jump to navigation

Servlets Overview August 13, 2005

Posted by Coolguy in Servlets/Jsp.
trackback

Servlets

  • A servlet is a Java technology-based Web component, managed by a container, that generates dynamic content.
  • Servlets are platform-independent Java classes that are compiled to platform-neutral byte code that can be loaded dynamically into and run by a Java technology-enabled Web server.
  • The servlet container is a part of aWeb server or application server that provides the network services over which requests and responses are sent, decodes MIME-based requests, and formats MIME-based responses.
  • A servlet container also contains and manages servlets through their lifecycle.
  • All servlet containers must support HTTP as a protocol for requests and responses, but additional request/response-based protocols such as HTTPS (HTTP over SSL) may be supported. The required versions of the HTTP specification that a container must implement are HTTP/1.0 and HTTP/1.1.
  • A servlet container may place security restrictions on the environment in which a servlet executes.
  • In functionality, servlets lie somewhere between Common Gateway Interface (CGI) programs and proprietary server extensions such as the Netscape Server API (NSAPI) or Apache Modules.
  • Servlets have the following advantages over other server extension mechanisms:
    • They are generally much faster than CGI scripts because a different process model is used.
    • They use a standard API that is supported by many Web servers.
    • They have all the advantages of the Java programming language, including ease of development and platform independence.
    • They can access the large set of APIs available for the Java platform.

Filtering

  • Filters are Java components that allow on the fly transformations of payload and header information in both the request into a resource and the response from a resource
  • A filter is a reusable piece of code that can transform the content of HTTP requests, responses, and header information.
  • Filters do not generally create a response or respond to a request as servlets do, rather they modify or adapt the requests for a resource, and modify or adapt responses from a resource.
  • Filters can act on dynamic or static content.
  • Filters can do the following :
    • The accessing of a resource before a request to it is invoked.
    • The processing of the request for a resource before it is invoked.
    • The modification of request headers and data by wrapping the request in customized
    versions of the request object.
    • The modification of response headers and response data by providing customized
    versions of the response object.
    • The interception of an invocation of a resource after its call.
    • Actions on a servlet, on groups of servlets, or static content by zero, one, or
    more filters in a specifiable order.
  • Examples of Filtering Components
    • Authentication filters
    • Logging and auditing filters
    • Image conversion filters
    • Data compression filters
    • Encryption filters
    • Tokenizing filters
    • Filters that trigger resource access events
    • XSL/T filters that transform XML content
    • MIME-type chain filters
    • Caching filters
  • The application developer creates a filter by implementing the javax.servlet.Filter interface and providing a public constructor taking no arguments.
  • The class is packaged in the Web Archive along with the static content and servlets that make up the Web application.
  • A filter is declared using the element in the deployment descriptor.
  • A filter or collection of filters can be configured for invocation by defining elements in the deployment descriptor.
  • This is done by mapping filters to a particular servlet by the servlet’s logical name, or mapping to a group of servlets and static content resources by mapping a filter to a URL pattern.
  • After deployment of the Web application, and before a request causes the container to access a Web resource, the container must locate the list of filters that must be applied to the Web resource
  • The container must ensure that it has instantiated a filter of the appropriate class for each filter in the list, and called its init(FilterConfig config) method.
  • The filter may throw an exception to indicate that it cannot function properly. If the exception is of type UnavailableException, the container may examine the isPermanent attribute of the exception and may choose to retry the filter at some later time.
  • Only one instance per declaration in the deployment descriptor is instantiated per Java Virtual Machine
  • The container provides the filter, config as declared in the filter’s deployment descriptor, the
    reference to the ServletContext for the Web application, and the set of initialization parameters.
  • When the container receives an incoming request, it takes the first filter instance in the list and calls its doFilter method, passing in the ServletRequest and ServletResponse, and a reference to the FilterChain object it will use.
  • The doFilter method of a filter will typically be implemented following this or some subset of the following pattern:
    Step 1: The method examines the request’s headers.
    Step 2: The method may wrap the request object with a customized implementation of ServletRequest or HttpServletRequest in order to modify request headers or data.
    Step 3: The method may wrap the response object passed in to its doFilter method with a customized implementation of ServletResponse or HttpServletResponse to modify response headers or data.
    Step 4: The filter may invoke the next entity in the filter chain. The next entity may be another filter, or if the filter making the invocation is the last filter configured in the deployment descriptor for this chain, the next entity is the target Web resource. The invocation of the next entity is effected by
    calling the doFilter method on the FilterChain object, and passing in the request and response with which it was called or passing in wrapped versions it may have created. The filter chain’s implementation of the doFilter method, provided by the container, must locate the next entity in the filter chain and invoke its doFilter method, passing in the appropriate request and response objects.
    Alternatively, the filter chain can block the request by not making the call to invoke the next entity, leaving the filter responsible for filling out the response object.
    Step 5: After invocation of the next filter in the chain, the filter may examine response headers.
    Step 6: Alternatively, the filter may have thrown an exception to indicate an error in processing. If the filter throws an UnavailableException during its doFilter processing, the container must not attempt continued processing down the filter chain. It may choose to retry the whole chain at a later time if the exception is not marked permanent.
    Step 7: When the last filter in the chain has been invoked, the next entity accessed is the target servlet or resource at the end of the chain.
    Step 8: Before a filter instance can be removed from service by the container, the container must first call the destroy method on the filter to enable the filter to release any resources and perform other cleanup operations.
  • Central to the notion of filtering is the concept of wrapping a request or response in order that it can override behavior to perform a filtering task.
  • Developer not only has the ability to override existing methods on the request and response objects, but to provide new API suited to a particular filtering task to a filter or target web resource down the chain. For example, the developer may wish to extend the response object with higher level output objects that the output stream or the writer, such as API that allows DOM objects to be written back to the client.
  • When a filter invokes the doFilter method on the container’s filter chain implementation, the container must ensure that the request and response object that it passes to the next entity in the filter chain, or to the target web resource if the filter was the last in the chain, is the same object that was passed
    into the doFilter method by the calling filter.
  • A set of initialization parameters can be associated with a filter using the element in the deployment descriptor. The names and values of these parameters are available to the filter at runtime via the getInitParameter and getInitParameterNames methods on the filter’s FilterConfig object.
  • Additionally,the FilterConfig affords access to the ServletContext of the Web application for
    the loading of resources, for logging functionality, and for storage of state in the ServletContext’s attribute list.
  • A filter is defined in the deployment descriptor using the element. In this element, the programmer declares the following:
    • filter-name: used to map the filter to a servlet or URL
    • filter-class: used by the container to identify the filter type
    • init-params: initialization parameters for a filter
  • Optionally, the programmer can specify icons, a textual description, and a display name
  • The container must instantiate exactly one instance of the Java class defining the filter per filter declaration in the deployment descriptor.
  • Here is an example of a filter declaration:

    <filter>

    <filter-name>Image Filter</filter-name>

    <filter-class>com.acme.ImageServlet</filter-class>

    </filter>

  • Once a filter has been declared in the deployment descriptor, the assembler uses the element to define servlets and static resources in the Web application to which the filter is to be applied.
  • Filters can be associated with a servlet using the element. For example, the following code example maps the Image Filter filter to the ImageServlet servlet:

    <filter-mapping>

    <filter-name>Image Filter</filter-name>

    <servlet-name>ImageServlet</servlet-name>

    </filter-mapping>

  • Filters can be associated with groups of servlets and static content using the
    style of filter mapping:

    filter-mapping>

    <filter-name>Logging Filter</filter-name>

    <url-pattern>/*</url-pattern>

    </filter-mapping>

    Here the Logging Filter is applied to all the servlets and static content pages
    in the Web application, because every request URI matches the ‘/*’ URL pattern.

  • The order the container uses in building the chain of filters to be applied for a particular request URI is as follows:
    1. First, the matching filter mappings in the same order that these
    elements appear in the deployment descriptor.
    2. Next, the matching filter mappings in the same order that
    these elements appear in the deployment descriptor.
  • Container, when receiving an incoming request, processes the request as follows:
    • Identifies the target web resource
  • • If there are filters matched by servlet name and the Web resource has a
    , the container builds the chain of filters matching in the order
    declared in the deployment descriptor. The last filter in this chain corresponds
    to the last matching filter and is the filter that invokes the target
    Web resource.
    • If there are filters using matching and the
    matches the request URI , the container builds the chain of matched
    filters in the same order as declared in the deployment descriptor. The last filter
    in this chain is the last matching filter in the deployment descriptor
    for this request URI. The last filter in this chain is the filter that invokes
    the first filter in the matching chain, or invokes the target Web
    resource if there are none.
  • Web containers will cache filter chains so that they do not need to compute them on a per-request basis.
  • By using the new element in the deployment descriptor, the developer can indicate for a filter-mapping whether he would like the filter to be applied to requests when:
    1. The request comes directly from the client.
    This is indicated by a element with value REQUEST, or by the absence of any elements.
    2. The request is being processed under a request dispatcher representing the Web component using a forward() call.
    This is indicated by a element with value FORWARD.
    3. The request is being processed under a request dispatcher representing the Web component using an nclude() call.
    This is indicated by a element with value INCLUDE.
    4. The request is being processed with the error page mechanism .
    This is indicated by a element with the value ERROR.
    5. Or any combination of 1, 2, 3, or 4 above.
  • E.g:

    <filter-mapping>

    <filter-name>Logging Filter</filter-name>

    <url-pattern>/products/*</url-pattern>

    </filter-mapping>

    would result in the Logging Filter being invoked by client requests starting / products/… but not underneath a request dispatcher call.
    The following code:

    <filter-mapping>

    <filter-name>Logging Filter</filter-name>

    <servlet-name>ProductServlet</servlet-name>

    <dispatcher>INCLUDE</dispatcher>

    </filter-mapping>

    would result in the Logging Filter not being invoked by client requests to the ProductServlet, nor underneath a request dispatcher forward() call to the ProductServlet, but would be invoked underneath a request dispatcher include() call where the request dispatcher has a name commencing ProductServlet.

    <filter-mapping>

    <filter-name>Logging Filter</filter-name>

    <url-pattern>/products/*</url-pattern>

    <dispatcher>FORWARD</dispatcher>

    <dispatcher>REQUEST</dispatcher>

    </filter-mapping>

    would result in the Logging Filter being invoked by client requests starting /products/… and underneath a request dispatcher forward() call where the request dispatcher has path commencing /products/….

More

Servlet Spec 2.0 http://www.unix.org.ua/orelly/java-ent/servlet/index.htm

Servlet Spec 2.1 http://www.novocode.com/doc/servlet-essentials/

Advertisements

Comments»

No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: