Offutt 37
Servlet Parameters – requests
Parameters are conveniently stored in objects
• String req.getParameter (String KEY)– Returns value of field with the name = KEY– Names are defined in HTML, and values supplied by the users
• String[ ] req.getParameterValues (String KEY)– Returns all values of KEY– For example checkboxes
• Enumeration req.getParameterNames ()– Returns an Enumeration object with a list of all
parameter names• String req.getQueryString ()
– Returns the entire query string
© J Offutt 38
Transmitting Servlet Parameters• Parameter data is the Web analog of
arguments in a method call :– System.out.println (“aString”);– http://www.example.com/servlet/PrintThis?arg=aString
• Query string syntax and semantics– Multiple parameters are separated by ‘&’ http://www.example.com/servlet/PrintThis?
color=red&arg=aString– Order of parameters does not matter http://www.example.com/servlet/PrintThis?
arg=aString&color=red– All parameter values are strings http://www.example.com/servlet/PrintThis?arg=&age=39
July 2013
Empty string
© J Offutt 39July 2013
Summary—Examples
1. hello : Prints lots of hellos2. name : Accepts and prints a name from a form3. goldGetPost : Differences between GET and POST4. formHandler : Displays arbitrary data from a form5. twoButtons : Processing two submit buttons6. abstracts : Processes form data and sends through
email7. loan : Compute time to pay off a loan8. convert : Convert values9. convert2 : Better value conversion10. fileLoad : Uploads a file to a server11. studInfo : Our student info system – small web app12. showRequestHeaders : Shows information about the
requests
http://www.cs.gmu.edu/~offutt/classes/642/examples/servlets/