Professional Documents
Culture Documents
Use HTML forms to collect data from users and send it to a servlet
Relevance
Relevance
Discussion The following questions are relevant to understanding what
technologies are available for developing web applications and the
limitations of those technologies:
Additional Resources
Additional Resources
The following references provide additional details on the topics that are
presented briefly in this module and described in more detail later in the
course:
Sun Microsystems software download page for the Sun Java System
Application Server. [Online]. Available:
http://www.sun.com/download/
NetBeans IDE download page. [Online]. Available:
http://www.netbeans.org/downloads/
HTTP Revisited
HTTP Revisited
This section describes the HTTP protocol in more detail. In particular, this
section defines the structure of the request and response streams.
Browser
Web Server
HTTP
<HTML>
httpd
</HTML>
HTTP response
Figure 4-1
HTTP Revisited
HTTP Methods
An HTTP request can be made using a variety of methods. Table 4-1 lists
the HTTP methods and their descriptions.
Table 4-1 HTTP Methods and Descriptions
HTTP Method
Description
OPTIONS
GET
HEAD
POST
PUT
DELETE
TRACE
CONNECT
HTTP Revisited
HTTP Request
The request stream acts as an envelope to the request URL and message
body of the HTTP client request. The first line of the request stream is
called the request line. It includes the HTTP method (usually either GET
or POST), followed by a space character, followed by the requested URL
(usually a path to a static file), followed by a space, and finally followed
by the HTTP version number. The request line is followed by any number
of request header lines. Each request header includes the header name (for
example, User-Agent), followed by a colon character (and space),
followed by the value of the header. The list of headers ends with a blank
line. After the blank line, there is an optional message body. Figure 4-2
shows an example HTTP request stream.
HTTP method
Request
line
Request
headers
Requested URL
HTTP version
Figure 4-2
HTTP Revisited
Use
Accept
Host
Referer
User-Agent
HTTP Revisited
HTTP Response
The response stream acts as an envelope to the message body of the HTTP
server response. The first line of the response stream is called the status
line. The status line includes the HTTP version number, followed by a
space, followed by the numeric status code of the response, followed by a
space, and finally followed by a short text message represented by the
status code.
The status line is followed by any number of response header lines. The
response headers conform to the same structure as request headers.
Figure 4-3 shows an example HTTP response stream.
HTTP
version
Status
line
Response
headers
HTTP/1.0 200 OK
Content-Type: text/html
Date: Tue, 10 Apr 2001 23:36:58 GMT
Server: Apache Tomcat/4.0-b1 (HTTP/1.1 Connector)
Connection: close
Blank line
Message
body
<HTML>
<HEAD>
<TITLE>Hello Servlet</TITLE>
</HEAD>
<BODY BGCOLOR='white'>
<B>Hello World</B>
</BODY>
</HTML>
Figure 4-3
HTTP Revisited
Use
Content-Type
Content-Length
Server
Cache-Control
Figure 4-4
The input tag is used to create a textfield component, but you must
specify type=text to get a textfield component. The name attribute of
the input tag specifies the field name. The field name and the value
entered in the textfield are paired together when the form is submitted to
the web container.
This code would create the prompt and the input field shown above:
<p>Year: <input type=text name=theYear/></p>
In the example shown in Figure 4-4 above, submission of the form would
result in a GET request something like this:
GET /path/to/action?theYear=2003
Notice how the name specified in the input tag becomes the key, and the
users text becomes the value, in the key/value pair submitted to the
server.
Figure 4-5
Code 4-1 shows the HTML content for this component. The select tag is
used to create a drop-down list component. Similar to the input tag, the
select tag uses the name attribute to specify the name of the form field.
One or more option tags must be embedded in the select tag. Each
option tag provides a single element in the drop-down list. The data sent
in the HTTP request on form submission is based on the value attribute
of the option tag. The text between the start and end option tags is the
content that is displayed in the browser drop-down list. For example,
notice that the first option has the value UNKNOWN, but the display text is
select....
1
2
3
4
5
6
7
If the form were submitted from the selection shown, the key/value pair
that would become part of the HTTP request would be:
season=select...
Submit Button
When all the data have been provide in the form, the user must press the
submit button to have the form data sent to the server for processing. A
submit button can be given a text label at the designers discretion,
though browsers will usually mark the button Submit or Submit
Query if nothing is done to explicitly choose the label.
Figure 4-6 shows a typical submit button:
Figure 4-6
Code 4-2 below shows the HTML code for this component. The value
attribute of the input tag becomes the label of the button. When a submit
button is clicked by the user, the web browser is responsible for
generating an HTTP request to the web container. By default, no data is
sent in the request for the submit button component.
<input type=submit value=Add League />
Code 4-2
<html>
<head>
<title>Dukes Soccer League: Add a New League</title>
</head>
<body bgcolor=white>
<!-- Page Heading -->
<table border=1 cellpadding=5 cellspacing=0 width=400>
<tr bgcolor=#CCCCFF align=center valign=center height=20>
<td><h3>Dukes Soccer League: Add a New League</h3></td>
</tr>
</table>
<p>
This form allows you to create a new soccer league.
</p>
<form action=add_league.do method=POST>
Year: <input type=text name=year /> <br/><br/>
Season: <select name=season>
<option value=UNKNOWN>select...</option>
<option value=Spring>Spring</option>
<option value=Summer>Summer</option>
<option value=Fall>Fall</option>
<option value=Winter>Winter</option>
</select> <br/><br/>
Title: <input type=text name=title /> <br/><br/>
<input type=submit value=Add League />
</form>
</body>
</html>
Code 4-3
Figure 4-7
fieldName1=fieldValue1&fieldName2=fieldValue2&...
Examples:
username=Fred&password=C1r5z
season=Winter&year=2004&title=Westminster+Indoor+Soccer
Parameter Value
year
2003
season
Winter
title
Westminster Indoor
You want to allow the request to be bookmarked along with its data.
The processing of the request changes the state of the server, such as
storing data in a database.
The contents of the data should not be visible in the URL (for
example, passwords).
Browser
Web Server
HTTP
Web Container
Servlet
Database
HTTP response
<HTML>
</HTML>
Figure 4-8
The web container activates the servlet that matches the request URL by
calling the service method on an instance of the servlet class.
Specifically, the activation of the service method for a given HTTP
request is handled in a separate thread within the web container process.
Web Server
Web Container
HTTP request
Client
Web
Browser
TCP socket
HTTP response
Figure 4-9
Web Server
Web Container
:HttpServlet
Request
HTTP request
Client
Web
Browser
TCP socket
service(req,resp)
Servlet
HTTP response
:HttpServlet
Response
Web Server
Web Container
:HttpServlet
Request
HTTP request
Client
Web
Browser
TCP socket
service(req,resp)
Servlet
:HttpServlet
Response
HTTP response
:PrintWriter
servlet
:HttpServlet
create
request
:HttpServletRequest
create
response
:HttpServletResponse
service(request,response)
destroy
destroy
HTTP response
doGet
interface
Servlet
service(req,resp)
interface
HttpServletRequest
getHeader(name)
getHeaders(name)
getHeaderNames():Enum.
getIntHeader(name)
getDateHeader(name)
interface
ServletResponse
getWriter():PrintWriter
getOutputStream
setContentType(MIME)
setContentLength(int)
HttpServlet
{abstract}
service
doGet
doPost
ListLeaguesServlet
doGet
interface
HttpServletResponse
setHeader
setDateHeader
setIntHeader
OPTIONS
doOptions
GET
doGet
HEAD
doHead
POST
doPost
PUT
doPut
DELETE
doDelete
TRACE
doTrace
CONNECT
doConnect
if(displayXHTML) {
// XHTML content output here
} else {
// regular HTML content output here
}
Discussion What are some ways that you could use request headers to
augment a web application?
Note Figure 4-14 on page 4-26 shows only a small portion of the API for
the HttpServletResponse interface. There are more descriptions of the
methods in the API throughout this course.
The following code highlights demonstrate how you can use header
information to disable browser and proxy caching.
response.setContentType\(text/html\);
response.setHeader\(Cache-Control, no-cache\);
response.setHeader\(Cache-Control, private\);
When the Cache-Control header is set to no-cache, this is an instruction
for the browser to not reuse the response for a subsequent request without
revalidation with the origin server. The private setting for
Cache-Control indicates that the response is intended for a single user
and should not be stored in a shared cache (for example, the cache in a
proxy server).
session
getSession(create:boolean)
getSession()
interface
HttpSession
getID() :String
isNew() :boolean
getAttribute(name):Object
setAttribute(name,value)
removeAttribute(name)
Session Configuration
Sessions can be maintained by the container using cookies, URL rewriting,
or an SSL encrypted communications channel to the browser. The
preferred mechanism may be specified in the web.xml file.
Session default timeout can also be specified in the web.xml file. Below is
an example of a web.xml file specifying a default timeout of 30 minutes,
and requesting SSL tracking of sessions.
<web-app ...>
<session-config>
<session-timeout>30</session-timeout>
<tracking-mode>SSL</tracking-mode>
</session-config>
</web-app>
All cookies for that domain (and path) are sent in every request to
that web server.
Cookies have a life span and are flushed by the client browser at the
end of that life span.
Cookies can be labelled HTTP-Only which means that they are not
available to scripting code such as JavaScript. This enhances security.
Cookie API
You can create cookies using the Cookie class. You can add cookies to the
response object using the addCookie method. This sends the cookie
information over the HTTP response stream. The information is stored on
the users computer (through the web browser). You can access cookies
sent back from the users computer in the HTTP request stream using the
getCookies method. This method returns an array of all cookies for the
server domain on the client machine.
Figure 4-17 shows key aspects of the Cookie API.
javax.servlet.http
interface
HttpServletResponse
cookies
addCookie(Cookie)
interface
HttpServletRequest
cookies
Cookie
properties
name : String
value : String
comment : String
domain : String
path : String
maxAge : int
RO
RW
RW
RW
RW
RW
getCookies() : Cookie[]
constructors
Cookie(name,value)
soccer.com
Web Server
Web
Browser
session
ID=1234
leagueA
playerA
Cookie file
soccer.com
SelectDivisionAction
dot.com
car.com
Cookies
Cookies
Cookies
Client
JSESSIONID=1234
soccer.com
Web Server
Web
Browser
session
ID=1234
leagueA
playerA
Cookie file
soccer.com
SelectDivisionAction
dot.com
car.com
Cookies
Cookies
Cookies
User Workstation
Web
Browser
response
request
http://host/file;jsessionid=1234
Web Server
Web
Container
URL-Rewriting Implications
The URL-rewriting strategy is not as transparent as the cookie strategy.
Every HTML page and form that participates in a session must have the
session ID information encoded into the URLs that are sent to the web
container. For example, during the Registration use case, the session is
started when the user submits the Select League form. When the
SelectLeagueAction requests the session object, the web container
issues a unique session ID. This ID must be added to the URL in the
Enter Player page to the action attribute in the form tag, as shown in
Code 4-4.
Code 4-4
120
121
122
123
124
125
URL Encoding
Summary
Summary
This module introduced these concepts:
HttpSession objects