Title: JAVA SERVLETS
1 JAVA SERVLETS
- PRESENTED BY
- RAJENDRA VEERAMACHANENI
- SACHIN CHANDRA
MOHAN - SRICHARAN PANUGANTI
2What is a servlet ?
- Servlet is a server side applet.
- Servlets are modules of Java code that run in a
server application. - Servlet is a small, pluggable extension to a
server that enhances the servers functionality.
3Advantages of servlets
- Servlets are cross platform.
- Servlets are fast.
- - Servlets uses a single process
multi-threaded model. - Servlets are elegant.
- - Easy to maintain and understand.
- Servlets are secure.
- -Javas strong typing helps to ensure
security.
4- Servlets can handle run time errors.
- Simple and extensible API.
- Portability across servers.
- - Servlet API is available on web servers like
Apache, Microsoft IIS, Netscape etc. - Servlets can handle multiple requests.
- Servlets can forward requests.
5Architecture of the Servlet Package
servlets
Generic servlets
Http servlet
My servlet
6- A generic servlet should override its service ()
method. - The service ( ) method accepts two parameters.
- - A request object and a response object.
- An HTTP servlet overrides doGet ( ) method to
handle GET requests and doPost ( ) method to
handle post requests.
7The servlet lifecycle
8A Simple Servlet public class
SimpleServlet extends HttpServlet
public void doGet (HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException
PrintWriter out
String title "Simple Servlet Output"
response.setContentType("text/html")
out response.getWriter()
out.println("ltHTMLgtltHEADgtltTITLEgt")
out.println(title)
out.println("lt/TITLEgtlt/HEADgtltBODYgt")
out.println("ltH1gt" title "lt/H1gt")
out.println("ltPgtThis is output
from SimpleServlet.")
out.println("lt/BODYgtlt/HTMLgt")
out.close()
9SERVER - SIDE INCLUDES
- Servlets can be embedded inside HTML pages with
server-side include (SSI) functionality. - A page can processed to include output from
servlets at certain points. - Java Web server parses pages with .shtml
extension.
10Server - side Include
Web Server
.shtml file
ltHTMLgt ltHEADgt lt/BODYgt ltSERVLET CODESERVLET1gt lt/SE
RVLETgt lt/BODYgt lt/HTMLgt
Request
Servlet1
Response
11- ltSERVLET CODEServletname CODEBASEhttp//serv
erport/dir - intiParam1initValue1 initParam2initValue2gt
- ltPARAM NAMEparam1 VALUEvalue1gt
- ltPARAM NAMEparam2 VALUEvalue2gt
- lt/SERVLETgt
- CODE specifies the class name of the servlet
to invoke. - CODEBASE specifies the remote location from
which the servlet should be loaded.Parameters
can be passed to the servlet using the ltPARAMgt
tag. - Server detects the ltSERVLETgt tag and
substitutes the servlet output in its place.
12SERVLET CHAINING
- Requests can be handled by a sequence of
servlets. - Request from the browser is sent to first servlet
in the chain. - The output of each servlet is piped to the next
servlet. - The output of the last servlet is returned to the
browser.
13Servlet Chaining
Request
Servlet 1
Servlet 2
Response
Servlet 3
14Methods to trigger a chain of servlets
- Specify to the server to handle URLs by an
explicitly specified chain. - Specify the server to send all the output of a
particular content type through a specified
servlet. - Filtering- conversion of one type of content into
another by a servlet. - Examples Converting text from a page to a
language which can be read by the client,
converting non standard images to standard ones
using filtering.
15SECURITY
- Three important issues in web security
- Authentication To verify the identities of
parties involved - Confidentiality Ensure that the only the parties
involved understand the communication. - Integrity Verify that content of the
communication is not altered during transmission.
16HTTP Authentication
- HTTP protocol provides built-in authentication
support - basic authentication - Based on simple user/password model
- When user requests for a resource, server
responds with request for username and password - If it matches with information in the servers
database, access is granted - Drawbacks
- No confidentiality or integrity
- Most basic authentication
17Custom Authorization
- Servlet can be implemented to know about users
from specially formatted file or a related
database. - Servlet uses status code and HTTP headers to
manage security policy. - Servlet receives encoded authorization in the
Authorization header. - If a servlet denies credentials, it does so by
sending the SC_AUTHORIZATION status code and a
WWW-Authenticate header that describes required
credentials.
18Form Based Custom Authorization
- Servlets can perform custom authorization by
using HTML forms and session tracking. - Gives users a well designed, descriptive and
friendly login page. - When a request for a resource is made, the
servlet checks if the user is logged in by
checking the client session object. - If the object exists, it allows the user to
access the resource. - If not, it saves the request URL for later use.
19Security features of Servlets
- Since Servlets are developed in java, they follow
rules of a security manager which greatly limits
the servers exposure to risk. - Servlets use digital signatures enabling remotely
loaded servlets access to resources after
authentication.