Structure of a webapplication

Similar documents
web.xml Deployment Descriptor Elements

Servlets. An extension of a web server runs inside a servlet container

Web applications and JSP. Carl Nettelblad

Session 8. Reading and Reference. en.wikipedia.org/wiki/list_of_http_headers. en.wikipedia.org/wiki/http_status_codes

Web Application Architecture (based J2EE 1.4 Tutorial)

Session 9. Deployment Descriptor Http. Reading and Reference. en.wikipedia.org/wiki/http. en.wikipedia.org/wiki/list_of_http_headers

Servlets1. What are Servlets? Where are they? Their job. Servlet container. Only Http?

UIMA Simple Server User Guide

Configuring Tomcat for a Web Application

Java Server Pages, JSP

servlets and Java JSP murach s (Chapter 2) TRAINING & REFERENCE Mike Murach & Associates Andrea Steelman Joel Murach

SECTION II: JAVA SERVLETS

XML and XSLT. XML and XSLT 10 February

Writing Servlets and JSPs p. 1 Writing a Servlet p. 1 Writing a JSP p. 7 Compiling a Servlet p. 10 Packaging Servlets and JSPs p.

Vendor: SUN. Exam Code: Exam Name: Sun Certified Web Component Developer for J2EE 5. Version: Demo

Java.. servlets and. murach's TRAINING & REFERENCE 2ND EDITION. Joel Murach Andrea Steelman. IlB MIKE MURACH & ASSOCIATES, INC.

HTTP and HTML. We will use HTML as a frontend to our webapplications, therefore a basic knowledge of HTML is required, especially in forms.

Module 3 Web Component

Session 8. Introduction to Servlets. Semester Project

Tutorial: Developing a Simple Hello World Portlet

CS506 Web Design & Development Final Term Solved MCQs with Reference

Topics Augmenting Application.cfm with Filters. What a filter can do. What s a filter? What s it got to do with. Isn t it a java thing?

Servlet Fudamentals. Celsina Bignoli

One application has servlet context(s).

Introduction to Servlets. After which you will doget it

FINALTERM EXAMINATION Spring 2009 CS506- Web Design and Development Solved by Tahseen Anwar

Servlets by Example. Joe Howse 7 June 2011

Unraveling the Mysteries of J2EE Web Application Communications

LearningPatterns, Inc. Courseware Student Guide

STRUTS 2 - HELLO WORLD EXAMPLE

Building Web Applications With The Struts Framework

FUEGO 5.5 WORK PORTAL. (Using Tomcat 5) Fernando Dobladez

CHAPTER 6. Organizing Your Development Project. All right, guys! It s time to clean up this town!

Common-Controls Quickstart

Lab1: Stateless Session Bean for Registration Fee Calculation

BEA WebLogic. Server. Assembling and Configuring Web Applications

SUN Enterprise Development with iplanet Application Server

How to Configure Authentication and Access Control (AAA)

xcp 2.0 SSO Integrations RAJAKUMAR THIRUVASAGAM

White Paper. Fabasoft Folio Portlet. Fabasoft Folio 2017 R1 Update Rollup 1

15-415: Database Applications Project 2. CMUQFlix - CMUQ s Movie Recommendation System

CA SiteMinder Federation Security Services

Introduction to JSP and Servlets Training 5-days

Lecture 9a: Sessions and Cookies

Unit 5 JSP (Java Server Pages)

CSC 8205 Advanced Java

HttpServlet ( Class ) -- we will extend this class to handle GET / PUT HTTP requests

The DataNucleus REST API provides a RESTful interface to persist JSON objects to the datastore. All entities are accessed, queried and stored as

Oracle 1Z Java EE 6 Web Component Developer(R) Certified Expert.

Novell Access Manager authentication class for OpenID authentication

JBoss SOAP Web Services User Guide. Version: M5

Author - Ashfaque Ahmed

To follow the Deitel publishing program, sign-up now for the DEITEL BUZZ ON-

CS506 today quiz solved by eagle_eye and naeem latif.mcs. All are sloved 99% but b carefull before submitting ur own quiz tc Remember us in ur prayerz

Fast Track to Java EE

Fast Track to Java EE 5 with Servlets, JSP & JDBC

Introduction. This course Software Architecture with Java will discuss the following topics:

Handout 31 Web Design & Development

SAS Web Infrastructure Kit 1.0. Developer s Guide

Session 9. Introduction to Servlets. Lecture Objectives

How to use J2EE default server

Introduction. Literature: Steelman & Murach, Murach s Java Servlets and JSP. Mike Murach & Associates Inc, 2003

Chapter 17. Web-Application Development

2 Oracle WebLogic Overview Prerequisites Baseline Architecture...6

ByggSøk plan Project Structure And Build Process

SOA Software Policy Manager Agent v6.1 for WebSphere Application Server Installation Guide

PRODUCT DOCUMENTATION. Installing and Implementing Enterprise Contact Center Chat RELEASE 5.1

KonaKart Portlet Installation for Liferay. 2 nd January DS Data Systems (UK) Ltd., 9 Little Meadow Loughton, Milton Keynes Bucks MK5 8EH UK

The following sections provide sample applications with different features so you can better appreciate the wizard behavior.

Servlet for Json or CSV (or XML) A servlet serving either Json or CSV (or XML) based on GET parameter - This version uses org.json

Life Without NetBeans

SESM Components and Techniques

SOA Software Policy Manager Agent v6.1 for tc Server Application Server Installation Guide

SSO Plugin. Installation for BMC AR System. J System Solutions. Version 5.1

SAS AppDev Studio TM 3.4 Eclipse Plug-ins. Migration Guide

JSF - Facelets Tags JSF - template tags

Customizing ArcIMS Using the Java Connector and Python

The Structure and Components of

USER GUIDE. SearchBlox Version 6.0. SearchBlox Software, Inc. AAugust 2010

BlueDragon TM 7.0 Deploying CFML on J2EE Application Servers

1. What is This Guide about / Goals The Project JGuard Configuration... 11

CSC4370/6370 Spring/2010 Project 1 Weight: 40% of the final grade for undergraduates, 20% for graduates. Due: May/8th

ServletExec TM 4.1 User Guide. for Microsoft Internet Information Server Netscape Enterprise Server iplanet Web Server and Apache HTTP Server

Web Application Development Using Borland JBuilder 8 and BEA WebLogic Server 7.0

Kamnoetvidya Science Academy. Object Oriented Programming using Java. Ferdin Joe John Joseph. Java Session

Supplement IV.E: Tutorial for Tomcat For Introduction to Java Programming By Y. Daniel Liang

HYPERION SYSTEM 9 BI+ GETTING STARTED GUIDE APPLICATION BUILDER J2EE RELEASE 9.2

Tapestry. Code less, deliver more. Rayland Jeans

Security Guide. Configuration of Permissions

Enhydra 6.2 Application Architecture. Tanja Jovanovic

CS 112 Introduction to Programming

GUJARAT TECHNOLOGICAL UNIVERSITY

Handling Cookies. Agenda

Web-APIs. Examples Consumer Technology Cross-Domain communication Provider Technology

Copyright Descriptor Systems, Course materials may not be reproduced in whole or in part without prior written consent of Joel Barnum

Oracle 10g: Build J2EE Applications

Setting Up the Development Environment

WAS: WebSphere Appl Server Admin Rel 6

SmartLink configuration DME Server 3.5

Installing Access Manager Agent for Microsoft SharePoint 2007

Transcription:

Structure of a webapplication Catalogue structure: / The root of a web application. This directory holds things that are directly available to the client. HTML-files, JSP s, style sheets etc The root is mapped by the tomcat configuration. The default is $INST_DIR\webapps\name_of_appl locally on Solaris we use ~/tomcat /WEB-INF This is a subcatalogue in the webapplication root. Things in here are not available to the client directly. This is a reserved name that is used by tomcat to detect a web application and it triggers tomcat to try a deployment during the startupscan. Structure of a webapplication 28 January 2009 1

/WEB-INF/lib Jar files that will be use by the application, eg JSTL /WEB-INF/classes class files for servlets, userdefined tags and JavaBeans /WEB-INF/*.tld tag library definition files /WEB-INF/web.xml The web application definition file, i. e. the deployment descriptor. Structure of a webapplication 28 January 2009 2

Can look like this: kursa.it.uu.se> cd tomcat kursa.it.uu.se> ls -R error.jsp test.jsp test.xsl WEB-INF./WEB-INF: classes c.tld lib src web.xml x.tld./web-inf/classes: com./web-inf/classes/com: mimer./web-inf/classes/com/mimer: fredrik./web-inf/classes/com/mimer/fredrik: TestBean.class TestServlet.class./WEB-INF/lib: jstl.jar standard.jar./web-inf/src: com Structure of a webapplication 28 January 2009 3

./WEB-INF/src/com: mimer./web-inf/src/com/mimer: fredrik./web-inf/src/com/mimer/fredrik: TestBean.java TestServlet.java Structure of a webapplication 28 January 2009 4

To distribute an application, you can pack this structure into a WAR-file. A WAR file is just a jar file create with the Java Archiver (jar) with another filetype. Structure of a webapplication 28 January 2009 5

The content of web.xml Describes a web application from different aspects. Application context parameters servlet mappings user defined tags authorization etc Structure of a webapplication 28 January 2009 6

Structure is <?xml... > <web-app> paragraph paragraph... </web-app> Order is sometimes significant Case is significant Structure of a webapplication 28 January 2009 7

Examples with a servlet 2.5/JSP 2.1 header <?xml version = '1.0' encoding = 'UTF-8'?> <web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi= "http://www.w3.org/2001/xmlschema-instance" xsi:schemalocation = "http://java.sun.com/xml/ns/javaee http:// java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5" > <context-param> <param-name>dbname</param-name> <param-value>murach</param-value> </context-param> <servlet> <servlet-name> email6.emailservlet </servlet-name> <servlet-class> email6.emailservlet </servlet-class> <init-param> <param-name> filename </param-name> <param-value>../webapps/murach/useremail.txt </param-value> </init-param> Structure of a webapplication 28 January 2009 8

</servlet> </web-app> A Servlet 2.4/JSP 2.0 (J2EE 1.4) header goes like <web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi= "http://www.w3.org/2001/xmlschema-instance" xsi:schemalocation = "http://java.sun.com/xml/ns/j2ee http:// java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4" > A Servlet 2.3/JSP 1.2 (J2EE 1.3) header goes like <?xml version = 1.0 encoding = utf-8?> <!DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd > <web-app>... </webapp> Structure of a webapplication 28 January 2009 9

We can introduce servlet mappings to simplify the access of a servlet. instead of saying /servlet/package.classname I setup a mapping: <servlet-mapping> <servlet-name> email6.emailservlet </servlet-name> <url-pattern> /myservlet </url-pattern> </servlet-mapping> Now I can access my servlet using: /myservlet Usually you introduce a logical servlet name to avoid having the physical name in a lot of places. See later examples. You should always use mappings in real applications because this gives you the full potential of the container including security, filtering etc. Structure of a webapplication 28 January 2009 10

You can also set servletspecific init-parameters. This is a way to avoid hardcoded resource names. <servlet>... <init-param> <param-name> CHECKOUT_PAGE </param-name> <param-value> /checkout.jsp </param-value> </init-param> <init-param> <param-name> JDBC_URL </param-name> <param-value> jdbc:mysql://tomcat.it.uu.se/ test?user=olle&password=xxxx </param-value> <description> The Database URL to use </description> </init-param> <init-param> <param-name> Structure of a webapplication 28 January 2009 11

SHOW_PAGE </param-name> <param-value> /show.jsp </param-value> </init-param> <init-param> <param-name> THANKYOU_PAGE </param-name> <param-value> /thankyou.jsp </param-value> </init-param> <init-param> <param-name> DETAIL_PAGE </param-name> <param-value> /detail.jsp </param-value> </init-param> </servlet> Structure of a webapplication 28 January 2009 12

Other elements in web.xml, presented here without respect to ordering. <session-config> <session-timeout> 30 </session-timeout> </session-config> <mime-mapping> <extension> html </extension> <mime-type> text/html </mime-type> </mime-mapping> <welcome-file-list> <welcome-file> index.jsp </welcome-file> <welcome-file> index.html </welcome-file> </welcome-file-list> <error-page> <exception-type> java.lang.throwable </exception-type> <location> Structure of a webapplication 28 January 2009 13

/email6/error.html </location> </error-page> <error-page> <error-code> 404 </error-code> <location> /email6/error_404.jsp </location </error-page> Structure of a webapplication 28 January 2009 14

An example, the simple test servlet that we have shown before <?xml version = '1.0' encoding = 'UTF-8'?> <web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi= "http://www.w3.org/2001/xmlschema-instance" xsi:schemalocation = "http://java.sun.com/xml/ns/javaee http:// java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5" > <servlet> <servlet-name> TestServlet </servlet-name> <servlet-class> com.mimer.fredrik.testservlet </servlet-class> </servlet> <servlet-mapping> <servlet-name> TestServlet </servlet-name> <url-pattern> /testservlet </url-pattern> </servlet-mapping> <taglib> Structure of a webapplication 28 January 2009 15

<taglib-uri> http://java.sun.com/jsp/jstl/core </taglib-uri> <taglib-location> /WEB-INF/c.tld </taglib-location> </taglib> <taglib> <taglib-uri> http://java.sun.com/jsp/jstl/xml </taglib-uri> <taglib-location> /WEB-INF/x.tld </taglib-location> </taglib> </web-app> Structure of a webapplication 28 January 2009 16

And another example <?xml version = '1.0' encoding = 'UTF-8'?> <web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi= "http://www.w3.org/2001/xmlschema-instance" xsi:schemalocation = "http://java.sun.com/xml/ns/javaee http:// java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5" > <servlet> <servlet-name> Shop </servlet-name> <servlet-class> se.upright.education.uu.pvk.assignmenttwo. servlets.shopservlet </servlet-class> <init-param> <param-name> CHECKOUT_PAGE </param-name> <param-value> /checkout.jsp </param-value> </init-param> <init-param> <param-name> JDBC_URL </param-name> <param-value> jdbc:mysql://tomcat.it.uu.se/test </param-value> <description> The Database URL to use </description> </init-param> <init-param> <param-name> SHOW_PAGE </param-name> Structure of a webapplication 28 January 2009 17

<param-value> /show.jsp </param-value> </init-param> <init-param> <param-name> THANKYOU_PAGE </param-name> <param-value> /thankyou.jsp </param-value> </init-param> <init-param> <param-name> DETAIL_PAGE </param-name> <param-value> /detail.jsp </param-value> </init-param> </servlet> <servlet-mapping> <servlet-name> Shop </servlet-name> <url-pattern> /shop </url-pattern> </servlet-mapping> <session-config> <session-timeout> 30 </session-timeout> </session-config> <taglib> <taglib-uri> http://java.sun.com/jsp/jstl/core </taglib-uri> <taglib-location> /WEB-INF/c.tld </taglib-location> Structure of a webapplication 28 January 2009 18

</taglib> <taglib> <taglib-uri> http://java.sun.com/jsp/jstl/xml </taglib-uri> <taglib-location> /WEB-INF/x.tld </taglib-location> </taglib> <taglib> <taglib-uri> /bookshop </taglib-uri> <taglib-location> /WEB-INF/bookshop.tld </taglib-location> </taglib> </web-app> Structure of a webapplication 28 January 2009 19

Authorization, i. e. access to applications You can setup security constraints on your application. Those are based on URL-patterns. A security constraint protects a web resource so that access is granted only for the roles listed in a constraint. e. g. <security-constraint> <web-resource-collection> <web-resource-name> TheShop </web-resource-name> <url-pattern> /* </url-pattern> </web-resource-collection> <auth-constraint> <role-name> tomcat </role-name> </auth-constraint> <user-data-constraint> <transport-guarantee> NONE </transport-guarantee> </user-data-constraint> </security-constraint> Structure of a webapplication 28 January 2009 20

The web-resource-collection specifies a name, which is mandatory even if it s not used. It also specifies one or more URL-pattern that is to be protected. You can optionally have one or more http-method tags that specifies the HTTP methods the contstraint applies to. The default is all methods. URL-patterns can look like: /test.jsp /*.jsp /* /test/* The auth-constraint specfies the roles that are allowed access to this resources. Roles are setup in tomcat configuration with username, password and rolename. We do have a rule tomcat with username and password tomcat. Structure of a webapplication 28 January 2009 21

There is also a user-data-constraint tag. It specifies how data should be transmitted across the network. Possible values are: NONE, INTEGRAL, CONFIDENTIAL, No requirement The transport protocol should guarantee the integrity of data Prevent observing the data by others than the recipient, i. e. use SSL or something similar Structure of a webapplication 28 January 2009 22

Authentication can be done in several ways. Basic authentication, Digest authentication, Form-based auth. uses the normal login mechanism of the browser. Unencrypted transmission of password and username same as above but with encrypted transmission. Only supported by Internet Explorer Allows you to code an HTML-form that uses predefined actions to log in. Unencrypted transmission Structure of a webapplication 28 January 2009 23

Basic <login-config> <auth-method> BASIC </auth-method> <realm-name> Admin Login </realm-name> </login-config> The realm-name is used to print an information text on the login banner. You have three possibilities to enter a valid username and password. If you fail an error page will be displayed. A successful login will be stored in the session and you can access all pages without reentering the password. Structure of a webapplication 28 January 2009 24

FORM <login-config> <auth-method> FORM </auth-method> <form-login-config> <form-login-page> /login.jsp </form-login-page> <form-error-page> /login_error.jsp </form-error-page> </form-login-config> </login-config> This means that a JSP called login.jsp will be used to display a login form. If you fail to login, the JSP login_error will be called. In tomcat, there are predefined actions that you should use. Structure of a webapplication 28 January 2009 25

login.jsp <html> <head> <title>login Page for the Bookshop</title> <body bgcolor= white > <form method= POST action= <%= response.encodeurl( j_security_check ) %> > <table border= 0 cellspacing= 5 align= center > <tr> <td colspan= 2 bgcolor= #FFDC75 > <h2>log in to the Bookshop</h2> </td> </tr> <tr> <td colspan= 2 ></td> </tr> <tr> <th align= right >Username:</th> <td align= left ><input type= text name= j_username > </td> </tr> Structure of a webapplication 28 January 2009 26

<tr> <th align= right >Password:</th> <td align= left ><input type= password name= j_password > </td> </tr> <tr> <td align= right ><input type= submit value= Log In > </td> <td align= left ><input type= reset > </td> </tr> </table> </form> </body> </html> Structure of a webapplication 28 January 2009 27

Will give you this Structure of a webapplication 28 January 2009 28

The error page goes like <html> <head> <title>error Page for the Bookshop</title> </head> <body bgcolor= white > Invalid username and/or password, please try <a href= <%= response.encodeurl ( show.jsp ) %> >again</a>. </body> </html> will display Invalid username and/or password, please try again. Structure of a webapplication 28 January 2009 29

You can also have the security-role tag. This lists all roles that you can use in a security-constraint <security-role> <role-name> tomcat </role-name> </security-role> Structure of a webapplication 28 January 2009 30

An introduction to session tracking HTTP is a stateless protocol. It has no recollection of events. To overcome this the web-container maintains a session for each user. For identification, cookies are used. An introduction to session tracking 28 January 2009 31

A cookie is a name/value pair value that is stored in the browser. The server creates a cookie and sends it to the browser. The browser saves the cookie in its cookiefile or in memory. Each time the browser send a request to the server, the cookies are stored in the request object and the server can use them to connect to the correct session. An introduction to session tracking 28 January 2009 32

Examples of cookies are jsessionid=d1f15245171203e86756756763f user_id=87 email=jsmith@hotmail.com username=jsmith passwordcookie=opensesame Typical use of cookies: To allow users to skip logins and registration forms To customize pages that displays information To focus advertising An introduction to session tracking 28 January 2009 33

In the browser you can see: An introduction to session tracking 28 January 2009 34

A servlet can use the following code snippet to get the cookie and to get the sessionid. Cookie [] cookies = request.getcookies(); String cookiename = JSESSIONID ; String cookievalue = ; for(int i=0; i < cookies.length; i++) { Cookie cookie = cookies[i]; if (cookiename.equals(cookie.getname())) cookievalue = cookie.getvalue(); An introduction to session tracking 28 January 2009 35

If you have setup the browser to disallow cookies this scheme cannot be used. Instead a sessionid is appended to the URL. To do this you have to use the encodeurl method of the response block when outputting a URL. E. g. in a servlet: PrintWriter out = response.getwriter(); out.println( Click <a href=\ + response.encodeurl( test.jsp ) + \ > here </a> ); An introduction to session tracking 28 January 2009 36

This will check if cookies can be stored in the browser. If it cannot, the sessionid will be appended to the URL and sent to the browser. An introduction to session tracking 28 January 2009 37

To see this a simple demoservlet has been used. I can press here at the end of the page to reload the page. This will rewrite the URL and the result is visible in the location field. An introduction to session tracking 28 January 2009 38

If I enable cookies it will look like An introduction to session tracking 28 January 2009 39

If you have cookies disabled in the browser the server will send back URL s with the sessionid appended. Each time you submit a form with such a URL, the session id is transferred back to the server. I you fail to pass your URL through the decoding process, you will not be able to connect to your session. An introduction to session tracking 28 January 2009 40

An introduction to session tracking 28 January 2009 41

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback