Overview • Generic Mechanisms • ISAPI/Apache Modules • CGI (Common Gateway Interface) Network Services, VU 2.0 •PHP • ASP •Java related Dynamic Web Technologies – Java Servlets, Java Server Pages, Java Server Faces – Java Web Applications • ASP.NET Dipl.-Ing. Johann Oberleiter Institute for Informationsystems, Distributed • Cocoon, Struts Systems Group Dynamic Web – Why? Generic principles • Web Servers return only with static files • Separation of layout, content and program logic – Good design principle (not only in Web) • Interactive Content – Allows parallel tasks of • Developer – Created based on user interaction • Web Designer • Dynamic Content • Layout – Created on the fly –HTML • Content – Database access – Which Text when dynamically generated • Program Logic – What overall structure – What navigational structures 1 ISAPI Apache Modules • Internet Server API (Microsoft IIS) • Extension mechanism for Apache – IIS only – Extension mechanism for IIS – C based – C-based (like Windows API) – Based on Apache Portable Runtime (APR), and C standard • Implements number of callbacks library – Functions that are called by server • Request sent to ISAPI extension via API functions (callbacks) • Based on Hooks (callbacks) • Respond via API functions (callbacks) • Categories • Supports use of Multithreaded features – Authentication, Authorization, Accounting • Features – Scalability – Cache – Supports ISAPI extensions – Filters • Similar to CGI-scripts • Modify output from another module – Supports ISAPI filter • Pre & postprocessing of a request, may be chained – Mappers • NSAPI • Map requests from URLs to resources on disc – Netscape Server API – Loggers Common Gateway Interface CGI / 2 • Supported by most programming languages • RFC 3875 – Requires access of standard input stream, standard output stream, environment • Running external programs • Supported by most programming languages – From HTTP servers – requirements • Access standard input stream – Platform-independent mechanism • Access standard output stream • Access environment variables • CGI script & HTTP server together – Web Server • Invocation of executables (stand-alone executables) – Servicing a client request • Invocation of interpreter (interpreter languages) –Typical – Creating response •C, Perl • CGI script addressed with URI • New Process per request 2 CGI / 3 CGI / 4 Client WWW void main(void) Browser Server { printf("Content-type: text/html\r\n"); printf("\r\n"); printf("Hello world!<br>\r\n"); CGI- exit(0); Script } Fast-CGI Fast-CGI / 2 • CGI performance problem void main(void) { – Many requests require multiple processes int count=0; – Initialization of connections/resources while(FCGI_Accept() >= 0) { (database) printf("Content-type: text/html\r\n"); •FastCGI printf("\r\n"); – Script remains in memory (via endless loop) printf("Hello world!<br>\r\n"); } – Predefined protocol/API for communication exit(0); with HTTP server } 3 PHP PHP - sample • Abbreviation for PHP: Hypertext Preprocessor • Dynamic Web Scripting language <html> – Syntax resembles C and Perl – Currently most frequently used Web programming language … – Usually embedded in HTML – Supported by most Internet service providers <body> • Wellknown through LAMP – Linux – Apache – MySql – PHP <?php echo „<p>Hello World</p>“; ?> • Many libraries – In particular libraries for database access </body> • Problem – Mix of HTML and script code – Language grown over the years • Performance </html> – Quite Good Active Server Pages ASP / 2 Host 1 • Server-side scripting ala Microsoft – Relies on MS scripting languages COM Component 1 • Usually VB.NET or JScript (JavaScript) HTTP Server • Programming model – Program Logic via COM components – Principally scalable (via COM+) – Principally secure (server-side via COM+, ADSI) • Problems Host 2 – Mixture of layout and content • Principally possible to do it in a clean way (via COM comp.) COM+ / 2 – Vendor-lockin (only IIS supported) COM+ / 1 • though special solutions for Apache exist – Interpreted 4 Java Servlets Request/response Interaction • Web component Web client Web server – implemented in Java (browser) • Generates dynamic content • Managed by a servlet engine (container) Servlet container – Web server extensions request response • Request/response paradigm ServletA ServletB ServletC – Interaction with Web clients Servlets characteristics Servlet interface / 1 • Much faster than CGI scripts (in general) <<interface>> – Because different process model Javax.servlet.Servlet destroy • Standard API supported by many Web ServletConfig getServletConfig() String getServletInfo() servers init(ServletConfig config) • Supports Java and API's service(ServletRequest request, ServletResponse response) 5 Servlet implementation Servlet lifecycle service • Server implements servlet interface instantiate Servlet • Typically by inheriting from (predefined) init implementation classes initialized – GenericServlet – HttpServlet destroy destroyed finalized & garbage collected Request Handling Response Generation • Through Service method • By using methods of ServletResponse • ServletRequest object used object • Concurrent requests to same servlet – Concurrent execution of service method on different • Manual generation of any response threads • HTTP specific Request Handling • HttpServletResponse interface – HttpServlet adds HTTP specific methods – sendRedirect • primarily doGet & doPost, • doPut, doDelete, doHead, doOptions, doTrace – sendError • getParameterXXX methods provide – from URI query string and POST-ed data • getHeaderXXX methods 6 Servlet example Filtering public void doGet(HttpServletRequest req, • Filter HttpServletResponse res) throws ... – Java component { – Allow on the fly transformation res.setContentType("text/html"); – Implements javax.servlet.Filter PrintWriter out= res.getWriter(); • Filter transforms content of – HTTP requests out.println("<HTML>"); – Responses out.println("<HEAD>"); – Header information ... • Modify or adapt out.close(); – Requests for a resource (dynamic&static content) } – Responses from a resource Filter examples Filter implementation • Authentication filters • doFilter(ServletRequest req, ServletResponse res, • Logging and auditing filters FilterChain next) 1. Examine request • Image conversion filters 2. May wrap Request object with a custom implementation to • Data compression filters filter/modify content or headers for input filtering • Encryption filters 3. May wrap Response object with a custom implementation to filter/modify content or headers for output filtering • Tokenizing filters 4. May invoke next filter in chain or block further processing • Filters triggering resource access events 5. After invocation 4. examine response headers and modify • XSL/T filters output – Last element of chain is target servlet • MIME-type chain filters • Caching filters 7 Session Tracking Other Servlet Issues • Cookies – Supported by servlet container • Request forwarding – Cookie name JSESSIONID – Via Request Dispatchers • SSL sessions – Only when SSL/TLS is in use – Support for event listeners – Built-in mechanism to distinguish multiple requests • For state changes in ServletContext, HttpSession, • URL Rewriting ServletRequest – Adds session ID to request URL – Lifecycle, changes to attributes, session migration, object –Eg. http://www.xyz.com/index.html;jsessionid=1234 binding • Supports storage of key-value pairs – Keys are object names (strings) •Problem – Values arbitrary Java objects • Session timeouts – Not often supported by public Web hosters Java Server Pages (JSP) JSP • JSP page • JSP container – Textual document how to create a response object – Life-cycle management from a request object for a given protocol – Runtime support – Defines a JSP page implementation class • Translation phase • Implements semantics of the JSP page – Validates syntactic correctness of JSP page • Implements javax.servlet.Servlet interface – Locates/Creates implementation class – HTTP default protocol for requests/responses • Execution phase – Default ending .jsp – Container delivers events to JSP page • Compilation • Traditional usage – Into implementation class + deployment info during deployment – Generation of HTML possible • Removal of start-up lag for transition phase • Generating XML possible • Reduction of memory footprint needen to run JSP container – no – More modern JSP XML-like syntax compiler required 8 JSP - Syntax JSP Elements • Directives •Elements – Global information, independent of specific request – Info for translation phase – Element type known to JSP container – Syntax: <%@ directive ... %> • Actions • Template Data – Infos for request processing – Standardized (by JSP specification) – JSP translator not aware about – Custom (portable tag extension mechanism) – Syntax: <mytag attr="value">xyz</mytag> • Allows (a little bit) separation • Scripting Elements – Look/Layout – Glue around template text and actions – Manipulation of objects and to perform computation – Behaviour – Invocation of methods on Java objects – Catching of Java language exceptions – Expression language (EL) to access data from different sources JSP Expression Language JSP Documents • Simple expressions without Java code • JSP page that is also a XML document • Enclosed within ${...} – Well-formed, validation –${a+b} – Entity resolution may be applied – <mytag attr1="${mybean.data}"/> – <% style syntax not supported • Access of Java beans • Use <jsp:directive.xyz/> instead • Operators as in Java – Default convention .jspx – Includes arithmetic, relational