Middleware and Web Services Lecture : Application Server doc. Ing. Tomáš Vitvar, Ph.D. tomas@vitvar.com @TomasVitvar http://vitvar.com Czech Technical University in Prague Faculty of Information Technologies Software and Web Engineering http://vitvar.com/courses/mdw Modified: Wed Aug 0 0, :: Humla v0.. Application Server Environment that runs an application logic Client communicates with AS via an application protocol Terminology Application Server Web Server HTTP Server AS is a modular environment; provides technology to realize enterprise systems AS contains a Web server/http server We will use AS, Web/HTTP server interchangeably Two major models to realize AS Blocking I/O (also called synchronous I/O) Non-blocking I/O (also called asynchronous I/O) Two technologies we will look at Node.js runs server-side JavaSript Java Enterprise Edition (JEE) servlet technology Lecture : Application Server, CTU Winter Semester 0/0, @TomasVitvar
Overview Blocking and Non-Blocking I/O Application Protocols Introduction to HTTP Introduction to JEE Lecture : Application Server, CTU Winter Semester 0/0, @TomasVitvar Blocking I/O Model The server creates a thread for every connection For example, K connections = K threads, big overhead Characteristics the thread is reserved for the connection When processing of the request requires other interactions with DB/FS or network communication is slow scales very bad as the thread's execution is "blocked" Lecture : Application Server, CTU Winter Semester 0/0, @TomasVitvar
Non-Blocking I/O Model Connections maintained by the OS, not the Web app The Web app registers events, OS triggers events when occur Characteristics Event examples: new connection, read, write, closed The app may create working threads, but controls the number! much less number of working threads as opposed to blocking I/O Lecture : Application Server, CTU Winter Semester 0/0, @TomasVitvar Node.js Node.js Emerging Web server technology, very efficient and fast! Event-driven I/O framework, based on JavaScript V engine Only one worker thread Open sourced, @GitHub, many libraries Future platform for Web.0 apps Every I/O as an event reading and writing from/to files reading and writing from/to sockets //pseudocode;askforthelasteditedtimeofafile stat('somefile',function(result){ //usetheresulthere }); We will use it throughout the course for examples good to demonstrate underlying Web services concepts Lecture : Application Server, CTU Winter Semester 0/0, @TomasVitvar
Quick JavaScript Intro Objects and Arrays (~ JSON) 0 //objectsfkey/valuepairs varobj={name:"tomas",mainfcity:"innsbruck",value:}; obj.name="peter";//assignthenamepropertyanothervalue obj["mainfcity"]="prague";//anotherwaytoaccessobject'svalues;it'snotanarray! //arrays vara=["tomas","peter","alice"]; for(vari=0;i<a.length;i++) //dosomethingwitha[i] //combinationsofarraysandobjects varobj_a=[ {name:"tomas",city:"innsbruck"}, {name:"peter",city:"prague"}, {name:"alice",cities:["prague","brno"]}]; for(vari=0;i<obj_a.length;i++) //dosomethingwithobj_a[i].name,... Functions //assignafunctiontoavarialbe varminus=function(a,b){ returnafb; } //callthefunction; //nowyoucanpass'minus'asaparametertoanotherfunction varr=minus(,); Lecture : Application Server, CTU Winter Semester 0/0, @TomasVitvar Quick JavaScript Intro (Cont.) Function Callbacks You can use them to handle asynchronous events occurrences 0 //functionreturnstheresultthroughacallback,notdirectly; //thisisnotanonfblockigi/o,justdemonstrationofthecallback functionadd(a,b,callback){ callback(a+b); } //assignthecallbacktoavariable varprint=function(result){ console.log(result); }; //callthefunctionwithcallbackasaparameter add(,,print); Functions as values in object 0 varobj={ data:[,,"tomas","alice",], getindexdof:function(val){ for(vari=0;i<this.data.length;i++) if(data[i]==val) returni; returnf; } } obj.getindexof();//willreturn Lecture : Application Server, CTU Winter Semester 0/0, @TomasVitvar
Overview Blocking and Non-Blocking I/O Application Protocols Synchronous and Asynchronous Communication Simple Protocol Example Introduction to HTTP Introduction to JEE Lecture : Application Server, CTU Winter Semester 0/0, @TomasVitvar Application Protocols Remember this App protocols mostly on top of the TCP Layer use TCP socket for communication Major protocols HTTP most of the app protocols layered on HTTP wide spread, but: implementors often break HTTP semantics RMI Remote Method Invocation Java-specific, rather interface may use HTTP underneath (among other things) XML-RPC Remote Procedure Call and SOAP Again, HTTP underneath WebSocket new protocol part of HTML Lecture : Application Server, CTU Winter Semester 0/0, @TomasVitvar 0
Socket Handshaking (connection establishment) The server listens at [dst_ip,dsp_port] Three-way handshake: the client at [src_ip,src_port] sends a connection request the server responds the client acknowledges the response, can send data along Result is a socket (virtual communication channel) with unique identification: socket=[src_ip,src_port;dst_ip,dst_port] Data transfer (resource usage) Client/server writes/reads data to/from the socket TCP features: reliable delivery, correct order of packets, flow control Connection close Lecture : Application Server, CTU Winter Semester 0/0, @TomasVitvar Addressing in Application Protocol IP addressing: IP is an address of a machine interface A machine can have multiple interfaces TCP addressing: TCP port is an address of an app running on a machine Multiple applications with different TCP ports may run on a machine Application addressing Additional mechanisms to address entities within an application They are outside of scope of IP/TCP, they are app specific for example, HTTP handles multiple resources in Web application, multiple Web applications served by a single Web server (see Serving HTTP Request) Lecture : Application Server, CTU Winter Semester 0/0, @TomasVitvar
Overview Blocking and Non-Blocking I/O Application Protocols Synchronous and Asynchronous Communication Simple Protocol Example Introduction to HTTP Introduction to JEE Lecture : Application Server, CTU Winter Semester 0/0, @TomasVitvar Synchronous/Asynchronous Communication Synchronous one socket, t req t res is small easy to implement and deploy, only standard firewall config only the server defines endpoint Asynchronous request, response each has socket, client and server define endpoints t req t res can be large (hours, even days) harder to do across network elements (private/public networks issue) Lecture : Application Server, CTU Winter Semester 0/0, @TomasVitvar
Public/Private Network Configuration Adds complexity to configuration of application Config example at server with eth0=..00. (iptables) #enableipforwardingfromoneinterfacetoanotherwithinlinuxcore echo>/proc/sys/net/ipv/ip_forward #redirectallcommunicationcommingtotcp/000to...:000 iptablesftnatfapreroutingfieth0fptcpffdport000fjdnat\ FFtoFdest...FFtoFport000 Lecture : Application Server, CTU Winter Semester 0/0, @TomasVitvar Demilitarized Zones DMZ = Demilitarized Zone subnet within an organization's network on a public network special care of security enforced through internal policies For example: no access to all live data, subsets copied in batches frequent monitoring mechanisms to "fool" attackers Lecture : Application Server, CTU Winter Semester 0/0, @TomasVitvar
Overview Blocking and Non-Blocking I/O Application Protocols Synchronous and Asynchronous Communication Simple Protocol Example Introduction to HTTP Introduction to JEE Lecture : Application Server, CTU Winter Semester 0/0, @TomasVitvar ASCII Communication Example simple TCP Socket protocol in NodeJS functions (verbs): add and bye data syntax: add "^[0F]+[0F]+$", bye "^$" (regular grammars) data semantics: add decimal numbers, bye none process: transitions S add S, S bye S0, where S0, S are states such that S=connectionestablished, S0=connectionclosed. 0 0 varnet=require('net'); //createstheserverandwaitsforincomingconnection varserver=net.createserver(function(stream){ stream.write('verbs:addab,bye.\r\n'); //eventwhennewdatainthesocketisavailable stream.on('data',function(data){ //convertsbuffertostring,stripoutthe\r\nchars varmessage=newstring(data.slice(0,data.lengthf)); //checksforthecorrectformatoftheaddmessage if(n=message.match("^add([0f]+)([0f]+)$")) stream.write("theresultis:"+ (parseint(n[])+parseint(n[]))+"\r\n"); else if(message.match("^bye$"))stream.end("goodbye!\r\n"); elsestream.write("donotunderstand:"+message+"\r\n"); }); }).listen(00,'0.0.0.0');? Lecture : Application Server, CTU Winter Semester 0/0, @TomasVitvar
Testing Many app protocols communicate in plain text messages in ASCII or Base encoded (printable chars only) this allows to test them just with Telnet Telnet not need to know any protocol-specific semantics only opens, reads/writes, and closes the socket Testing our protocol 0 #openthesocketusingtelnetbutfirstdigfordnslookup telnet$(digvitvar.com+short)00 Trying... ConnectedtoecFFFF.euFwestF.compute.amazonaws.com. Escapecharacteris'^]'. Verbs:addab,bye. add Theresultis: minus Donotunderstand:minus bye Goodbye! Lecture : Application Server, CTU Winter Semester 0/0, @TomasVitvar Overview Blocking and Non-Blocking I/O Application Protocols Introduction to HTTP State Management Persistent Communication and Pipelining Introduction to JEE Lecture : Application Server, CTU Winter Semester 0/0, @TomasVitvar 0
Hypertext Transfer Protocol HTTP Application protocol, basis of Web architecture Part of HTTP, URI, and HTML family Request-response protocol One socket for single request-response original specification have changed due to performance issues many concurrent requests overhead when establishing same connections HTTP. offers persistent connection and pipelinening HTTP is stateless Multipe HTTP requests cannot be normally related at the server "problems" with state management REST goes back to the original HTTP idea Lecture : Application Server, CTU Winter Semester 0/0, @TomasVitvar HTTP Request and Response Request Syntax methodurihttpfversion<crlf> (header:value<crlf>)* <crlf> [data] Response Syntax httpfversionresponsefcode[message]<crlf> (header:value<crlf>)* <crlf> [data] Semantics of terms method="get" "POST" "DELETE" "PUT" "HEAD" "OPTIONS" uri=[path][";"params]["?"query] httpfversion="http/.0" "HTTP/." responsefcode=validresponsecode header:value=validhttpheaderanditsvalue data=resourcestaterepresentation(hypertext) Lecture : Application Server, CTU Winter Semester 0/0, @TomasVitvar
Serving HTTP Request IP and TCP addressing. User enters URL http://company.cz:00/orders to the browser. Browser gets an IP address for company.cz, IP:.... Browser and Web Server creates a socket [..00.:;...:00] Application addressing. Browser sends HTTP request, that is, writes following data to the socket GET/ordersHTTP/. Host:company.cz. Web server passes the request to the web application company.cz which serves GETorders and that writes a response back to the socket. Lecture : Application Server, CTU Winter Semester 0/0, @TomasVitvar HTTP Server in Node.js HTTP Server implementation server running at..., port 00. 0 //httplibrary varhttp=require("http"); http.createserver(function(req,res){ //checkthevalueofhostheader if(req.headers.host=="company.cz"){ res.writehead(0,"contentftype:text/plain"); res.end("thisistheresponse..."); }else; //handleenterprise.comapplogic... }).listen('0.0.0.0',00); Test it using Telnet telnet...00 #...linesomittedduetobrevity GET/ordersHTTP/. Host:company.cz HTTP/.0OK ContentFType:plain/text Thisistheresponse... Lecture : Application Server, CTU Winter Semester 0/0, @TomasVitvar
Better Support for HTTP Testing Use curl to test HTTP protocol Usage:curl[options...]<url> FX/FFrequest<command>Specifyrequestcommandtouse FH/FFheader<line>Customheadertopasstoserver Fd/FFdata<data>HTTPPOSTdata Fb/FFcookie<name=string/file>Cookiestringorfiletoreadcookiesfrom Fv/FFverboseMaketheoperationmoretalkative Example 0 curlfvfh"host:company.cz"... *Abouttoconnect()to...port0 *Trying...connected *Connectedto...port0 >GET/HTTP/. >UserFAgent:curl/.0.0(iFappleFdarwin0..)libcurl/.0.0OpenSSL/0.. >Accept:*/* >Host:company.cz > <HTTP/.0OK <Connection:keepFalive <ContentFType:plain/text < <Thisistheresponse... Lecture : Application Server, CTU Winter Semester 0/0, @TomasVitvar Overview Blocking and Non-Blocking I/O Application Protocols Introduction to HTTP State Management Persistent Communication and Pipelining Introduction to JEE Lecture : Application Server, CTU Winter Semester 0/0, @TomasVitvar
State Management HTTP is a stateless protocol original design No information to relate multiple interactions at server-side Except Authorization header is copied in every request IP addresses do not work, one public IP can be shared by multiple clients Solutions to check for a valid state at server-side Cookies obvious and the most common workaround RFC 0 HTTP State Management Mechanism Allow clients and servers to talk in a context called sessions Hypertext original HTTP design principle App states represented by resources (hypermedia), links define transitions between states Adopted by the REST principle statelessness Lecture : Application Server, CTU Winter Semester 0/0, @TomasVitvar Interaction with Cookies Request-response interaction with cookies Session is a logical channel maintained by the server Stateful Server Server remembers the session information in a server memory Server memory is a non-persistent storage, when server restarts the memory content is lost! Lecture : Application Server, CTU Winter Semester 0/0, @TomasVitvar
Set-Cookie and Cookie Headers SetFCookie response header setfcookie="setfcookie:"cookie(","cookie)* cookie=name"="value(";"cookiefav)* cookiefav="comment""="value "Domain""="value "MaxFAge""="value "Path""="value domain a domain for which the cookie is applied MaxFAge number of seconds the cookie is valid Path URL path for which the cookie is applied Cookie request header. A client sends the cookie in a request if: domain matches the origin server's fully-qualified host name path matches a prefix of the request-uri MaxFAge has not expired cookie="cookie:"cookiefvalue(";"cookiefvalue)* cookiefvalue=name"="value[";"path][";"domain] path="$path""="value domain="$domain""="value domain, and path are values from corresponding attributes of the SetFCookie header Lecture : Application Server, CTU Winter Semester 0/0, @TomasVitvar Object for session management 0 0 varsessions={ //propertytoholdallsessionsfromallclients sessions:{}, //returnsthesessiondatabasedontheinformationinthecookie getsession:function(req){ varsid; //getthesessionidfromthecookie if(req.headers.cookie(p=req.headers.cookie.match( ".*sessionfid=([afzafz0f]+).*"))) sid=p[]; if(!sid!this.sessions[sid]) //createthesessionidmdhash;maximumof000connections //fromasingleip sid=require("crypto").createhash('md').update( req.connection.remoteaddress+ (Math.floor(Math.random()*))).digest("hex"); //returnthesessiondata; //createtheemptyobjectifdatadoesnotexist returnthis.sessions[sid] (this.sessions[sid]={id:sid,data:{}, header:{"setfcookie":"sessionfid="+sid+";maxfage=00"}}) } }; Lecture : Application Server, CTU Winter Semester 0/0, @TomasVitvar 0
Stateful Server Implementation Simple per-client counter 0 0 varhttp=require("http"); //createthehttpserver,handletherequest http.createserver(function(req,res){ varsession=sessions.getsession(req); //countnumberofhitsfromasingleuser if(session.data.counter) session.data.counter++; else //createthecounterifitdoesnotexist session.data.counter=; //repeatthecookieineveryresponsetokeepthesession //themaxfagevalueisthusaninactivityinterval res.writehead(00,session.header); res.end("numberofhitsfromyou:"+session.data.counter+"\n"); }).listen(00,"0.0.0.0"); Task When server restarts, the counter will reset. How do you change the code to count requests from all clients? Lecture : Application Server, CTU Winter Semester 0/0, @TomasVitvar Testing Testing curl will require you to specify cookies in every request Browser handles cookies automatically 0 0 #runcurlforthefirsttime curlfvec.vitvar.com:00 >GET/HTTP/. >Host:ec.vitvar.com:00 >Cookie:sessionFid=accdcffaaba0ca0 > <HTTP/.00OK <SetFCookie:sessionFid=accdcffaaba0ca0;maxFage=00 < Numberofhitsfromyou: #copythecookiesessionfidfrompreviousresponse curlfvfbsessionfid=accdcffaaba0ca0ec.vitvar.com:00 >GET/HTTP/. >Host:ec.vitvar.com:00 >Cookie:sessionFid=accdcffaaba0ca0 > <HTTP/.00OK <SetFCookie:sessionFid=accdcffaaba0ca0;maxFage=00 < Numberofhitsfromyou: Lecture : Application Server, CTU Winter Semester 0/0, @TomasVitvar
Overview Blocking and Non-Blocking I/O Application Protocols Introduction to HTTP State Management Persistent Communication and Pipelining Introduction to JEE Lecture : Application Server, CTU Winter Semester 0/0, @TomasVitvar Non-Persistent, Persistent, Pipelining HTTP. improvements over version.0 non-persistent one socket for one request response (v.0) persistent one socket for multiple interactions reduces latency (no repeating handshaking) pipelining multiple requests, no wait for responses the server must preserve the order of messages when sending responses. Lecture : Application Server, CTU Winter Semester 0/0, @TomasVitvar
Overview Blocking and Non-Blocking I/O Application Protocols Introduction to HTTP Introduction to JEE Lecture : Application Server, CTU Winter Semester 0/0, @TomasVitvar JEE Part of Java Platform, Enterprise Edition (JEE) Collection of technologies for server programming Major technologies servlet technology Java Server Pages (JSP) Java Messaging System (JMS) Remote Method Invocation (RMI) Enterprise Java Beans (EJB) Basis for many application servers such as Oracle WebLogic Google AppEngine (Java) JBoss GlassFish IBM WebSphere Lecture : Application Server, CTU Winter Semester 0/0, @TomasVitvar
Basic Directory Structure Your application collection of documents and libraries your application requires packaged in war archive JAR that includes not only java classes but also additional resources such as.xml,.html,.js,.css,.jpg files. Content of war package #webarchiveroot war #directoriesanddocumentsaccessiblethroughtheapproot/ #suchasimg,css,js,... FF(publicFdirectory publicfdocument)* #directoriesanddocumentsinternaltoyourapplication FFWEBFINF FF(privateFdirectory privatefdocument)* #compiledjavaclassesofyourapplication FFclasses #alljavalibrariesyourapplicationrequires FFlib #configurationofyourapplication FFweb.xml FF#otherplatformFspecificconfigurations #suchasappfengineweb.xmlforgae Lecture : Application Server, CTU Winter Semester 0/0, @TomasVitvar Configuration in web.xml web.xml defines configuration for list of servlets, mapping of servlets to URL paths, welcome files, filters, EJB references, authentication mechanism, etc. basic configuration example: 0 <?xmlversion=".0"encoding="utff"?> <webapp xmlns:xsi="http://www.w.org/00/xmlschemafinstance" xmlns="http://java.sun.com/xml/ns/javaee"> <servlet> <servletname>main</servletname> <servletclass>com.vitvar.mdw.main</servletclass> </servlet> <servletmapping> <servletname>main</servletname> <urlpattern>/</urlpattern> </servletmapping> <welcomefilelist> <welcomefile>index.jsp</welcomefile> </welcomefilelist> </webapp> Lecture : Application Server, CTU Winter Semester 0/0, @TomasVitvar
Handling HTTP Requests HTTP Servlets Servlet is a class that extends capabilities of application servers via a request-response programming model HTTP servlets are classes that extend HTTPServlet abstract class Example: 0 packagecom.vitvar.mdw; importjavax.servlet.http.httpservlet; importjavax.servlet.http.httpservletrequest; importjavax.servlet.http.httpservletresponse; publicclassmainextendshttpservlet{ publicdoget(httpservletrequestrequest,httpservletresponseresponse){ //GETmethodimplementationhere } publicdoput(httpservletrequestrequest,httpservletresponseresponse){ //PUTmethodimplementationhere } //othermethodssuchasdopost,dodelete,dooptions } Lecture : Application Server, CTU Winter Semester 0/0, @TomasVitvar Support for Sessions HttpSession interface Allows to store session data in the memory Java API for HTTP State Management Hides details to developers Enable sessions in GAE by setting <sessionsfenabled> to true in appenginefweb.xml (disabled by default) 0 //methoddogetinaservlet publicdoget(httpservletrequestrequest,httpservletresponseresponse){ //accessthesessionobjectthroughtherequest HttpSessionsession=request.getSession(); //uniqueidentificationofthesession,thevalueusedforthecookie Stringid=session.getId(); //getthevalueoftheattribute Objectvalue=session.getAttribute("data"); //setthevalueoftheattribute session.setattribute("data",newstring("somedata")); //thiswillsetamaxfageofthesessioncookie session.setmaxinactiveinterval(00); } Lecture : Application Server, CTU Winter Semester 0/0, @TomasVitvar 0