SSC - Web applications and development Introduction and Java Servlet (II)



Similar documents
Java Servlet 3.0. Rajiv Mordani Spec Lead

Servlet 3.0. Alexis Moussine-Pouchkine. mercredi 13 avril 2011

PowerTier Web Development Tools 4

Web Applications. Originals of Slides and Source Code for Examples:

A detailed walk through a CAS authentication

PowerLink for Blackboard Vista and Campus Edition Install Guide

INTRODUCTION TO WEB TECHNOLOGY

2.8. Session management

Crawl Proxy Installation and Configuration Guide

Managing Data on the World Wide-Web

The Server.xml File. Containers APPENDIX A. The Server Container

Web Container Components Servlet JSP Tag Libraries

Web Applications. For live Java training, please see training courses at

Controlling Web Application Behavior

SSO Plugin. HP Service Request Catalog. J System Solutions. Version 3.6

Creating Java EE Applications and Servlets with IntelliJ IDEA

Struts 2 - Practical examples

On-campus Tomcat Deployment Client

Java Web Programming. Student Workbook

Web Application Architecture (based J2EE 1.4 Tutorial)

Working With Virtual Hosts on Pramati Server

Piotr Nowicki's Homepage. Java EE 6 SCWCD Mock Exam. "Simplicity is the ultimate sophistication." Important!

Introduction to J2EE Web Technologies

Server Setup and Configuration

Course Name: Course in JSP Course Code: P5

Java Servlet and JSP Programming. Structure and Deployment China Jiliang University

Web Development on the SOEN 6011 Server

THE OPEN UNIVERSITY OF TANZANIA

Ch-03 Web Applications

Lecture 11 Web Application Security (part 1)

Application Security

CS108, Stanford Handout #33 Young. HW5 Web

Developing Web Applications using JavaServer Pages and Servlets

Active Directory Integration for Greentree

In this chapter, we lay the foundation for all our further discussions. We start

Building Java Servlets with Oracle JDeveloper

Complete Java Web Development

Securing a Web Service

Please send your comments to:

11.1 Web Server Operation

Enrollment Process for Android Devices

Release Notes Date: September 2013

Programming on the Web(CSC309F) Tutorial: Servlets && Tomcat TA:Wael Aboelsaadat

Getting Started with Web Applications

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE

Configuration Guide - OneDesk to SalesForce Connector

Deploying RSA ClearTrust with the FirePass controller

Tableau Server Trusted Authentication

Using weblock s Servlet Filters for Application-Level Security

Technical White Paper - JBoss Security

SSC - Web development Model-View-Controller for Java web application development

Using Foundstone CookieDigger to Analyze Web Session Management

Table of Contents. Open-Xchange Authentication & Session Handling. 1.Introduction...3

Recommended readings. Lecture 11 - Securing Web. Applications. Security. Declarative Security

JBoss SOAP Web Services User Guide. Version: M5

Virtual Code Authentication User s Guide. June 25, 2015

Check list for web developers

Exam Prep. Sun Certified Web Component Developer (SCWCD) for J2EE Platform

DreamFactory on Microsoft SQL Azure

Configuring Single Sign-on for WebVPN

Hello World Portlet Rendered with JSP for WebSphere Portal Version 4.1

JusticeConnect AVL for Windows SETUP GUIDE

HP OpenView Service Desk Version 3.0

Webmail Using the Hush Encryption Engine

Sophos Mobile Control Startup guide. Product version: 3

Deploying Intellicus Portal on IBM WebSphere

CIS 455/555: Internet and Web Systems

Authentication Methods

Web Application Programmer's Guide

Volume 1: Core Technologies Marty Hall Larry Brown. An Overview of Servlet & JSP Technology

WebNow. Installation and Setup Guide. ImageNow Version: 6.7.x Environment: Windows Web Application Server: Tomcat

Livezilla How to Install on Shared Hosting By: Jon Manning

Alert Notification of Critical Results (ANCR) Public Domain Deployment Instructions

Oracle Forms Services Secure Web.Show_Document() calls to Oracle Reports Server 6i

Manual. Netumo NETUMO HELP MANUAL Copyright Netumo 2014 All Rights Reserved

How To Understand The Architecture Of Java 2Ee, J2Ee, And J2E (Java) In A Wordpress Blog Post

EVALUATION ONLY. WA2088 WebSphere Application Server 8.5 Administration on Windows. Student Labs. Web Age Solutions Inc.

Sophos Mobile Control Startup guide. Product version: 3.5

Tableau Server Trusted Authentication

An Overview of Servlet & JSP Technology

JVA-122. Secure Java Web Development

Application Security Policy

ServletExec TM 5.0 User Guide

Cofred Automated Payments Interface (API) Guide

3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management

BAPI. Business Application Programming Interface. Compiled by Y R Nagesh 1

Using Internet or Windows Explorer to Upload Your Site

Remote Desktop Solution, (RDS), replacing CITRIX Home Access

Pierce County IT Department GIS Division Xuejin Ruan Dan King

Oracle Hyperion Financial Management Custom Pages Development Guide

Saferpay Implementation Guide

Installation Manual YAWL in the Cloud

Configuring Web services

Configuring Integrated Windows Authentication for JBoss with SAS 9.2 Web Applications

vcommander will use SSL and session-based authentication to secure REST web services.

Transcription:

SSC - Web applications and development Introduction and Java Servlet (II) Shan He School for Computational Science University of Birmingham Module 06-19321: SSC

Outline Outline of Topics Servlet Configuration Two examples of servlets Java severlet RequestDispatcher interface Java severlet Session Management

Servlet Configuration Java Web App Directory Layout A Java web application requires its resources (servlets, JSP s etc.) organised in a standardized way The Root Directory: all files that should be accessible in your web application, including images, html files, etc. The WEB-INF Directory: meta information directory not accessible from a browser web.xml: contains information about the web application, which is used by the Java web server / servlet container in order to properly deploy and execute the web application classes sub-directory: contains all compiled Java classes that are part of your web application. lib sub-directory: contains all JAR files used by your web application.

Servlet Configuration Java Web App Directory Layout MyServlet welcome.jsp Index.html META-INF WEB-INF web.xml classes myservlet.class lib Javamail.jar

Servlet Configuration Annotation Type WebServlet Java servlet is not accessible if you don t configure your servlet container You need to tell your servlet container: what servlets to deploy, what URL s to map the servlets to This is done by web.xml: web application deployment descriptor

Servlet Configuration Configuring and Mapping a Servlet Step 1: configure the servlet to set the servlet name, and to write the class name of the servlet: <servlet> <servlet-name> myservlet </servlet-name> <servlet-class> MyServlet.myservlet </servlet-class> </servlet> Step 2: map the servlet to a URL or URL pattern: <servlet-mapping> <servlet-name>myservlet</servlet-name> <url-pattern>*.html</url-pattern> </servlet-mapping> e.g., all URL s ending in.html are sent to myservlet

Servlet Configuration Servlet 3.0 Annotations Enables declarative-style programming: simply annotating the class with appropriate annotations, e.g., @WebServlet Make deployment descriptors (web.xml) optional for a web application (but you still need it for welcome page) Example: @WebServlet( urlpatterns = { "*.html" }) public class myservlet extends HttpServlet { or simply @WebServlet("*.html") public class myservlet extends HttpServlet { Click here to read more about Servlet 3.0 Annotations

Two examples of servlets Two examples of servlets To illustrate servlet configuration and the interactions between sevelet and webpages One uses doget and the other uses dopost

Java severlet RequestDispatcher interface What is a RequestDispatcher interface RequestDispatcher interface: Defines an object that receives requests from the client and sends them to any resource (such as a servlet, HTML file, or JSP file) on the server. Enables your servlet to call other servlet, HTML file, or JSP file and also pass the request and response Essentially a RequestDispatcher object is created by the servelt container by wrapper around a server resource located at a particular path or given by a particular name. Two methods in the RequestDispatcher interface: forward() : Forwards a request from a servlet to another resource on the server. include() : Includes the content of a resource in the response.

Java severlet RequestDispatcher interface Difference between forward() and include() forward() : control is transferred to the next resource you are calling, the next resource will send response to the client browser include() : current servlet retains its control but includes the response sent back by the called resource

Java severlet RequestDispatcher interface forward() method forward Request Servlet 1 Servlet 2 Response Generate response Send response to the browser Response

Java severlet RequestDispatcher interface include() method include Request Send to the browser Servlet 1 Servlet 2 Response to be included in Servlet 1 Final Response Response

Java severlet Session Management What is a session and why use it? Session: a conversation between client and server and it can consists of multiple request and response between them HTTP protocol and Web Servers are stateless: for web server every request is a new request, even it is the same request from the same client Web applications sometimes require the client information to process the request accordingly: Example 1: After login with your correct authentication credential, how does the server remember you have logged in? Example 2: When you add an entry to your cart, how does the server know what you have added earlier? We need to make the server remember what the user entered before.

Java severlet Session Management Session ID Session ID: a piece of data that is used in HTTP to identify a session Client store the session ID, while the server associate that ID with other client information such as a user name Steps: Step 1: Client start a session, e.g., requests a page Step 2: Server allocates a random session ID upon the request also store the user information Step 3: Session ID is then communicated back to the client Step 4: If the client sends subsequent requests, it also sends back the same session ID Step 5: The server decide whether the session has expired Step 6: If not expired, the server associates the user information with that session ID and response to the requests

Java severlet Session Management How to associate user information with ID Three typical ways of associate user information with ID: Hidden form fields: a unique hidden field in the HTML of which the server can set its value to the session ID and keep track of the session Drawback 1: form with the hidden field must be submitted every time when the request is made from client to server. Drawback 2: Not secure: hacker can get the hidden field value from the HTML source and use it to hack the session. Cookies: a small piece of information that is sent from the server and stored in the client s browser. When client make further request, it adds the cookie to the request header and we can utilize it to keep track of the session URL Rewriting: Appends a session identifier parameter with every request and response to keep track of the session.

Java severlet Session Management How to associate user information using cookies? Client Login Post Username=GWBush Password=1+1=3 Set Cookie: SESSIONID=24D644 2B89D1B65FECF1C 8D9FC2232D0 Server Login successful? 1. Create session ID 2. Return session ID in a cookie 3. Store session ID in a database Session ID Username CreatedTime ExpiredTime LassAccessTime Cookie: SESSIONID=24D644 2B89D1B65FECF1C 8D9FC2232D0 Lookup session ID Session still valid? Database Content for GWBush

Java severlet Session Management How to use sessions in Servlet? Java Sevlet session management provides functions to: Transmit the session ID from server to client and vice versa; Select stored session IDs; Store associated objects/data with each session and check for session expiry. The Java Sevlet session management can use HttpSession class, which essentially uses cookies, or directly use Cookie class, or URL rewriting HttpSession class provides methods to manage Sessions: getsession(true) : create a new session object getsession() : returns the session object associated with the current request setattribute / getattribute : storing/retrieve information in a session invalidate() : discarding completed or abandoned sessions

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information