Server-Side Development Basics

Harry R. Erwin, PhDUniversity of Sunderland

CIT304/CSE301

Resources• Hans Bergsten, 2002, JavaServer Pages, 2nd edition, O’Reilly, ISBN:

0-596-00317-X• http://java.sun.com/products/jsp/• http://www.apl.jhu.edu/~hall/java/Servlet-Tutorial/• Farley, et al., 2002, Java Enterprise in a Nutshell, 2nd edition,

O’Reilly, ISBN: 0-596-00152-5• Brittain and Darwin, 2003, Tomcat: the Definitive Guide, O’Reilly.• Kurniawan and Deck, 2004, How Tomcat Works,

BrainySoftware.com.• Knuckles and Yuen, 2005, Web Applications: Concepts and Real

World Design, Wiley.• Nakhimovsky and Myers, 2004, Google, Amazon and Beyond, Apress.

Questions to be Answered

• What is server-side programming (SSP)?• What are some approaches to SSP?• What are SSP basics?• What is JSP?• How can I support SSP?

What is Server-Side Programming (SSP)?

• Technologies for developing web pages that include dynamic content—that is web applications.

• Can produce web pages that contain information that is connection- or time-dependent.

• A key technology for on-line shopping, employee directories, personalized and internationalized content.

History of Dynamic Web Content• The Common Gateway Interface (CGI) was the first

approach to providing dynamic web content. Used scripts, and a process, not just an individual thread, was dispatched for each web page generated. Hence inefficient and did not scale well.

• Numerous second generation alternatives were invented:– FastCGI– mod_perl– NSAPI– ISAPI– Java Servlets

• These embedded HTML in programming code. Hence costly in programmer time.

Scripting—the Third Generation Approach

• Idea: embed simple code in HTML pages!• The HTML pages then use the code to

choose what elements and data to display.• Classes and/or subroutines may be called to

compute information for inclusion in the web page. Existing APIs can be invoked.

• This is known as ‘scripting’.

Some Approaches to Scripting• JavaServer Pages (JSP, uses Java sparingly, will be

covered in these lectures)• Active Server Pages (ASP, uses VBScript, Jscript, COM

or ActiveX components, ODBC). ASP.NET is quite similar to JSP, using C#. Has not been very popular.

• PHP (C-like syntax, many functions available, insecure, covered in DL versions of CIT304)

• ColdFusion (CFML, proprietary)• Java servlet template engine (Velocity, FreeMarker)

Not much change in the last five years, other than the introduction of AJAX (JavaScript + XML).

Some JSP Basics

• The HTTP protocol.• Servlets

The HTTP Protocol

• A communications model:– A client, often but not always a web browser, sends a

request for a resource to a server.– The server returns a response or an error message.

• Points to remember:1. Stateless protocol.2. Delayed feedback.3. Server cannot tell how the request was made. No

client-side processing can be invoked. (If it could be, it would be a security nightmare.)

Examples of HTTP Clients• Web browsers (many, including specialized ones for

console interfaces—lynx—and handicapped users)• Search utilities (Sherlock on MacOS X)• Help utilities• FTP clients (e.g., interarchy on MacOS X)• Software registration programs• telnet (a hacker can emulate a web browser by connecting

to port 80)• Specialized programs (e.g., curl) • Cracker toolkits (to generate malformed http requests)

HTTP Requests

HTTP Request Message

• Consists of:– Request line

• GET resource_name protocol_in_use• POST (provides parameters in the request body, see below)

– Request headers• Host (server name)• User-Agent (browser type)• Various Accept headers describing formats and languages

– Request body (optional)

Java Servlets

• Currently, Java is the predominant language for SSP. This is due to the Java Servlet API.

• Advantages over other SSP technologies:– Persistent between invocations, avoiding process

instantiations.– Portable across operating systems and servers.– Good security.– Can use the Java APIs, particularly JDBC.– Is integrated closely with the J2EE environment.

Servlets

• A servlet runs in a servlet container within a Java Virtual Machine.

• Servlet containers:– Apache/Jserv, which supports Servlets 2.0.– Mortbay.com/Jetty– IBM/WebSphere– Jakarta/Tomcat 4.0 (This is the reference implemen-

tation for the Servlet 2.3 API). Available from http://jakarta.apache.org. We will discuss Tomcat in a later lecture.

Servlet Basics

• The Servlet API consists of two Java packages:– javax.servlet– javax.servlet.http

• Required for J2EE 1.3

Servlet Lifecycle

• A client makes a request involving a servlet running on the server.

• The servlet is responsible for loading and executing the Java classes that generate the HTML content.

• To the client, this looks like standard HTML processing, except faster.

• The servlet then need not shut down. Instead, it can handle subsequent requests without restarting.

Servlet Methods

• init(), to handle startup. Once init() runs, the servlet is available.

• service() is called to process each request. Disk writes are only needed to preserve state. Arguments to service() are ServletRequest and ServletResponse objects.

• destroy() is called to clean up resources when the server shuts down (if it ever shuts down).

Core of the API

• javax.servlet.Servlet interface.• javax.servlet.http.Servlet class, implementing the

interface. Designed to work with the HTTP protocol.

• javax.servlet.GenericServlet class, implementing the interface. This class is communication protocol agnostic. Can implement a filtering servlet to adapt output from some other source. This can provide other protocol services (e.g., ftp).

A Web Application

• A set of resources (servlets, static content, .jsp files, class libraries) installed in a specific path, making up a directory.

• Should be organized as a chroot jail.• Multiple servlets can exist concurrently.

Run in a common ServletContext.• Be careful—the path can change from

machine to machine.

Supporting JSP

• Requirements:– Workstation or PC with an internet connection.– Java 2 SDK (available from Sun, links on my

COM379 handbook page)– JSP 1.2-enabled web server such as Apache

Tomcat (Jakarta Project). This is available here at the Informatics Centre.

Sounds Good?

• Not really—Java servlets have to be programmed and their configuration must be managed.

• Programmers make $50,000-$90,000 in the USA, and programs are notoriously hard to develop and maintain. This is particularly a problem when changes to business logic force changes.

• Next lecture: we will look at how the same thing can be done more quickly, easily, and flexibly with web pages.

Conclusions

• You’ve gained a general understanding of what Server Side Processing (SSP) is.

• You’ve seen the role of SSP in HTTP processing.• You’ve been introduced to Java Servlets, and• You now know the basic configuration for servlet

processing.• Next lecture, you will see how JavaServer Pages

(JSP) interact with this environment.