book

Java Servlet Programming

Name: Java Servlet Programming
Author: Jason Hunter
ISBN: 9781565923911

by Jason Hunter

November 1998

Intermediate to advanced

526 pages

14h 38m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Java Servlet Programming
Preface
AudienceWhat You Need to Know
About the Examples
Organization
Conventions Used in This Book
Request for Comments
Acknowledgments
Jason HunterWilliam Crawford
1. Introduction
History of Web ApplicationsCommon Gateway InterfaceFastCGImod_perlPerlExOther SolutionsServer Extension APIsActive Server PagesServer-side JavaScriptJava Servlets
Support for Servlets
Standalone Servlet EnginesAdd-on Servlet EnginesEmbeddable Servlet EnginesAdditional Thoughts
The Power of Servlets
PortabilityPowerEfficiency and EnduranceSafetyEleganceIntegrationExtensibility and Flexibility

2. HTTP Servlet Basics
HTTP BasicsRequests, Responses, and HeadersGET and POSTOther Methods
The Servlet API
Page Generation
Writing Hello WorldRunning Hello WorldHandling Form DataHandling POST RequestsHandling HEAD Requests
Server-Side Includes
Writing a Server-Side Include
Servlet Chaining and Filters
Creating a Servlet ChainRunning DeblinkThe Loophole
JavaServer Pages
Using JavaServer PagesBehind the ScenesExpressions and DirectivesDeclarationsJavaServer Pages and JavaBeans
Moving On
3. The Servlet Life Cycle
The Servlet AlternativeA Single Java Virtual MachineInstance PersistenceA Simple CounterA Simple Synchronized CounterA Holistic Counter
Servlet Reloading
Init and Destroy
A Counter with InitA Counter with Init and Destroy
Single-Thread Model
Background Processing
Last Modified Times
4. Retrieving Information
Initialization ParametersGetting an Init ParameterGetting Init Parameter Names
The Server
Getting Information About the ServerLocking a Servlet to a Server
The Client
Getting Information About the Client MachineRestricting Access to the United States and CanadaGetting Information About the UserA Personalized Welcome
The Request
Request ParametersGenerating a License KeyPath InformationGetting path informationAd hoc path translationsGetting MIME typesServing FilesDetermining What Was RequestedAn Improved CounterHow It Was RequestedRequest HeadersAccessing header valuesHeaders in servlet chainsWading the Input StreamChaining servlets using the input streamHandling POST requests using the input streamReceiving files using the input streamExtra Attributes
5. Sending HTML Information
The Structure of a Response
Sending a Normal Response
Using Persistent Connections
HTML Generation
Generating Hello WorldGenerating a Weather ForecastWeather forecast constructed by handWeather forecast using HTML generationWeather forecast using HTML generation creativelyHTML generation and databases
Status Codes
Setting a Status CodeImproving ViewFile Using Status Codes
HTTP Headers
Setting an HTTP HeaderRedirecting a RequestClient Pull
When Things Go Wrong
Status CodesLoggingReportingExceptionsKnowing When No One’s Listening
6. Sending Multimedia Content
ImagesImage GenerationA “Hello World” imageA dynamically generated chartImage CompositionDrawing over an imageCombining imagesImage EffectsConverting an image to grayscaleCaching a converted imageImage Effects in Filter ChainsAn Image of an Embedded AppletAn image of a simple appletA generic applet viewerAdvantages and disadvantages
Compressed Content
Server Push
7. Session Tracking
User Authorization
Hidden Form Fields
URL Rewriting
Persistent Cookies
Working with CookiesShopping Using Persistent Cookies
The Session Tracking API
Session-Tracking BasicsA Hit Count Using Session TrackingThe Session Life CycleManually Invalidating a Stale SessionPutting Sessions in ContextManually Invalidating All Stale SessionsStoring Session IDsSession SnoopSession Binding EventsShopping Using Session Tracking
8. Security
HTTP AuthenticationRetrieving Authentication InformationCustom AuthorizationForm-based Custom Authorization
Digital Certificates
Secure Sockets Layer (SSL)
SSL Client AuthenticationRetrieving SSL Authentication Information
Running Servlets Securely
The Servlet SandboxFine-grained ControlAccess Controllers
9. Database Connectivity
Relational Databases
The JDBC API
JDBC DriversGetting a ConnectionExecuting SQL QueriesHandling SQL ExceptionsResult Sets in DetailHandling Null FieldsUpdating the DatabaseUsing Prepared Statements
Reusing Database Objects
Reusing Database ConnectionsReusing Prepared Statements
Transactions
Using Transactions with JDBCOptimized Transaction ProcessingConnection PoolingConnections as Part of a Session
Advanced JDBC Techniques
Stored ProceduresBinaries and Books
10. Applet-Servlet Communication
Communication OptionsHTTP and Raw Socket ConnectionsServlets and Object SerializationJDBC, RMI, and a Little CORBAThe Hybrid Approach
Daytime Server
The AppletText-based HTTP CommunicationThe servletBack to the appletObject-based HTTP CommunicationThe servletThe appletPosting a serialized objectSocket CommunicationThe servletThe superclassThe appletRMI CommunicationThe servletThe superclassThe appletA full-service servlet
Chat Server
The DesignThe ServletThe HTTP AppletThe Socket-Connecting AppletThe RMI AppletThe Dispatcher
11. Interservlet Communication
Servlet ManipulationViewing the Currently Loaded ServletsSaving the State of the Currently Loaded Servlets
Servlet Reuse
An Improved getServlet()Reusing ChatServlet
Servlet Collaboration
Collaboration Through the System Properties ListUsing properties to sell burritosFaster image chainingCollaboration Through a Shared ObjectUsing a shared class to sell burritosUsing a servlet as the shared objectCollaboration Through InheritanceInheriting a shared referenceInheriting the shared information
Recap
12. Internationalization
Western European LanguagesHTML Character EntitiesUnicode Escapes
Conforming to Local Customs
Non-Western European Languages
CharsetsWriting Encoded OutputReading and Writing Encoded Output
Multiple Languages
UCS-2 and UTF-8Writing UTF-8
Dynamic Language Negotiation
Language PreferencesCharset PreferencesResource BundlesWriting To Each His OwnThe LocaleNegotiator ClassFuture Directions
HTML Forms
The Hidden Charset
Receiving Multilingual Input
13. Odds and Ends
Parsing ParametersParameterParser Code
Sending Email
Using sun.net.smtp.SmtpClientEmailing Form Data
Using Regular Expressions
Improving Deblink with Regular Expressions
Executing Programs
FingerExecuting the Finger CommandExecuting Finger with ArgumentsExecuting Finger with Redirected Output
Using Native Methods
Acting as an RMI Client
Debugging
Check the LogsOutput Extra InformationUse a Standard DebuggerUse a Third-Party ToolExamine the Client RequestCreate a Custom Client RequestSome Final Tips
Performance Tuning
Go Forth, but Don’t ProsperDon’t Append by ConcatenationLimit SynchronizationBuffer Your Input and Output
A. Servlet API Quick Reference
GenericServlet
Servlet
ServletConfig
ServletContext
ServletException
ServletInputStream
ServletOutputStream
ServletRequest
ServletResponse
SingleThreadModel
UnavailableException
B. HTTP Servlet API Quick Reference
Cookie
HttpServlet
HttpServletRequest
HttpServletResponse
HttpSession
HttpSessionBindingEvent
HttpSessionBindingListener
HttpSessionContext
HttpUtils
C. HTTP Status Codes
D. Character Entities
E. Charsets
Index
Colophon

Content preview from Java Servlet Programming

Running Servlets Securely

CGI programs and C++-based plug-ins operate with relatively unfettered access to the server machine on which they execute (limited on Unix machines by the user account permissions of the web server process). This isn’t so bad for an isolated programmer developing for a single web server, but it’s a security nightmare for internet service providers (ISPs), corporations, schools, and everyone else running shared web servers.

For these sites, the problem isn’t just protecting the server from malicious CGI programmers. The more troublesome problem is protecting from careless CGI programmers. There are dozens of well-known CGI programming mistakes that could let a malicious client gain unauthorized access to the server machine. One innocuous-looking but poorly written Perl eval function is all it takes. For an extensive list of CGI security gotchas, see Chapter 6 of The WWW Security FAQ at http://www.w3.org/Security/Faq/www-security-faq.html.

To better understand the situation, imagine you’re an ISP and want to give your customers the ability to generate dynamic content using CGI programs. What can you do to protect yourself? Historically, ISPs have chosen one of three options:

Have blind faith in the customer.: He’s a good guy and a smart programmer, and besides, we have his credit card number.
Educate the customer.: If he reads the WWW Security FAQ and passes a written test, we’ll let him write CGI programs for our server.
Review all code.: Before we install ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 156592391XCatalog Page Errata

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Java Servlet Programming

by Jason Hunter

Running Servlets Securely

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.