JAVA SERVLETS

1
JAVA SERVLETS

• PRESENTED BY
• RAJENDRA VEERAMACHANENI
• SACHIN CHANDRA
  MOHAN
• SRICHARAN PANUGANTI

2
What is a servlet ?

• Servlet is a server side applet.
• Servlets are modules of Java code that run in a
  server application.
• Servlet is a small, pluggable extension to a
  server that enhances the servers functionality.

3
Advantages of servlets

• Servlets are cross platform.
• Servlets are fast.
• - Servlets uses a single process
  multi-threaded model.
• Servlets are elegant.
• - Easy to maintain and understand.
• Servlets are secure.
• -Javas strong typing helps to ensure
  security.

4

• Servlets can handle run time errors.
• Simple and extensible API.
• Portability across servers.
• - Servlet API is available on web servers like
  Apache, Microsoft IIS, Netscape etc.
• Servlets can handle multiple requests.
• Servlets can forward requests.

5
Architecture of the Servlet Package
servlets
Generic servlets
Http servlet
My servlet
6

• A generic servlet should override its service ()
  method.
• The service ( ) method accepts two parameters.
• - A request object and a response object.
• An HTTP servlet overrides doGet ( ) method to
  handle GET requests and doPost ( ) method to
  handle post requests.

7
The servlet lifecycle
8
A Simple Servlet public class
SimpleServlet extends HttpServlet
public void doGet (HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException
PrintWriter out
String title "Simple Servlet Output"
response.setContentType("text/html")
out response.getWriter()
out.println("ltHTMLgtltHEADgtltTITLEgt")
out.println(title)
out.println("lt/TITLEgtlt/HEADgtltBODYgt")
out.println("ltH1gt" title "lt/H1gt")
out.println("ltPgtThis is output
from SimpleServlet.")
out.println("lt/BODYgtlt/HTMLgt")
out.close()
9
SERVER - SIDE INCLUDES

• Servlets can be embedded inside HTML pages with
  server-side include (SSI) functionality.
• A page can processed to include output from
  servlets at certain points.
• Java Web server parses pages with .shtml
  extension.

10
Server - side Include
Web Server
.shtml file

ltHTMLgt ltHEADgt lt/BODYgt ltSERVLET CODESERVLET1gt lt/SE
RVLETgt lt/BODYgt lt/HTMLgt

Request
Servlet1
Response
11

• ltSERVLET CODEServletname CODEBASEhttp//serv
  erport/dir
• intiParam1initValue1 initParam2initValue2gt
• ltPARAM NAMEparam1 VALUEvalue1gt
• ltPARAM NAMEparam2 VALUEvalue2gt
• lt/SERVLETgt
• CODE specifies the class name of the servlet
  to invoke.
• CODEBASE specifies the remote location from
  which the servlet should be loaded.Parameters
  can be passed to the servlet using the ltPARAMgt
  tag.
• Server detects the ltSERVLETgt tag and
  substitutes the servlet output in its place.

12
SERVLET CHAINING

• Requests can be handled by a sequence of
  servlets.
• Request from the browser is sent to first servlet
  in the chain.
• The output of each servlet is piped to the next
  servlet.
• The output of the last servlet is returned to the
  browser.

13
Servlet Chaining
Request
Servlet 1
Servlet 2
Response
Servlet 3
14
Methods to trigger a chain of servlets

• Specify to the server to handle URLs by an
  explicitly specified chain.
• Specify the server to send all the output of a
  particular content type through a specified
  servlet.
• Filtering- conversion of one type of content into
  another by a servlet.
• Examples Converting text from a page to a
  language which can be read by the client,
  converting non standard images to standard ones
  using filtering.

15
SECURITY

• Three important issues in web security
• Authentication To verify the identities of
  parties involved
• Confidentiality Ensure that the only the parties
  involved understand the communication.
• Integrity Verify that content of the
  communication is not altered during transmission.

16
HTTP Authentication

• HTTP protocol provides built-in authentication
  support - basic authentication
• Based on simple user/password model
• When user requests for a resource, server
  responds with request for username and password
• If it matches with information in the servers
  database, access is granted
• Drawbacks
• No confidentiality or integrity
• Most basic authentication

17
Custom Authorization

• Servlet can be implemented to know about users
  from specially formatted file or a related
  database.
• Servlet uses status code and HTTP headers to
  manage security policy.
• Servlet receives encoded authorization in the
  Authorization header.
• If a servlet denies credentials, it does so by
  sending the SC_AUTHORIZATION status code and a
  WWW-Authenticate header that describes required
  credentials.

18
Form Based Custom Authorization

• Servlets can perform custom authorization by
  using HTML forms and session tracking.
• Gives users a well designed, descriptive and
  friendly login page.
• When a request for a resource is made, the
  servlet checks if the user is logged in by
  checking the client session object.
• If the object exists, it allows the user to
  access the resource.
• If not, it saves the request URL for later use.

19
Security features of Servlets

• Since Servlets are developed in java, they follow
  rules of a security manager which greatly limits
  the servers exposure to risk.
• Servlets use digital signatures enabling remotely
  loaded servlets access to resources after
  authentication.