Upload
clement-mckenzie
View
216
Download
1
Tags:
Embed Size (px)
Citation preview
Web Application Development
1
Outline
• Web application architecture
• HTTP
• CGI
• Java Servlets
• Apache Tomcat
• Session maintenance
2
Architecture
4
HTTP
• Created by Tim Berners-Lee at CERN– Defined 1989-1991
• Standardized and much expanded by the IETF• Rides on top of TCP protocol
– TCP provides: reliable, bi-directional, in-order byte stream• Goal: transfer objects between systems
– Do not confuse with other WWW concepts:• HTTP is not page layout language (that is HTML)• HTTP is not object naming scheme (that is URLs)
• Text-based protocol– Human readable
Client-Server Paradigm
Client: initiates contact with server
(“speaks first”) typically requests service from
server, for Web, client is implemented
in browser; for e-mail, in mail reader
Server: provides requested service to
client e.g., Web server sends
requested Web page, mail server delivers e-mail
PC runningExplorer
Apache Webserver
Mac runningSafari
HTTP requestHTTP response
http re
quest
http re
sponse
HTTP
6
7
HTTP Request Message Format
HTTP method URL sp HTTP version cr lf
header field name : field value cr lf
request linesp
header field name : field value cr lf
cr lf
Entity Body
header lines
…
8
HTTP Request Example
GET /somedir/page.html HTTP/1.0 User-agent: Mozilla/4.0 Accept: text/html, image/gif,image/jpeg Accept-language:fr
(extra carriage return, line feed)
request line(GET, POST,
HEAD commands)
header
lines
Carriage return,
line feed indicates end of message
9
HTTP Response Message Format
HTTP version status code sp status phrase cr lf
header field name : field value cr lf
response linesp
header field name : field value cr lf
cr lf
Response Body
header lines
…
10
HTTP Response Example
HTTP/1.0 200 OK Date: Thu, 25 Aug 2001 12:00:15 GMT Server: Apache/1.3.0 (Unix) Last-Modified: Mon, 22 Aug 2001 …... Content-Length: 6821 Content-Type: text/html data data data data data ...data data data data data ... data data data data data ...
header
lines
status line:(protocol
status codestatus
phrase)
data, e.g., requestedhtml file
Carriage return,
line feed indicates end of message
CGI Architecture
Objectives
• Standardizes execution of server-side applications/handlers
• Specifies:
– Interface between client and handler
– Interface between web server and hander
Web Server-Handler Interaction
• Handler Input– Meta-variables– Stdin (message body)
• Handler Output– Stdout
Client-Handler Interaction
• Clients request the execution of a handler program by means of a:– A request method (e.g., GET, POST)– Universal Resource Identifier (URI)
• Identifies handler – Extra arguments
URI Syntax
<protocol>://<host><port>/<path-info><script>"?"<query-string>
http://finance.yahoo.com/add?op1=10&op2=20
<protocol> http
<host> finance.yahoo.com
<port> 80
<path-info> null
<script> add
<query-string> op1=10, op2=20
Query String Encoding
• RFC 2396
• Why encode? Can think of a CGI script as a function, send
arguments by specifying name/value pairs. Way to pack and unpack multiple arguments into
a single string
Encoding Rules
All arguments Single string of ampersand (&) separated name=value
pairs
name_1=value_1&name_2=value_2&...
Spaces Replaced by a plus (+) sign
Other characters (ie, =, &, +) Replaced by a percent sign (%) followed by the two-digit
hexadecimal ASCII equivalent
Method
• GET– Arguments appear in the URL after the ? – Can be expressed as a URL– Limited amount of information can be passed this way– URL may have a length restriction on the server– Arguments appear on server log
• POST Arguments are sent in the HTTP message body Cannot be expressed as URL Arbitrarily long form data can be communicated (some
browsers may have limits (i.e. 7KB)). Arguments usually does not appear in server logs.
Forms and CGI
• Specify request method in “method” attribute• Automatically encodes all named field values
Example: add.html
21
Servlets• Generic Java2EE API for invoking and connecting
to “mini-servers” (lightweight, short-lived, server-side interactions).
• Mostly HTTPServlets– Generate HTTP responses (as for CGI)– Servlet code snippets can be embedded directly
into HTML pages: JSP = Java Server Pages• Competitor: Microsoft ASP = Active Server
Pages
22
Servlet Architecture
Web server: Apache, Netscape Enterprise, IIS
Servlet container: Running JVM, hooked into the web server, loads and maintains servlets, session info, object store
Servlet: A Java class used to handle a specific request.
23
Main Process
JVM
Java Servlet-Based Web Server
Servlet1
Request for Servlet1
Request for Setvlet2
Request for Servlet1
Servlet2
Thread
Thread
Thread
24
Servlet API (javax.Servlet)
• Servlet Container
• Servlet Interface
• HttpServletResponce
• HttpServletRequest
• ServletContext
25
Servlet Container
Contains and manages servlets through their lifecycle
Provides the network services over which requests and responses are sent
Decodes requests Formats MIME based responses
26
Servlet Interface
Central abstraction of the servlet API
All servlets either implement this interface,
or extend a class that implements this
interface
GenericServlet and HttpServlet two classes
in the servlet API that implement the
Servlet interface
27
HttpServlet
Web developers extend HttpServlet to implement their servlets.
Inherited from GenericServlet Init() Destroy()
Defined by HTTPServlet doGet() doPost()
28
doGet() and doPost()
protected void doGet(HttpServletRequest req,
HttpServletResponse resp)
protected void doPost(HttpServletRequest req,
HttpServletResponse resp)
29
HttpServletResponse Encapsulates all information to be returned from the server to
the client In the HTTP protocol, this information is transmitted from
the server to the client either by HTTP headers or the message body of the request.
Headers: Can set/manipulate http headers primitive manipulation: setStatus(), setHeader(), addHeader()
convenience methods: setContentType(), sendRedirect(), sendError()
Body: Obtain a PrintWriter, used to return character data to the client getWriter()
30
Example: Hello World
31
HttpServletRequest Encapsulates all information from the client request
In the HTTP protocol, this information is transmitted from the client to the server in the HTTP headers and the message body of the request.
Manipulate 'form' variables:
getParameter()
getParameterNames()
getParameterValues()
32
Example: Form
Environment Variables
DOCUMENT_ROOT root directory of your server
HTTP_COOKIE visitor's cookie, if one is set
HTTP_HOST hostname of the page
HTTP_REFERER
HTTP_USER_AGENT browser type of the visitor
HTTPS "on" if called through a secure server
QUERY_STRING query string
REMOTE_ADDR IP address of the visitor
REMOTE_HOST hostname of the visitor
REMOTE_USER visitor's username
REQUEST_METHOD GET or POST
REQUEST_URI
SCRIPT_FILENAME The full pathname of the current CGI
SERVER_SOFTWARE server software (e.g. Apache 1.3)
34
Example: Environment Variables
35
Tomcat ConfigurationTomcat
webapps
csc309Servlets Root
index.jspindex.html
conf
server.xml
WEB-INF
classes
web.xml
HelloWorld.class
web.xml
tomcat_users.xml
SomeOther.class
36
Deployment Descriptor (web.xml)• $CATALINA_HOME/conf/web.xml
– Default for all web applications• $CATALINA_HOME/webapp/ece1779Servlets/WEB_INF/web.xml
– Specific to ece779Servlets <servlet> <servlet-name>SampleServerName</servlet-name> <servlet-class>HelloWorld</servlet-class> </servlet> <servlet-mapping> <servlet-name>SampleServletName</servlet-name> <url-pattern>/index.html</url-pattern> </servlet-mapping>
http://127.0.0.1:8080/ece1779Servlets/index.htmlMaps to:
$CATALINA_HOME/webapp/ece1779Servlets/WEB_INF/classes/HelloWorld.class
37
$CATALINA_HOME/conf/tomcat_users.xml
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="tomcat"/>
<role rolename="role1"/>
<role rolename="manager"/>
<role rolename="admin"/>
<user username= “ece1779" password= “secret" fullName= "name" roles="admin,manager"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="role1" password="tomcat" roles="role1"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
</tomcat-users>
38
Tomcat Web Application Manager
• Deploy applications
• Start/stop/reload
39
Servlet Debugging
• Logs
– $CATALINA_HOME/logs
• Interactive debugger
– Use Java JPDA interface
• Allows an external program to “attach” to process
– Start Tomcat in debugging mode
• $CATALINA_HOME/bin/catalina.sh jpda start
– Start IDE debugger
– Attach debugger to running Tomcat instance
40
Session Maintenance
HTTP is stateless by default
No memory of browsers state
Preserving state between browser/web server interactions
Behavior reflects previous forms filled in and pages viewed
Kept at the browser or/and web server.
Example: Want to allow access to a given script only once a user is logged in. Don't want to require a user to login at every page.
41
Store State At Server
Current state is stored at the server (i.e., in a file, database, or in JVM’s memory)
Each request includes a token identifying the browsers session (tokens can be passed via cookies, hidden variables, URL rewriting).
At each request, the executing servlet uses the token to fetch session state
Careful: Browser back button problem. The page the user is viewing may not reflect state stored at the server.
42
HttpSession One instance for each active session
Accessing/creating a session
HttpSession session = request.getSession(); Session attributes
Object o = session.getAttribute("name");
session.setAttribute("name",o);
43
Session Duration • Default: expire a session if idle (no http requests) for 30 minutes
– Delete all session related attributes from server– Does not remove cookie from client
• Changing session timeout– Configuration file (web.xml)
<session-config> <session-timeout>30</session-timeout> </session-config>
– Run-time• session.getMaxInactiveInterval()• session.setMaxInactiveInterval()
• Terminating a session– session.invalidate()– Deletes session related attributes form server– Removes cookie from client
44
Session Example
45
Other Issues• Multithreading
– HttpSession is not thread safe– Use proper synchronization to prevent concurrent property modifications
• Persistent sessions
– Tomcat has support for persistent sessions
• Survive server restart– Saves session data to a file– Serializes properties
• Property values need to be serializable• Session event listeners
– Possible to create servlets that execute when a session times out– Can be use to garbage collect resources outside of the JVM
46
ServletContext Interface defines a servlet’s view of the web application within
which the servlet is running.
Container Provider is responsible for providing an implementation of the ServletContext interface in the servlet container.
Using the ServletContext object, a servlet can
log events
obtain URL references to resources
set attributes that other servlets in the context can access.
47
ServletContext Continued• One instance of ServletContext per web application per container
ServletContext context = getServletContext();
• Provides access to Initialization Parameters Defined in the deployment descriptor
A file called web.xml in the WEB-INF subdirectory of the app directory
Methods:
getInitParameter(),
getInitParameterNames()
48
ServletContext Attributes Context level shared objects. Can be bound into the context
and accessed by any servlet that is part of the application.
Methods:
setAttribute()
getAttribute()
getAttributeNames()
removeAttributes()
More than 1 thread may be accessing a shared object.
Application developer responsible for synchronizing access to shared objects
49
ServletContext Resources
Gives servlet access to local documents associated with the application. (i.e. static web pages, images)
Access to server logs
Methods:
getResource()
getResourceAsStream()
getResourcePaths()
log(“Error! File does not exist”);
ServletContextExample
50
51
JSP• Servlets disadvantage
–A little java in a whole lot of HTML
• Java Server Pages
–Java embedded in HTML
• Deployed in textual form (as opposed to byte code)
• Translated to into a servlet on the fly$CATALINA_HOME/webapps/ece1779/hello.jsp
$CATALINA_HOME/work/Catalina/localhost/ece1779/org/apache/jsp/hello_jsp.java
52
JSP Life Cycle
JSP• Expressions
<%= object.function() %>
Java expression that evaluates into a String
Translated into out.print() statement• Scriplets
<% java.util.Date currentTime = new java.util.Date;String strDate = currentTime.toString();
%>
One or more Java statements
Left in place• Directives
<%@ page import=“java.util.Date, java.text.SimpleDateFormat” %>
<%@ page contentType="text/html; charset=UTF-8" %>
<%@ taglib prefix="s" uri="/struts-tags" %>• Tags
<s:iterator value="posts" status="itStatus“>
<s:form action="AddPost“>
<s:textfield name="username" label="Your name"/>
Movieplex Example
DesignContent
All data stored in Movieplex.java
- Array of movies
- Array of theatres
- Array of showtimes
Initialization
Initialization.java
- Servlet that creates Movieplex object and stores in ServletContent
Regular operation
ListTheaters.jsp
- Retrieves movie data from servlet context
- Renders HTML page with list of all available theatres
ShowTheater.jsp
- Takes theaterid as parameter
- Renders HTML listing all the movies currently shown at a theatre
Data Structures
public class Movie {
public int id;
public String name;
public String rating;
public String starring;
public String director;
public String synopsis;
public String poster;
public String url;
}
public class Theater { public int id; public String name; public String address; public String phone;}
public class Showtime { public int id; public int theaterid, movieid; public int year, month, day; // date public int hour, minute; // time of day public float price;}
Data Structurespublic class Movieplex {
public Theater [] theaters;
public Movie [] movies;
public Showtime [] showtimes;
public Movieplex() {
Theater [] t = { new Theater(1,"Canada Square","2190 Yonge Street, Toronto, ON, M4S2C6", "416-6460444"),
new Theater(2,"SilverCity","2300 Yonge Street, Toronto, ON, M4P1E4","416-5441236") };
this.theaters = t;
Movie [] m = { new Movie(1,"Casino Royale", "PG-13","Daniel Craig, Judi Dench, Mads Mikkelsen, Eva Green, Jeffrey Wright", ......),
new Movie(2,"Babel", "R", "Brad Pitt, Cate Blanchett, Gael Garcia Bernal, Elle Fanning, Koji Yakusho", ... ) };
this.movies = m;
Showtime [] s = { new Showtime(1,1,1,2007,3,23,18,0,8),
new Showtime(2,1,1,2007,3,18,20,0,8) };
this.showtimes = s;
}
}
58
Three Tier Architecture
59
RDBMS
• Relational Database Management Systems
• A way of saving and accessing data on persistent (disk) storage.
60
Why Use an RDBMS
• Data Safety– data is immune to program crashes
• Concurrent Access– atomic updates via transactions
• Fault Tolerance– replicated dbs for instant fail-over on machine/disk crashes
• Data Integrity– aids to keep data meaningful
• Scalability– can handle small/large quantities of data in a uniform manner
• Reporting– easy to write SQL programs to generate arbitrary reports
61
RDBMS Technology
• Client/Server Databases
– Oracle, Sybase, MySQL, SQLServer
• Personal Databases
– Access
• Embedded Databases
– Pointbase
62
Serverserver process
disk i/o
Client/Server Databases
client clientclient processes
tcp/ip connections
63
client application
code
Inside the Client Process
tcp/ip connection to server
db library
API
64
JDBC JDBC (Java DataBase Connectivity)
Standard SQL database access interface.
Allows a Java program to issue SQL statements and process the results.
DB independent. Can replace underlying database with minimal code impact.
Defines classes to represent constructs such as database connections, SQL statements, result sets, and database metadata.
65
A JDBC Application
66
JDBC Pieces Java client: code implementing the application
JDBC API. Provides DB independent abstraction to
establish a connection with a database
send SQL statements
process the results JDBC Driver
Translates API calls to requests made against the specific database. Specific driver for the each database. Installed on the client. Usually a set of class files placed in the class path.
e.g., mysql-connector-java-5.1.7-bin.jar All large databases are now supported.
Database server:
The actual database engine
Pointbase, Oracle, MSAccess, SQL Server, Postgresql etc.
67
JDBC • Package java.sql
java.sun.com/products/jdk/1.2/docs/api/java/sql/package-summary.html
• Classes and interfaces– DriverManager getConnection()
– Connection Transactionscommit(), rollback(), setAutoCommit()
SQL statementscreateStatement(), prepateStatement()
– Statement executeQuery(), executeUpdate()
– ResultSet Scrolling over tuples next(), previous(), first(), last(), isLast()
Values of attributesgetString(int index), getTime(String name)
– PreparedStatement executeQuery(), executeUpdate()setInt (int index, int x)
68
API: Establish Connection1 Class.forName(com.mysql.jdbc.Driver)
make the driver class available
2 String url = “jdbc:mysql://sysnet.cs.toronto.edu/databasename";
This is the connect string. The connect string, mentions the driver as well as the database. For the example above, the driver is the jdbc:pointbase:embedded bridge driver. The database is sample.
3 Connection con=DriverManager.getConnection(url, uID, pw);
Get a connection (session) with a specific database. Within the context of a Connection, SQL statements are executed and results are returned.
A Connection can be used to obtain information about the DB By default a Connection automatically commits changes after each statement.
Typically, setting up a connection is an expensive operation.
69
API: Executing Queries
A query can return many rows, each with many attributes
Steps are
1 Send query to the database
2 Retrieve one row at a time
3 For each row, retrieve attributes
70
Trivial Example
71
API: Updates
Int rowsAffected=
stmt.executeUpdate(
"DELETE * FROM ACCOUNTS;");
Executes a SQL INSERT, UPDATE or DELETE statement. Returns the number of rows affected.
72
API: Prepared Statements
Is a parameterized SQL statement.
Used to speedup query parsing (statement does not need to be reparsed)
Used to simplify development (clumsy strings do not have to be created and recreated for each update).
Example:String insert="INSERT INTO ACCOUNT(NAME,AMOUNT)VALUES(?,?);"; PreparedStatement ps =con.prepareStatement(insert);
ps.setString(1,"Charlie"); // Fill in the first ?ps.setDouble(2,23.45); // Fill in the second ?
rowsEffected=ps.executeUpdate();
ps.setInt(1,"Arnold"); // Fill in the first ?ps.setInt(2,102.23); // Fill in the second ?
rowsEffected=ps.executeUpdate();
73
Scope of DB Connections
1. Request: Open/close connection on each action invocation
2. Session: Keep 1 open connection associated with the session: HttpSession.getParameter(“dbCon”)
3. Web App: Keep 1 open connection for the web application and re-use it
74
Connection Pooling• The Solution:
– Maintain a pool of open connections that time themselves out• The SharedPoolDataSource allocates a new Connection object
– It wraps it in a PoolingConnection object that delegates calls to its enclosed Connection object and returns it to the client.
– It sets a timeout that will reclaim the Connection for a pool of free connections
• If client accesses PoolingConnection after timeout, PoolingConnection will request a fresh connection from the pool.
• Client returns Connection to the pool when done with it.– SharedPoolDataSource does not close the Connection, rather saves it for
the next request• Client may block awaiting a freed connection if some maximum upper limit
of open connections is reached.
75
Connection Pooling
– Init method of main webapp servlet:
// Create a data sourceDriverAdapterCPDS ds = new DriverAdapterCPDS();ds.setDriver("com.mysql.jdbc.Driver");ds.setUrl("jdbc:mysql://servername/databasename");ds.setUser("public");ds.setPassword("public");
// Create a connection poolSharedPoolDataSource dbcp = new SharedPoolDataSource();dbcp.setConnectionPoolDataSource(ds);
//Add to webapp contextgetServletContext().setAttribute(“dbConPool”,dbcp);
76
Connection Pooling– Each servlet doGet() or doPost() calls:
SharedPoolDataSource dbcp = getServletContext().getAttribute(“dbConPool”);
Connection con = dbcp.getConnection();…Statement s = con.createStatement();…con.close();
77
Indirection and Capabilities
Servletconnection x
connection
connection
Poolingconnection
private connection x
onTimeOut: x = null
Servletdbonnection y
Cannot revoke capability
Indirection enables revoking capability
Capability: enforces access control by providing a handle to a resource.
78
SQLGateway
79
Atomic Transactions
• ATM banking example:
– Concurrent deposit/withdrawal operation
– Need to protect shared account balance
• What about transferring funds between accounts?
– Withdraw funds from account A
– Deposit funds into account B
80
Properties of funds transfer
• Should appear as a single operation
– Another process reading the account balances should see either both updates, or none
• Either both operations complete, or neither does
– Need to recover from crashes that leave transaction partially complete
81
Transactions• Definition: A transaction is a collection of DB modifications, which is
treated as an atomic DB operation.
– Transactions ensure that a collection of updates leaves the database in a consistent state (as defined by the application program); all updates take place or none do.
– A sequence of read and write operations, terminated by a commit or abort
• Definition: Committed– A transaction that has completed successfully; once committed, a transaction
cannot be undone
• Definition: Aborted – A transaction that did not complete normally
• JDBC: By default the Connection automatically commits changes after executing each statement. If auto commit has been disabled, the method commit must be called explicitly; otherwise, database changes will not be saved.
82
API: TransactionsExample:// Change to transactional mode
con.setAutoCommit(false);
// Transaction A begins here
stmt.executeUpdate("DELETE * FROM ACCOUNT...;");// 1
stmt.executeUpdate("INSERT INTO ACCOUNT ...."); // 2
stmt.executeUpdate("INSERT INTO ACCOUNT ...."); // 3
stmt.executeUpdate("INSERT INTO ACCOUNT ...."); // 4
con.commit();
// Commit changes to database
// All of 1,2,3,4 take effect
83
API: TransactionsExample:
// Transaction B begins here
stmt.executeUpdate("DELETE * FROM SALES...;"); // 5
stmt.executeUpdate("INSERT INTO SALES ...."); // 6
stmt.executeUpdate("INSERT INTO SALES ...."); // 7
stmt.executeUpdate("INSERT INTO SALES ...."); // 8
con.rollback();
// Rollback to before transaction B began
// None of 5,6,7,8 effects the DB
84
Example
• Movie database
• Add an order and decrement # of available spaces
showtimeid movieid theatherid sdate stime available1 1 1 20/03/2005 20:00:00 902 1 1 20/03/2005 22:00:00 90
showtimes
orderid userid showtimeid1 1 1
orders