Module 3:  Servlet AdvancedThanisa Kruawaisayawan Thanachart Numnonda www.imcinstitute.com
Objectives   Including, forwarding to, and redirecting to    other web resources   Servlet & JDBC   Session Tracking AP...
When to Include another Web resource? When it is useful to add static or dynamic contents already created by another web ...
How to Include another Web resource?   Get RequestDispatcher object from ServletContext    object    RequestDispatcher di...
When to use “Forwarding” to another              Web resource?   When you want to have one Web component do preliminary  ...
How to do “Forwarding” to another Web              resource?   Get RequestDispatcher object from HttpServletRequest objec...
Redirecting a Request Two programming models for directing a request Method   1: response.setStatus(response.SC_MOVED_PE...
Servlet & JDBC                 8
What is JDBC?Standard Java API for accessingrelational database Hides  database specific details from  applicationPart of...
JDBC API   Defines a set of Java Interfaces, which are implemented by    vendor-specific JDBC Drivers        Application...
JDBC Driver   Database specific implemention of JDBC    interfaces     Everydatabase server has corresponding      JDBC ...
Database URL   Used to make a connection to the database    – Can contain server, port, protocol etc…    jdbc:subprotoco...
MySQL Tools mysql-installer-5.5.22.1.msi (Database) mysql-workbench-gpi-5.2-40-win32.msi (GUI) mysql-connector-java-5.1...
SQL Commands   CREATE   - Builds a new table with the specified field name and    types   INSERT - Adds a new record to ...
CREATE Statement   The formal syntax    CREATE TABLE table_name(column [ , column] …)   For example    CREATE TABLE Book...
INSERT Statement   The formal syntax    INSERT INTO table_name (column [ , column] …) VALUES    (value [, value] …)   Fo...
SELECT Statement   The formal syntax    SELECT [table.]column [ , [table].column] …    FROM table [ , table] …    [WHERE ...
DELETE Statement The   formal syntax DELETE FROM table_name WHERE column OPERATOR value   [AND | OR column OPERATOR value...
Steps of Using JDBC1. Load DB-specific JDBC driver2. Get a Connection object3. Get a Statement object4. Execute queries an...
1. Load DB-Specific Database Driver   To manually load the database driver and register    it with the DriverManager, loa...
2. Get a Connection Object   DriverManager class is responsible for selecting the    database and and creating the databa...
DriverManager & Connection   java.sql.DriverManager       •   getConnection(String url, String user, String password) thr...
Sub-Topics   DataSource interface and DataSource    object   Properties of a DataSource object   JNDI registration of a...
javax.sql.DataSource Interface and          DataSource Object Driver   vendor implements the interface DataSource object...
Properties of DataSource Object   A DataSource object has properties that can be modified when    necessary – these are d...
JNDI Registration of a DataSource (JDBC           Resource) Object   The JNDI name of a JDBC resource is expected    in t...
Why Connection Pooling?   Database connection is an expensive and limited    resource     Using connection pooling, a sm...
Connection Pooling & DataSource   DataSource objects that implement connection    pooling also produce a connection to th...
3. Get a Statement Object Create   a Statement Object from Connection object    • java.sql.Statement        – ResultSet e...
4. Executing Query or Update   From the Statement object, the 2 most used    commands are    – (a) QUERY (SELECT)       •...
5. Reading Results   Loop through ResultSet retrieving information      java.sql.ResultSet            boolean next()   ...
5. Reading Results (cont.)   Once you have the ResultSet, you can easily    retrieve the data by looping through it      ...
5. Reading Results (cont.) When retrieving data from the ResultSet, use the appropriate getXXX() method    •   getString(...
6. Read ResultSet MetaData and        DatabaseMetaData (Optional) Once you have the ResultSet or Connection  objects, you...
Examplepublic void showDBInfo() {{ public void showDBInfo()    try {{     try         DatabaseMetaData dbmd == connection....
ResultSetMetaData ExampleResultSetMetaData meta = rs.getMetaData();//Return the column countint iColumnCount = meta.getCol...
What Are They? PreparedStatement    • SQL is sent to the database and compiled or prepared      beforehand CallableState...
PreparedStatement                Interface   To call the same SQL statement multiple times, use a    PrepareStatement obj...
Example public void insertData() {{  public void insertData()     PreparedStatement pstmt;      PreparedStatement pstmt;  ...
CallableStatement   The interface used to execute SQL stored procedures   A stored procedure is a group of SQL statement...
JDBC Core API                41
Servlet & JDBC                 42
Servlet & JDBC (cont.)                         43
Why Session Tracking?   Need a mechanism to maintain state across a    series of requests from the same user (or    origi...
Session Tracking Use Cases When    clients at an on- line store add an  item to their shopping cart, how does  the server...
A Session Maintains Client Identity and State across            multiple HTTP requests Client 1                           ...
Three “underlying” Session Tracking           Mechanisms   Cookies   URL rewriting   Hidden form fields   Note that th...
What is HTTP Cookie?   Cookie is a small amount of information sent by a    servlet to a Web browser   Saved by the brow...
Class Cookie               49
Cookies as Session Tracking              Mechanism   Advantages:     Very easy to implement     Highly customizable    ...
URL Rewriting URLs   can be rewritten or encoded to include  session information. URL rewriting usually includes a sessi...
URL Rewriting as Session Tracking         Mechanism   Advantages:     Letuser remain anonymous     They are universally...
If Cookie is turned off..   If your application makes use of session    objects     you must ensure that session trackin...
Example: response.encodeURL()out.println("<strong><a href="" +    response.encodeURL(request.getContextPath() + "/cashier"...
Hidden Form Fields   Hidden form fields do not display in the    browser, but can be sent back to the server by    submit...
Hidden Form Fields as Session Tracking            Mechanism   Advantages:     Universally                supported.    ...
HttpSession Toget a users existing or new session object:   HttpSession      session = request.getSession(true);       ...
Example: Getting HttpSession Objectpublic class CatalogServlet extends HttpServlet {   public void doGet (HttpServletReque...
HttpSession Java Interface Contains   Methods to   View  and manipulate information about a session,   such as the sessi...
HttpSession Methods   getId()      Returns the unique identifier   isNew()      Determines if session is new to client...
Store and Retrieve of Attribute To   stores values:   session.setAttribute("cart",   cart); To   retrieves values:   s...
Session Timeout   Used when an end-user can leave the browser without    actively closing a session   Sessions usually t...
Issues with “Stale” Session Objects   The number of “stale” session objects that are in “to    be timed out” could be rat...
Session Invalidation   Can be used by servlet programmer to end a session    proactively      when a user at the browser...
Example: Invalidate a Session public class ReceiptServlet extends HttpServlet {    public void doPost(HttpServletRequest r...
Scope Objects   Enables sharing information among    collaborating web components via attributes    maintained in Scope o...
Four Scope Objects: Accessibility   Web context (ServletContext)     Accessible   from Web components within a Web      ...
Four Scope Objects: Class   Web context     javax.servlet.ServletContext   Session     javax.servlet.http.HttpSession...
Session, Application ScopeClient 1                             server                                      Session 1      ...
Session, Request, Page Scope                                                   client             request                 ...
Scope of Objects                   71
What is ServletContext For?   Used by servlets to      Set and get context-wide (application-wide) object-       valued ...
Scope of ServletContext   Context-wide scope     Shared by all servlets and JSP pages within a "web      application"   ...
Example: Getting Attribute Value         from ServletContextpublic class CatalogServlet extends HttpServlet {    private B...
What is Servlet Request?   Contains data passed from client to servlet   All servlet requests implement ServletRequest i...
Requestsdata,client, server, headerservlet itself       Request                  Servlet 1                                ...
Servlet Lifecycle Events Support   event notifications for state changes in   ServletContext       Startup/shutdown    ...
Listener Interfaces   ServletContextListener        contextInitialized/Destroyed(ServletContextEvent)   ServletContextA...
Listener Registration   Web container      creates  an instance of each listener class      registers it for event noti...
Steps for Implementing Servlet Lifecycle                   Event1. Decide which scope object you want to receive an event ...
Example: Context Listenerpublic final class ContextListener    implements ServletContextListener {    private ServletConte...
Example: Context Listener    public void contextDestroyed(ServletContextEvent event) {         context = event.getServletC...
Listener Configuration<web-app>  <display-name>Bookstore1</display-name>  <description>no description</description>  <filt...
What are Java Servlet Filters?   New component framework for intercepting and    modifying requests and responses     Fi...
What Can a Filter Do?   Examine the request headers   Customize the request object if it wishes to modify    request hea...
How Servlet Filter Work? Servlet                                                                      ServletContainer    ...
javax.servlet.Filter Interface   init(FilterConfig)      called only once when the filter is first initialized      get...
How Filter Chain Works   Multiple filters can be chained        order is dictated by the order of <filter> elements in t...
Steps for Building a Servlet Filter   Decide what custom filtering behavior you want to    implement for a web resource ...
Example: HitCounterFilterpublic final class HitCounterFilter implements Filter  {  private FilterConfig filterConfig = nul...
Example: HitCounterFilter    public void doFilter(ServletRequest request,                ServletResponse response, FilterC...
HitCounterFilter Configuration<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc...
Configuration in web.xml   <filter>      <filter-name>: assigns a name of your choosing to the filter      <filter-clas...
Concurrency Issues on a Servlet The service() method of a servlet instance can be  invoked by multiple clients (multiple ...
Many Threads, One Servlet Instance                   Web Serverrequest          threadrequest   threadrequest   thread    ...
Use of synchronized block Synchronized blocks are used to guarantee only one thread at a time can execute within a sectio...
Thank you   thananum@gmail.comwww.facebook.com/imcinstitute   www.imcinstitute.com                                97
Upcoming SlideShare
Loading in …5
×

Java Web Programming [3/9] : Servlet Advanced

2,778 views
2,716 views

Published on

Presentation for Java Web Programming Course; 2011

Published in: Technology
1 Comment
2 Likes
Statistics
Notes
No Downloads
Views
Total views
2,778
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
77
Comments
1
Likes
2
Embeds 0
No embeds

No notes for slide

Java Web Programming [3/9] : Servlet Advanced

  1. 1. Module 3: Servlet AdvancedThanisa Kruawaisayawan Thanachart Numnonda www.imcinstitute.com
  2. 2. Objectives Including, forwarding to, and redirecting to other web resources Servlet & JDBC Session Tracking API Scope Objects Servlet Listener Servlet Filter 2
  3. 3. When to Include another Web resource? When it is useful to add static or dynamic contents already created by another web resource  Adding a banner content or copyright information in the response returned from a Web component 3
  4. 4. How to Include another Web resource? Get RequestDispatcher object from ServletContext object RequestDispatcher dispatcher = getServletContext().getRequestDispatcher(“/banner"); Then, invoke the include() method of the RequestDispatcher object passing request and response objects  dispatcher.include(request, response); 4
  5. 5. When to use “Forwarding” to another Web resource? When you want to have one Web component do preliminary processing of a request and have another component generate the response You might want to partially process a request and then transfer to another component depending on the nature of the request 5
  6. 6. How to do “Forwarding” to another Web resource? Get RequestDispatcher object from HttpServletRequest object  Set “request URL” to the path of the forwarded page RequestDispatcher dispatcher = request.getRequestDispatcher(“/template.jsp"); If the original URL is required for any processing, you can save it as a request attribute Invoke the forward() method of the RequestDispatcher object  dispatcher.forward(request, response); 6
  7. 7. Redirecting a Request Two programming models for directing a request Method 1: response.setStatus(response.SC_MOVED_PERMANTLY); response.setHeader("Location", "http://..."); Method 2: response.sendRedirect("http://..."); 7
  8. 8. Servlet & JDBC 8
  9. 9. What is JDBC?Standard Java API for accessingrelational database Hides database specific details from applicationPart of Java SE (J2SE) Java SE 7 has JDBC 4.1 9
  10. 10. JDBC API Defines a set of Java Interfaces, which are implemented by vendor-specific JDBC Drivers  Applications use this set of Java interfaces for performing database operations - portability Majority of JDBC API is located in java.sql package  DriverManager, Connection, ResultSet, DatabaseMetaData, ResultSetMetaData, PreparedStatement, CallableStatement and Types Other advanced functionality exists in the javax.sql package  DataSource 10
  11. 11. JDBC Driver Database specific implemention of JDBC interfaces  Everydatabase server has corresponding JDBC driver(s) You can see the list of available drivers from  http://industry.java.sun.com/products/jdbc/ drivers 11
  12. 12. Database URL Used to make a connection to the database – Can contain server, port, protocol etc… jdbc:subprotocol_name:driver_dependant_databasename – Oracle thin driver jdbc:oracle:thin:@machinename:1521:dbname – MySQL jdbc:mysql://localhost:3306/test 12
  13. 13. MySQL Tools mysql-installer-5.5.22.1.msi (Database) mysql-workbench-gpi-5.2-40-win32.msi (GUI) mysql-connector-java-5.1.19-bin.jar (Driver)  Copy to C:Program FilesApache Software FoundationApache Tomcat 7.0.27lib 13
  14. 14. SQL Commands CREATE - Builds a new table with the specified field name and types INSERT - Adds a new record to the named table SELECT - Retrieves records from the named table DELETE - Removes one or more record(s) from the table UPDATE - Modified one or more field(s) of particular record(s) DROP - Completely removes a table from the database 14
  15. 15. CREATE Statement The formal syntax CREATE TABLE table_name(column [ , column] …) For example CREATE TABLE Books(ISBN varchar(5) not null PRIMATY KEY, title varchar(50) not null, author varchar(50), price float); 15
  16. 16. INSERT Statement The formal syntax INSERT INTO table_name (column [ , column] …) VALUES (value [, value] …) For example INSERT INTO Books VALUES(11111, J2ME on Symbian OS, Sam, 40); 16
  17. 17. SELECT Statement The formal syntax SELECT [table.]column [ , [table].column] … FROM table [ , table] … [WHERE [table.]column OPERATOR VALUE [AND] OR [table.]column OPERATOR VALUE … [ORDER BY [table.]column [DESC] [ ,[table.]column [DESC}] For example SELECT * FROM Books WHERE ISBN = 11111; 17
  18. 18. DELETE Statement The formal syntax DELETE FROM table_name WHERE column OPERATOR value [AND | OR column OPERATOR value ] … For example DELETE FROM Book WHERE ISBN = 11111; 18
  19. 19. Steps of Using JDBC1. Load DB-specific JDBC driver2. Get a Connection object3. Get a Statement object4. Execute queries and/or updates5. Read results6. Read Meta-data (optional step)7. Close Statement and Connection objects 19
  20. 20. 1. Load DB-Specific Database Driver To manually load the database driver and register it with the DriverManager, load its class file – Class.forName(<database-driver>) try { // This loads an instance of the Pointbase DB Driver. // The driver has to be in the classpath. Class.forName("com.mysql.jdbc.Driver"); }catch (ClassNotFoundException cnfe){ System.out.println("" + cnfe); } 20
  21. 21. 2. Get a Connection Object DriverManager class is responsible for selecting the database and and creating the database connection  Using DataSource is a prefered means of getting a conection object Create the database connection as follows:try { Connection connection = DriverManager.getConnection("jdbc:mysql://localhost:3306/test", "root", "root");} catch(SQLException sqle) { System.out.println("" + sqle);} 21
  22. 22. DriverManager & Connection java.sql.DriverManager • getConnection(String url, String user, String password) throws SQLException java.sql.Connection • Statement createStatement() throws SQLException • void close() throws SQLException • void setAutoCommit(boolean b) throws SQLException • void commit() throws SQLException • void rollback() throws SQLException 22
  23. 23. Sub-Topics DataSource interface and DataSource object Properties of a DataSource object JNDI registration of a DataSource object DataSource object that implements Connection pooling 23
  24. 24. javax.sql.DataSource Interface and DataSource Object Driver vendor implements the interface DataSource object is the factory for creating database connections 24
  25. 25. Properties of DataSource Object A DataSource object has properties that can be modified when necessary – these are defined in a containers configuration file  location of the database server  name of the database  network protocol to use to communicate with the server The benefit is that because the data sources properties can be changed, any code accessing that data source does not need to be changed In the GlassFish Application Server, a data source is called a JDBC resource 25
  26. 26. JNDI Registration of a DataSource (JDBC Resource) Object The JNDI name of a JDBC resource is expected in the java:comp/env/jdbc subcontext  For example, the JNDI name for the resource of a BookDB database could be java:comp/env/jdbc/BookDB Because all resource JNDI names are in the java:comp/env subcontext, when you specify the JNDI name of a JDBC resource enter only jdbc/name. For example, for a payroll database, specify jdbc/BookDB 26
  27. 27. Why Connection Pooling? Database connection is an expensive and limited resource  Using connection pooling, a smaller number of connections are shared by a larger number of clients Creating and destroying database connections are expensive operations  Using connection pooling, a set of connections are pre- created and are available as needed basis cutting down on the overhead of creating and destroying database connections 27
  28. 28. Connection Pooling & DataSource DataSource objects that implement connection pooling also produce a connection to the particular data source that the DataSource class represents The connection object that the getConnection method returns is a handle to a PooledConnection object rather than being a physical connection  The application code works the same way 28
  29. 29. 3. Get a Statement Object Create a Statement Object from Connection object • java.sql.Statement – ResultSet executeQuery(string sql) – int executeUpdate(String sql) • Example: Statement statement = connection.createStatement(); The same Statement object can be used for many, unrelated queries 29
  30. 30. 4. Executing Query or Update From the Statement object, the 2 most used commands are – (a) QUERY (SELECT) • ResultSet rs = statement.executeQuery("select * from customer_tbl"); – (b) ACTION COMMAND (UPDATE/DELETE) • int iReturnValue = statement.executeUpdate("update manufacture_tbl set name = ‘IBM where mfr_num = 19985678"); 30
  31. 31. 5. Reading Results Loop through ResultSet retrieving information  java.sql.ResultSet  boolean next()  xxx getXxx(int columnNumber)  xxx getXxx(String columnName)  void close() The iterator is initialized to a position before the first row – You must call next() once to move it to the first row 31
  32. 32. 5. Reading Results (cont.) Once you have the ResultSet, you can easily retrieve the data by looping through it while (rs.next()){ // Wrong this will generate an error String value0 = rs.getString(0); // Correct! String value1 = rs.getString(1); int value2 = rs.getInt(2); int value3 = rs.getInt(“ADDR_LN1"); } 32
  33. 33. 5. Reading Results (cont.) When retrieving data from the ResultSet, use the appropriate getXXX() method • getString() • getInt() • getDouble() • getObject() Thereis an appropriate getXXX method of each java.sql.Types datatype 33
  34. 34. 6. Read ResultSet MetaData and DatabaseMetaData (Optional) Once you have the ResultSet or Connection objects, you can obtain the Meta Data about the database or the query This gives valuable information about the data that you are retrieving or the database that you are using – DatabaseMetaData dbmd = connection.getMetaData(); – ResultSetMetaData rsMeta = rs.getMetaData(); • There are approximately 150 methods in the DatabaseMetaData class. 34
  35. 35. Examplepublic void showDBInfo() {{ public void showDBInfo() try {{ try DatabaseMetaData dbmd == connection.getMetaData(); DatabaseMetaData dbmd connection.getMetaData(); System.out.println("Product: "" ++ dbmd.getDatabaseProductName()); System.out.println("Product: dbmd.getDatabaseProductName()); System.out.println("Version: "" ++ dbmd.getDatabaseProductVersion()); System.out.println("Version: dbmd.getDatabaseProductVersion()); System.out.println ("Stored Procedures: "" ++ System.out.println ("Stored Procedures: dbmd.supportsStoredProcedures()); dbmd.supportsStoredProcedures()); System.out.println("Transactions: "" ++ System.out.println("Transactions: dbmd.supportsTransactions()); dbmd.supportsTransactions()); }} catch (SQLException ex) {{ catch (SQLException ex) ex.getMessage(); ex.getMessage(); }}}} 35
  36. 36. ResultSetMetaData ExampleResultSetMetaData meta = rs.getMetaData();//Return the column countint iColumnCount = meta.getColumnCount();for (int i =1 ; i <= iColumnCount ; i++){ System.out.println(“Column Name: " + meta.getColumnName(i)); System.out.println(“Column Type" + meta.getColumnType(i)); System.out.println("Display Size: " + meta.getColumnDisplaySize(i) ); System.out.println("Precision: " + meta.getPrecision(i)); System.out.println(“Scale: " + meta.getScale(i) );} 36
  37. 37. What Are They? PreparedStatement • SQL is sent to the database and compiled or prepared beforehand CallableStatement • Executes SQL Stored Procedures 37
  38. 38. PreparedStatement Interface To call the same SQL statement multiple times, use a PrepareStatement object. Extend PreparedStatement from Statement class.  public interface PreparedStatement extends Statement Advantage  Using Statement needs to compile every times.  PreparedStatement will compile only once. 38
  39. 39. Example public void insertData() {{ public void insertData() PreparedStatement pstmt; PreparedStatement pstmt; String insertCmd == "INSERT INTO Book VALUES(?,?,?,?)"; String insertCmd "INSERT INTO Book VALUES(?,?,?,?)"; try {{ try pstmt == connection.prepareStatement(insertCmd); pstmt connection.prepareStatement(insertCmd); pstmt.setString(1,"11111"); pstmt.setString(1,"11111"); pstmt.setString(2,"J2ME on Symbian OS"); pstmt.setString(2,"J2ME on Symbian OS"); pstmt.setString(3,"Sam"); pstmt.setString(3,"Sam"); pstmt.setDouble(4,40); pstmt.setDouble(4,40); pstmt.executeUpdate(); pstmt.executeUpdate(); }} catch (SQLException ex) {{ catch (SQLException ex) ex.getMessage(); ex.getMessage(); }}}} 39
  40. 40. CallableStatement The interface used to execute SQL stored procedures A stored procedure is a group of SQL statements that form a logical unit and perform a particular task A CallableStatement object contains a call to a stored procedure; it does not contain the stored procedure itself. The part that is enclosed in curly braces is the escape syntax for stored procedures. CallableStatement cs = connection.prepareCall("{call SHOW_SUPPLIERS}"); ResultSet rs = cs.executeQuery(); 40
  41. 41. JDBC Core API 41
  42. 42. Servlet & JDBC 42
  43. 43. Servlet & JDBC (cont.) 43
  44. 44. Why Session Tracking? Need a mechanism to maintain state across a series of requests from the same user (or originating from the same browser) over some period of time  Example: Online shopping cart Yet, HTTP is stateless protocol  Each time, a client talks to a web server, it opens a new connection  Server does not automatically maintains “conversational state” of a user 44
  45. 45. Session Tracking Use Cases When clients at an on- line store add an item to their shopping cart, how does the server know what’s already in the cart? When clients decide to proceed to checkout, how can the server determine which previously created shopping cart is theirs? 45
  46. 46. A Session Maintains Client Identity and State across multiple HTTP requests Client 1 server Session 1 Session ID 1 Client 2 Session ID 2 Session 2 46
  47. 47. Three “underlying” Session Tracking Mechanisms Cookies URL rewriting Hidden form fields Note that these are just underlying mechanisms of passing “session id”  do not provide high-level programming APIs  do not provide a framework for managing sessions  This is what Servlet Session Tracking feature provides 47
  48. 48. What is HTTP Cookie? Cookie is a small amount of information sent by a servlet to a Web browser Saved by the browser, and later sent back to the server in subsequent requests  A cookie has a name, a single value, and optional attributes  A cookies value can uniquely identify a client Server uses cookies value to extract information about the session from some location on the server 48
  49. 49. Class Cookie 49
  50. 50. Cookies as Session Tracking Mechanism Advantages:  Very easy to implement  Highly customizable  Persist across browser shut-downs Disadvantages:  Often: users turn off cookies for privacy or security reason  Not quite universal browser support 50
  51. 51. URL Rewriting URLs can be rewritten or encoded to include session information. URL rewriting usually includes a session id Example:http://localhost:8080/bookstore1/cashier;jsessionid =c0o7fszeb1 51
  52. 52. URL Rewriting as Session Tracking Mechanism Advantages:  Letuser remain anonymous  They are universally supported(most styles) Disadvantages:  Tediousto rewrite all URLs  Only works for dynamically created documents 52
  53. 53. If Cookie is turned off.. If your application makes use of session objects  you must ensure that session tracking is enabled by having the application rewrite URLs whenever the client turns off cookies  by calling the responses encodeURL(URL) method on all URLs returned by a servlet  This method includes the session ID in the URL only if cookies are disabled; otherwise, it returns the URL unchanged 53
  54. 54. Example: response.encodeURL()out.println("<strong><a href="" + response.encodeURL(request.getContextPath() + "/cashier") + ""></a></strong>"); If cookies are turned off  http://localhost:8080/bookstore1/cashier;jsessionid=c0o7fszeb1 If cookies are turned on  http://localhost:8080/bookstore1/cashier 54
  55. 55. Hidden Form Fields Hidden form fields do not display in the browser, but can be sent back to the server by submit<INPUT TYPE=”HIDDEN” NAME=”session” VALUE=”...”> Fields can have identification (session id) or just some thing to remember (occupation) Servlet reads the fields using req.getParameter() 55
  56. 56. Hidden Form Fields as Session Tracking Mechanism Advantages:  Universally supported.  Allow anonymous users Disadvantages:  Only works for a sequence of dynamically generated forms.  Breaks down with static documents, emailed documents, bookmarked documents.  No browser shutdowns. 56
  57. 57. HttpSession Toget a users existing or new session object:  HttpSession session = request.getSession(true);  "true" means the server should create a new session object if necessary  HttpSession is Java interface  Container creates a object of HttpSession type 57
  58. 58. Example: Getting HttpSession Objectpublic class CatalogServlet extends HttpServlet { public void doGet (HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // Get the users session and shopping cart HttpSession session = request.getSession(true); ... out = response.getWriter(); ... } } ... 58
  59. 59. HttpSession Java Interface Contains Methods to  View and manipulate information about a session, such as the session identifier, creation time, and last accessed time  Bind objects to sessions, allowing user information to persist across multiple user connections 59
  60. 60. HttpSession Methods getId()  Returns the unique identifier isNew()  Determines if session is new to client (not page) getCreationTime()  Returns time at which session was first created getLastAccessedTime()  Returns time at which the session was last sent from the client invalidate()  Invalidate the session and unbind all objects associated with it 60
  61. 61. Store and Retrieve of Attribute To stores values:  session.setAttribute("cart", cart); To retrieves values:  session.getAttribute("cart"); 61
  62. 62. Session Timeout Used when an end-user can leave the browser without actively closing a session Sessions usually timeout after 30 minutes of inactivity  Product specific  A different timeout may be set by server admin getMaxInactiveInterval(), setMaxInactiveInterval() methods of HttpSession interface  Gets or sets the amount of time, session should go without access before being invalidated 62
  63. 63. Issues with “Stale” Session Objects The number of “stale” session objects that are in “to be timed out” could be rather large Example  1000 users with average 2 minutes session time, thus 15000 users during the 30 minutes period  4K bytes of data per session  15000 sessions * 4K -= 60M bytes of session data  This is just for one Web application Could have an performance impact  Use the data space in Session object with care 63
  64. 64. Session Invalidation Can be used by servlet programmer to end a session proactively  when a user at the browser clicks on “log out” button  when a business logic ends a session (“checkout” page in the example code in the following slide) public void invalidate()  Expire the session and unbinds all objects with it Caution  Remember that a session object is shared by multiple servlets/JSP- pages and invalidating it could destroy data that other servlet/JSP- pages are using 64
  65. 65. Example: Invalidate a Session public class ReceiptServlet extends HttpServlet { public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { ... scart = (ShoppingCart) session.getAttribute("examples.bookstore.cart"); ... // Clear out shopping cart by invalidating the session session.invalidate(); // set content type header before accessing the Writer response.setContentType("text/html"); out = response.getWriter(); ... }} 65
  66. 66. Scope Objects Enables sharing information among collaborating web components via attributes maintained in Scope objects  Attributes are name/object pairs Attributes maintained in the Scope objects are accessed with  getAttribute() & setAttribute() 4 Scope objects are defined  Web context, session, request, page 66
  67. 67. Four Scope Objects: Accessibility Web context (ServletContext)  Accessible from Web components within a Web context Session  Accessible from Web components handling a request that belongs to the session Request  Accessible from Web components handling the request Page  Accessible from JSP page that creates the object 67
  68. 68. Four Scope Objects: Class Web context  javax.servlet.ServletContext Session  javax.servlet.http.HttpSession Request  javax.servlet.http.HttpServletRequest Page  javax.servlet.jsp.PageContext 68
  69. 69. Session, Application ScopeClient 1 server Session 1 Session ID 1 Client 2 Session ID 2 Session 2 Client 1 server application Client 2
  70. 70. Session, Request, Page Scope client request response request response Page 1 forward Page 2 Page 3 Page 4 forwardPage scope Page scope Page scope Page scope request scope request scope Session scope
  71. 71. Scope of Objects 71
  72. 72. What is ServletContext For? Used by servlets to  Set and get context-wide (application-wide) object- valued attributes  Get request dispatcher  To forward to or include web component  Access Web context-wide initialization parameters set in the web.xml file  Access Web resources associated with the Web context  Log  Access other misc. information 72
  73. 73. Scope of ServletContext Context-wide scope  Shared by all servlets and JSP pages within a "web application"  Why it is called “web application scope”  A "web application" is a collection of servlets and content installed under a specific subset of the servers URL namespace and possibly installed via a *.war file  All servlets in BookStore web application share same ServletContext object  There is one ServletContext object per "web application" per Java Virtual Machine 73
  74. 74. Example: Getting Attribute Value from ServletContextpublic class CatalogServlet extends HttpServlet { private BookDB bookDB; public void init() throws ServletException { // Get context-wide attribute value from // ServletContext object bookDB = (BookDB)getServletContext(). getAttribute("bookDB"); if (bookDB == null) throw new UnavailableException("Couldnt get database."); }} 74
  75. 75. What is Servlet Request? Contains data passed from client to servlet All servlet requests implement ServletRequest interface which defines methods for accessing  Client sent parameters  Object-valued attributes  Locales  Client and server  Input stream  Protocol information  Content type  If request is made over secure channel (HTTPS) 75
  76. 76. Requestsdata,client, server, headerservlet itself Request Servlet 1 Servlet 2 Response Servlet 3 Web Server 76
  77. 77. Servlet Lifecycle Events Support event notifications for state changes in  ServletContext  Startup/shutdown  Attribute changes  HttpSession  Creationand invalidation  Changes in attributes 77
  78. 78. Listener Interfaces ServletContextListener  contextInitialized/Destroyed(ServletContextEvent) ServletContextAttributeListener  attributeAdded/Removed/Replaced(ServletContextAttributeEvent) HttpSessionListener  sessionCreated/Destroyed(HttpSessionEvent) HttpSessionAttributeListener  attributedAdded/Removed/Replaced(HttpSessionBindingEvent) HttpSessionActivationListener  Handles sessions migrate from one server to another  sessionWillPassivate(HttpSessionEvent)  sessionDidActivate(HttpSessionEvent) 78
  79. 79. Listener Registration Web container  creates an instance of each listener class  registers it for event notifications before processing first request by the application  Registers the listener instances according to  the interfaces they implement  the order in which they appear in the deployment descriptor web.xml Listeners are invoked in the order of their registration during execution 79
  80. 80. Steps for Implementing Servlet Lifecycle Event1. Decide which scope object you want to receive an event notification2. Implement appropriate interface3. Override methods that need to respond to the events of interest4. Obtain access to important Web application objects and use them5. Configure web.xml accordingly6. Provide any needed initialization parameters 80
  81. 81. Example: Context Listenerpublic final class ContextListener implements ServletContextListener { private ServletContext context = null; public void contextInitialized(ServletContextEvent event) { context = event.getServletContext(); try { BookDB bookDB = new BookDB(); context.setAttribute("bookDB", bookDB); } catch (Exception ex) { context.log("Couldnt create bookstore database bean: " + ex.getMessage()); } Counter counter = new Counter(); context.setAttribute("hitCounter", counter); counter = new Counter(); context.setAttribute("orderCounter", counter); } 81
  82. 82. Example: Context Listener public void contextDestroyed(ServletContextEvent event) { context = event.getServletContext(); BookDB bookDB =(BookDB)context.getAttribute("bookDB"); bookDB.remove(); context.removeAttribute("bookDB"); context.removeAttribute("hitCounter"); context.removeAttribute("orderCounter"); }} 82
  83. 83. Listener Configuration<web-app> <display-name>Bookstore1</display-name> <description>no description</description> <filter>..</filter> <filter-mapping>..</filter-mapping> <listener> <listener-class>listeners.ContextListener</listener-class> </listener> <servlet>..</servlet> <servlet-mapping>..</servlet-mapping> <session-config>..</session-config> <error-page>..</error-page> ...</web-app> 83
  84. 84. What are Java Servlet Filters? New component framework for intercepting and modifying requests and responses  Filters can be chained and plugged in to the system during deployment time Allows range of custom activities:  Marking access, blocking access  Caching, compression, logging  Authentication, access control, encryption Introduced in Servlet 2.3 (Tomcat 4.0)  Content transformations 84
  85. 85. What Can a Filter Do? Examine the request headers Customize the request object if it wishes to modify request headers or data Customize the response object if it wishes to modify response headers or data Invoke the next entity in the filter chain Examine response headers after it has invoked the next filter in the chain Throw an exception to indicate an error in processing 85
  86. 86. How Servlet Filter Work? Servlet ServletContainer Filter Chain Filter 1 Filter 2 Filter N doFilter( User Servlet service( ServletRequest, implemented container ServletRequest, filters filter ServletResponse, FilterChain) ServletResponse) 86
  87. 87. javax.servlet.Filter Interface init(FilterConfig)  called only once when the filter is first initialized  get ServletContext object from FilterConfig object and save it somewhere so that doFilter() method can access it  read filter initialization parameters from FilterConfig object through getInitParameter() method destroy()  called only once when container removes filter object  close files or database connections 87
  88. 88. How Filter Chain Works Multiple filters can be chained  order is dictated by the order of <filter> elements in the web.xml deployment descriptor The first filter of the filter chain is invoked by the container  via doFilter(ServletRequest req, ServletResponse res, FilterChain chain)  the filter then perform whatever filter logic and then call the next filter in the chain by calling chain.doFilter(..) method The last filters call to chain.doFilter() ends up calling service() method of the Servlet 88
  89. 89. Steps for Building a Servlet Filter Decide what custom filtering behavior you want to implement for a web resource Create a class that implements Filter interface  Implement filtering logic in the doFilter() method  Call the doFilter() method of FilterChain object Configure the filter with Target servlets and JSP pages  use <filter> and <filter-mapping> elements 89
  90. 90. Example: HitCounterFilterpublic final class HitCounterFilter implements Filter { private FilterConfig filterConfig = null; public void init(FilterConfig filterConfig) throws ServletException { this.filterConfig = filterConfig; } public void destroy() { this.filterConfig = null; } // Continued in the next page... 90
  91. 91. Example: HitCounterFilter public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { if (filterConfig == null) return; StringWriter sw = new StringWriter(); PrintWriter writer = new PrintWriter(sw); Counter counter = (Counter) filterConfig.getServletContext().getAttribute("hitCounter"); writer.println("The number of hits is: " + counter.incCounter()); // Log the resulting string writer.flush(); filterConfig.getServletContext().log(sw.getBuffer().toString()); ... chain.doFilter(request, wrapper); ... }} 91
  92. 92. HitCounterFilter Configuration<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd><web-app> <display-name>Bookstore1</display-name> <description>no description</description> <filter> <filter-name>HitCounterFilter</filter-name> <filter-class>filters.HitCounterFilter</filter-class> </filter> <filter-mapping> <filter-name>HitCounterFilter</filter-name> <url-pattern>/enter</url-pattern> </filter-mapping> ... 92
  93. 93. Configuration in web.xml <filter>  <filter-name>: assigns a name of your choosing to the filter  <filter-class>: used by the container to identify the filter class </filter> <filter-mapping>  <filter-name>: assigns a name of your choosing to the filter  <url-pattern>: declares a pattern URLs (Web resources) to which the filter applies </filter-mapping> 93
  94. 94. Concurrency Issues on a Servlet The service() method of a servlet instance can be invoked by multiple clients (multiple threads) Servlet programmer has to deal with concurrency issue  shared data needs to be protected  this is called “servlet synchronization” use of synchronized block 94
  95. 95. Many Threads, One Servlet Instance Web Serverrequest threadrequest threadrequest thread Servlet threadrequest threadrequest Servlet container 95
  96. 96. Use of synchronized block Synchronized blocks are used to guarantee only one thread at a time can execute within a section of code synchronized(this) { myNumber = counter + 1; counter = myNumber; } ... synchronized(this) { counter = counter + 1 ; } 96
  97. 97. Thank you thananum@gmail.comwww.facebook.com/imcinstitute www.imcinstitute.com 97

×